Mobile IP Working Group B. Sarikaya Internet Draft Xiaofeng Xu Document: draft-sarikaya-seamoby-mipv6hp-00.txt Vinod Kumar Choyi Category: Standards track Andrew Krywaniuk Alcatel Claude Castelluccia Inria Rhone-Alpes September 2001 Mobile IPv6 Hierarchical Paging draft-sarikaya-seamoby-mipv6hp-00.txt Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet- Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This document is an individual submission for the mobile-ip Working Group of the Internet Engineering Task Force (IETF). Comments should be submitted to the MOBILE-IP@STANDARDS.NORTELNETWORKS.COM mailing list. Distribution of this memo is unlimited. Abstract This document specifies Hierarchical Mobile IPv6 Hierarchical Paging (HMIPv6HP), an IP host alerting protocol which is an extension to Hierarchical Mobile IPv6. The extension allows a mobile node to enter a power saving dormant mode during which its location is known with coarse accuracy defined by a paging area. In the visited domain only the paging mobility anchor point (PMAP) is responsible for keeping the binding cache entries for dormant mobile nodes and, it re- establishes the downlink routes on demand by means of paging. Paging is initiated by the paging agent (PA) and the access routers in paging areas and does not involve periodic layer 3 messages to be sent except for time-slot based paging which is optional and is to be used on links with no support for layer 2 paging. The protocol works with layer 2 paging areas if they are supported. Sarikaya, Xu, Choyi, Krywaniuk, Castelluccia 1 Mobile IPv6 Hierarchical Paging September 2001 Table of Contents Status of this Memo............................................1 Abstract.......................................................1 Table of Contents..............................................2 1. Introduction................................................3 2. Terms.......................................................3 3. Protocol Operation..........................................5 3.1. Paging Area Discovery..................................5 3.1.1 Moving in Paging Areas ...............................6 3.2. Entering Dormant Mode..................................7 3.3. Paging.................................................8 3.3.1 Time-slot Based Paging ..............................10 3.4. Entering Active Mode..................................10 3.5. Dynamic PMAP Discovery................................11 4. Protocol Extensions........................................11 4.1. Paging Area ID Extension.................. ...........11 4.2. Advertisement Interval Extension......................12 4.3. Dormant Mode Request Extension........................13 4.4. Dormant Mode Reply Extension..........................14 4.5. Paging Request Message................................15 4.6 Paging Reply Message .................................17 4.7. Paged Mobile Node Address Extension...................18 5. IANA Considerations........................................19 6. Security Considerations....................................19 7 Future revisions ..........................................21 8. References.................................................21 Authors' Addresses............................................22 Sarikaya, Xu, Choyi, Krywaniuk, Castelluccia Expires March 2002 2 Mobile IPv6 Hierarchical Paging September 2001 1. Introduction This document specifies an extension to Mobile IPv6 [1] with hierarchical mobility management [2] in order to support power- constrained operation and to reduce routing state information in the visited domain. The protocol assumes a Hierarchical Mobile IPv6 network utilizing a Mobility Anchor Point extended with paging support called Paging Mobility Anchor Point (PMAP). The Paging Mobility Anchor Point is a MAP which is at highest distance from the mobile nodes (MN) in the visited domain. The protocol assumes a new entity called Paging Agent (PA) as in [3], which is in charge of paging dormant mobile nodes. The access points below PA may optionally be organized into several layer 3 paging areas. Optionally layer 2 paging areas sharing the same access router are also supported. In the protocol HMIPv6HP, MN uses either the basic or the extended mode of operation of HMIPv6 while roaming within a MAP's domain. Access routers advertise paging support by including a Paging Area ID extension in their Router Advertisements. A mobile node that wishes to enter into dormant mode sends a Regional Binding Update with a Dormant Mode Request extension to the PMAP. The PMAP sends a binding acknowledgement with Dormant Mode Reply extension to the mobile node. After this, the binding cache entry at the intermediate MAP router hierarchy is removed except at the PMAP. The mobile node enters the active mode by performing a normal regional registration, i.e. binding the RCOA to its on-link COA (LCOA). The network may trigger this by paging the mobile node. The network pages the mobile node by sending a Router Advertisement to all dormant nodes multicast address with a Paged Mobile Node Address extension called Paging Router Advertisement (Paging RA). The paging router advertisement starts layer 2 paging