| < draft-boucadair-ipsecme-ipv6-ipv4-codes-02.txt | draft-boucadair-ipsecme-ipv6-ipv4-codes-03.txt > | |||
|---|---|---|---|---|
| Network Working Group M. Boucadair | Network Working Group M. Boucadair | |||
| Internet-Draft Orange | Internet-Draft Orange | |||
| Intended status: Standards Track May 05, 2018 | Updates: 7296 (if approved) September 20, 2018 | |||
| Expires: November 6, 2018 | Intended status: Standards Track | |||
| Expires: March 24, 2019 | ||||
| IKEv2 Notification Codes for IPv4/IPv6 Coexistence | IKEv2 Notification Codes for IPv4/IPv6 Coexistence | |||
| draft-boucadair-ipsecme-ipv6-ipv4-codes-02 | draft-boucadair-ipsecme-ipv6-ipv4-codes-03 | |||
| Abstract | Abstract | |||
| This document specifies new IKEv2 notification codes to better manage | This document specifies new IKEv2 notification codes to better manage | |||
| IPv4 and IPv6 co-existence. | IPv4 and IPv6 co-existence. | |||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| skipping to change at page 1, line 31 ¶ | skipping to change at page 1, line 32 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on November 6, 2018. | This Internet-Draft will expire on March 24, 2019. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2018 IETF Trust and the persons identified as the | Copyright (c) 2018 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 24 ¶ | skipping to change at page 2, line 24 ¶ | |||
| 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 5 | 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 8.1. Normative References . . . . . . . . . . . . . . . . . . 5 | 8.1. Normative References . . . . . . . . . . . . . . . . . . 5 | |||
| 8.2. Informative References . . . . . . . . . . . . . . . . . 5 | 8.2. Informative References . . . . . . . . . . . . . . . . . 5 | |||
| Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 5 | Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 1. Introduction | 1. Introduction | |||
| As described in [RFC7849], if the subscription data or network | As described in [RFC7849], if the subscription data or network | |||
| configuration allows only one IP address family (IPv4 or IPv6), the | configuration allows only one IP address family (IPv4 or IPv6), the | |||
| cellular host must not request a second PDP-Context to the same APN | cellular host must not request a second PDP-Context to the same APN | |||
| for the other IP address family. The 3GPP network informs the | for the other IP address family. The Third Generation Partnership | |||
| cellular host about allowed Packet Data Protocol (PDP) types by means | Project (3GPP) network informs the cellular host about allowed Packet | |||
| of Session Management (SM) cause codes. In particular, the following | Data Protocol (PDP) types by means of Session Management (SM) cause | |||
| cause codes can be returned: | codes. In particular, the following cause codes can be returned: | |||
| o cause #50 "PDP type IPv4 only allowed" - This cause code is used | o cause #50 "PDP type IPv4 only allowed": This cause code is used by | |||
| by the network to indicate that only PDP type IPv4 is allowed for | the network to indicate that only PDP type IPv4 is allowed for the | |||
| the requested Public Data Network (PDN) connectivity. | requested Public Data Network (PDN) connectivity. | |||
| o cause #51 "PDP type IPv6 only allowed" - This cause code is used | o cause #51 "PDP type IPv6 only allowed": This cause code is used by | |||
| by the network to indicate that only PDP type IPv6 is allowed for | the network to indicate that only PDP type IPv6 is allowed for the | |||
| the requested PDN connectivity. | requested PDN connectivity. | |||
| o cause #52 "single address bearers only allowed" - This cause code | o cause #52 "single address bearers only allowed": This cause code | |||
| is used by the network to indicate that the requested PDN | is used by the network to indicate that the requested PDN | |||
| connectivity is accepted with the restriction that only single IP | connectivity is accepted with the restriction that only single IP | |||
| version bearers are allowed. | version bearers are allowed. | |||
| If the requested IPv4v6 PDP-Context is not supported by the network | If the requested IPv4v6 PDP-Context is not supported by the network | |||
| but IPv4 and IPv6 PDP types are allowed, then the cellular host will | but IPv4 and IPv6 PDP types are allowed, then the cellular host will | |||
| be configured with an IPv4 address or an IPv6 prefix by the network. | be configured with an IPv4 address or an IPv6 prefix by the network. | |||
| It must initiate another PDP-Context activation of the other address | It must initiate another PDP-Context activation of the other address | |||
| family in addition to the one already activated for a given Access | family in addition to the one already activated for a given Access | |||
| Point Name (APN). The purpose of initiating a second PDP-Context is | Point Name (APN). The purpose of initiating a second PDP-Context is | |||
| to achieve dual-stack connectivity by means of two PDP-Contexts. | to achieve dual-stack connectivity by means of two PDP-Contexts. | |||
