< draft-ietf-ipsecme-ipv6-ipv4-codes-02.txt   draft-ietf-ipsecme-ipv6-ipv4-codes-03.txt >
Network Working Group M. Boucadair ipsecme M. Boucadair
Internet-Draft Orange Internet-Draft Orange
Updates: 7296 (if approved) November 08, 2018 Updates: 7296 (if approved) April 29, 2019
Intended status: Standards Track Intended status: Standards Track
Expires: May 12, 2019 Expires: October 31, 2019
IKEv2 Notification Status Types for IPv4/IPv6 Coexistence IKEv2 Notification Status Types for IPv4/IPv6 Coexistence
draft-ietf-ipsecme-ipv6-ipv4-codes-02 draft-ietf-ipsecme-ipv6-ipv4-codes-03
Abstract Abstract
This document specifies new IKEv2 notification status types to better This document specifies new IKEv2 notification status types to better
manage IPv4 and IPv6 co-existence. manage IPv4 and IPv6 co-existence.
This document updates RFC7296. This document updates RFC7296.
Status of This Memo Status of This Memo
skipping to change at page 1, line 34 skipping to change at page 1, line 34
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on May 12, 2019. This Internet-Draft will expire on October 31, 2019.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Why Not INTERNAL_ADDRESS_FAILURE? . . . . . . . . . . . . . . 3 3. Why Not INTERNAL_ADDRESS_FAILURE? . . . . . . . . . . . . . . 3
4. IP6_ONLY_ALLOWED and IP4_ONLY_ALLOWED Status Types . . . . . 4 4. IP6_ALLOWED and IP4_ALLOWED Status Types . . . . . . . . . . 4
5. An Update to RFC7296 . . . . . . . . . . . . . . . . . . . . 4 5. An Update to RFC7296 . . . . . . . . . . . . . . . . . . . . 4
6. Security Considerations . . . . . . . . . . . . . . . . . . . 5 6. Security Considerations . . . . . . . . . . . . . . . . . . . 6
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 5 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 6
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 5 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 6
9.1. Normative References . . . . . . . . . . . . . . . . . . 5 9.1. Normative References . . . . . . . . . . . . . . . . . . 6
9.2. Informative References . . . . . . . . . . . . . . . . . 5 9.2. Informative References . . . . . . . . . . . . . . . . . 6
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 6 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 7
1. Introduction 1. Introduction
As described in [RFC7849], if the subscription data or network As described in [RFC7849], if the subscription data or network
configuration allows only one IP address family (IPv4 or IPv6), the configuration allows only one IP address family (IPv4 or IPv6), the
cellular host must not request a second PDP-Context to the same APN cellular host must not request a second PDP-Context to the same
for the other IP address family. The Third Generation Partnership Access Point Name (APN) for the other IP address family (AF). The
Project (3GPP) network informs the cellular host about allowed Packet Third Generation Partnership Project (3GPP) network informs the
Data Protocol (PDP) types by means of Session Management (SM) cause cellular host about allowed Packet Data Protocol (PDP) types by means
codes. In particular, the following cause codes can be returned: of Session Management (SM) cause codes. In particular, the following
cause codes can be returned:
o cause #50 "PDP type IPv4 only allowed": This cause code is used by o cause #50 "PDP type IPv4 only allowed": This cause code is used by
the network to indicate that only PDP type IPv4 is allowed for the the network to indicate that only PDP type IPv4 is allowed for the
requested Public Data Network (PDN) connectivity. requested Public Data Network (PDN) connectivity.
o cause #51 "PDP type IPv6 only allowed": This cause code is used by o cause #51 "PDP type IPv6 only allowed": This cause code is used by
the network to indicate that only PDP type IPv6 is allowed for the the network to indicate that only PDP type IPv6 is allowed for the
requested PDN connectivity. requested PDN connectivity.
o cause #52 "single address bearers only allowed": This cause code o cause #52 "single address bearers only allowed": This cause code
is used by the network to indicate that the requested PDN is used by the network to indicate that the requested PDN
connectivity is accepted with the restriction that only single IP connectivity is accepted with the restriction that only single IP
version bearers are allowed. version bearers are allowed.
If the requested IPv4v6 PDP-Context is not supported by the network If the requested IPv4v6 PDP-Context is not supported by the network
but IPv4 and IPv6 PDP types are allowed, then the cellular host will but IPv4 and IPv6 PDP types are allowed, then the cellular host will
be configured with an IPv4 address or an IPv6 prefix by the network. be configured with an IPv4 address or an IPv6 prefix by the network.
