< draft-ietf-mip6-radius-02.txt   draft-ietf-mip6-radius-03.txt >
Network Working Group K. Chowdhury Network Working Group A. Lior
Internet-Draft Starent Networks Internet-Draft Bridgewater Systems
Intended status: Standards Track A. Lior Intended status: Standards Track K. Chowdhury
Expires: September 8, 2007 Bridgewater Systems Expires: May 21, 2008 Starent Networks
H. Tschofenig H. Tschofenig
Siemens Siemens
March 7, 2007 November 18, 2007
RADIUS Mobile IPv6 Support RADIUS Mobile IPv6 Support
draft-ietf-mip6-radius-02.txt draft-ietf-mip6-radius-03.txt
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 37 skipping to change at page 1, line 37
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on September 8, 2007. This Internet-Draft will expire on May 21, 2008.
Copyright Notice Copyright Notice
Copyright (C) The IETF Trust (2007). Copyright (C) The IETF Trust (2007).
Abstract Abstract
A Mobile IPv6 node requires a home agent(HA) address, a home A Mobile IPv6 node requires a home agent(HA) address, a home
address(HOA), and IPsec security association with its HA before it address(HOA), and IPsec security association with its HA before it
can start utilizing Mobile IPv6 service. RFC 3775 requires that some can start utilizing Mobile IPv6 service. RFC 3775 requires that some
skipping to change at page 2, line 29 skipping to change at page 2, line 29
and the AAA infrastructure. and the AAA infrastructure.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5
3. Solution Overview . . . . . . . . . . . . . . . . . . . . . . 6 3. Solution Overview . . . . . . . . . . . . . . . . . . . . . . 6
3.1. Integrated Scenario . . . . . . . . . . . . . . . . . . . 6 3.1. Integrated Scenario . . . . . . . . . . . . . . . . . . . 6
3.2. Split Scenario . . . . . . . . . . . . . . . . . . . . . . 7 3.2. Split Scenario . . . . . . . . . . . . . . . . . . . . . . 7
4. RADIUS Attribute Overview . . . . . . . . . . . . . . . . . . 9 4. RADIUS Attribute Overview . . . . . . . . . . . . . . . . . . 9
4.1. MIP6-HA Attribute . . . . . . . . . . . . . . . . . . . . 9 4.1. MIP6-Feature-Vector . . . . . . . . . . . . . . . . . . . 9
4.2. MIP6-HA-FQDN Attribute . . . . . . . . . . . . . . . . . . 9 4.2. MIP6-HA Attribute . . . . . . . . . . . . . . . . . . . . 9
4.3. MIP6-HL-Prefix Attribute . . . . . . . . . . . . . . . . . 9 4.3. MIP6-HA-FQDN Attribute . . . . . . . . . . . . . . . . . . 9
4.4. MIP6-HOA Attribute . . . . . . . . . . . . . . . . . . . . 9 4.4. MIP6-HL-Prefix Attribute . . . . . . . . . . . . . . . . . 9
4.5. MIP6-DNS-MO Attribute . . . . . . . . . . . . . . . . . . 9 4.5. MIP6-HOA Attribute . . . . . . . . . . . . . . . . . . . . 9
4.6. Use of existing RADIUS Attributes . . . . . . . . . . . . 9 4.6. MIP6-DNS-MO Attribute . . . . . . . . . . . . . . . . . . 10
4.6.1. User-Name . . . . . . . . . . . . . . . . . . . . . . 9 4.7. Use of existing RADIUS Attributes . . . . . . . . . . . . 10
4.6.2. Service-Type . . . . . . . . . . . . . . . . . . . . . 10 4.7.1. User-Name . . . . . . . . . . . . . . . . . . . . . . 10
4.6.3. NAS-Port-Type . . . . . . . . . . . . . . . . . . . . 10 4.7.2. Service-Type . . . . . . . . . . . . . . . . . . . . . 10
4.6.4. Calling-Station-Id . . . . . . . . . . . . . . . . . . 10 4.7.3. NAS-Port-Type . . . . . . . . . . . . . . . . . . . . 10
4.6.5. Use of MS-MPPE-Recv-Key and MS-MPPE-Send-Key . . . . . 10 4.7.4. Calling-Station-Id . . . . . . . . . . . . . . . . . . 10
4.7.5. Use of MS-MPPE-Recv-Key and MS-MPPE-Send-Key . . . . . 10
5. RADIUS attributes . . . . . . . . . . . . . . . . . . . . . . 11 5. RADIUS attributes . . . . . . . . . . . . . . . . . . . . . . 11
5.1. MIP6-HA Attribute . . . . . . . . . . . . . . . . . . . . 11 5.1. MIP6-Feature-Vector Attribute . . . . . . . . . . . . . . 11
5.2. MIP6-HA-FQDN Attribute . . . . . . . . . . . . . . . . . . 12 5.2. MIP6-HA Attribute . . . . . . . . . . . . . . . . . . . . 12
5.3. MIP6-HL-Prefix Attribute . . . . . . . . . . . . . . . . . 13 5.3. MIP6-HA-FQDN Attribute . . . . . . . . . . . . . . . . . . 13
5.4. MIP6-HOA Attribute . . . . . . . . . . . . . . . . . . . . 14 5.4. MIP6-HL-Prefix Attribute . . . . . . . . . . . . . . . . . 14
5.5. MIP6-DNS-MO Attribute . . . . . . . . . . . . . . . . . . 15 5.5. MIP6-HOA Attribute . . . . . . . . . . . . . . . . . . . . 15
6. Message Flows . . . . . . . . . . . . . . . . . . . . . . . . 17 5.6. MIP6-DNS-MO Attribute . . . . . . . . . . . . . . . . . . 16
6.1. Integrated Scenario (MSA=ASA) . . . . . . . . . . . . . . 17 6. Message Flows . . . . . . . . . . . . . . . . . . . . . . . . 18
6.1.1. HA allocation in the MSP . . . . . . . . . . . . . . . 17 6.1. Integrated Scenario (MSA=ASA) . . . . . . . . . . . . . . 18
6.1.2. HA allocation in the ASP (visited network) . . . . . . 18 6.1.1. HA allocation in the MSP . . . . . . . . . . . . . . . 18
6.2. Split Scenario (MSA!=ASA) . . . . . . . . . . . . . . . . 19 6.1.2. HA allocation in the ASP (visited network) . . . . . . 20
6.2. Split Scenario (MSA!=ASA) . . . . . . . . . . . . . . . . 20
6.2.1. Mobile Service Provider and Mobile Service 6.2.1. Mobile Service Provider and Mobile Service
Authorizer are the same entity. . . . . . . . . . . . 19 Authorizer are the same entity. . . . . . . . . . . . 20
6.2.2. Mobile Service Provider and Mobile Service 6.2.2. Mobile Service Provider and Mobile Service
Authorizer are different entities. . . . . . . . . . . 21 Authorizer are different entities. . . . . . . . . . . 23
7. Goals for the HA-AAA Interface . . . . . . . . . . . . . . . . 22 7. Goals for the HA-AAA Interface . . . . . . . . . . . . . . . . 24
7.1. General Goals . . . . . . . . . . . . . . . . . . . . . . 22 7.1. General Goals . . . . . . . . . . . . . . . . . . . . . . 24
7.2. Service Authorization . . . . . . . . . . . . . . . . . . 22 7.2. Service Authorization . . . . . . . . . . . . . . . . . . 24