process which eventually alerts the mobile node. Time slot based paging can optionally be used when there is no link layer support for paging. Solicited-Node Multicast Address obtained from the home address of the mobile node is used as the destination of the paging router advertisement if only a single MN is to be paged. Paging router advertisements are sent periodically until the mobile node is waken up. 2. Terms The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC-2119 [4]. Please see [5] for definition of terms used in describing paging. In addition, this document defines the following terms: Sarikaya, Xu, Choyi, Krywaniuk, Castelluccia Expires March 2002 3 Mobile IPv6 Hierarchical Paging September 2001 Dormant Mode Registration The mobile node is required to perform an dormant mode registration by sending a Mobile IPv6 Binding Update destination option with extensions before entering the dormant mode. Paging Router Advertisement Access routers send in addition to the Mobile IPv6 router advertisements, messages called paging router advertisements to the paging multicast address to page the mobile nodes in dormant mode. The paging multicast address is all dormant nodes multicast address except when time-slot based paging is used. Time-Slot Based Paging If time-slot based paging is used the mobile node is paged in exact time slots based on the paging slot index, paging slot offset and paging slot interval values. All these values are made known to the mobile node before it enters the dormant mode. Paging RAs are periodic and are sent to the solicited-node multicast address of the home address or to a joint multicast address if several MNs are paged simultaneously. Paging Mobility Anchor Point In a hierarchical Mobile IPv6 network, the Paging Mobility Anchor Point (PMAP) is the Mobility Anchor Point (MAP) which is of highest distance from the MN. In single hierarchy MAP domains, MAP assumes the functionality of PMAP. Paging Agent In a hierarchical Mobile IPv6 network, the Paging Agent (PA) is the entity which is in charge of paging the mobile nodes. PA initiates the paging after receiving a request from PMAP and the real paging is performed at the link layer. Paging Multicast Address An IPv6 multicast address used for paging a mobile node by an access router. All dormant nodes multicast address is used normally. All dormant nodes multicast address is permanently assigned and is of link-local scope. In the optional time-slot based paging, solicited- node multicast address obtained from the home address is the paging multicast address if the mobile node is paged individually. For efficiency purposes a single paging multicast address may be used to page more than one mobile node. In this case the paging multicast address is an IPv6 multicast address which is transient and is of global scope. Paging Area Multicast Address Sarikaya, Xu, Choyi, Krywaniuk, Castelluccia Expires March 2002 4 Mobile IPv6 Hierarchical Paging September 2001 The access routers below PA in hierarchy are organized in the form of paging areas. Each region may have one or more paging areas indicated by PA1, PA2, ..., PAn. The access routers in paging area i are members of the paging area multicast address (PAMAi). A paging area multicast address is an IPv6 multicast address which is permanently assigned and is of global scope. Access Point An access point (AP) is a layer 2 device as defined in [6]. 3. Protocol Operation The architecture of the protocol is depicted in Fig. 1. PA1, PA2, etc. indicate Layer 3 paging areas and pa1, pa2, etc. indicate layer 2 paging areas. 3.1. Paging Area Discovery An access router advertises paging support with the Paging Area ID extension in the Router Advertisement. The mobile node (MN) detects its current paging area based on the paging area ID. Access routers of neighboring cells may advertise the same paging area ID if they belong to the same paging area. The paging agent is in charge of paging areas in the domain. The access routers in each paging area are members of an IPv6 multicast address that uniquely identifies the paging area. The paging area multicast address is a permanent address with global scope. The paging area multicast address has the form: FF0E::Group-id where Group-id is a 32-bit unique group id which MUST be equal to the Paging Area ID. Each access router MAY advertise a unique paging area ID or a collection of adjacent access routers may advertise a unique paging area ID. If time slot based paging is supported (Section 3.3.1), the router advertisement MUST also contain an Advertisement Interval extension which specifies the time interval between subsequent router advertisements. An Advertisement Interval extension with non-zero slot length field indicates support for time slot based paging within the paging area. All access routers in the same paging area send router advertisements simultaneously with the same advertisement interval. A new field in the Advertisement Interval extension indicates the length of the advertisement slot in milliseconds. The advertisement slot is the time during which MN powers on its receiver in order to receive unsolicited Router Advertisements. Slot sequence number is another new