It must initiate another PDP-Context activation of the other address It must initiate another PDP-Context activation of the other address
family in addition to the one already activated for a given Access family in addition to the one already activated for a given APN. The
Point Name (APN). The purpose of initiating a second PDP-Context is purpose of initiating a second PDP-Context is to achieve dual-stack
to achieve dual-stack connectivity by means of two PDP-Contexts. connectivity by means of two PDP-Contexts.
When the UE attaches the network using a WLAN access by means of When the User Equipment (UE) attaches the network using a Wireless
IKEv2 capabilities [RFC7296], there are no equivalent notification Local Area Network (WLAN) access by means of Internet Key Exchange
codes to inform the User Equipment (UE) why an IP address family is Protocol Version 2 (IKEv2) capabilities [RFC7296], there are no
not assigned or whether that UE should retry with another address equivalent notification codes to inform the UE why an IP address
family. family is not assigned or whether that UE should retry with another
address family.
This document fills that void by introducing new IKEv2 notification This document fills that void by introducing new IKEv2 notification
status types for the sake of deterministic UE behaviors (Section 4). status types for the sake of deterministic UE behaviors (Section 4).
These notification status types are not specific to 3GPP These notification status types are not specific to 3GPP
architectures, but can be used in other deployment contexts. architectures, but can be used in other deployment contexts.
Cellular networks are provided as an illustration example. Cellular networks are provided as an illustration example.
2. Terminology 2. Terminology
skipping to change at page 3, line 46 skipping to change at page 3, line 50
address assignment is supported by the responder. address assignment is supported by the responder.
o An initiator requests both IPv4 and IPv6 addresses, but only IPv6 o An initiator requests both IPv4 and IPv6 addresses, but only IPv6
prefix assignment is supported by the responder. prefix assignment is supported by the responder.
o An initiator asks for both IPv4 and IPv6 addresses, but only one o An initiator asks for both IPv4 and IPv6 addresses, but only one
address family can be assigned by the responder for policy address family can be assigned by the responder for policy
reasons. reasons.
Section 3.15.4 of [RFC7296] defines a generic notification error type Section 3.15.4 of [RFC7296] defines a generic notification error type
that is related to a failure to handle an internal address failure. that is related to a failure to handle an address assignment request.
That error type does not explicitly allow an initiator to determine That error type does not explicitly allow an initiator to determine
why a given address family is not assigned, nor whether it should try why a given address family is not assigned, nor whether it should try
using another address family. INTERNAL_ADDRESS_FAILURE is a catch- using another address family. INTERNAL_ADDRESS_FAILURE is a catch-
all error type when an address-related issue is encountered by an all error type when an address-related issue is encountered by an
IKEv2 responder. IKEv2 responder.
INTERNAL_ADDRESS_FAILURE does not provide sufficient hints to the INTERNAL_ADDRESS_FAILURE does not provide sufficient hints to the
IKEv2 initiator to adjust its behavior. IKEv2 initiator to adjust its behavior.
4. IP6_ONLY_ALLOWED and IP4_ONLY_ALLOWED Status Types 4. IP6_ALLOWED and IP4_ALLOWED Status Types
IP6_ONLY_ALLOWED and IP4_ONLY_ALLOWED status types (see Section 7) IP6_ALLOWED and IP4_ALLOWED status types (see Section 7) are defined
are defined to inform the initiator about the responser's address to inform the initiator about the responser's address family
family assignment support capabilities, and to report to the assignment support capabilities, and to report to the initiator the
initiator the reason why an address assignment failed. These reason why an address assignment failed. These notification status
notifications are used by the initiator to adjust its behavior types are used by the initiator to adjust its behavior accordingly
accordingly (Section 5). (Section 5).
No data is associated with these notifications. No data is associated with these notifications.
5. An Update to RFC7296 5. An Update to RFC7296
If the initiator is dual-stack, it MUST include both address families If the initiator is dual-stack, it MUST include both address families
in its request (absent explicit policy/configuration otherwise). in its request (absent explicit policy/configuration otherwise).
The responder MUST include IP6_ONLY_ALLOWED (or IP4_ONLY_ALLOWED) The responder MUST include IP6_ALLOWED and/or IP4_ALLOWED status type
status type in a response to an address assignment request in the in a response to an address assignment request as indicated in
following cases: Table 1.