7.3. Accounting . . . . . . . . . . . . . . . . . . . . . . . . 23 7.3. Accounting . . . . . . . . . . . . . . . . . . . . . . . . 25
7.4. MN Authentication . . . . . . . . . . . . . . . . . . . . 23 7.4. MN Authentication . . . . . . . . . . . . . . . . . . . . 25
7.5. Provisioning of Configuration Parameters . . . . . . . . . 23 7.5. Provisioning of Configuration Parameters . . . . . . . . . 25
8. Table of Attributes . . . . . . . . . . . . . . . . . . . . . 24 8. Table of Attributes . . . . . . . . . . . . . . . . . . . . . 26
9. Diameter Considerations . . . . . . . . . . . . . . . . . . . 25 9. Diameter Considerations . . . . . . . . . . . . . . . . . . . 27
10. Security Considerations . . . . . . . . . . . . . . . . . . . 26 10. Security Considerations . . . . . . . . . . . . . . . . . . . 28
11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 27 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 29
12. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 28 11.1. Registration of new AVPs . . . . . . . . . . . . . . . . . 29
13. References . . . . . . . . . . . . . . . . . . . . . . . . . . 29 11.2. New Registry: Mobility Capability . . . . . . . . . . . . 29
13.1. Normative References . . . . . . . . . . . . . . . . . . . 29 11.3. Addition of existing values . . . . . . . . . . . . . . . 29
13.2. Informative References . . . . . . . . . . . . . . . . . . 29 12. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 30
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 31 13. References . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Intellectual Property and Copyright Statements . . . . . . . . . . 32 13.1. Normative References . . . . . . . . . . . . . . . . . . . 31
13.2. Informative References . . . . . . . . . . . . . . . . . . 31
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 33
Intellectual Property and Copyright Statements . . . . . . . . . . 34
1. Introduction 1. Introduction
Mobile IPv6 specification [6] requires a Mobile Node (MN) to perform Mobile IPv6 specification [6] requires a Mobile Node (MN) to perform
registration with an HA with information about its current point of registration with an HA with information about its current point of
attachment (Care-of Address). The HA creates and maintains binding attachment (Care-of Address). The HA creates and maintains binding
between the MN's HOA and the MN's Care-of Address. between the MN's HOA and the MN's Care-of Address.
In order to register with a HA, the MN needs to know some information In order to register with a HA, the MN needs to know some information
such as, the Home Link prefix, the HA Address, the HOA, the Home Link such as, the Home Link prefix, the HA Address, the HOA, the Home Link
skipping to change at page 5, line 16 skipping to change at page 5, line 16
The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [1]. document are to be interpreted as described in [1].
General mobility terminology can be found in [8]. The following General mobility terminology can be found in [8]. The following
additional terms, as defined in [7], are used in this document: additional terms, as defined in [7], are used in this document:
Access Service Authorizer (ASA): Access Service Authorizer (ASA):
A network operator that authenticates a MN and establishes the A network operator that authenticates a mobile node and
MN's authorization to receive Internet service. establishes the mobile node's authorization to receive Internet
service.
Access Service Provider (ASP): Access Service Provider (ASP):
A network operator that provides direct IP packet forwarding to A network operator that provides direct IP packet forwarding to
and from the MN. and from the end host.
Mobility Service Authorizer (MSA): Mobility Service Authorizer (MSA):
A service provider that authorizes Mobile IPv6 service. A service provider that authorizes Mobile IPv6 service.
Mobility Service Provider (MSP): Mobility Service Provider (MSP):
A service provider that provides Mobile IPv6 service. In order to A service provider that provides Mobile IPv6 service. In order to
obtain such service, the MN must be authenticated and authorized obtain such service, the MN must be authenticated and authorized
to obtain the Mobile IPv6 service. to obtain the Mobile IPv6 service.
skipping to change at page 6, line 8 skipping to change at page 6, line 8
service are authorized by different entities. service are authorized by different entities.
Integrated Scenario: Integrated Scenario:
A scenario where the mobility service and the network access A scenario where the mobility service and the network access
service are authorized by the same entity. service are authorized by the same entity.
3. Solution Overview 3. Solution Overview
This document addresses the authentication, authorization and This document addresses the authentication, authorization and
accounting functionality required by for the MIPv6 bootstrapping as accounting functionality required by MIPv6 bootstrapping as outlined
outlined in the MIPv6 bootstrapping problem statement document (see in the MIPv6 bootstrapping problem statement document (see [7]). As
[7]). As such, the AAA functionality for the integrated and the such, the AAA functionality for the integrated and the split scenario
split scenario needs to be defined. This requires the ability to needs to be defined. This requires the ability to offer support for
offer support for the HA to AAA server and the network access server the HA to AAA server and the network access server(NAS) to AAA server
to AAA server communication. communication.
To highlight the main use cases, we briefly describe the integrated To highlight the main use cases, we briefly describe the integrated
and the split scenarios in Section 3.1 and Section 3.2, respectively. and the split scenarios in Section 3.1 and Section 3.2, respectively.
