| < draft-ietf-ipsecme-ipv6-ipv4-codes-04.txt | draft-ietf-ipsecme-ipv6-ipv4-codes-05.txt > | |||
|---|---|---|---|---|
| ipsecme M. Boucadair | ipsecme M. Boucadair | |||
| Internet-Draft Orange | Internet-Draft Orange | |||
| Updates: 7296 (if approved) October 21, 2019 | Updates: 7296 (if approved) October 21, 2020 | |||
| Intended status: Standards Track | Intended status: Standards Track | |||
| Expires: April 23, 2020 | Expires: April 24, 2021 | |||
| IKEv2 Notification Status Types for IPv4/IPv6 Coexistence | IKEv2 Notification Status Types for IPv4/IPv6 Coexistence | |||
| draft-ietf-ipsecme-ipv6-ipv4-codes-04 | draft-ietf-ipsecme-ipv6-ipv4-codes-05 | |||
| Abstract | Abstract | |||
| This document specifies new IKEv2 notification status types to better | This document specifies new IKEv2 notification status types to better | |||
| manage IPv4 and IPv6 co-existence. | manage IPv4 and IPv6 co-existence. | |||
| This document updates RFC7296. | This document updates RFC7296. | |||
| Status of This Memo | Status of This Memo | |||
| skipping to change at page 1, line 34 ¶ | skipping to change at page 1, line 34 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on April 23, 2020. | This Internet-Draft will expire on April 24, 2021. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2019 IETF Trust and the persons identified as the | Copyright (c) 2020 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| skipping to change at page 2, line 17 ¶ | skipping to change at page 2, line 17 ¶ | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 3. Why Not INTERNAL_ADDRESS_FAILURE? . . . . . . . . . . . . . . 3 | 3. Why Not INTERNAL_ADDRESS_FAILURE? . . . . . . . . . . . . . . 3 | |||
| 4. IP6_ALLOWED and IP4_ALLOWED Status Types . . . . . . . . . . 4 | 4. IP6_ALLOWED and IP4_ALLOWED Status Types . . . . . . . . . . 4 | |||
| 5. An Update to RFC7296 . . . . . . . . . . . . . . . . . . . . 4 | 5. An Update to RFC7296 . . . . . . . . . . . . . . . . . . . . 4 | |||
| 6. Security Considerations . . . . . . . . . . . . . . . . . . . 6 | 6. Security Considerations . . . . . . . . . . . . . . . . . . . 6 | |||
| 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 | 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 6 | 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 | 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 9.1. Normative References . . . . . . . . . . . . . . . . . . 6 | 9.1. Normative References . . . . . . . . . . . . . . . . . . 6 | |||
| 9.2. Informative References . . . . . . . . . . . . . . . . . 6 | 9.2. Informative References . . . . . . . . . . . . . . . . . 7 | |||
| Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 7 | Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 1. Introduction | 1. Introduction | |||
| As described in [RFC7849], if the subscription data or network | As described in [RFC7849], if the subscription data or network | |||
| configuration allows only one IP address family (IPv4 or IPv6), the | configuration allows only one IP address family (IPv4 or IPv6), the | |||
| cellular host must not request a second PDP-Context to the same | cellular host must not request a second PDP-Context to the same | |||
| Access Point Name (APN) for the other IP address family (AF). The | Access Point Name (APN) for the other IP address family (AF). The | |||
| Third Generation Partnership Project (3GPP) network informs the | Third Generation Partnership Project (3GPP) network informs the | |||
| cellular host about allowed Packet Data Protocol (PDP) types by means | cellular host about allowed Packet Data Protocol (PDP) types by means | |||
| skipping to change at page 2, line 50 ¶ | skipping to change at page 2, line 50 ¶ | |||
| is used by the network to indicate that the requested PDN | is used by the network to indicate that the requested PDN | |||
| connectivity is accepted with the restriction that only single IP | connectivity is accepted with the restriction that only single IP | |||
| version bearers are allowed. | version bearers are allowed. | |||
| If the requested IPv4v6 PDP-Context is not supported by the network | If the requested IPv4v6 PDP-Context is not supported by the network | |||