field in the Advertisement Interval extension that is used for determining MN's paging slot. If layer 2 paging areas are supported AR can not advertise the paging area ID because there may be several paging areas in a subnet. In this case MN knows the paging area ID using layer 2 means, e.g. broadcast channel. Sarikaya, Xu, Choyi, Krywaniuk, Castelluccia Expires March 2002 5 Mobile IPv6 Hierarchical Paging September 2001 +-------+ | HA | +-------+ \ \~~~~~) ( + ) ( ) +-------+ ( +---------+ CN | ( Internet ) +----+--+ ( ) ( ) ( + ( ~~~~ ) \ +---+---+ +-------+ | | | Paging| | MAP +-------+ Agent | +-------+ +-------+ / | \ / | \ / | \ / | \ / | \ / | \ / | \ / | \ +-----+---+ +----+----+ +---+-----+ | | | | | | | AR1 | | AR2 | | AR3 | +-+--+--+-+ +-+--+--+-+ +-+--+--+-+ / | \ / | \ / | \ / | \ / | \ / | \ +--+ +--+ +--+ +--+ +--+ +--+ +--+ +--+ +--+ |AP| |AP| |AP| |AP| |AP| |AP| |AP| |AP| |AP| +--+ +--+| +--+ +--+ +--+ +--+ +--+ +--+ +--+ +-----PA1-|----+ +--------------PA2---------------+ | pa1 |pa2 | | | V V +--------+ | MN | +--------+ -------------> Movement Figure 1. Architecture of MIPv6HP Protocol Entities 3.1.1 Moving in Paging Areas When a dormant MN detects that it has moved into a new paging area, it MUST perform a normal regional registration and a dormant mode registration if the new paging area is still in the same domain. If Sarikaya, Xu, Choyi, Krywaniuk, Castelluccia Expires March 2002 6 Mobile IPv6 Hierarchical Paging September 2001 dormant MN has moved into a new paging area of a new domain then it MUST perform a normal home registration, a normal regional registration and a dormant mode registration. After the dormant mode MN sends a dormant mode registration, PMAP modifies the paging area ID in its binding cache. If layer 2 paging areas are used, MN detects the change of paging area using layer 2 means, e.g. paging channel. MN needs to do only dormant mode registration if the access router is still the same, letting PMAP know the new paging area ID. Paging area detection in dormant mode may not be possible in some links without periodically establishing layer 3 communication as in time-slot based paging. 3.2. Entering Dormant Mode When MN is sending or receiving packets it is in the active mode. When MN is in active mode, the operation is exactly the same as in Hierarchical Mobile IPv6 using the basic or extended modes on a MAP's subnet. When MN is not actively communicating, it can enter the dormant mode. When in dormant mode, the visited domain does not know the exact location of MN. The visited domain knows the paging area of the dormant MN. When MN wishes to enter the dormant mode, it performs a dormant mode registration by sending a Regional Binding Update with a Dormant Mode Request extension. The destination address of the Regional Binding Update with a Dormant Mode extension is the PMAP. MN may also enter the dormant mode or extend the life time of its dormant mode by way of a home registration, i.e. by sending a BU with Dormant Mode Request to its Home Agent. If time-slot based paging is used, the Dormant Mode Request extension contains the paging slot interval expressed as a multiple of advertisement intervals. MN sends the Paging Area ID in the Dormant Mode Request extension. The Paging Area ID value MUST be equal to the Paging Area ID advertised by the access router of the current cell of MN for layer 3 paging areas and to the Paging Area ID obtained through layer 2 means for layer 2 paging areas. The Dormant Mode Request extension contains 3 optional bits that are used to indicate dormant mode options such as broadcast/multicast/anycast to trigger a page. When a MAP receives the Regional Binding Update with a Dormant Mode request extension, it establishes or updates its regional binding cache entry for the mobile node as in Hierarchical Mobile IPv6. When a MAP receives a Binding acknowledgement with a Dormant Mode reply extension, it deletes the binding cache associated with this MN if MAP is not a PMAP. MAPs do not maintain any tunnels Sarikaya, Xu, Choyi, Krywaniuk, Castelluccia Expires March 2002 7 Mobile IPv6 Hierarchical Paging September 2001 or other routing information for dormant mode MNs in their routing tables. The Binding Update or Regional Binding Update with a Dormant Mode request extension has a lifetime. MN that wishes to stay in the dormant mode longer than this lifetime MUST extend the lifetime by performing another dormant mode registration. MN may also extend the lifetime of its home registration and yet stay in the dormant mode by performing a home registration with the Dormant Mode Request extension. Dormant mode extensions are transparent to HA, i.e. HA responds only to the life time extension of MN's home registration. PMAP includes a Dormant Mode Reply extension to the Regional Binding Acknowledgement. PMAP keeps the binding cache for MN and adds the Paging Area ID to the cache entry. The binding cache for the MN MUST contain the Paging Multicast Address as equal to the solicited node multicast address obtained from the home address of MN. 3.3. Paging When PMAP receives a packet from a correspondent node destined to a mobile node that has the dormant mode flag set in the binding