3.1. Integrated Scenario 3.1. Integrated Scenario
In the integrated scenario MIPv6 bootstrapping is provided as part of In the integrated scenario MIPv6 bootstrapping is provided as part of
the network access authentication procedure. Figure 1 shows the the network access authentication procedure. Figure 1 shows the
participating entity. participating entity.
skipping to change at page 6, line 52 skipping to change at page 6, line 52
+-------+ IEEE | +-----------+ +-------+ | +-------+ IEEE | +-----------+ +-------+ |
|Mobile | 802.1X | |NAS / Relay| |DHCPv6 | | |Mobile | 802.1X | |NAS / Relay| |DHCPv6 | |
|Node |----------+-|RADIUS |---|Server | | |Node |----------+-|RADIUS |---|Server | |
| | PANA,... | |Client | | | | | | PANA,... | |Client | | | |
+-------+ DHCP | +-----------+ +-------+ | +-------+ DHCP | +-----------+ +-------+ |
+---------------------------+ +---------------------------+
Figure 1: Mobile IPv6 Service Access in the Integrated Scenario Figure 1: Mobile IPv6 Service Access in the Integrated Scenario
In the typical Mobile IPv6 access scenario as shown above, the MN In the typical Mobile IPv6 access scenario as shown above, the MN
attaches in a ASP's network. During this network attachment attaches in the ASP's network. During this network attachment
procedure, the NAS/RADIUS client interacts with the MN. As shown in procedure, the NAS/RADIUS client interacts with the MN. As shown in
Figure 1, the authentication and authorization happens via a RADIUS Figure 1, the authentication and authorization happens via a RADIUS
infrastructure. infrastructure.
At the time of authorizing the user for IPv6 access, the RADIUS At the time of authorizing the user for IPv6 access, the RADIUS
server in the MSA detects that the user is authorized for Mobile IPv6 server in the MSA detects that the user is authorized for Mobile IPv6
access. Based on the MSA's policy, the RADIUS server may allocate access. Based on the MSA's policy, the RADIUS server may allocate
several parameters to the MN for use during the subsequent Mobile several parameters to the MN for use during the subsequent Mobile
IPv6 protocol interaction with the HA. IPv6 protocol interaction with the HA.
skipping to change at page 9, line 7 skipping to change at page 9, line 7
bootstrapping. The exchange is triggered by the HA and an bootstrapping. The exchange is triggered by the HA and an
interaction with the RADIUS infrastructure is initiated. When the interaction with the RADIUS infrastructure is initiated. When the
protocol exchange is completed then the HA needs to possess the protocol exchange is completed then the HA needs to possess the
Mobile IPv6 specific parameters (see [7]). Mobile IPv6 specific parameters (see [7]).
Additionally, the MN might instruct the RADIUS server (via the HA) to Additionally, the MN might instruct the RADIUS server (via the HA) to
perform a dynamic DNS update. perform a dynamic DNS update.
4. RADIUS Attribute Overview 4. RADIUS Attribute Overview
4.1. MIP6-HA Attribute 4.1. MIP6-Feature-Vector
The MIP6-Feature-Vector when included in an Access-Request packet is
used by the NAS to indicate supported MIP6 features. For example,
the NAS uses this attribute to indicate whether it can provide a
local home agent.
When included in an Access-Accept packet, the MIP6-Feature-Vector is
used by the RADIUS Server to indicate supported MIP6 features and to
select advetized feature by the NAS. For example, if the NAS
indicated support for local home agent assignment, the RADIUS server
authorizes the NAS to support local home agent assignment by echoing
the setting the same flag in the Access-Accept packet.
4.2. MIP6-HA Attribute
The RADIUS server may decide to assign a HA to the MN that is in The RADIUS server may decide to assign a HA to the MN that is in
close proximity to the point of attachment (e.g., as determined by close proximity to the point of attachment (e.g., as determined by
the NAS-ID). There may be other reasons for dynamically assigning the NAS-ID). There may be other reasons for dynamically assigning
HAs to the MN, for example to share the traffic load. The attribute HAs to the MN, for example to share the traffic load. The attribute
also contains the prefix length so that the MN can easily infer the also contains the prefix length so that the MN can easily infer the
Home Link prefix from the HA address. Home Link prefix from the HA address.
4.2. MIP6-HA-FQDN Attribute 4.3. MIP6-HA-FQDN Attribute
The RADIUS server may assign an FQDN of the HA to the MN. The mobile The RADIUS server may assign an FQDN of the HA to the MN. The mobile
node can perform DNS query with the FQDN to derive the HA address. node can perform DNS query with the FQDN to derive the HA address.
4.3. MIP6-HL-Prefix Attribute 4.4. MIP6-HL-Prefix Attribute
For the same reason as the HA assignment, the RADIUS server may For the same reason as the HA assignment, the RADIUS server may
assign a Home Link that is in close proximity to the point of assign a Home Link that is in close proximity to the point of
attachment (NAS-ID). The MN can perform [6] specific procedures to attachment (NAS-ID). The MN can perform [6] specific procedures to
discover other information for Mobile IPv6 registration. discover other information for Mobile IPv6 registration.
4.4. MIP6-HOA Attribute 4.5. MIP6-HOA Attribute
The RADIUS server may assign a HOA to the MN. This allows the The RADIUS server may assign a HOA to the MN. This allows the
network operator to support mobile devices that are not configured network operator to support mobile devices that are not configured
with static addresses. The attribute also contains the prefix length with static addresses. The attribute also contains the prefix length
so that the MN can easily infer the Home Link prefix from the HA so that the MN can easily infer the Home Link prefix from the HA
address. address.
4.5. MIP6-DNS-MO Attribute 4.6. MIP6-DNS-MO Attribute
By using this payload the RADIUS client instructs the RADIUS server By using this payload the RADIUS client instructs the RADIUS server
to perform a dynamic DNS update. When this payload is included in to perform a dynamic DNS update. When this payload is included in
the reverse direction, i.e., from the RADIUS server to the RADIUS the reverse direction, i.e., from the RADIUS server to the RADIUS
client, it informs about the status of the dynamic DNS update. When client, it informs about the status of the dynamic DNS update. When
the payload is sent from the RADIUS client to the RADIUS server then the payload is sent from the RADIUS client to the RADIUS server then
the response MUST include the MIP6-DNS-MO attribute. the response MUST include the MIP6-DNS-MO attribute.