1. The responder only supports IPv6 (or IPv4) address assignment, or
2. The responder supports both IPv4 and IPv6 address assignments, +----------------+----------------+---------------+-----------------+
but it is configured to reply to requests asking for both address | | | | Returned |
families with only an IPv6 prefix (or an IPv4 address). | Requested | Supported | Assigned | Notification |
| AF(s) | AF(s) | AF(s) | Status Type(s) |
| (Initiator) | (Responder) | (Responder) | (Responder) |
+----------------+----------------+---------------+-----------------+
| IPv4 | IPv6 | None | IP6_ALLOWED |
| IPv4 | IPv4 | IPv4 | IP4_ALLOWED |
| IPv4 | IPv4 and IPv6 | IPv4 | IP4_ALLOWED, |
| | | | IP6_ALLOWED |
| IPv6 | IPv6 | IPv6 | IP6_ALLOWED |
| IPv6 | IPv4 | None | IP4_ALLOWED |
| IPv6 | IPv4 and IPv6 | IPv6 | IP4_ALLOWED, |
| | | | IP6_ALLOWED |
| IPv4 and IPv6 | IPv4 | IPv4 | IP4_ALLOWED |
| IPv4 and IPv6 | IPv6 | IPv6 | IP6_ALLOWED |
| IPv4 and IPv6 | IPv4 and IPv6 | IPv4 and IPv6 | IP4_ALLOWED, |
| | | | IP6_ALLOWED |
| IPv4 and IPv6 | IPv4 or IPv6 | IPv4 or IPv6 | IP4_ALLOWED, |
| | (Policy-based) | | IP6_ALLOWED |
+----------------+----------------+---------------+-----------------+
The address family preference is defined by a policy that is Table 1: Returned Notification Status Types
local to the responder.
If the initiator receives IP6_ONLY_ALLOWED or IP4_ONLY_ALLOWED If the initiator only receives one single notification IP4_ALLOWED or
notification from the responder, the initiator MUST NOT send a IP6_ALLOWED from the responder, the initiator MUST NOT send a request
request for an alternate address family not supported by the for an alternate address family not supported by the responder.
responder.
If a dual-stack initiator requests only an IPv6 prefix (or an IPv4 If a dual-stack initiator requests only an IPv6 prefix (or an IPv4
address) but receives IP4_ONLY_ALLOWED (or IP6_ONLY_ALLOWED) address) but only receives IP4_ALLOWED (or IP6_ALLOWED) notification
notification from the responder, the initiator MUST send a request status type from the responder, the initiator MUST send a request for
for IPv4 address(es) (or IPv6 prefix(es)). IPv4 address(es) (or IPv6 prefix(es)).
If a dual-stack initiator requests both an IPv6 prefix and an IPv4
address but receives an IPv6 prefix (or an IPv4 address) only with
both IP4_ALLOWED and IP6_ALLOWED notification status types from the
responder, the initiator MAY send a request for the other AF (i.e.,
IPv4 address (or IPv6 prefix)). In such case, the initiator MUST
create a new IKE Security Association (SA) and request that another
address family using the new IKE SA.
For other address-related error cases that have not been covered by For other address-related error cases that have not been covered by
the aforementioned notification status types, the repsonder/initiator the aforementioned notification status types, the repsonder/initiator
MUST follow the procedure defined in Section 3.15.4 of [RFC7849]. MUST follow the procedure defined in Section 3.15.4 of [RFC7296].
6. Security Considerations 6. Security Considerations
This document adheres to the security considerations defined in This document adheres to the security considerations defined in
[RFC7296]. [RFC7296].
7. IANA Considerations 7. IANA Considerations
This document requests IANA to update the "IKEv2 Notify Message Types This document requests IANA to update the "IKEv2 Notify Message Types
- Status Types" registry available at: - Status Types" registry available at:
https://www.iana.org/assignments/ikev2-parameters/ https://www.iana.org/assignments/ikev2-parameters/
ikev2-parameters.xhtml with the following status types: ikev2-parameters.xhtml with the following status types:
Value NOTIFY MESSAGES - STATUS TYPES Reference Value NOTIFY MESSAGES - STATUS TYPES Reference
TBD IP6_ONLY_ALLOWED [This-Document] TBD IP4_ALLOWED [This-Document]
TBD IP4_ONLY_ALLOWED [This-Document] TBD IP6_ALLOWED [This-Document]
8. Acknowledgements 8. Acknowledgements
Many thanks to Christian Jacquenet for the review. Many thanks to Christian Jacquenet for the review.
Thanks to Paul Wouters, Yaov Nir, Valery Smyslov, Daniel Migault, and Thanks to Paul Wouters, Yaov Nir, Valery Smyslov, Daniel Migault,
Tero Kivinen for the comments. Tero Kivinen, and Michael Richardson for the comments and review.
9. References 9. References
9.1. Normative References 9.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
 End of changes. 22 change blocks. 
58 lines changed or deleted 82 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/