Network Working Group B. Sarikaya Internet-Draft F. Xia Expires: May 12, 2008 Huawei USA November 9, 2007 DHCPv6 Based Home Network Prefix Delegation for PMIPv6 draft-sarikaya-netlmm-prefix-delegation-01.txt Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on May 12, 2008. Copyright Notice Copyright (C) The IETF Trust (2007). Sarikaya & Xia Expires May 12, 2008 [Page 1] Internet-Draft Prefix Delegation November 2007 Abstract In Proxy Mobile IPv6, one prefix can only be assigned to one interface of a mobile node by the local mobility anchor (LMA) and different mobile nodes can not share this home network prefix. Managing per-MN's interface home network prefixes is likely to increase the processing load at the LMA. Based on the idea that Dynamic Host Configuration Protocol for IPv6 (DHCPv6) servers can manage prefixes, we propose a new technique in which LMA offloads delegation and release tasks of the prefixes to the DHCPv6 server. LMA requests a prefix for an incoming mobile node to the DHCPv6 server. Based on this prefix, the mobile node can create a home address for its interface. When the mobile station leaves the network, the prefix is returned to the DHCPv6 server. Authentication, Authorization and Accounting (AAA) servers can also play a role in prefix delegation. Sarikaya & Xia Expires May 12, 2008 [Page 2] Internet-Draft Prefix Delegation November 2007 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. PMIPv6 Home Network Prefix Delegation . . . . . . . . . . . . 5 4. AAA Servers in Home Network Prefix Delegation . . . . . . . . 7 5. Prefix Release Procedure . . . . . . . . . . . . . . . . . . . 9 6. Miscellaneous Considerations . . . . . . . . . . . . . . . . . 9 7. Security Considerations . . . . . . . . . . . . . . . . . . . 10 8. IANA consideration . . . . . . . . . . . . . . . . . . . . . . 10 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 10 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 10 10.1. Normative References . . . . . . . . . . . . . . . . . . 10 10.2. Informative References . . . . . . . . . . . . . . . . . 11 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 11 Intellectual Property and Copyright Statements . . . . . . . . . . 13 Sarikaya & Xia Expires May 12, 2008 [Page 3] Internet-Draft Prefix Delegation November 2007 1. Introduction Proxy Mobile IPv6 (PMIPv6) provides network-based mobility solution to the mobile nodes (MN). MN configures its interface with an address from the home network prefix (HNP) topologically anchored at MN's local mobility anchor (LMA). PMIPv6 adopted per-MN's interface prefix model where a prefix is only assigned to one interface of MN. Different interfaces of the same MN and other MNs can not share a prefix, and multiple prefixes can be assigned to an interface. The same applies to Mobile IPv6 where due to multi-link subnet issues per-MN's interface prefixes must be used in assigning home link prefixes. However, in per interface prefix model, prefix management is an issue that is addressed in this document for PMIPv6. MIPv6 prefix management is not addressed in this document. When an MN enters the network, its LMA requests one or more prefixes for the MN's interface. The prefixes should be released when MN leaves the network. When an operator wants to renumber its network [RFC4192], the prefixes with different lifetime are advertised to the MN. Identity Association for Prefix Delegation (IA_PD) Option enables DHCP messages to carry IPv6 prefixes. The procedure for prefix delegation with DHCP which is independent of address assignment with DHCP has been defined in [RFC3633]. Therefore DHCPv6 provides a way to manage the prefixes. AAA protocols, RADIUS or Diameter, can be involved in prefix allocation as defined in [RFC4818]. In this document we propose DHCPv6 based home network prefix allocation to PMIPv6 MNs. Section 3 describes PMIPv6 home network prefix allocation, Section 4 describes PMIPv6 home network prefix allocation with the help of AAA servers, Section 5 describes how prefixes are released and Section 6 presents miscellaneous considerations that apply. 2. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119]. This document uses the terminology defined in [RFC3315], [RFC3633]. All MIPv6 related terms are defined in [RFC3775] and PMIPv6 related terms are defined in [I-D.ietf-netlmm-proxymip6]. Sarikaya & Xia Expires May 12, 2008 [Page 4] Internet-Draft Prefix Delegation November 2007 3. PMIPv6 Home Network Prefix Delegation We first describe HNP allocation without policy profile/ store (defined in [I-D.ietf-netlmm-proxymip6]) followed by policy store based HNP allocation using DHCP. MN MAG LMA DHCPS |------>| | | 1. RtSol | |------->| | 2. PBU (HNP=0) | | |------->| 3. DHCP Solicit | | |<-------| 4. DHCP Advertise | | |------->| 5. DHCP Request (HNP) | | |<-------| 6. DHCP Reply (HNP) | |<-------| | 7. PBA (HNP) |<------| | | 8. RA(HNP) |------>| | | 9. DAD NS Figure 1: Prefix request procedure 1 Figure 1 illustrates the scenario where MN's interface is assigned a home network prefix without a policy store. In this scenario, LMA has a DHCP Client and DHCP Server is connected directly. DHCP messages need to be relayed using DHCP relay function in the LMA if the LMA and DHCP server are not connected directly. 1. An MN solicits a router advertisement (RtSol) for stateless address configuration. 2. Mobile Access Gateway (MAG) sends Proxy Binding Update (PBU) message to LMA and with HNP to zero. 3. LMA as the requesting router initiates DHCP Solicit procedure to request prefixes for the MN. LMA creates and transmits a Solicit message as described in sections 17.1.1, "Creation of Solicit Messages" and 17.1.2, "Transmission of Solicit Messages" of RFC 3315. LMA creates an IA_PD and assigns it an IAID. LMA MUST include the IA_PD option in the Solicit message. 4. The DHCP server as the delegating router sends an Advertise message to LMA in the same way as described in section 17.2.2, "Creation and transmission of Advertise messages" of RFC 3315. 5. LMA uses the same message exchanges as described in section 18, "DHCP Client-Initiated Configuration Exchange" of RFC 3315 to obtain or update prefixes from a DHCP server. LMA and the DHCP server use the IA_PD Prefix option to exchange information about prefixes in much the same way as IA Address options are used for assigned addresses. 6. LMA stores the prefix information it received in the Reply message. Sarikaya & Xia Expires May 12, 2008 [Page 5] Internet-Draft Prefix Delegation November 2007 7. LMA replies PBU with Proxy Binding Acknowledgement (PBA) and sets MN's prefix to HNP field of PBA. 8. MAG advertises prefixes to MN with Router Advertisement (RA) for stateless address configuration. 9. The MN starts verifying address uniqueness by sending a Duplicate Address Detection (DAD) Neighbor Solicitation (NS) message. Policy store based home network prefix allocation using DHCP can be done as shown in Figure 2. Policy store contains parameters such as the mobile node's home network prefix, permitted address configuration modes, roaming policy related and other parameters. MN MAG LMA AAA |-------|--------|-----------------| 1. Network entry | |<-------|---------------->| 2. IKEv2 SA Establishment | |------->| | 3. IKEv2 CFG_REQUEST | |--------|-----------------| 4. IKEv2 EAP Authentication | | DHCPS | | |------->| | 5. DHCP Solicit | | |<-------| | 6. DHCP Advertise | | |------->| | 7. DHCP Request (HNP) | | |<-------| | 8. DHCP Reply (HNP) | |<-------|<-------|--------| 9. IKEv2/EAP Success |<------| | | | 10. RA (HNP) |------>| | | | 11. DAD NS | |------->| | | 12. PBU (HNP) | |<-------| | | 13. PBA | | | | | Figure 2: Prefix request procedure 2 1. An MN boots up in the network. DHCP Server in Figure 2 is not involved in the network entry procedures. 2. The MAG starts IKEv2 procedures to establish a security association with the LMA [I-D.ietf-dime-mip6-split]. 3. MAG requests a prefix for MN's interface using CFG_REQUEST payload in the message. 4. MAG and LMA authenticate each other using EAP. At this moment LMA is ready to assign a prefix using DHCP PD. 5. Step 3 in Figure 1. 6. Step 4 in Figure 1. 7. Step 5 in Figure 1. 8. Step 6 in Figure 1. 9. EAP success is indicated by AAA server to LMA and LMA sends IKEv2 message with MN's profile containing MN's prefix to MAG. Successful network entry terminates and MAG gets HNP. Sarikaya & Xia Expires May 12, 2008 [Page 6] Internet-Draft Prefix Delegation November 2007 10. MAG advertises prefixes to MN with RA for stateless address configuration. 11. The MN starts verifying address uniqueness by sending a DAD NS. 12. MAG sends PBU with HNP assigned. 