4.6. Use of existing RADIUS Attributes 4.7. Use of existing RADIUS Attributes
4.6.1. User-Name 4.7.1. User-Name
If authentication via IKEv2 is used then the User-Name attribute If authentication via IKEv2 is used then the User-Name attribute
SHALL be set to the IDi payload received in the IKE_AUTH exchange. SHALL be set to the IDi payload received in the IKE_AUTH exchange.
4.6.2. Service-Type 4.7.2. Service-Type
If the HA uses Service-Type(6) is SHALL set its value to "Framed"(2). If the HA uses Service-Type(6) is SHALL set its value to "Framed"(2).
4.6.3. NAS-Port-Type 4.7.3. NAS-Port-Type
In order for the AAA to distingiues the source of the Access-Request In order for the AAA to distingiues the source of the Access-Request
NAS-Port-Type(61) is used as follows: NAS-Port-Type(61) is used as follows:
In the split scenario when the Access-Request originates from an MIP6 In the split scenario when the Access-Request originates from an MIP6
HA, NAS-Port-Type MUST be included and its value set to HA6(IANA- HA, NAS-Port-Type MUST be included and its value set to HA6(IANA-
TBD1). TBD1).
4.6.4. Calling-Station-Id 4.7.4. Calling-Station-Id
In the split-scenario, the HA SHOULD use the Calling-Station-Id(31) In the split-scenario, the HA SHOULD use the Calling-Station-Id(31)
to send the MN's COA to the AAA. If used, the string value of the to send the MN's COA to the AAA. If used, the string value of the
Calling-Station-Id(31) should be set to the 128-bit MN IPv6 COA. Calling-Station-Id(31) should be set to the 128-bit MN IPv6 COA.
4.6.5. Use of MS-MPPE-Recv-Key and MS-MPPE-Send-Key 4.7.5. Use of MS-MPPE-Recv-Key and MS-MPPE-Send-Key
To transport the MSK from the RADIUS to the HA, RADIUS SHALL utilize To transport the MSK from the RADIUS to the HA, RADIUS SHALL utilize
the MS-MPPE-Recv-Key and the MS-MPPE-Send-Key as defined in [4]. The the MS-MPPE-Recv-Key and the MS-MPPE-Send-Key as defined in [4]. The
first up to 32 octets of the MSK is stored into the MS-MPPE-Recv-Key, first up to 32 octets of the MSK is stored into the MS-MPPE-Recv-Key,
and the next up to 32 octets are stored into the MS-MPPE-Send-Key. and the next up to 32 octets are stored into the MS-MPPE-Send-Key.
The encryption of these attributes is described in [4]. The encryption of these attributes is described in [4].
5. RADIUS attributes 5. RADIUS attributes
This section defines format and syntax for the attribute that carries This section defines format and syntax for the attribute that carries
the Mobile IPv6 parameters that are described in the previous the Mobile IPv6 parameters that are described in the previous
section. section.
The attributes MAY be present in Access-Request, Access-Accept, and The attributes MAY be present in Access-Request, Access-Accept, and
Accounting-Request packets. Accounting-Request packets.
5.1. MIP6-HA Attribute 5.1. MIP6-Feature-Vector Attribute
One or more of this attribute is sent by the RADIUS server to the NAS Exactly one of this attribute MUST be sent by the NAS in an Access-
in an Access-Accept packet. The attribute carries the assigned HA Request packet to inidcate support for MIP6.
address.
This attribute MAY beMIP6-DNS-MO Attribute sent by the NAS to the Exactly one of this attribute MUST be sent by the RADIUS server in an
RADIUS server in an Access-Request packet as a hint to suggest a Access-Accept packet to indicate support for MIP6 and to select
dynamic HA that may be assigned to the MN. The RADIUS server MAY use features advetized by the NAS.
this value or may ignore this suggestion.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | MIP6 Features Vectors |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MIP6 Features Vectors cont. |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MIP6 Features Vectors cont. |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type:
MIP6-FV-TYPE to be defined by IANA.
Length:
= 10 octets
Feature Flags:
This field is of type String. Supporting the following values:
MIP6_INTEGRATED (0x0000000000000001)
When this flag is set by the NAS then it means that the
Mobile IPv6 integrated scenario bootstrapping functionality
is supported by the NAS. When this flag is set by the
Diameter server then the Mobile IPv6 integrated scenario
bootstrapping is supported by the RADIUS server.
LOCAL_HOME_AGENT_ASSIGNMENT (0x0000000000000002)
When this flag is set by the NAS then a local home agent can
be assigned to the MN. When this flag is set by the
Diameter server then the assignment of location HAs is
authorized by the Diameter server.
5.2. MIP6-HA Attribute
One or more of this attribute MAY be sent by the NAS to the RADIUS
server in an Access-Request packet as a proposal by the NAS to
allocate a local HA to the MN.
One or more of this attribute MAY be sent by the RADIUS server to the
NAS in an Access-Accept packet. The attribute carries the HA address
that may be assigned to the MN.
[EDITOR: WHAT IS THIS ABOUT?] This attribute MAY be MIP6-DNS-MO
Attribute sent by the NAS to the RADIUS server in an Access-Request
packet as a hint to suggest a dynamic HA that may be assigned to the
MN. The RADIUS server MAY use this value or may ignore this
suggestion.
If available at the NAS, at least MIP6-HA attribute and/or MIP6-HA- If available at the NAS, at least MIP6-HA attribute and/or MIP6-HA-
FQDN SHOULD appear in accounting packets to indicate the identity of FQDN SHOULD appear in accounting packets to indicate the identity of
the serving HA for this session. the serving HA for this session.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Reserved | Prefix-Length | | Type | Length | Reserved | Prefix-Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 11, line 46 skipping to change at page 13, line 4
| IPv6 address of assigned HA cont. | | IPv6 address of assigned HA cont. |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IPv6 address of assigned HA cont. | | IPv6 address of assigned HA cont. |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IPv6 address of assigned HA cont. | | IPv6 address of assigned HA cont. |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IPv6 address of assigned HA cont. | | IPv6 address of assigned HA cont. |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IPv6 address of assigned HA cont. | | IPv6 address of assigned HA cont. |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: Type:
ASSIGNED-HA-ADDR-TYPE to be defined by IANA. MIP6-HA-TYPE to be defined by IANA.