| but IPv4 and IPv6 PDP types are allowed, then the cellular host will | but IPv4 and IPv6 PDP types are allowed, then the cellular host will | |||
| be configured with an IPv4 address or an IPv6 prefix by the network. | be configured with an IPv4 address or an IPv6 prefix by the network. | |||
| It must initiate another PDP-Context activation of the other address | It must initiate another PDP-Context activation of the other address | |||
| family in addition to the one already activated for a given APN. The | family in addition to the one already activated for a given APN. The | |||
| purpose of initiating a second PDP-Context is to achieve dual-stack | purpose of initiating a second PDP-Context is to achieve dual-stack | |||
| connectivity by means of two PDP-Contexts. | connectivity (that is, IPv4 and IPv6 connectivity) by means of two | |||
| PDP-Contexts. | ||||
| When the User Equipment (UE) attaches the network using a Wireless | When the User Equipment (UE) attaches the network using a Wireless | |||
| Local Area Network (WLAN) access by means of Internet Key Exchange | Local Area Network (WLAN) access by means of Internet Key Exchange | |||
| Protocol Version 2 (IKEv2) capabilities [RFC7296], there are no | Protocol Version 2 (IKEv2) capabilities [RFC7296], there are no | |||
| equivalent notification codes to inform the UE why an IP address | equivalent notification codes to inform the UE why an IP address | |||
| family is not assigned or whether that UE should retry with another | family is not assigned or whether that UE should retry with another | |||
| address family. | address family. | |||
| This document fills that void by introducing new IKEv2 notification | This document fills that void by introducing new IKEv2 notification | |||
| status types for the sake of deterministic UE behaviors (Section 4). | status types for the sake of deterministic UE behaviors (Section 4). | |||
| skipping to change at page 3, line 50 ¶ | skipping to change at page 3, line 50 ¶ | |||
| address assignment is supported by the responder. | address assignment is supported by the responder. | |||
| o An initiator requests both IPv4 and IPv6 addresses, but only IPv6 | o An initiator requests both IPv4 and IPv6 addresses, but only IPv6 | |||
| prefix assignment is supported by the responder. | prefix assignment is supported by the responder. | |||
| o An initiator asks for both IPv4 and IPv6 addresses, but only one | o An initiator asks for both IPv4 and IPv6 addresses, but only one | |||
| address family can be assigned by the responder for policy | address family can be assigned by the responder for policy | |||
| reasons. | reasons. | |||
| Section 3.15.4 of [RFC7296] defines a generic notification error type | Section 3.15.4 of [RFC7296] defines a generic notification error type | |||
| that is related to a failure to handle an address assignment request. | (INTERNAL_ADDRESS_FAILURE) that is related to a failure to handle an | |||
| That error type does not explicitly allow an initiator to determine | address assignment request. The responder sends | |||
| why a given address family is not assigned, nor whether it should try | INTERNAL_ADDRESS_FAILURE only if no addresses can be assigned. This | |||
| using another address family. INTERNAL_ADDRESS_FAILURE is a catch- | behavior does not explicitly allow an initiator to determine why a | |||
| all error type when an address-related issue is encountered by an | given address family is not assigned, nor whether it should try using | |||
| IKEv2 responder. | another address family. INTERNAL_ADDRESS_FAILURE is a catch-all | |||
| error type when an address-related issue is encountered by an IKEv2 | ||||
| responder. | ||||
| INTERNAL_ADDRESS_FAILURE does not provide sufficient hints to the | INTERNAL_ADDRESS_FAILURE does not provide sufficient hints to the | |||
| IKEv2 initiator to adjust its behavior. | IKEv2 initiator to adjust its behavior. | |||
| 4. IP6_ALLOWED and IP4_ALLOWED Status Types | 4. IP6_ALLOWED and IP4_ALLOWED Status Types | |||