cache, PMAP does not forward the packet to any lower MAP. Instead it sends a Paging Request IPv6 unicast message to the Paging Agent. PMAP sets the fields of paging request message as follows: In normal mode, the fields of paging slot index, interval and offset are not set. Paging multicast address is not set in all cases. Paged mobile node address field is filled from the binding cache as the home address of the destination mobile node of the packet received from correspondent node. If time-slot based paging is used in the paging area then the values required for determining the paging slot are copied from the binding cache. PA, after receiving Paging Request message from PMAP sends a Paging Request message to the access routers in the paging area the mobile node was last in. The access router which finds the dormant node MN sends a Paging Reply message to the Paging Agent. If no reply is received after a timeout period, PA starts paging in other paging areas until MN is found or else the paging fails. PA uses paging area multicast address as the destination address of the Paging Request message. PA determines which mode of paging to use. In normal paging mode, PA determines paging area ID of MN(s) (PAi) and then forwards the Paging Request message to the destination address PAMAi. PA receives a Paging Reply message from all access routers in the paging area. If Paged Mobile Node Address field is empty in any of the replies then the paging has successfullly located the dormant node MN. Otherwise PA should continue to page the MN in other paging areas. Sarikaya, Xu, Choyi, Krywaniuk, Castelluccia Expires March 2002 8 Mobile IPv6 Hierarchical Paging September 2001 PA initiates paging in other paging areas by sending multicast paging request messages to the access routers. The order of paging areas in which the MN is to be paged is implementation specific. PA receives the replies as described. After the paging process is complete, PA reports the result of paging in a Paging Reply message to PMAP to acknowledge the Paging Request Message and to report on the results. Paged mobile node address field of the Paging Reply message is empty if MN has been located. PMAP silently ignores any Paging Reply messages that report successful paging. If paged mobile node address field of the Paging Reply message is not empty, PMAP receives the address of MN for which paging failed in Paging Reply message. PMAP SHOULD send a Destination Unreachable ICMPv6 error message to the correspondent node(s). The access routers in the Paging Area send a Paging Router Advertisement to all dormant nodes multicast address. All dormant nodes multicast address is permanently assigned and is of link-local scope and is of the form: FF02::gid where gid is TBD. Paged mobile node address field of the paging router advertisement is assigned from the paging request message sent by PA. The address is the home addresses of dormant mode MN. Paging router advertisement triggers the paging of dormant node MN(s) using link layer paging. From the addresses in paged mobile node address field, it is possible to obtain the EUI-64 identifier for each MN and hence the link layer address of each MN is made known. After sending paging router advertisement, the access router starts a timer and at the end of the timer period a Paging Reply message is sent to Paging Agent. Paging Reply message contains in its Paged Mobile Node Address field the address of MN that has not performed a registration, if any. If layer 2 paging areas are supported the paging agent acts as a layer 2 entity and uses layer 2 means to page MN by possibly communicating each access point in the paging area and providing the layer 2 address, e.g. IMSI of MN to APs. APs then use this information to page all the dormant mode mobiles in their cell possibly using paging channels. The MN is expected to perform an ordinary binding update or an ordinary regional binding update in response to a Paging Router Advertisement. PMAP MAY transmit the Paging Request after a timeout to Paging Agent. While waiting for the response of MN, PMAP MAY buffer the data destined to MN. When MN has entered the active mode, PMAP can stop buffering and forward the buffered packets to MN. PMAP discards buffered packets after a timeout. Sarikaya, Xu, Choyi, Krywaniuk, Castelluccia Expires March 2002 9 Mobile IPv6 Hierarchical Paging September 2001 3.3.1 Time-slot Based Paging Paging agent decides which paging areas will support time-slot based paging and configures the access routers in those paging areas and informs PMAP. If the optional time slot based paging mechanism is used, the Dormant Mode Reply extension contains a paging slot index (an integer) and a paging slot offset (in milliseconds) which are used in determining the exact timing of paging. The paging slot instant is determined as follows: Paging slot occurs N milliseconds later than every paging slot interval number of unsolicited periodic router advertisements. The delay N equals paging slot index times advertisement interval plus paging slot offset. The paging slot interval times the Advertisement Interval is the period of Paging Router Advertisements and the paging slot index and