INTERNET DRAFT Carey B. Becker Category: Informational Basvaraj Patil Title: Emad Qaddoura Date: September 1999 Nortel Networks IP Mobility Architecture Framework Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Abstract Today, the wireless network arena is made up of different types of access (TDMA, CDMA, GSM, etc) and core network technologies (IS-41 and MAP over SS7, etc). The heterogeneous nature of today's wireless and wireline packet data networks limits the scope of mobility between these heterogeneous networks. However, as these heterogeneous networks evolve, the mobility management provided by them must evolve to insure seamless roaming between the networks. With the convergence of voice and data, networks of the future will be built on IP packet switched technology, mostly due to inherent Becker, Patil, Qaddoura Expires July 1999 [Page 1] Internet-Draft IP Mobility Architecture Framework February 1999 advantages offered by the technology. This document identifies several drivers that provide input for an IP Mobility based network and also describes a high level IP Mobility architecture that extends the current third generation IMT2000 wireless architecture and builds on Mobile IP concepts. 1. Introduction User mobility is an integral part of today's and future wireless and wireline packet data networks. Today, the wireless network arena is made up of different types of access (TDMA, CDMA, GSM, 802.11, etc) and core network technologies (IS-41 and MAP over SS7, etc.). The heterogeneous nature of today's wireless and wireline packet data networks limits the scope of mobility between these heterogeneous networks. However, as these heterogeneous networks evolve, the mobility management provided by them must evolve to ensure seamless roaming between the networks. With the convergence of voice networks and data networks, networks of the future will be built on IP packet switched technology, mostly due to inherent advantages offered by the technology (the details of which are beyond the scope of this document). The change from the current SS7 based wireless networks to IP centric wireless networks is already in the works. In the very near future, mobile devices that support IP stacks will also proliferate. The combination of these two concepts, the networks moving to IP packet switched technology and the evolution of mobility management to ensure seamless roaming, defines what we call IP Mobility. There are several drivers that are paving the way for defining an architecture that is IP Mobility enabled. Some of these are: 1. The network should allow for seamless roaming between heterogeneous wireless and wireline networks. 2. The network infrastructure should be access independent. As our wireless networks evolve, it will remain a fact of life that we will need to support the multiple types of wireless accesses, e.g., CDMA, TDMA, etc. Users should be able to roam between these different access types via a mobile devices that support access specific PC cards which provide the appropriate 'layer 2' access. However, the current networking protocols that perform the mobility management functions specific to the heterogeneous technologies can evolve into a single protocol. Becker, Patil, Qaddoura Expires July 1999 [Page 2] Internet-Draft IP Mobility Architecture Framework February 1999 3. Mobility needs to be based on the users, not the device used by the user. GSM already supports the concept of mobility being based on a user via the International Mobile Subscriber Identity (IMSI), although the IMSI is not known by the user. In North American Cellular systems, e.g., TDMA, CDMA, etc, a user is identified via a Mobile Identification Number (MIN) that is specific to the mobile device. This association needs to be separated. Also, both of these concepts are based on users being assigned 'telephony' user IDs, which are solely based on digits. User IDs should not be restricted to digit only identifiers or restricted to the realm of telephony IDs. 4. A roaming user should only need a single subscription to access a home network. Within the scope of packet data services being defined for CDMA systems, a user must have a subscription with a cellular provider to gain access to the cellular network. After which the user is authenticated, the user's mobile device is put on a traffic channel to allow the user's mobile IP subscription to be authenticated with the users home network. The multiple subscriptions translate to multiple unwanted registrations and a waste of radio resources for the second registration. 5. The network should support the removal of triangle routes within the network. Triangle routes (which contain routing anchor point) can be established at two points, 1) at the home network as defined in mobile IP [2] and 2) at the foreign network as proposed in [4] and [5]. The network needs to support a mechanism, similar to what is defined in [6], which can alleviate the anchor points. The network needs to support policies that allow or disallow triangle routes, e.g., a policy that wants to hide knowledge of where the user is located. 