| < draft-ietf-ipsecme-ipv6-ipv4-codes-01.txt | draft-ietf-ipsecme-ipv6-ipv4-codes-02.txt > | |||
|---|---|---|---|---|
| Network Working Group M. Boucadair | Network Working Group M. Boucadair | |||
| Internet-Draft Orange | Internet-Draft Orange | |||
| Updates: 7296 (if approved) November 05, 2018 | Updates: 7296 (if approved) November 08, 2018 | |||
| Intended status: Standards Track | Intended status: Standards Track | |||
| Expires: May 9, 2019 | Expires: May 12, 2019 | |||
| IKEv2 Notification Status Types for IPv4/IPv6 Coexistence | IKEv2 Notification Status Types for IPv4/IPv6 Coexistence | |||
| draft-ietf-ipsecme-ipv6-ipv4-codes-01 | draft-ietf-ipsecme-ipv6-ipv4-codes-02 | |||
| Abstract | Abstract | |||
| This document specifies new IKEv2 notification status types to better | This document specifies new IKEv2 notification status types to better | |||
| manage IPv4 and IPv6 co-existence. | manage IPv4 and IPv6 co-existence. | |||
| This document updates RFC7296. | This document updates RFC7296. | |||
| Status of This Memo | Status of This Memo | |||
| skipping to change at page 1, line 34 ¶ | skipping to change at page 1, line 34 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on May 9, 2019. | This Internet-Draft will expire on May 12, 2019. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2018 IETF Trust and the persons identified as the | Copyright (c) 2018 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 10 ¶ | skipping to change at page 2, line 10 ¶ | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 3. Why Not INTERNAL_ADDRESS_FAILURE? . . . . . . . . . . . . . . 3 | 3. Why Not INTERNAL_ADDRESS_FAILURE? . . . . . . . . . . . . . . 3 | |||
| 4. An Update to RFC7296 . . . . . . . . . . . . . . . . . . . . 3 | 4. IP6_ONLY_ALLOWED and IP4_ONLY_ALLOWED Status Types . . . . . 4 | |||
| 5. Security Considerations . . . . . . . . . . . . . . . . . . . 4 | 5. An Update to RFC7296 . . . . . . . . . . . . . . . . . . . . 4 | |||
| 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 | 6. Security Considerations . . . . . . . . . . . . . . . . . . . 5 | |||
| 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 5 | 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 5 | 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 8.1. Normative References . . . . . . . . . . . . . . . . . . 5 | 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 8.2. Informative References . . . . . . . . . . . . . . . . . 5 | 9.1. Normative References . . . . . . . . . . . . . . . . . . 5 | |||
| 9.2. Informative References . . . . . . . . . . . . . . . . . 5 | ||||
| Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 6 | Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 1. Introduction | 1. Introduction | |||
| As described in [RFC7849], if the subscription data or network | As described in [RFC7849], if the subscription data or network | |||
| configuration allows only one IP address family (IPv4 or IPv6), the | configuration allows only one IP address family (IPv4 or IPv6), the | |||
| cellular host must not request a second PDP-Context to the same APN | cellular host must not request a second PDP-Context to the same APN | |||
| for the other IP address family. The Third Generation Partnership | for the other IP address family. The Third Generation Partnership | |||
| Project (3GPP) network informs the cellular host about allowed Packet | Project (3GPP) network informs the cellular host about allowed Packet | |||
| Data Protocol (PDP) types by means of Session Management (SM) cause | Data Protocol (PDP) types by means of Session Management (SM) cause | |||
| skipping to change at page 2, line 50 ¶ | skipping to change at page 2, line 51 ¶ | |||
| version bearers are allowed. | version bearers are allowed. | |||
| If the requested IPv4v6 PDP-Context is not supported by the network | If the requested IPv4v6 PDP-Context is not supported by the network | |||
| but IPv4 and IPv6 PDP types are allowed, then the cellular host will | but IPv4 and IPv6 PDP types are allowed, then the cellular host will | |||
| be configured with an IPv4 address or an IPv6 prefix by the network. | be configured with an IPv4 address or an IPv6 prefix by the network. | |||