Length: Length:
= 21 octets = 21 octets
Reserved: Reserved:
Reserved for future use. The bits MUST be set to zero by the Reserved for future use. The bits MUST be set to zero by the
sender, and MUST be ignored by the receiver. sender, and MUST be ignored by the receiver.
Prefix-Length: Prefix-Length:
This field indicates the prefix length of the Home Link. This field indicates the prefix length of the Home Link.
IPv6 address of assigned HA: IPv6 address of assigned HA:
128-bit IPv6 address of the assigned HA. 128-bit IPv6 address of the assigned HA.
5.2. MIP6-HA-FQDN Attribute 5.3. MIP6-HA-FQDN Attribute
One or more instance of this attribute MAY be sent by the NAS to the
RADIUS server in an Access-Request packet as a hint to suggest a
dynamic HA that may be assigned to the MN. The RADIUS server MAY use
this value or may ignore this suggestion.
One or more of this attribute is sent by the RADIUS server to the NAS One or more of this attribute is sent by the RADIUS server to the NAS
in an Access-Accept packet. The attribute carries the FQDN of the in an Access-Accept packet. The attribute carries the FQDN of the
assigned HA. assigned HA.
This attribute MAY be sent by the NAS to the RADIUS server in an
Access-Request packet as a hint to suggest a dynamic HA that may be
assigned to the MN. The RADIUS server MAY use this value or may
ignore this suggestion.
If available at the NAS, at least MIP6-HA-FQDN attribute and/or If available at the NAS, at least MIP6-HA-FQDN attribute and/or
MIP6-HA SHOULD appear in accounting packets to indicate the identity MIP6-HA SHOULD appear in accounting packets to indicate the identity
of the serving HA for this session. of the serving HA for this session.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | FQDN of the assigned HA ..... | Type | Length | FQDN of the assigned HA .....
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 13, line 9 skipping to change at page 14, line 13
ASSIGNED-HA-FQDN-TYPE to be defined by IANA. ASSIGNED-HA-FQDN-TYPE to be defined by IANA.
Length: Length:
Variable length. Variable length.
FQDN of the assigned HA: FQDN of the assigned HA:
The data field MUST contain a FQDN as described in [10]. The data field MUST contain a FQDN as described in [10].
5.3. MIP6-HL-Prefix Attribute 5.4. MIP6-HL-Prefix Attribute
This attribute is sent by the RADIUS-MIP server to the NAS in an This attribute is sent by the RADIUS-MIP server to the NAS in an
Access-Accept packet. The attribute carries the assigned Home Link Access-Accept packet. The attribute carries the assigned Home Link
prefix. prefix.
This attribute MAY be sent by the NAS to the RADIUS server in an This attribute MAY be sent by the NAS to the RADIUS server in an
Access-Request packet along with the MIP6-HA and/or MIP6-HA-FQDN Access-Request packet along with the MIP6-HA and/or MIP6-HA-FQDN
attribute as a hint to suggest a Home Link prefix that may be attribute as a hint to suggest a Home Link prefix that may be
assigned to the MN. The RADIUS server MUST use this value if it assigned to the MN. The RADIUS server MUST use this value if it
accepts the NAS's HA suggestion. accepts the NAS's HA suggestion.
skipping to change at page 14, line 5 skipping to change at page 15, line 10
Prefix-Length: Prefix-Length:
This field indicates the prefix length of the Home Link. This field indicates the prefix length of the Home Link.
Home Link Prefix: Home Link Prefix:
Home Link prefix (upper order bits) of the assigned Home Link Home Link prefix (upper order bits) of the assigned Home Link
where the MN should send binding update. where the MN should send binding update.
5.4. MIP6-HOA Attribute 5.5. MIP6-HOA Attribute
This attribute is sent by the RADIUS server to the NAS in an Access- This attribute is sent by the RADIUS server to the NAS in an Access-
Accept packet. The attribute carries the assigned Home IPv6 Address Accept packet. The attribute carries the assigned Home IPv6 Address
for the MN. for the MN.
This attribute MAY be sent by the NAS to the RADIUS server in an This attribute MAY be sent by the NAS to the RADIUS server in an
Access-Request packet along with the MIP6-HA and/or MIP6-HA-FQDN Access-Request packet along with the MIP6-HA and/or MIP6-HA-FQDN
attribute as a hint to suggest a Home Address that may be assigned to attribute as a hint to suggest a Home Address that may be assigned to
the MN. The RADIUS server MUST use this value if it accepts the the MN. The RADIUS server MUST use this value if it accepts the
NAS's HA suggestion. NAS's HA suggestion.
skipping to change at page 15, line 5 skipping to change at page 16, line 11
sender, and MUST be ignored by the receiver. sender, and MUST be ignored by the receiver.
Prefix-Length: Prefix-Length:
This field indicates the prefix length of the Home Link. This field indicates the prefix length of the Home Link.
Assigned IPv6 HOA: Assigned IPv6 HOA:
IPv6 HOA that is assigned to the MN. IPv6 HOA that is assigned to the MN.
5.5. MIP6-DNS-MO Attribute 5.6. MIP6-DNS-MO Attribute
The MIP6-DNS-MO attribute is used for triggering a DNS update by the The MIP6-DNS-MO attribute is used for triggering a DNS update by the
RADIUS server and to return the result to the RADIUS client. The RADIUS server and to return the result to the RADIUS client. The
request MUST carry the MN's FQDN but the attribute carried in request MUST carry the MN's FQDN but the attribute carried in
response to the request MAY not carry a FQDN value. response to the request MAY not carry a FQDN value.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Reserved-1 | Status | | Type | Length | Reserved-1 | Status |
skipping to change at page 17, line 30 skipping to change at page 18, line 30
| |
+----+ +------+ +-------+ +-------+ +----+ +------+ +-------+ +-------+
| | |RADIUS| | | | | | | |RADIUS| | | | |
| | |Client| | | | | | | |Client| | | | |
| MN | |NAS/ | | DHCP | |Home | | MN | |NAS/ | | DHCP | |Home |
| | |DHCP | | Server| |RADIUS | | | |DHCP | | Server| |RADIUS |
| | |Relay | | | |Server | | | |Relay | | | |Server |
+----+ +------+ +-------+ +-------+ +----+ +------+ +-------+ +-------+
| | | | | | | |
| 1 | 1 | | | 1 | 1 | |
|<------------->|<---------------------->| |<------------->|----------------------->|
| | | | | | | |
| | 2 | |
| |<-----------------------|
| | | | | | | |
| 2 | | | | 3 | | |
|-------------->| | | |-------------->| | |
| | | | | | | |
| | 3 | | | | 4 | |
| |------------>| | | |------------>| |
| | | | | | | |
| | 4 | | | | 5 | |
| |<------------| | | |<------------| |
| | | | | | | |
| 5 | | | | 6 | | |
|<--------------| | | |<--------------| | |
| | | | | | | |
HA allocation in the MSP HA allocation in the MSP
In step (1), the MN executes the normal network access authentication In step (1), the MN executes the normal network access authentication
procedure (e.g., IEEE 802.11i/802.1x, PANA) with the NAS. The NAS procedure (e.g., IEEE 802.11i/802.1x, PANA) with the NAS. The NAS
acts as an authenticator in "pass-through" mode, i.e., the endpoint acts as an authenticator in "pass-through" mode, i.e., the endpoint
of the authentication dialogue is the MN's home RADIUS server. This of the authentication dialogue is the MN's home RADIUS server. This
is the typical scenario in case the messages involved in the is the typical scenario in case the messages involved in the
authentication protocol are transported in EAP. authentication protocol are transported in EAP.