6. Service providers would like to deploy the same network infrastructure in both their wireline and wireless networks. One of the major business drivers is to gain economies of scale from deploying the same network infrastructure, e.g., network operation, services platforms, etc, within the service provider's networks that is independent of the access networks. However, mechanisms should be provided that will allow the networks to be optimized on the type of access network. Becker, Patil, Qaddoura Expires July 1999 [Page 3] Internet-Draft IP Mobility Architecture Framework February 1999 None of the current packet data technologies, GPRS, Mobile IP and CDPD, support all the concepts depicted in the above drivers. An architecture must be defined that can provide the functions that insure true seamless roaming within a mobility enabled IP network. 2. IP Mobility Architecture To be able to achieve a mobility enabled IP network that satisfies the drivers stated in the previous section, an enhanced architecture needs to be defined that extends the current third generation IMT2000 wireless architecture and mobile IP. This section defines such an architecture. The intent of defining this architecture is to stimulate discussion on the merits of its components. The transition strategies required by the packet data technologies to evolve to this architecture are outside the scope of this document. However, it is an important item that should be addressed as part of the work group discussions. The architecture described in this draft is not complete. It does not include some necessary concepts; one example being brokers/proxies as described in [7] and [8]. However, it does contain a substantial subset of what is needed to provide mobility within IP networks. Becker, Patil, Qaddoura Expires July 1999 [Page 4] Internet-Draft IP Mobility Architecture Framework February 1999 2.1. Network Reference Model The following figure depicts the logical view of the proposed network architecture. + -----------------------------------------------------------+ | +-----+ +------+ +-----------+ +----------------+ | | | DNS | | DHCP | | Unified | | Authentication | | | +-----+ +------+ | Directory | | Server | | | +-----------+ +----------------+ | | | Home | +------------+ +----------+ +------+ | Network | | Mobility | | Security | | AAA+ | | | | Mgmt (HA+) | | Gateway | +------+ | | +------------+ +----------+ | + -----------------------------------------------------------+ | | IP network | | + -----------------------------------------------------------+ | +------------+ +----------+ +------+ +------+ | | | Mobility | | Security | | AAA+ | | DHCP | | Foreign | | Mgmt (FA+) | | Gateway | +------+ +------+ | Network | +------------+ +----------+ | + -----------------------------------------------------------+ || || + -----------------------------------------------------------+ | +----------+ +-----------+ +-----------+ | | | Location | | Cell Site | . . . | Cell Site | | Access | | Tracking | +-----------+ +-----------+ | Network | +----------+ | + -----------------------------------------------------------+ Figure 1: Network Reference Model The following sections describe the functionality of the components of the network reference model. 2.2. Home Network The Home Network is very similar in concept to the home network defined in [2[ and the home network defined in the wireless networks. Basically, the Home network is a combination of the two with some extensions. Becker, Patil, Qaddoura Expires July 1999 [Page 5] Internet-Draft IP Mobility Architecture Framework February 1999 Some of the relevant functions of the Home Network as they relate to mobility are: * It is the home network that 'owns' the mobile user's subscription. * Maintains the mobile user's subscription and associated subscriber profile. * Provides mobility to subscribers on a 'larger' scale. It is responsible for maintaining the current location of the mobile user. * Allocation of mobile node IP addresses * Supports a 'unified' directory for subscriber profiles independent of the access network type. * Stores policies and profiles associated with mobile users. * Provides Authorization functions associated with the mobile user. * May provide the Authentication functions required to authenticate the mobile users. * Support Service Level Agreements (SLA) with all Foreign Networks it wants its users to roam in. * Support a policy that allows 'hiding' the user's location. This policy will mandate that the home be an anchor point for datagrams sent to it's users while they are roaming. 