| It must initiate another PDP-Context activation of the other address | It must initiate another PDP-Context activation of the other address | |||
| family in addition to the one already activated for a given Access | family in addition to the one already activated for a given Access | |||
| Point Name (APN). The purpose of initiating a second PDP-Context is | Point Name (APN). The purpose of initiating a second PDP-Context is | |||
| to achieve dual-stack connectivity by means of two PDP-Contexts. | to achieve dual-stack connectivity by means of two PDP-Contexts. | |||
| According to 3GPP specifications (TS.24302), when the UE attaches the | When the UE attaches the network using a WLAN access by means of | |||
| network using a WLAN access by means of IKEv2 capabilities [RFC7296], | IKEv2 capabilities [RFC7296], there are no equivalent notification | |||
| there are no equivalent notification codes to inform the User | codes to inform the User Equipment (UE) why an IP address family is | |||
| Equipment (UE) why an IP address family is not assigned or whether | not assigned or whether that UE should retry with another address | |||
| that UE should retry with another address family. | family. | |||
| This document fills that void by introducing new IKEv2 notification | This document fills that void by introducing new IKEv2 notification | |||
| status types for the sake of deterministic UE behaviors. | status types for the sake of deterministic UE behaviors (Section 4). | |||
| These notification status types are not specific to 3GPP | These notification status types are not specific to 3GPP | |||
| architectures, but can be used in other deployment contexts. | architectures, but can be used in other deployment contexts. | |||
| Cellular networks are provided as an illustration example. | Cellular networks are provided as an illustration example. | |||
| 2. Terminology | 2. Terminology | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | |||
| "OPTIONAL" in this document are to be interpreted as described in BCP | "OPTIONAL" in this document are to be interpreted as described in BCP | |||
| 14 [RFC2119][RFC8174] when, and only when, they appear in all | 14 [RFC2119][RFC8174] when, and only when, they appear in all | |||
| capitals, as shown here. | capitals, as shown here. | |||
| This document makes use of the terms defined in [RFC7296]. In | This document makes use of the terms defined in [RFC7296]. In | |||
| particular, readers should be familiar with "initiator" and | particular, readers should be familiar with "initiator" and | |||
| "responder" terms used in that document. | "responder" terms used in that document. | |||
| 3. Why Not INTERNAL_ADDRESS_FAILURE? | 3. Why Not INTERNAL_ADDRESS_FAILURE? | |||
| The following address assignment failures may be encountered when an | ||||
| initiator requests assignment of IP addresses/prefixes: | ||||
| o An initiator asks for IPvx, but IPvx address assignment is not | ||||
| supported by the responder. | ||||
| o An initiator requests both IPv4 and IPv6 addresses, but only IPv4 | ||||
| address assignment is supported by the responder. | ||||
| o An initiator requests both IPv4 and IPv6 addresses, but only IPv6 | ||||
| prefix assignment is supported by the responder. | ||||
| o An initiator asks for both IPv4 and IPv6 addresses, but only one | ||||
| address family can be assigned by the responder for policy | ||||
| reasons. | ||||
| Section 3.15.4 of [RFC7296] defines a generic notification error type | Section 3.15.4 of [RFC7296] defines a generic notification error type | |||
| that is related to a failure to handle an internal address failure. | that is related to a failure to handle an internal address failure. | |||
| That error type does not explicitly allow an initiator to determine | That error type does not explicitly allow an initiator to determine | |||
| why a given address family is not assigned, nor whether it should try | why a given address family is not assigned, nor whether it should try | |||
| using another address family. INTERNAL_ADDRESS_FAILURE is a catch- | using another address family. INTERNAL_ADDRESS_FAILURE is a catch- | |||