As per [11], the NAS encapsulates/decapsulates EAP packets into/from As per [11], the NAS encapsulates/decapsulates EAP packets into/from
RADIUS packets until an Access-Response (either an Access-Accept or RADIUS packets until an Access-Response (either an Access-Accept or
an Access/Reject packet is received by the NAS). This concludes the an Access/Reject packet is received by the NAS). This concludes the
network access authentication phase. network access authentication phase.
Depending on the RADIUS server configuration, the MIP6-HA attribute If the NAS has the ability to support MIP6 Bootstrapping it includes
or the the MIP6-HA-FQDN attribute may be appended to the Access- the MIP6-Feature-Vector in the first Access-Request message and
Accept packet. In the latter case the MN needs to perform a DNS indicates whether it supports MIP6 bootstrapping and/or local home
query in order to discover the HA address. agent assignment by setting the appropriate flags therein.
The MIP6-HA or MIP6-HA-FQDN attribute is appended to the Access- If the NAS indicates support for Local home agent assignment, then it
Accept in case the home RADIUS server knows or has allocated a HA to may also include the MIP6-HA Attribute(s) and/or MIP6-HA-FQDN
the Access-Request (this is assumed in this scenario). Attribute(s) as a proposal to the RADIUS server of the HA to assign
in the ASP.
In step (2) the MN sends a DHCPv6 Information Request message to In step (2), the RADIUS server sends an Access-Accept packet with the
MIP6-Feature-Vector with the Local Home Agent Assignment flag set or
cleared. If the flag is cleared then the RADIUS server needs to
provide one or more Home Agent(s) to be assigned to the MN. If the
flag is set, then it indicates to the NAS that it can assign HA to
the MN; the RADIUS server may also include one or mroe HA addresses
thus indicating that the NAS can either allocate a local HA or one
specified by the RADIUS server.
In step (3) the MN sends a DHCPv6 Information Request message to
all_DHCP_Relay_Agents_and_Servers. In the OPTION_ORO, Option Code all_DHCP_Relay_Agents_and_Servers. In the OPTION_ORO, Option Code
for the Home Network Identifier Option shall be included in that for the Home Network Identifier Option shall be included in that
message. The Home Network Identifier Option should have id-type of message. The Home Network Identifier Option should have id-type of
1, the message is a request to discover home network information that 1, the message is a request to discover home network information that
pertains to the given realm, i.e., the user's home domain (identified pertains to the given realm, i.e., the user's home domain (identified
by the NAI of the MN). The OPTION_CLIENTID is set by the MN to by the NAI of the MN). The OPTION_CLIENTID is set by the MN to
identify itself to the DHCP server. identify itself to the DHCP server.
In step (3) the DHCP relay agent forwards this request to the DHCP In step (4) the DHCP relay agent forwards this request to the DHCP
server. The OPTION_MIP6-RELAY-Option is included in this forwarded server. The OPTION_MIP6-RELAY-Option is included in this forwarded
message. This option carries the RADIUS MIP6-HA Attribute from the message. This option carries the RADIUS MIP6-HA Attribute from the
Access-Accept packet. Access-Accept packet. If the NAS recieved the MIP6-HA-FQDN in the
Access-Accept it peforms a DNS lookup to resolve the MIP6-HA address.
In step (4), the DHCP server identifies the client (by DUID) and In step (5), the DHCP server identifies the client (by DUID) and
finds out that it requests HA information in the MSP (by the Home finds out that it requests HA information in the MSP (by the Home
Network Identifier Option = 1). The DHCP server extracts the HA Network Identifier Option = 1). The DHCP server extracts the HA
address from OPTION_MIP6-RELAY-Option and places it into Home Network address from OPTION_MIP6-RELAY-Option and places it into Home Network
Information Option in the Reply message. Information Option in the Reply message.
In step (5), the Relay Agent forwards the Reply Message to the MN. In step (6), the Relay Agent forwards the Reply Message to the MN.
On reception of this message, the HA address or the FQDN of the HA is On reception of this message, the HA address or the FQDN of the HA is
available at the MN. available at the MN.
6.1.2. HA allocation in the ASP (visited network) 6.1.2. HA allocation in the ASP (visited network)
This scenario is similar to the one described in Section 6.1.1. The This scenario is similar to the one described in Section 6.1.1. The
difference is in step (2), where the type-id field in the Home difference is in step (4), where the type-id field in the Home
Network Identifier Option is set to zero, indicating that a HA is Network Identifier Option is set to zero, indicating that a HA is
requested in the ASP instead of in the MSP. Thus, the information requested in the ASP instead of in the MSP. Thus, the information
received by the home RADIUS server, via the DHCP relay, in the received by the home RADIUS server, via the DHCP relay, in the
OPTION_MIP6-RELAY-Option (Information Request) is ignored. The DHCP OPTION_MIP6-RELAY-Option (Information Request) is ignored. The DHCP
server allocates a HA from its list of possible HAs and returns it in server allocates a HA from its list of possible HAs and returns it in
the Reply message (Home Network Information Option). the Reply message (Home Network Information Option).