13. LMA replies with PBA and establishes MAG-LMA tunnel. If stateful address configuration is used in PMIPv6 links, prefix allocation using DHCPv6 can be done as shown in Figure 3. Here it is assumed that MAG and LMA already established a security association. MN MAG LMA AAA |-------|--------|-----------------|1. Network entry |<------|<-------|---------------->|2. EAP Access Authentication | |<-------|-----------------|3. EAP Success + Profile | |------->| |4. PBU (HNP=0) | | DHCPS | | |------->| |5. DHCP Solicit | | |<-------| |6. DHCP Advertise | | |------->| |7. DHCP Request (HNP) | | |<-------| |8. DHCP Reply (HNP) | |<-------| | |9. PBA (HNP) |<------|<-------|<-------|--------|10. Profile Complete |------>| | | |11. DHCP Request |<------| | | |12. DHCP Reply Figure 3: Prefix request procedure 3 In Steps 1-3, MN does network entry and MAG receives the authorization profile from AAA server after successful EAP exchanges. In Step 4, MAG sends a PBU with HNP field set to zero. In Steps 5-8, LMA assigns its HNP using DHCPv6. LMA replies with PBA and sets its HNP parameter in Step 9. IN Step 10, EAP authentication and profile acquisition is completed. In Step 11, MN requests an address from the local DHCP proxy/ server colocated in MAG. DHCP Proxy assigns MN-HoA from this prefix and sends it to MN in DHCP Reply in Step 12. 4-way exchange between LMA as requesting router (RR) and DHCP server as delegating router (DR) in the scenarios above MAY be reduced into a two message exchange using the Rapid Commit option [RFC3315]. LMA includes a Rapid Commit option in the Solicit message. DR then sends a Reply message containing one or more prefixes. 4. AAA Servers in Home Network Prefix Delegation Currently, there is no protocol defined for AAA-based prefix delegation. [RFC4818] defines a RADIUS attribute called Delegated- IPv6-Prefix that carries IPv6 prefixes to be delegated. This Sarikaya & Xia Expires May 12, 2008 [Page 7] Internet-Draft Prefix Delegation November 2007 attribute is usable within either RADIUS or Diameter. [RFC4818] recommends the delegating router to use AAA server to receive the prefixes to be delegated using Delegated-IPv6-Prefix attribute/AVP. Delegating router for PMIPv6 can use AAA server in two ways: Either it can receive a pool of prefixes from the AAA server initially by way of Framed-IPv6-Prefix attribute and then delegate each prefix on demand using the scenarios described in Section 3 or it can get the prefixes from the AAA server for each MN's interface separately by way of Delegated-IPv6-Prefix attribute. Figure 4 shows AAA-involved DHCP PD for Figure 1. MN MAG LMA DHCPS AAA |------>| | | | 1. RtSol | |------->| | | 2. PBU (HNP=0) | | |========| | DHCP PD Start | | | |------->| 3. AA-Request | | | |<-------| 4. AA-Answer (HNP) | | |========| | DHCP PD End | |<-------| | | 5. PBA (HNP) |<------| | | | 6. RA(HNP) |------>| | | | 7. DAD NS Figure 4: AAA-involved Prefix request procedure 1. MN solicits a router advertisement. 2. MAG sends PBU to LMA and sets HNP to zero. 3. LMA as Diameter client sends AA-Request message with an MN's information to Diameter server. 4. If the MN passes the authentication, the Diameter server sends AA-Answer message with prefix information to the LMA. The Delegated-IPv6-Prefix attribute MAY appear in an AA-Request packet as a hint by the LMA to the Diameter server that it would prefer a prefix, for example, a /48 prefix. The Diameter server MAY delegate a /64 prefix which is an extension of the /48 prefix in an AA-Request message containing Delegated-IPv6-Prefix attribute. The attribute can appear multiple times when RADIUS server assigns multiple prefixes to MN. 5. Step 7 in Figure 1. 6. Step 8 in Figure 1. 7. Step 9 in Figure 1. The procedure for AAA-involved DHCP PD corresponding to the scenarios of Figure 2 and Figure 3 can be similarly obtained. Sarikaya & Xia Expires May 12, 2008 [Page 8] Internet-Draft Prefix Delegation November 2007 5. Prefix Release Procedure MN MAG LMA DHCPS |------>| | | 1. Network exit/deregistration | |------->| | 2. PBU (lifetime=0) | |<-------| | 3. PBA | | |------->| 4. DHCP Release (HNP) | | |<------ | 5. DHCP Reply | | | | Figure 5: PMIPv6 Prefix Release Prefixes can be released in two ways, prefix aging or DHCP release procedure. In the former way, a prefix SHOULD not be used by an MN when the prefix ages, and the DHCP Server can delegate it to another MN. A prefix lifetime is delivered from the DHCPv6 server to the requesting router (LMA) through DHCP IA_PD Prefix option [RFC3633] and RA Prefix Information option [RFC4861]. We describe PMIPv6 prefix release procedure. Figure 5 illustrates how LMA releases prefixes to an DHCP Server: 1. An MN detachment signaling, such as switch-off or handover, triggers prefix release procedure. 