| IP6_ALLOWED and IP4_ALLOWED status types (see Section 7) are defined | IP6_ALLOWED and IP4_ALLOWED notification status types (see Section 7) | |||
| to inform the initiator about the responser's address family | are defined to inform the initiator about the responser's address | |||
| assignment support capabilities, and to report to the initiator the | family assignment support capabilities, and to report to the | |||
| reason why an address assignment failed. These notification status | initiator the reason why an address assignment failed. These | |||
| types are used by the initiator to adjust its behavior accordingly | notification status types are used by the initiator to adjust its | |||
| (Section 5). | behavior accordingly (Section 5). | |||
| No data is associated with these notifications. | No data is associated with these notifications. | |||
| 5. An Update to RFC7296 | 5. An Update to RFC7296 | |||
| If the initiator is dual-stack, it MUST include both address families | If the initiator is dual-stack (i.e., supports both IPv4 and IPv6), | |||
| in its request (absent explicit policy/configuration otherwise). | it MUST include both address families configuration attributes in its | |||
| configuration request (absent explicit policy/configuration | ||||
| The responder MUST include IP6_ALLOWED and/or IP4_ALLOWED status type | otherwise). More details about IPv4 and IPv6 configuration | |||
| in a response to an address assignment request as indicated in | attributes are provided in Section 3.15 of [RFC7296]. These | |||
| attributes are used to infer the requested/assigned AFs listed in | ||||
| Table 1. | Table 1. | |||
| The responder MUST include IP6_ALLOWED and/or IP4_ALLOWED | ||||
| notification status type in a response to an address assignment | ||||
| request as indicated in Table 1. | ||||
| +----------------+----------------+---------------+-----------------+ | +----------------+----------------+---------------+-----------------+ | |||
| | | | | Returned | | | | | | Returned | | |||
| | Requested | Supported | Assigned | Notification | | | Requested | Supported | Assigned | Notification | | |||
| | AF(s) | AF(s) | AF(s) | Status Type(s) | | | AF(s) | AF(s) | AF(s) | Status Type(s) | | |||
| | (Initiator) | (Responder) | (Responder) | (Responder) | | | (Initiator) | (Responder) | (Responder) | (Responder) | | |||
| +----------------+----------------+---------------+-----------------+ | +----------------+----------------+---------------+-----------------+ | |||
| | IPv4 | IPv6 | None | IP6_ALLOWED | | | IPv4 | IPv6 | None | IP6_ALLOWED | | |||
| | IPv4 | IPv4 | IPv4 | IP4_ALLOWED | | | IPv4 | IPv4 | IPv4 | IP4_ALLOWED | | |||
| | IPv4 | IPv4 and IPv6 | IPv4 | IP4_ALLOWED, | | | IPv4 | IPv4 and IPv6 | IPv4 | IP4_ALLOWED, | | |||
| | | | | IP6_ALLOWED | | | | | | IP6_ALLOWED | | |||
| skipping to change at page 5, line 30 ¶ | skipping to change at page 5, line 30 ¶ | |||
| | IPv4 and IPv6 | IPv6 | IPv6 | IP6_ALLOWED | | | IPv4 and IPv6 | IPv6 | IPv6 | IP6_ALLOWED | | |||
| | IPv4 and IPv6 | IPv4 and IPv6 | IPv4 and IPv6 | IP4_ALLOWED, | | | IPv4 and IPv6 | IPv4 and IPv6 | IPv4 and IPv6 | IP4_ALLOWED, | | |||
| | | | | IP6_ALLOWED | | | | | | IP6_ALLOWED | | |||
| | IPv4 and IPv6 | IPv4 or IPv6 | IPv4 or IPv6 | IP4_ALLOWED, | | | IPv4 and IPv6 | IPv4 or IPv6 | IPv4 or IPv6 | IP4_ALLOWED, | | |||
| | | (Policy-based) | | IP6_ALLOWED | | | | (Policy-based) | | IP6_ALLOWED | | |||
| +----------------+----------------+---------------+-----------------+ | +----------------+----------------+---------------+-----------------+ | |||
| Table 1: Returned Notification Status Types | Table 1: Returned Notification Status Types | |||
| If the initiator only receives one single notification IP4_ALLOWED or | If the initiator only receives one single notification IP4_ALLOWED or | |||
| IP6_ALLOWED from the responder, the initiator MUST NOT send a request | IP6_ALLOWED from the responder, the initiator MUST NOT send a | |||
| for an alternate address family not supported by the responder. | subsequent request for an alternate address family not supported by | |||
| the responder. | ||||