6.2. Split Scenario (MSA!=ASA) 6.2. Split Scenario (MSA!=ASA)
6.2.1. Mobile Service Provider and Mobile Service Authorizer are the 6.2.1. Mobile Service Provider and Mobile Service Authorizer are the
skipping to change at page 24, line 13 skipping to change at page 26, line 13
"DNS Update Mobility Option Attribute" "DNS Update Mobility Option Attribute"
8. Table of Attributes 8. Table of Attributes
The following tables provides a guide to which attributes may be The following tables provides a guide to which attributes may be
found in RADIUS packet and in what number. found in RADIUS packet and in what number.
The following defines the meaning of the notation used in the following The following defines the meaning of the notation used in the following
tables: tables:
0 This attribute MUST NOT be present. 0 An instance of this attribute MUST NOT be present.
1 Exactly one instance of this attribute MUST be present
0-1 Zero or one instance of this attribute MAY be present. 0-1 Zero or one instance of this attribute MAY be present.
0+ Zero or more instance of this attriubte MAY be present
Request Accept Reject Challenge Type Attribute Request Accept Reject Challenge Type Attribute
1 1 0 0 MIP6-FV-TYPE MIP6-Feature-Vector
0-1[a] 0-1[a] 0 0 MIP6-HA-TYPE MIP6-HA Attribute 0+[ac] 0+[a] 0 0 MIP6-HA-TYPE MIP6-HA
0-1[a] 0-1[a] 0 0 MIP6-HA-FQDN-TYPE MIP6-HA-FQDN Attribute 0+[ac] 0+[a] 0 0 MIP6-HA-FQDN-TYPE MIP6-HA-FQDN
0-1[b] 0-1 0 0 MIP6-HL-PREFIX-TYPE MIP6-HL-Prefix Attribute 0-1[b] 0-1 0 0 MIP6-HL-PREFIX-TYPE MIP6-HL-Prefix
0-1[b] 0-1 0 0 MIP6-HOA-TYPE MIP6-HOA Attribute 0-1[b] 0-1 0 0 MIP6-HOA-TYPE MIP6-HOA
0-1 0-1 0 0 MIP6-DNS-MO-TYPE MIP6-DNS-MO Attribute 0-1 0-1 0 0 MIP6-DNS-MO-TYPE MIP6-DNS-MO
Notes: Notes:
[a] Either MIP6-HA or MIP6-HA-FQDN MAY appear in a RADIUS packet. [a] Either MIP6-HA or MIP6-HA-FQDN MAY appear in a RADIUS packet.
[b] If MIP6-HA or MIP6-HA-FQDN are present in the Access-Request [b] If MIP6-HA or MIP6-HA-FQDN are present in the Access-Request
then these attributes MUST also be present in the Access-Request. then these attributes MUST also be present in the Access-Request.
If the RADIUS server accepts the NAS suggestion for the HA, then If the RADIUS server accepts the NAS suggestion for the HA, then
the RADIUS server MUST also include the values received for these the RADIUS server MUST also include the values received for these
attributes in the Access-Accept. attributes in the Access-Accept.
[c] If these attributes are present in an Access-Request, then
LOCAL_HOME_AGENT_ASSIGNMENT flag of the MIP6-Feature-Vector MUST be set.
Otherwise these attributes are ignored.
As used in accounting packets: As used in accounting packets:
Request Interim Stop Type Attribute Request Interim Stop Type Attribute
0-1 0-1 0-1 MIP6-HA-TYPE MIP6-HA Attribute 0-1 0-1 0-1 MIP6-HA-TYPE MIP6-HA Attribute
0-1 0-1 0-1 MIP6-HA-FQDN-TYPE MIP6-HA-FQDN Attribute 0-1 0-1 0-1 MIP6-HA-FQDN-TYPE MIP6-HA-FQDN Attribute
0 0 0 MIP6-HL-PREFIX-TYPE MIP6-HL-Prefix Attribute 0 0 0 MIP6-HL-PREFIX-TYPE MIP6-HL-Prefix Attribute
0-1 0-1 0-1 MIP6-HOA-TYPE MIP6-HOA Attribute 0-1 0-1 0-1 MIP6-HOA-TYPE MIP6-HOA Attribute
0 0 0 MIP6-DNS-MO-TYPE MIP6-DNS-MO Attribute 0 0 0 MIP6-DNS-MO-TYPE MIP6-DNS-MO Attribute
skipping to change at page 27, line 7 skipping to change at page 29, line 7
The NAS and the HA to the RADIUS server transactions must be The NAS and the HA to the RADIUS server transactions must be
adequately secured. Otherwise there is a possibility that the user adequately secured. Otherwise there is a possibility that the user
may receive fraudulent values from a rogue RADIUS server potentially may receive fraudulent values from a rogue RADIUS server potentially
hijacking the user's Mobile IPv6 session. hijacking the user's Mobile IPv6 session.
These new attributes do not introduce additional security These new attributes do not introduce additional security
considerations besides the ones identified in [5]. considerations besides the ones identified in [5].
11. IANA Considerations 11. IANA Considerations
The following RADIUS attribute Type values MUST be assigned by IANA. 11.1. Registration of new AVPs
MIP6-HA-TYPE This specification defines the following new RADIUS attributes:
MIP6-HA-FQDN-TYPE MIP6-Feature-Vector is set to MIP6-FV-TYPE
MIP6-HL-PREFIX-TYPE MIP6-HA is set to MIP6-HA-TYPE
MIP6-HOA-TYPE MIP6-HA-FQDN is set to MIP6-HA-FQDN-TYPE
MIP6-DNS-MO-TYPE MIP6-HL-Prefix is set to MIP6-HL-PREFIX-TYPE
MIP6-HOA is set to MIP6-HOsA-TYPE
MIP6-DNS-MO is set to MIP6-DNS-MO-TYPE
11.2. New Registry: Mobility Capability
For MIP6-FV-TYPE flag values must be generated:
Token | Value | Description
----------------------------------+----------------------+------------
MIP6_INTEGRATED | 0x0000000000000001 | [RFC TBD]
LOCAL_HOME_AGENT_ASSIGNMENT | 0x0000000000000002 | [RFC TBD]
Available for Assignment via IANA | 2^x |
Allocation rule: Only numeric values that are 2^x (power of two) are
allowed based on the allocation policy described below.