| all error type when an address-related issue is encountered by an | all error type when an address-related issue is encountered by an | |||
| IKEv2 responder. | IKEv2 responder. | |||
| INTERNAL_ADDRESS_FAILURE does not provide sufficient hints to the | INTERNAL_ADDRESS_FAILURE does not provide sufficient hints to the | |||
| IKEv2 initiator to adjust its behavior. | IKEv2 initiator to adjust its behavior. | |||
| 4. An Update to RFC7296 | 4. IP6_ONLY_ALLOWED and IP4_ONLY_ALLOWED Status Types | |||
| The following notification status types are defined: | IP6_ONLY_ALLOWED and IP4_ONLY_ALLOWED status types (see Section 7) | |||
| are defined to inform the initiator about the responser's address | ||||
| family assignment support capabilities, and to report to the | ||||
| initiator the reason why an address assignment failed. These | ||||
| notifications are used by the initiator to adjust its behavior | ||||
| accordingly (Section 5). | ||||
| o UNSUPPORTED_AF: This status type indicates that the requested | No data is associated with these notifications. | |||
| address family (IPv4 or IPv6) is not supported. Subsequent | ||||
| exchanges with the remote peer MUST NOT include any object of that | ||||
| address family. | ||||
| o IP6_ONLY_SUPPORTED: This status type indicates that only IPv6 is | 5. An Update to RFC7296 | |||
| supported. Subsequent exchanges with the remote peer MUST NOT | ||||
| include any IPv4-related object. | ||||
| Concretely, if the initiator requests both IPv4 and IPv6 | If the initiator is dual-stack, it MUST include both address families | |||
| addresses/prefixes, the responder replies with IPv6 | in its request (absent explicit policy/configuration otherwise). | |||
| address(es)/prefix(es) and the IP6_ONLY_SUPPORTED notification | ||||
| status type. If the initiator requests only IPv4 address(es) but | ||||
| gets the IP6_ONLY_SUPPORTED notification status type from the | ||||
| responder, the IPv6-capable initiator should request IPv6 | ||||
| address(es) only in subsequent requests. | ||||
| o IP4_ONLY_SUPPORTED: This status type indicates that only IPv4 is | The responder MUST include IP6_ONLY_ALLOWED (or IP4_ONLY_ALLOWED) | |||
| supported. Subsequent exchanges with the remote peer MUST NOT | status type in a response to an address assignment request in the | |||
| include any IPv6-related object. | following cases: | |||
| Concretely, if the initiator requests both IPv4 and IPv6 | 1. The responder only supports IPv6 (or IPv4) address assignment, or | |||
| addresses/prefixes, the responder replies with IPv4 address(es) | ||||
| and the IP4_ONLY_SUPPORTED notification status type. If the | ||||
| initiator requests only IPv6 address(es) and gets the | ||||
| IP4_ONLY_SUPPORTED notification status type from the responder, | ||||
| the IPv4-capable initiator should request IPv4 address(es) only in | ||||
| subsequent requests. | ||||
| o SINGLE_AF_SUPPORTED: This status type indicates that only a single | 2. The responder supports both IPv4 and IPv6 address assignments, | |||
| address family can be assigned per request, not both. This status | but it is configured to reply to requests asking for both address | |||
| type is returned when an initiator requested both IPv4 and IPv6 | families with only an IPv6 prefix (or an IPv4 address). | |||
| addresses/prefixes in the same request, but only a single address | ||||
| family can be assigned per request by the responder. | ||||
| The address family preference is defined by a policy that is local | The address family preference is defined by a policy that is | |||
| to the responder. | local to the responder. | |||
| If a responder receives a request for both IPv4 and IPv6 address | If the initiator receives IP6_ONLY_ALLOWED or IP4_ONLY_ALLOWED | |||
| families, it replies with the preferred address family and | notification from the responder, the initiator MUST NOT send a | |||
| includes SINGLE_AF_SUPPORTED notification status type. Upon | request for an alternate address family not supported by the | |||
| receipt of this status type, the initiator MAY re-issue another | responder. | |||