2. MAG sends PBU with lifetime set to zero. 3. LMA replies with PBA. 4. LMA initiates a Release message to give back the prefixes to the DHCP server. 5. The server responds with a Reply message, and then the prefixes can be reused by other MNs. If PMIPv6 and MIPv6 are being used by the same MN and HA also supports LMA functionality as described in [I-D.devarapalli-netlmm-pmipv6-mipv6] the same binding cache entry for the MN is sometimes modified by the MN or by a MAG. Because of this, at Step 4 in Figure 5, if the HA colocated with LMA receives a MIPv6 registration BU, LMA MUST not release the prefix(es). 6. Miscellaneous Considerations The considerations on how to generate IAIDs and to delegate prefixes described in [I-D.sarikaya-16ng-prefix-delegation] on the access routers (AR) apply here on the local mobility anchors (LMA). Sarikaya & Xia Expires May 12, 2008 [Page 9] Internet-Draft Prefix Delegation November 2007 7. Security Considerations This draft introduces no additional messages. Comparing to [RFC3633], [RFC2865] and [RFC3588] there is no additional threats to be introduced. DHCPv6, RADIUS and Diameter security procedures apply. 8. IANA consideration None. 9. Acknowledgements 10. References 10.1. Normative References [I-D.ietf-netlmm-proxymip6] Gundavelli, S., Leung, K., Devarapalli, V., Chowdhury, K., and B. Patil, "Proxy Mobile IPv6", draft-ietf-netlmm-proxymip6-07 (work in progress), November 2007. [I-D.sarikaya-16ng-prefix-delegation] Sarikaya, B. and F. Xia, "Using DHCPv6 and AAA Server for Mobile Station Prefix Delegation", draft-sarikaya-16ng-prefix-delegation-01 (work in progress), March 2007. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson, "Remote Authentication Dial In User Service (RADIUS)", RFC 2865, June 2000. [RFC2866] Rigney, C., "RADIUS Accounting", RFC 2866, June 2000. [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., and M. Carney, "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", RFC 3315, July 2003. [RFC3576] Chiba, M., Dommety, G., Eklund, M., Mitton, D., and B. Aboba, "Dynamic Authorization Extensions to Remote Authentication Dial In User Service (RADIUS)", RFC 3576, Sarikaya & Xia Expires May 12, 2008 [Page 10] Internet-Draft Prefix Delegation November 2007 July 2003. [RFC3588] Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J. Arkko, "Diameter Base Protocol", RFC 3588, September 2003. [RFC3633] Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic Host Configuration Protocol (DHCP) version 6", RFC 3633, December 2003. [RFC3775] Johnson, D., Perkins, C., and J. Arkko, "Mobility Support in IPv6", RFC 3775, June 2004. [RFC4818] Salowey, J. and R. Droms, "RADIUS Delegated-IPv6-Prefix Attribute", RFC 4818, April 2007. [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, September 2007. 10.2. Informative References [I-D.devarapalli-netlmm-pmipv6-mipv6] Devarapalli, V., "Proxy Mobile IPv6 and Mobile IPv6 interworking", draft-devarapalli-netlmm-pmipv6-mipv6-01 (work in progress), April 2007. [I-D.ietf-dime-mip6-split] Korhonen, J., Tschofenig, H., Bournelle, J., Giaretta, G., and M. Nakhjiri, "Diameter Mobile IPv6: Support for Home Agent to Diameter Server Interaction", draft-ietf-dime-mip6-split-05 (work in progress), September 2007. [RFC4192] Baker, F., Lear, E., and R. Droms, "Procedures for Renumbering an IPv6 Network without a Flag Day", RFC 4192, September 2005. Authors' Addresses Behcet Sarikaya Huawei USA 1700 Alma Dr. Suite 500 Plano, TX 75075 Email: sarikaya@ieee.org Sarikaya & Xia Expires May 12, 2008 [Page 11] Internet-Draft Prefix Delegation November 2007 Frank Xia Huawei USA 1700 Alma Dr. Suite 500 Plano, TX 75075 Phone: +1 972-509-5599 Email: xiayangsong@huawei.com Sarikaya & Xia Expires May 12, 2008 [Page 12] Internet-Draft Prefix Delegation November 2007 Full Copyright Statement Copyright (C) The IETF Trust (2007). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Intellectual Property The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Acknowledgment Funding for the RFC Editor function is provided by the IETF Administrative Support Activity (IASA). Sarikaya & Xia Expires May 12, 2008 [Page 13]