Following the policies outlined in [1] new values with a description
of their semantic for usage with the MIP6-Feature-Vector AVP together
with a Token will be assigned after Expert Review initiated by the
O&M Area Directors in consultation with the DIME working group chairs
or the working group chairs of a designated successor working group.
Updates can be provided based on expert approval only. A designated
expert will be appointed by the O&M Area Directors. No mechanism to
mark entries as "deprecated" is envisioned. Based on expert approval
it is possible to delete entries from the registry.
11.3. Addition of existing values
A new value HA6(IANA-TBD1) MUST be assigned to NAS-Port-Type(61) A new value HA6(IANA-TBD1) MUST be assigned to NAS-Port-Type(61)
12. Acknowledgements 12. Acknowledgements
We would like to thank the following individuals for their review and We would like to thank the following individuals for their review and
constructive comments during the development of this document: constructive comments during the development of this document:
Florian Kohlmayer, Mark Watson, Jayshree Bharatia, Dimiter Milushev, Florian Kohlmayer, Mark Watson, Jayshree Bharatia, Dimiter Milushev,
Andreas Pashalidis, Rafa Marin Lopez and Pasi Eronen. Andreas Pashalidis, Rafa Marin Lopez and Pasi Eronen.
13. References 13. References
13.1. Normative References 13.1. Normative References
[1] Bradner, S., "Key words for use in RFCs to Indicate Requirement [1] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, March 1997. Levels", BCP 14, RFC 2119, March 1997.
[2] Chowdhury, K. and A. Yegin, "MIP6-bootstrapping for the [2] Chowdhury, K. and A. Yegin, "MIP6-bootstrapping for the
Integrated Scenario", Integrated Scenario",
draft-ietf-mip6-bootstrapping-integrated-dhc-02 (work in draft-ietf-mip6-bootstrapping-integrated-dhc-05 (work in
progress), February 2007. progress), July 2007.
[3] Giaretta, G., "Mobile IPv6 bootstrapping in split scenario", [3] Giaretta, G., "Mobile IPv6 bootstrapping in split scenario",
draft-ietf-mip6-bootstrapping-split-04 (work in progress), draft-ietf-mip6-bootstrapping-split-07 (work in progress),
December 2006. July 2007.
[4] Zorn, G., "Microsoft Vendor-specific RADIUS Attributes", [4] Zorn, G., "Microsoft Vendor-specific RADIUS Attributes",
RFC 2548, March 1999. RFC 2548, March 1999.
[5] Rigney, C., Willens, S., Rubens, A., and W. Simpson, "Remote [5] Rigney, C., Willens, S., Rubens, A., and W. Simpson, "Remote
Authentication Dial In User Service (RADIUS)", RFC 2865, Authentication Dial In User Service (RADIUS)", RFC 2865,
June 2000. June 2000.
13.2. Informative References 13.2. Informative References
[6] Johnson, D., Perkins, C., and J. Arkko, "Mobility Support in [6] Johnson, D., Perkins, C., and J. Arkko, "Mobility Support in
IPv6", RFC 3775, June 2004. IPv6", RFC 3775, June 2004.
[7] Giaretta, G. and A. Patel, "Problem Statement for bootstrapping [7] Patel, A. and G. Giaretta, "Problem Statement for bootstrapping
Mobile IPv6", draft-ietf-mip6-bootstrap-ps-05 (work in Mobile IPv6 (MIPv6)", RFC 4640, September 2006.
progress), May 2006.
[8] Manner, J. and M. Kojo, "Mobility Related Terminology", [8] Manner, J. and M. Kojo, "Mobility Related Terminology",
RFC 3753, June 2004. RFC 3753, June 2004.
[9] Dupont, F. and V. Devarapalli, "Mobile IPv6 Operation with [9] Dupont, F. and V. Devarapalli, "Mobile IPv6 Operation with
IKEv2 and the revised IPsec Architecture", IKEv2 and the revised IPsec Architecture",
draft-ietf-mip6-ikev2-ipsec-08 (work in progress), draft-ietf-mip6-ikev2-ipsec-08 (work in progress),
December 2006. December 2006.
[10] Mockapetris, P., "Domain names - implementation and [10] Mockapetris, P., "Domain names - implementation and
skipping to change at page 31, line 7 skipping to change at page 33, line 7
[20] Arkko, J., Devarapalli, V., and F. Dupont, "Using IPsec to [20] Arkko, J., Devarapalli, V., and F. Dupont, "Using IPsec to
Protect Mobile IPv6 Signaling Between Mobile Nodes and Home Protect Mobile IPv6 Signaling Between Mobile Nodes and Home
Agents", RFC 3776, June 2004. Agents", RFC 3776, June 2004.
[21] Vixie, P., Thomson, S., Rekhter, Y., and J. Bound, "Dynamic [21] Vixie, P., Thomson, S., Rekhter, Y., and J. Bound, "Dynamic
Updates in the Domain Name System (DNS UPDATE)", RFC 2136, Updates in the Domain Name System (DNS UPDATE)", RFC 2136,
April 1997. April 1997.
Authors' Addresses Authors' Addresses
Kuntal Chowdhury
Starent Networks
30 International Place
Tewksbury, MA 01876
US
Phone: +1 214-550-1416
Email: kchowdhury@starentnetworks.com
Avi Lior Avi Lior
Bridgewater Systems Bridgewater Systems
303 Terry Fox Drive, Suite 100 303 Terry Fox Drive, Suite 100
Ottawa, Ontario Ottawa, Ontario
Canada K2K 3J1 Canada K2K 3J1
Phone: +1 613-591-6655 Phone: +1 613-591-6655
Email: avi@bridgewatersystems.com Email: avi@bridgewatersystems.com
Kuntal Chowdhury
Starent Networks
30 International Place
Tewksbury, MA 01876
US
Phone: +1 214-550-1416
Email: kchowdhury@starentnetworks.com
Hannes Tschofenig Hannes Tschofenig
Siemens Siemens
Otto-Hahn-Ring 6 Otto-Hahn-Ring 6
Munich, Bavaria 81739 Munich, Bavaria 81739
Germany Germany
Email: Hannes.Tschofenig@siemens.com Email: Hannes.Tschofenig@siemens.com
Full Copyright Statement Full Copyright Statement
 End of changes. 62 change blocks. 
133 lines changed or deleted 251 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/