| If a dual-stack initiator requests only an IPv6 prefix (or an IPv4 | If a dual-stack initiator requests only an IPv6 prefix (or an IPv4 | |||
| address) but only receives IP4_ALLOWED (or IP6_ALLOWED) notification | address) but only receives IP4_ALLOWED (or IP6_ALLOWED) notification | |||
| status type from the responder, the initiator MUST send a request for | status type from the responder, the initiator MUST send a request for | |||
| IPv4 address(es) (or IPv6 prefix(es)). | IPv4 address(es) (or IPv6 prefix(es)). | |||
| If a dual-stack initiator requests both an IPv6 prefix and an IPv4 | If a dual-stack initiator requests both an IPv6 prefix and an IPv4 | |||
| address but receives an IPv6 prefix (or an IPv4 address) only with | address but receives an IPv6 prefix (or an IPv4 address) only with | |||
| both IP4_ALLOWED and IP6_ALLOWED notification status types from the | both IP4_ALLOWED and IP6_ALLOWED notification status types from the | |||
| responder, the initiator MAY send a request for the other AF (i.e., | responder, the initiator MAY send a request for the other AF (i.e., | |||
| IPv4 address (or IPv6 prefix)). In such case, the initiator MUST | IPv4 address (or IPv6 prefix)). In such case, the initiator MUST | |||
| create a new IKE Security Association (SA) and request that another | create a new IKE Security Association (SA) and request that another | |||
| address family using the new IKE SA. | address family using the new IKE SA. | |||
| For other address-related error cases that have not been covered by | For other address-related error cases that have not been covered by | |||
| the aforementioned notification status types, the repsonder/initiator | the aforementioned notification status types, the repsonder/initiator | |||
| MUST follow the procedure defined in Section 3.15.4 of [RFC7296]. | MUST follow the procedure defined in Section 3.15.4 of [RFC7296]. | |||
| 6. Security Considerations | 6. Security Considerations | |||
| This document adheres to the security considerations defined in | Since the IPv4/IPv6 capabilities of a node are readily determined | |||
| [RFC7296]. | from the traffic it generates, this document does not introduce any | |||
| new security considerations compared to the ones described in | ||||
| [RFC7296], which continue to apply. | ||||
| 7. IANA Considerations | 7. IANA Considerations | |||
| This document requests IANA to update the "IKEv2 Notify Message Types | This document requests IANA to update the "IKEv2 Notify Message Types | |||
| - Status Types" registry available at: | - Status Types" registry available at: | |||
| https://www.iana.org/assignments/ikev2-parameters/ | https://www.iana.org/assignments/ikev2-parameters/ | |||
| ikev2-parameters.xhtml with the following status types: | ikev2-parameters.xhtml with the following status types: | |||
| Value NOTIFY MESSAGES - STATUS TYPES Reference | Value NOTIFY MESSAGES - STATUS TYPES Reference | |||
| TBD IP4_ALLOWED [This-Document] | TBD IP4_ALLOWED [This-Document] | |||
| TBD IP6_ALLOWED [This-Document] | TBD IP6_ALLOWED [This-Document] | |||
| 8. Acknowledgements | 8. Acknowledgements | |||
| Many thanks to Christian Jacquenet for the review. | Many thanks to Christian Jacquenet for the review. | |||
| Thanks to Paul Wouters, Yaov Nir, Valery Smyslov, Daniel Migault, | Thanks to Paul Wouters, Yaov Nir, Valery Smyslov, Daniel Migault, | |||
| Tero Kivinen, and Michael Richardson for the comments and review. | Tero Kivinen, and Michael Richardson for the comments and review. | |||
| Thanks to Benjamin Kaduk for the AD review. | ||||
| 9. References | 9. References | |||
| 9.1. Normative References | 9.1. Normative References | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
| DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
| <https://www.rfc-editor.org/info/rfc2119>. | <https://www.rfc-editor.org/info/rfc2119>. | |||
| [RFC7296] Kaufman, C., Hoffman, P., Nir, Y., Eronen, P., and T. | [RFC7296] Kaufman, C., Hoffman, P., Nir, Y., Eronen, P., and T. | |||
| End of changes. 14 change blocks. | ||||
| 28 lines changed or deleted | 41 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||