2.2.1. Home Network Mobility Components The following describes some functions associated with the components of the Home network. * Mobility Management (MM) Mobility management is comprised of two high level concepts, 1) mobile user location tracking and 2) performing routing update functions for mobile nodes. These functions are very similar to what Home Agents do in [2] and what Home Location Registers do in wireless networks, with some enhancements. The location tracking function of the MM expects to receive a single mobile user registration message from the foreign Becker, Patil, Qaddoura Expires July 1999 [Page 6] Internet-Draft IP Mobility Architecture Framework February 1999 networks that is independent of the access network used at the foreign network. This is true for all messages sent from the foreign networks to the home networks. The architecture supports the concept of a centralized location tracking function for the home network. However, the architecture does not preclude the idea of having a distributed location tracking function. * AAA+ The protocol used to send messages between a foreign network and a home network is the AAA protocol, with extensions to support mobility management (hence AAA+). Another important concept used within the AAA+ framework is that the AAA+ between a foreign network and a home network. This single security association can be used to alleviate the need for security associations between mobile IP FA and HA components and dynamic session key establishment as suggested in [2] and [4]. It is suggested that the security framework be based on IPSec. * Authentication Server The authentication server is a combination of certificate authority, key management system, and digital signature verification server. The authentication server receives roaming mobile user authentication requests via the AAA+ and authenticates the user. * Unified Directory The Unified Directory is the database that contains all the home user's subscriber profiles, network policies, and any other data that needs to be stored at the Home Network. The subscriber profiles in the directory are independent of the access network association. Access to data in the Unified Directory from other components within the network is via a single protocol, LDAP. * DHCP In the Home Network, the DHCP server may be used to assign IP addresses to roaming mobile stations that do not have a permanently configured IP. * DNS In the home network, Dynamic DNS is the protocol used to Becker, Patil, Qaddoura Expires July 1999 [Page 7] Internet-Draft IP Mobility Architecture Framework February 1999 update DNS with a roaming user's mobile node allocated IP address. If the home network is responsible for allocating the IP address, DNS is updated by DHCP. If the foreign network is responsible for allocating the IP address, the home network mobility manager will update DNS. * Security gateway The security gateway performs all the necessary 'firewall' functions. 2.3. Foreign Network The Foreign Network is very similar in concept to the foreign network defined in [2] and the foreign network defined in the wireless networks. Basically, the Foreign Network is a combination of the two with some extensions. Some of the relevant functions of the Foreign Network as they relate to mobility are: * It is the serving area network for one or more access networks. * It can support multiple Access Networks, where each AN is associated with a different technology, e.g. one AN may be a CDMA RAN, another AN may be GSM RAN. * Provides mobility management for mobility within the access networks that it serves. * Provides local services. * Routes data to the mobile user via the access link that the mobile node is currently attached to. * Routes data that is sent by the mobile user. * Allocates IP address to be used by the mobile nodes if allowed by policy. * Support for the establishment of Service Level Agreements (SLA) with all Home Networks that want to allow their user to roam within the foreign network. * Support for user authentication to be provided by at the foreign network after the user initially registers. Becker, Patil, Qaddoura Expires July 1999 [Page 8] Internet-Draft IP Mobility Architecture Framework February 1999 2.3.1. Foreign Network Mobility Components The following describes some functions associated with the components of the Foreign Network. * Mobility Management (MM) Foreign Network's mobility management is comprised to three high level concepts, mobile user location tracking within the foreign network, handoffs between foreign networks, and performing routing update functions for datagram delivery to the access network/mobile node. These functions are very similar to what Foreign Agents do in [2], with some enhancements. The location tracking function of the MM expects to receive the same formatted mobile user registration message from each of the heterogeneous access network. The architecture supports the concept of a centralized location tracking function within for the foreign network. However, the architecture does not preclude the idea of having a distributed location tracking function. * AAA+ The protocol used to send messages between a foreign network and a home network is the AAA protocol, with extensions to support mobility management (hence AAA+). Another important concept used within the AAA+ framework is that the AAA+ between a foreign network and a home network. This single security association can be used to alleviate the need for security associations between mobile IP FA and HA components and dynamic session key establishment. It is suggested that the security framework be based on IPSec. * DHCP In the Foreign Network, the DHCP server may be used to 1) assign co-located care of addresses to private network mobile nodes