| According to 3GPP specifications (TS.24302), when the UE attaches the | According to 3GPP specifications (TS.24302), when the UE attaches the | |||
| network using a WLAN access by means of IKEv2 capabilities [RFC7296], | network using a WLAN access by means of IKEv2 capabilities [RFC7296], | |||
| there are no equivalent notification codes to inform the UE why an IP | there are no equivalent notification codes to inform the User | |||
| address family is not assigned or whether that UE should retry with | Equipment (UE) why an IP address family is not assigned or whether | |||
| another address family. | that UE should retry with another address family. | |||
| This document fills that void by introducing new IKEv2 notification | This document fills that void by introducing new IKEv2 notification | |||
| codes for the sake of deterministic UE behaviors. | codes for the sake of deterministic UE behaviors. | |||
| These notification codes are not specific to 3GPP architectures, but | These notification codes are not specific to 3GPP architectures, but | |||
| can be used in other deployment contexts. Cellular networks are | can be used in other deployment contexts. Cellular networks are | |||
| provided as an illustration example. | provided as an illustration example. | |||
| 2. Terminology | 2. Terminology | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | |||
| "OPTIONAL" in this document are to be interpreted as described in | "OPTIONAL" in this document are to be interpreted as described in BCP | |||
| [RFC2119]. | 14 [RFC2119][RFC8174] when, and only when, they appear in all | |||
| capitals, as shown here. | ||||
| This document makes use of the terms defined in [RFC7296]. In | This document makes use of the terms defined in [RFC7296]. In | |||
| particular, readers should be familiar with "Initiator" and | particular, readers should be familiar with "initiator" and | |||
| "Responder" terms used in that document. | "responder" terms used in that document. | |||
| 3. Why Not INTERNAL_ADDRESS_FAILURE? | 3. Why Not INTERNAL_ADDRESS_FAILURE? | |||
| Section 3.15.4 of [RFC7296] defines a generic notification code that | Section 3.15.4 of [RFC7296] defines a generic notification code that | |||
| is related to a failure to handle an internal address failure. That | is related to a failure to handle an internal address failure. That | |||
| code does not explicitly allow an initiator to determine why a given | code does not explicitly allow an initiator to determine why a given | |||
| address family is not assigned, nor whether it should try using | address family is not assigned, nor whether it should try using | |||
| another address family. INTERNAL_ADDRESS_FAILURE is a catch-all code | another address family. INTERNAL_ADDRESS_FAILURE is a catch-all code | |||
| when an address-related issue is encountered by an IKEv2 responder. | when an address-related issue is encountered by an IKEv2 responder. | |||
| skipping to change at page 3, line 50 ¶ | skipping to change at page 4, line 5 ¶ | |||
| o UNSUPPORTED_AF: This code indicates that the requested address | o UNSUPPORTED_AF: This code indicates that the requested address | |||
| family (IPv4 or IPv6) is not supported. Subsequent exchanges with | family (IPv4 or IPv6) is not supported. Subsequent exchanges with | |||
| the remote peer MUST NOT include any object of that address | the remote peer MUST NOT include any object of that address | |||
| family. | family. | |||
| o IP6_ONLY_SUPPORTED: This code indicates that only IPv6 is | o IP6_ONLY_SUPPORTED: This code indicates that only IPv6 is | |||
| supported. Subsequent exchanges with the remote peer MUST NOT | supported. Subsequent exchanges with the remote peer MUST NOT | |||
| include any IPv4-related object. | include any IPv4-related object. | |||
| Concretely, if the initiator requested both IPv4 and IPv6 | Concretely, if the initiator requests both IPv4 and IPv6 | |||
| addresses/prefixes, the responder replies with IPv6 | addresses/prefixes, the responder replies with IPv6 | |||
| address(es)/prefix(es) and the IP6_ONLY_SUPPORTED notification | address(es)/prefix(es) and the IP6_ONLY_SUPPORTED notification | |||
| code. If the initiator requested only IPv4 address(es) but gets | code. If the initiator requests only IPv4 address(es) but gets | |||
| the IP6_ONLY_SUPPORTED notification code from the responder, the | the IP6_ONLY_SUPPORTED notification code from the responder, the | |||
| IPv6-capable initiator should request IPv6 address(es) only in | IPv6-capable initiator should request IPv6 address(es) only in | |||
| subsequent requests. | subsequent requests. | |||
| o IP4_ONLY_SUPPORTED: This code indicates that only IPv4 is | o IP4_ONLY_SUPPORTED: This code indicates that only IPv4 is | |||
| supported. Subsequent exchanges with the remote peer MUST NOT | supported. Subsequent exchanges with the remote peer MUST NOT | |||
| include any IPv6-related object. | include any IPv6-related object. | |||