paging slot offset specify the exact timing of the paging. For example, if paging slot interval is 4, paging slot index is 2 and paging slot offset is 100 ms, then there will be a paging slot during every 0th, 4th, 8th, etc. unsolicited router advertisement and it will exactly occur 100 ms after every 2nd, 6th, 10th, etc. router advertisement. The length (duration) of the paging slot is equal to the length of the advertisement slot. Since mobile nodes can not determine the exact instant of the paging slot, access routers do not send Paging Router Advertisements during the first and the last quarter of the paging slot. The sequence number field is needed in determining the paging slot. Thus the slot sequence number field is defined for this purpose. In time-slot based paging, if a single MN is to be paged then the solicited-node multicast address obtained from the home address of MN is used as the destination address. When time slot based paging is supported, the Paging Request contains the paging slot interval, the paging slot index, and the paging slot offset. Using these values the access routers in the paging area can generate periodic Paging Router Advertisements until MN enters the active mode. If time slot based paging is used, the access routers send the Paging Router Advertisements during the second and the third quarter of the MN's paging slot. 3.4. Entering Active Mode When MN receives a Paging Router Advertisement to its solicited-node multicast address that MN received with Binding Acknowledgement with Dormant Mode Reply extension, MN enters the active mode. MN can also enter active mode if it needs to send a packet. When entering the active mode, MN sends a home registration or a regional registration by sending a Binding Update MIPv6 destination Sarikaya, Xu, Choyi, Krywaniuk, Castelluccia Expires March 2002 10 Mobile IPv6 Hierarchical Paging September 2001 option. This sets up the routing state in the MAPs of Hierarchical Mobile IPv6 [2]. This registration clears the dormant mode in PMAPÆs binding cache and allows all subsequent data to reach MN. 3.5. Dynamic PMAP Discovery Dynamic PMAP discovery is an extension to the Dynamic MAP discovery of Hierarchical MIPv6 [2]. As in [2], the access routers are required to send the MAP option in all router advertisements. MN selects the MAP whose distance is the highest as its current PMAP and stores the global IPv6 address of this MAP. When, in the subsequent router advertisements, another MAP with a distance greater than the current PMAP is advertised, MN replaces the current PMAP with the new highest distance PMAP. When going to the dormant mode, MN sends its Regional Registration message (Binding Update with Dormant Mode Request extension) to the current PMAP. 4. Protocol Extensions 4.1 Paging Area ID Extension Mobile IPv6 Router Advertisement messages may contain a Paging Area ID Extension. The Paging Area ID extension is defined as follows: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Paging Area ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type TBD Length The length (in octets) of the Paging Area ID field. The length of the option (including the type and length fields) in units of 8 octets. The value of this field must be 1. Paging Area ID A 32-bit identifier. The access router that supports regional paging indicates the support by including the Paging Area ID Sarikaya, Xu, Choyi, Krywaniuk, Castelluccia Expires March 2002 11 Mobile IPv6 Hierarchical Paging September 2001 extension in the Router Advertisement message. If present, the Paging Area ID extension MUST appear in the Router Advertisement message after any of the advertisement extensions defined in [3]. 4.2. Advertisement Interval Extension The base Mobile IPv6 protocol's Advertisement Interval option for Router Advertisement messages is extended to optionally include slot length and slot sequence number. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Slot Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Advertisement Interval | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Slot Sequence Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type TBD. Length 8-bit unsigned integer. The length of the option (including the type and length fields) in units of 8 octets. The value of this field MUST be 2. Slot Length 16-bit unsigned integer. Indicates the length in milliseconds of the advertisement slot during which the mobile nodes activate their receivers in order to receive Paging Router Advertisements, if time slot based paging is supported. The router advertisement MUST also include a Paging Area ID extension if the Slot Length is non-zero. If this field is zero, it indicates that the Paging Area does not support time slot based paging. Advertisement Interval 32-bit unsigned integer. The time in milliseconds (not the maximum time as in the base Mobile IPv6) between two successive unsolicited router advertisement messages sent by this access router on this network interface. Slot Sequence Number Sarikaya, Xu, Choyi, Krywaniuk, Castelluccia Expires March 2002 12 Mobile IPv6 Hierarchical Paging September 2001 16-bit unsigned integer. This field is included if time slot based paging is supported. The slot sequence number in each unsolicited Router Advertisement is one greater than in the previous unsolicited Router Advertisement. The slot sequence number is used to determine mobile node's paging slot, as specified in Section 3.3.1. 