| configuration request to ask for an additional address family. | ||||
| If a dual-stack initiator requests only an IPv6 prefix (or an IPv4 | ||||
| address) but receives IP4_ONLY_ALLOWED (or IP6_ONLY_ALLOWED) | ||||
| notification from the responder, the initiator MUST send a request | ||||
| for IPv4 address(es) (or IPv6 prefix(es)). | ||||
| For other address-related error cases that have not been covered by | For other address-related error cases that have not been covered by | |||
| the aforementioned notification status types, the repsonder/initiator | the aforementioned notification status types, the repsonder/initiator | |||
| MUST follow the procedure defined in Section 3.15.4 of [RFC7849]. | MUST follow the procedure defined in Section 3.15.4 of [RFC7849]. | |||
| 5. Security Considerations | 6. Security Considerations | |||
| This document adheres to the security considerations defined in | This document adheres to the security considerations defined in | |||
| [RFC7296]. | [RFC7296]. | |||
| 6. IANA Considerations | 7. IANA Considerations | |||
| This document requests IANA to update the "IKEv2 Notify Message Types | This document requests IANA to update the "IKEv2 Notify Message Types | |||
| - Status Types" registry available at: | - Status Types" registry available at: | |||
| https://www.iana.org/assignments/ikev2-parameters/ | https://www.iana.org/assignments/ikev2-parameters/ | |||
| ikev2-parameters.xhtml with the following status types: | ikev2-parameters.xhtml with the following status types: | |||
| Value NOTIFY MESSAGES - STATUS TYPES Reference | Value NOTIFY MESSAGES - STATUS TYPES Reference | |||
| TBD UNSUPPORTED_AF [This-Document] | TBD IP6_ONLY_ALLOWED [This-Document] | |||
| TBD IP6_ONLY_SUPPORTED [This-Document] | TBD IP4_ONLY_ALLOWED [This-Document] | |||
| TBD IP4_ONLY_SUPPORTED [This-Document] | ||||
| TBD SINGLE_AF_SUPPORTED [This-Document] | ||||
| 7. Acknowledgements | 8. Acknowledgements | |||
| Many thanks to Christian Jacquenet for the review. | Many thanks to Christian Jacquenet for the review. | |||
| Thanks to Paul Wouters, Yaov Nir, Valery Smyslov, and Daniel Migault | Thanks to Paul Wouters, Yaov Nir, Valery Smyslov, Daniel Migault, and | |||
| for the comments. | Tero Kivinen for the comments. | |||
| 8. References | 9. References | |||
| 8.1. Normative References | 9.1. Normative References | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
| DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
| <https://www.rfc-editor.org/info/rfc2119>. | <https://www.rfc-editor.org/info/rfc2119>. | |||
| [RFC7296] Kaufman, C., Hoffman, P., Nir, Y., Eronen, P., and T. | [RFC7296] Kaufman, C., Hoffman, P., Nir, Y., Eronen, P., and T. | |||
| Kivinen, "Internet Key Exchange Protocol Version 2 | Kivinen, "Internet Key Exchange Protocol Version 2 | |||
| (IKEv2)", STD 79, RFC 7296, DOI 10.17487/RFC7296, October | (IKEv2)", STD 79, RFC 7296, DOI 10.17487/RFC7296, October | |||
| 2014, <https://www.rfc-editor.org/info/rfc7296>. | 2014, <https://www.rfc-editor.org/info/rfc7296>. | |||
| [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | |||
| 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | |||
| May 2017, <https://www.rfc-editor.org/info/rfc8174>. | May 2017, <https://www.rfc-editor.org/info/rfc8174>. | |||
| 8.2. Informative References | 9.2. Informative References | |||
| [RFC7849] Binet, D., Boucadair, M., Vizdal, A., Chen, G., Heatley, | [RFC7849] Binet, D., Boucadair, M., Vizdal, A., Chen, G., Heatley, | |||
| N., Chandler, R., Michaud, D., Lopez, D., and W. Haeffner, | N., Chandler, R., Michaud, D., Lopez, D., and W. Haeffner, | |||
| "An IPv6 Profile for 3GPP Mobile Devices", RFC 7849, | "An IPv6 Profile for 3GPP Mobile Devices", RFC 7849, | |||
| DOI 10.17487/RFC7849, May 2016, | DOI 10.17487/RFC7849, May 2016, | |||
| <https://www.rfc-editor.org/info/rfc7849>. | <https://www.rfc-editor.org/info/rfc7849>. | |||
| Author's Address | Author's Address | |||
| Mohamed Boucadair | Mohamed Boucadair | |||
| End of changes. 26 change blocks. | ||||
| 67 lines changed or deleted | 73 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||