| Concretely, if the initiator requested both IPv4 and IPv6 | Concretely, if the initiator requests both IPv4 and IPv6 | |||
| addresses/prefixes, the responder replies with IPv4 address(es) | addresses/prefixes, the responder replies with IPv4 address(es) | |||
| and the IP4_ONLY_SUPPORTED notification code. If the initiator | and the IP4_ONLY_SUPPORTED notification code. If the initiator | |||
| requested only IPv6 address(es) and gets the IP4_ONLY_SUPPORTED | requests only IPv6 address(es) and gets the IP4_ONLY_SUPPORTED | |||
| notification code from the responder, the IPv4-capable initiator | notification code from the responder, the IPv4-capable initiator | |||
| should request IPv4 address(es) only in subsequent requests. | should request IPv4 address(es) only in subsequent requests. | |||
| o SINGLE_AF_SUPPORTED: This code indicates that only a single | o SINGLE_AF_SUPPORTED: This code indicates that only a single | |||
| address family can be assigned per request, not both. This code | address family can be assigned per request, not both. This code | |||
| is returned when an initiator requested both IPv4 and IPv6 | is returned when an initiator requested both IPv4 and IPv6 | |||
| addresses/prefixes in the same request, but only a single address | addresses/prefixes in the same request, but only a single address | |||
| family can be assigned per request by the responder. | family can be assigned per request by the responder. | |||
| The address family preference is defined by a policy that is local | The address family preference is defined by a policy that is local | |||
| to the responder. | to the responder. | |||
| If a responder received a request for both IPv4 and IPv6 address | If a responder receives a request for both IPv4 and IPv6 address | |||
| families, it replies with the preferred address family and | families, it replies with the preferred address family and | |||
| includes SINGLE_AF_SUPPORTED notification code. Upon receipt of | includes SINGLE_AF_SUPPORTED notification code. Upon receipt of | |||
| this code, the initiator MAY re-issue another configuration | this code, the initiator MAY re-issue another configuration | |||
| request to ask for an additional address family. | request to ask for an additional address family. | |||
| For other address-related error cases that have not been covered by | For other address-related error cases that have not been covered by | |||
| the aforementioned notification codes, the repsonder/Initiator MUST | the aforementioned notification codes, the repsonder/initiator MUST | |||
| follow the procedure defined in Section 3.15.4 of [RFC7849]. | follow the procedure defined in Section 3.15.4 of [RFC7849]. | |||
| 5. Security Considerations | 5. Security Considerations | |||
| This document adheres to the security considerations defined in | This document adheres to the security considerations defined in | |||
| [RFC7849]. | [RFC7849]. | |||
| 6. IANA Considerations | 6. IANA Considerations | |||
| This document requests IANA to update the "IKEv2 Notify Message Types | This document requests IANA to update the "IKEv2 Notify Message Types | |||
| skipping to change at page 5, line 31 ¶ | skipping to change at page 5, line 34 ¶ | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
| DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
| <https://www.rfc-editor.org/info/rfc2119>. | <https://www.rfc-editor.org/info/rfc2119>. | |||
| [RFC7296] Kaufman, C., Hoffman, P., Nir, Y., Eronen, P., and T. | [RFC7296] Kaufman, C., Hoffman, P., Nir, Y., Eronen, P., and T. | |||
| Kivinen, "Internet Key Exchange Protocol Version 2 | Kivinen, "Internet Key Exchange Protocol Version 2 | |||
| (IKEv2)", STD 79, RFC 7296, DOI 10.17487/RFC7296, October | (IKEv2)", STD 79, RFC 7296, DOI 10.17487/RFC7296, October | |||
| 2014, <https://www.rfc-editor.org/info/rfc7296>. | 2014, <https://www.rfc-editor.org/info/rfc7296>. | |||
| [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | ||||
| 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | ||||
| May 2017, <https://www.rfc-editor.org/info/rfc8174>. | ||||
| 8.2. Informative References | 8.2. Informative References | |||
| [RFC7849] Binet, D., Boucadair, M., Vizdal, A., Chen, G., Heatley, | [RFC7849] Binet, D., Boucadair, M., Vizdal, A., Chen, G., Heatley, | |||
| N., Chandler, R., Michaud, D., Lopez, D., and W. Haeffner, | N., Chandler, R., Michaud, D., Lopez, D., and W. Haeffner, | |||
| "An IPv6 Profile for 3GPP Mobile Devices", RFC 7849, | "An IPv6 Profile for 3GPP Mobile Devices", RFC 7849, | |||
| DOI 10.17487/RFC7849, May 2016, | DOI 10.17487/RFC7849, May 2016, | |||
| <https://www.rfc-editor.org/info/rfc7849>. | <https://www.rfc-editor.org/info/rfc7849>. | |||
| Author's Address | Author's Address | |||
| Mohamed Boucadair | Mohamed Boucadair | |||
| Orange | Orange | |||
| Rennes 35000 | Rennes 35000 | |||
| France | France | |||
| Email: mohamed.boucadair@orange.com | Email: mohamed.boucadair@orange.com | |||
| End of changes. 18 change blocks. | ||||
| 29 lines changed or deleted | 34 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||