4.3 Dormant Mode Request Sub-Option (alignment requirement: 2n) The Dormant Mode Request sub-option is valid only in Binding Update destination option. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Paging Slot Interval | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Paging Area ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |B|M|A| Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type TBD Length The length (in octets) of the Paging Slot Interval field if the mobile node requests time slot based paging otherwise the length equals zero. The value of this field must be 2 if time slot based paging is requested. Paging Slot Interval 16-bit unsigned integer value indicating the paging slot interval. This field is optional. The value if exists is used to determine the mobile node's paging slot. Paging Area ID 32-bit unsigned integer value. The same value as advertised by the access router that supports regional paging. B Sarikaya, Xu, Choyi, Krywaniuk, Castelluccia Expires March 2002 13 Mobile IPv6 Hierarchical Paging September 2001 B bit is optionally used to indicate willingness to be alerted by broadcast packets. M M bit is optionally used to indicate willingness to be alerted by multicast packets. A A bit is optionally used to indicate willingness to be alerted by anycast packets. Reserved Reserved for future use to indicate more dormant mode options. 4.4. Dormant Mode Reply Sub-Option (alignment requirement: 8n+2) The Dormant Mode Reply sub-option is valid only in Binding Acknowledgement destination option. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Paging Slot Index | Paging Slot Offset | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | | + Paging Multicast Address + | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type TBD. Length 8-bit unsigned integer. Length of the Dormant Mode Reply sub option data fields not including the type and length fields. Paging Slot Index 16-bit unsigned integer. This field is optional. The value is assigned by the gateway mobility agent if time slot based paging is used. Paging slot index value is used in determining the mobile node's paging slot. Paging Slot Offset Sarikaya, Xu, Choyi, Krywaniuk, Castelluccia Expires March 2002 14 Mobile IPv6 Hierarchical Paging September 2001 16-bit unsigned integer. This field is optional. The value is assigned by the gateway mobility agent if time slot based paging is used. Paging slot offset value is used in determining the mobile node's paging slot. Paging Multicast Address This field is absent in normal mode. It may contain a value if time-slot based paging is used. The value is IPv6 multicast address used for paging the mobile node. 4.5 Paging Request Message When paging a mobile node, the Paging Mobility Anchor Point sends a Paging Request Message which is a destination option to paging agent. The Paging Agent in turn sends paging request message to the access routers in a given paging area. Overall Message Structure for Paging Request Message is as follows: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | IPv6 Header (NH = DestOpts) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | NH = NONE | Paging Request | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ The Paging Request destination option is encoded in type-length-value (TLV) format as follows: Sarikaya, Xu, Choyi, Krywaniuk, Castelluccia Expires March 2002 15 Mobile IPv6 Hierarchical Paging September 2001 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Option Type | Option Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Paging Slot Interval | Paging Slot Index | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Paging Slot Offset | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | | + Reserved + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | | + Paging Multicast Address + | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + . . . Paged Mobile Node Address . . . + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Option Type TBD Option Length 8-bit unsigned integer. Length of the option, in octets, excluding the Option Type and Option Length fields. This field MUST be set to 28 plus 16 times the number of mobile nodes to be paged. Paging Slot Index 16-bit unsigned integer. A parameter used to determine the mobile node's paging slot, as specified in Section 3.2. If time- slot based paging is not used this field must be set to zero. Sarikaya, Xu, Choyi, Krywaniuk, Castelluccia Expires March 2002 16 Mobile IPv6 Hierarchical Paging September 2001 Paging Slot Offset 16-bit unsigned integer. A parameter used to determine the mobile node's paging slot, as specified in Section 3.2. If time- slot based paging is not used this field must be set to zero. Paging Slot Interval 16-bit unsigned integer. The interval between two successive paging slots, in multiples of advertisement intervals. If time- slot based paging is not used this field must be set to zero. Reserved This field is unused. It MUST be initialized to zero by the sender and MUST be ignored by the receiver. Paging Multicast Address Optional IPv6 multicast address to be used as the destination address for Paging Router Advertisements. This field is needed only when there are more than one Paged Mobile Node Addresses that follow in the Paging Request destination option. If there is only one mobile node to be paged then this field must be set to zero. Paged Mobile Node Address Home address of the mobile node(s) that is the target of paging. 