and 2) if policies indicate, assign IP addresses to roaming mobile stations that do not have a permanently configured IP. * Security Gateway The security gateway performs all the necessary 'firewall' functions. It supports ESP IPSec security associations with other network security gateways. Becker, Patil, Qaddoura Expires July 1999 [Page 9] Internet-Draft IP Mobility Architecture Framework February 1999 2.4. Access Network The Access Network defines the 'layer 2' access technology used by a user to gain access to a Foreign Network. The access network can be one of several types: * North American Cellular and GSM radio access networks (and their evolution to 3rd generation) * 802.11 wireless LAN access * 802.3 wireline LAN access * Dial-up network access Figure 1 above only depicts an access network associated with a wireless network. 2.5. IP Network The IP network provides the routing of datagrams between Home Networks and Foreign Networks. The IP network can be the public Internet or a closed network such as those defined in IMT2000 standards. 2.6. Mobile Nodes It can be argued that all nodes in the future will be mobile, or at least have the potential to be mobile. Stationary nodes, generally called correspondent nodes in [2], will only have to be equipped with the appropriate access specific PC card(s) and software that can perform the network registration functions. The mobile node's PC cards provide the 'layer 2' interface to the specific access network. For each of the access network types, there is a layer 2 address associated with the PC card so the access network and mobile node are able to uniquely address each other. Mobile node software will need to determine when and which access networks are available and perform the appropriate registration functions. Both types of nodes will have to support tunneling, e.g., IP in IP encapsulation [9], to a roaming mobile node's care-of addresses. This will help alleviate the triangle routing (anchor points) issue. Becker, Patil, Qaddoura Expires July 1999 [Page 10] Internet-Draft IP Mobility Architecture Framework February 1999 2.7. User Identification The architecture suggests user identities be based the Network Access Identifier (NAI) as defined in [1]. The NAI allows for a highly flexible definition of a user which does not restrict user identities to digits only. 3. Conclusion The architecture defined in this document provides a foundation that will allow true seamless roaming within a mobility enabled IP network. Some of the advantages provided by the architecture are: * A user may have a single subscription with a home network that allows for roaming within all foreign networks that have service level agreements with the home network. * Mobility being based on the user, not the device used by the user. * A single control plane network protocol based on AAA that can be deployed in a provider's network independent of the access network. * A single security framework based on IPSec and used by the AAA+ server to minimize other security associations and the use of dynamic session keys. * The ability to alleviate routing anchor points and support for policies that allow the hiding of users by allowing routing anchor points. * Users to truly roam seamlessly between heterogeneous access networks. Becker, Patil, Qaddoura Expires July 1999 [Page 11] Internet-Draft IP Mobility Architecture Framework February 1999 4. References [1] B. Aboba, M. Beadles, "The Network Access Identifier" RFC 2486, January 1999. [2] C. Perkins, "IP Mobility Support", RFC 2002, October 1996. [3] P. Calhoun, C. Perkins, "Mobile IP Dynamic Home Address Allocation Extension", draft-ietf-mobileip-home-addr-alloc- 00.txt, November 1998. [4] P. Calhoun P, C. Perkins, "Mobile IP Foreign Agent Challenge/Response Extension", draft-ietf-mobileip-challenge- 00.txt, November 1998. [5] P. Calhoun, G. Zorn, P. Pan, "DIAMETER Framework", Internet- Draft, draft- calhoun-diameter-framework-01.txt, August 1998 [6] C. Perkins, D. Johnson, "Route Optimization in Mobile IP", Internet Draft, ietf- mobileip-optim-07.txt, November 1997. [7] B. Aboba, et al, "Review of Roaming Implementations", RFC 2194, September 1997. [8] P. Calhoun, W. Bulley, "DIAMETER User Authentication Extensions", Internet- Draft, draft-calhoun-diameter-authent- 04.txt, July 1998 [9] W. Simpson, "IP in IP Tunneling", RFC 1853, October 1995. 5. Acknowledgements The authors would like to thank Russ Coffin, Mary Barnes, and Lachu Aravamudham of Nortel Networks and John Myhre of ATT Wireless Services for their useful discussion. Becker, Patil, Qaddoura Expires July 1999 [Page 12] Internet-Draft IP Mobility Architecture Framework February 1999 6. Authors' Addresses Carey B. Becker Nortel Networks Inc. 2201 Lakeside Blvd. Richardson, TX. 75082-4399 Phone: 972-685-0560 email: becker@nortelnetworks.com Basavaraj Patil Nortel Networks Inc. 2201 Lakeside Blvd. Richardson, TX. 75082-4399 Phone: 972-684-1489 email: bpatil@nortelnetworks.com Emad Qaddoura Nortel Networks Inc. 2201 Lakeside Blvd. Richardson, TX. 75082-4399 Phone: 972-684-2705 email: emadq@nortelnetworks.com Becker, Patil, Qaddoura Expires July 1999 [Page 13]