4.6 Paging Reply Message Paging reply message is used to report the result of paging. It is sent from the access router to the paging agent and from the paging agent to PMAP. The Paging Reply destination option is encoded in type-length-value (TLV) format as follows: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Option Type | Option Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + . . . Paged Mobile Node Address . . . + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Sarikaya, Xu, Choyi, Krywaniuk, Castelluccia Expires March 2002 17 Mobile IPv6 Hierarchical Paging September 2001 Option Type TBD Option Length 8-bit unsigned integer. Length of the option, in octets, excluding the Option Type and Option Length fields. This field MUST be set to 16 times the number of mobile nodes that could not be located by paging. Paged Mobile Node Address Home address of the mobile node that was paged unsuccessfully. 4.7 Paged Mobile Node Address Extension The Paged Mobile Node Address extension is used for identifying the mobile node that is paged. When this extension is used as an option in a router advertisement the router advertisement is called a Paging Router Advertisement. The Paged Mobile Node address extension is defined as follows: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + . . . Paged Mobile Node Address . . . + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type TBD Length 8-bit unsigned integer. The length of the option (including the type and length fields) in units of 8 octets. Reserved Sarikaya, Xu, Choyi, Krywaniuk, Castelluccia Expires March 2002 18 Mobile IPv6 Hierarchical Paging September 2001 This field is unused. It MUST be initialized to zero by the sender and MUST be ignored by the receiver. Paged Mobile Node Address Home address of the MN that is the target of paging. There MAY not be more than one MN address in this field. 5. IANA Considerations MIPv6HP requires two new IPv6 destination options to be used for sending the Paging Request and paging reply messages (Section 4.5 and 4.6). MIPv6HP requires 3 new extension types to be used in combination with router advertisements: a type for Advertisement Interval extension (Section 4.1), a type for Paging Area ID extension (Section 4.2), a type for Paged Mobile Node Address extension (Section 4.7). MIPv6HP requires two new types to be used in combination with the Binding Update or Binding Acknowledgement destination options: a type for the Dormant Mode Request extension (Section 4.3) and a type for the Dormant Mode Reply extension (Section 4.4). MIPV6HP requires a new multicast address called all dormant nodes multicast address as an extension to [7] (Section 3.3). 6. Security [3] outlines a number of possible security vulnerabilities of an IP paging protocol. The vast majority of these attacks are prevented if all paging traffic is protected by an IPsec security association (SA). One category of attacks is DoS Amplification attack of section 3.1 in [3], in which bogus paging requests are wide casted across the network. This attack is prevented by taking advantage of the source authentication which IPsec provides. With IPsec, only authorized and authenticated nodes can initiate paging. If an authenticated node misbehaves then it can be removed from the list of authorized users. IPsec source authentication also solves the Queue Overflow attack of section 3.2 in [3]. The remaining problems are the Bogus Paging Area and Forced Battery Consumption attacks described in section 3.3 of [3]. This protocol does not fully solve the Bogus Paging Area problem because we believe that the problem is not solvable without a large-scale PKI and extremely precise clock synchronization. An attacker could simply take the paging messages from one area and rebroadcast them in another area. As for the Forced Battery Consumption attack, there are several reasonable solutions to this problem: Sarikaya, Xu, Choyi, Krywaniuk, Castelluccia Expires March 2002 19 Mobile IPv6 Hierarchical Paging September 2001 1) On Demand Negotiation: SAs are negotiated on demand (whenever the host is paged or when it crosses a paging area boundary). 2) Perpetual Connectivity: Before a host enters dormant mode, it ensures that it has an SA with the PMAP and/or the access router. 3) Signed Paging Messages: SAs are negotiated on demand, but only upon reception of a cryptographically signed paging request (signed with the PMAP's public key). 4) A hybrid of the above methods. In order to leverage the existing framework for negotiating IPsec SAs, we use a hybrid of solutions 1 and 2. Since it is difficult to prevent an attacker from spoofing bogus paging requests or paging router advertisement messages, we allow the attack to proceed, but we limit its effectiveness. Under normal condition, the operation of the protocol is closer to method 1; under conditions of DoS, the operation is closer to method 2. In general, a host can be paged with an unauthenticated layer 2 or layer 3 paging message. Upon reception of a page, the mobile node sets up an SA with the PMAP. If the wakeup message turns out to have been spoofed (e.g. there are no packets waiting at the PMAP) then the mobile node goes into DoS protection mode. In DoS protection mode, the mobile node sets up an SA with the access router. Subsequent layer 3 paging requests, i.e. paging RAs from that access router will be ignored unless they are authenticated by the SA. Layer 2 paging cannot be used unless there is an available layer 2 security mechanism with equivalent strength to IPsec (and the key management protocol (KMP) for layer 2 has access to the same authentication infrastructure that is used to create IPsec SAs). When a mobile node goes into the active mode and establishes layer 3 communication, it doesn't immediately send a binding update to the PMAP. First, it attempts to establish an SA with the access router in the new paging area. If that fails, the mobile node assumes that the paging RA was spoofed and it enters DoS protection mode. In DoS protection mode, the mobile node does not immediately respond to paging RA messages. Before committing to the new area, MN allows sufficient time for the access router in the existing paging area to send a competing advertisement. If conflicting areas are detected then the existing area is kept in preference. If MN continues to receive conflicting paging router advertisements, then it must periodically wake up and ping the access router with which it currently has an SA. If the existing access router is unreachable, then MN should attempt to establish an SA with any of the other access routers for which it has received an advertisement. If that fails, then MN should give up and simply enter inactive mode. Sarikaya, Xu, Choyi, Krywaniuk, Castelluccia Expires March 2002 20 Mobile IPv6 Hierarchical Paging September 2001 Some notes on the use of IPsec: When IPsec is being used to protect triggered wakeup messages, the anti-replay feature of ESP/AH MUST be enabled. Also, IPsec SAs can be created by a variety of KMPs, and these have different properties. An IP paging protocol does not have a need for advanced security features such as perfect forward secrecy. With some key management protocols, such as KINK, once the initial SA has been setup, subsequent SA negotiations with other hosts in the domain can be very fast. 7. Future Revisions Future versions of this document are expected to contain: List of protocol constants with suggested values, Simultaneous paging of more than one mobile. Acknowledgements. We would like to thank J. Malinen and H. Haverinen (Nokia) for their ideas on time-slot based paging which we have adopted in this document. 8. References 1 D.B. Johnson, C.E. Perkins. "Mobility Support in IPv6", draft-ietf- mobileip-ipv6-14.txt, July 2001. 2 H. Soliman, C. Castelluccia, K. El-Malki, L. Bellier. "Hierarchical MIPv6 Mobility Management", draft-ietf-mobileip-hmipv6-04.txt, July 2001. 3 Kempf, J., Castelluccia, C., Mutaf, P., Nakajima, N., Y., Ramjee, R., Saifullah, Y., Sarikaya, B., Xu, X., "Requirements and Functional Architecture for an IP Host Alerting Protocol", RFC 3154, August 2001. 4 Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997 5 Kempf, J., "Dormant Mode Host Alerting ("IP Paging") Problem Statement", RFC 3132, June 2001. 6 Manner, J., et al., "Mobility Related Terminology", draft-manner- seamoby-terms-02.txt, work in progress, July 2002. 7 Hinden, R., Deering, S., "IPv6 Multicast Address Assignments", RFC 2375, July 1998. 9. Authors' Addresses The working group can be contacted via the current chair: Pat R. Calhoun Black Storm Networks 250 Cambridge Avenue Sarikaya, Xu, Choyi, Krywaniuk, Castelluccia Expires March 2002 21 Mobile IPv6 Hierarchical Paging September 2001 Suite 200 Palo Alto, CA 94306 USA Tel. 1-650-617-2932 Email: pcalhoun@btormnetworks.com Questions about this memo can also be directed to: Behcet Sarikaya Network Strategy Group, Mobile Networking Team Alcatel USA M/S CTO2 1201 E. Campbell Rd. Richardson, TX 75081-1936 USA Email: behcet.sarikaya@alcatel.com Phone: (972) 996-5075 Fax: (972) 996 5174 Xiaofeng Xu Network Strategy Group, Mobile Networking Team Alcatel USA M/S CTO2 1201 E. Campbell Rd. Richardson, TX 75081-1936 USA Email: xiaofeng.xu@alcatel.com Phone: (972) 996-2047 Fax: (972) 996 5174 Vinod Kumar Choyi Network Strategy Group, Mobile Networking Team Alcatel USA M/S CTO2 1201 E. Campbell Rd. Richardson, TX 75081-1936 USA Email: vinod.choyi@alcatel.com Phone: (972) 996-2788 Fax: (972) 996 5174 Andrew Krywaniuk Alcatel Networks Corporation 600 March Road Kanata, ON Canada, K2K 2E6 +1 (613) 784-4237 E-mail: andrew.krywaniuk@alcatel.com Claude Castelluccia INRIA Rhone-Alpes 655 avenue de l'Europe 38330 Montbonnot Saint-Martin FRANCE email: claude.castelluccia@inria.fr phone: +33 4 76 61 52 15 fax: +33 4 76 61 52 52 Sarikaya, Xu, Choyi, Krywaniuk, Castelluccia Expires March 2002 22