< draft-ietf-mobileip-ipv6-16.txt   draft-ietf-mobileip-ipv6-17.txt >
IETF Mobile IP Working Group David B. Johnson IETF Mobile IP Working Group David B. Johnson
INTERNET-DRAFT Rice University INTERNET-DRAFT Rice University
Charles Perkins Charles Perkins
Nokia Research Center Nokia Research Center
22 March 2002 Jari Arkko
Ericsson
1 May 2002
Mobility Support in IPv6 Mobility Support in IPv6
<draft-ietf-mobileip-ipv6-16.txt> <draft-ietf-mobileip-ipv6-17.txt>
Status of This Memo Status of This Memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC 2026. all provisions of Section 10 of RFC 2026.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note Task Force (IETF), its areas, and its working groups. Note
that other groups may also distribute working documents as that other groups may also distribute working documents as
Internet-Drafts. Internet-Drafts.
skipping to change at page 1, line 33 skipping to change at page 1, line 35
months, and may be updated, replaced, or obsoleted by other documents months, and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet-Drafts as reference at any time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
Abstract
This document specifies the operation of mobile computers using IPv6. This document specifies the operation of mobile computers using IPv6.
Each mobile node is always identified by its home address, regardless Each mobile node is always identified by its home address, regardless
of its current point of attachment to the Internet. While situated of its current point of attachment to the Internet. While situated
away from its home, a mobile node is also associated with a care-of away from its home, a mobile node is also associated with a care-of
address, which provides information about the mobile node's current address, which provides information about the mobile node's current
location. IPv6 packets addressed to a mobile node's home address are location. IPv6 packets addressed to a mobile node's home address are
transparently routed to its care-of address. The protocol enables transparently routed to its care-of address. The protocol enables
IPv6 nodes to cache the binding of a mobile node's home address with IPv6 nodes to cache the binding of a mobile node's home address
its care-of address, and to then send any packets destined for the with its care-of address, and to then send any packets destined for
mobile node directly to it at this care-of address. To support this the mobile node directly to it at this care-of address. To support
operation, Mobile IPv6 defines four new IPv6 destination options, this operation, Mobile IPv6 defines a new IPv6 protocol and a new
including one that MUST be supported in packets received by any node, destination option. All IPv6 nodes, whether mobile or stationary,
whether mobile or stationary. MUST support communications with mobile nodes.
Contents Contents
Status of This Memo i Status of This Memo i
Abstract i Abstract i
1. Introduction 1 1. Introduction 1
2. Comparison with Mobile IP for IPv4 3 2. Comparison with Mobile IP for IPv4 2
3. Terminology 6 3. Terminology 4
3.1. General Terms . . . . . . . . . . . . . . . . . . . . . . 6 3.1. General Terms . . . . . . . . . . . . . . . . . . . . . . 5
3.2. Mobile IPv6 Terms . . . . . . . . . . . . . . . . . . . . 7 3.2. Mobile IPv6 Terms . . . . . . . . . . . . . . . . . . . . 6
4. Overview of Mobile IPv6 8 4. Overview of Mobile IPv6 9
4.1. New IPv6 Protocols . . . . . . . . . . . . . . . . . . . 8 4.1. Basic Operation . . . . . . . . . . . . . . . . . . . . . 9
4.2. Basic Operation . . . . . . . . . . . . . . . . . . . . . 10 4.2. New IPv6 Protocols . . . . . . . . . . . . . . . . . . . 12
4.3. New IPv6 Destination Options . . . . . . . . . . . . . . 13 4.3. New IPv6 Destination Options . . . . . . . . . . . . . . 13
4.4. Alignment Requirements for New Destination Options . . . 13 4.4. New IPv6 ICMP Messages . . . . . . . . . . . . . . . . . 14
4.5. Security Design . . . . . . . . . . . . . . . . . . . . . 14 4.5. Conceptual Data Structures . . . . . . . . . . . . . . . 15
4.5.1. Security Threats . . . . . . . . . . . . . . . . 14 4.6. Binding Management . . . . . . . . . . . . . . . . . . . 16
4.5.2. Security Features . . . . . . . . . . . . . . . . 15
4.5.3. Securing Tunnels to and from the Home Agents . . 17
4.5.4. Securing Binding Updates to Home Agents . . . . . 17
4.5.5. Securing Binding Updates to Correspondent Nodes . 18
4.5.6. Preventing Denial-of-Service Attacks . . . . . . 22
4.5.7. Design Rationale . . . . . . . . . . . . . . . . 23
4.6. New IPv6 ICMP Messages . . . . . . . . . . . . . . . . . 24
4.7. Conceptual Data Structures . . . . . . . . . . . . . . . 25
4.8. Binding Management . . . . . . . . . . . . . . . . . . . 30
5. New IPv6 Destination Options and Message Types 31 5. Overview of Mobile IPv6 Security 17
5.1. Mobility Header . . . . . . . . . . . . . . . . . . . . . 31 5.1. Threats . . . . . . . . . . . . . . . . . . . . . . . . . 17
5.1.1. Format . . . . . . . . . . . . . . . . . . . . . 32 5.2. Features . . . . . . . . . . . . . . . . . . . . . . . . 18
5.1.2. Binding Request (BR) Message . . . . . . . . . . 33 5.3. Tunnels to and from the Home Agents . . . . . . . . . . . 20
5.1.3. Home Test Init (HoTI) Message . . . . . . . . . . 34 5.4. Binding Updates to Home Agents . . . . . . . . . . . . . 20
5.1.4. Care-of Test Init (CoTI) Message . . . . . . . . 35 5.5. Binding Updates to Correspondent Nodes . . . . . . . . . 21
5.1.5. Home Test (HoT) Message . . . . . . . . . . . . . 36 5.5.1. Node Keys . . . . . . . . . . . . . . . . . . . . 22
5.1.6. Care-of Test (CoT) Message . . . . . . . . . . . 38 5.5.2. Nonces . . . . . . . . . . . . . . . . . . . . . 23
5.1.7. Binding Update (BU) Message . . . . . . . . . . . 40 5.5.3. Cookies . . . . . . . . . . . . . . . . . . . . . 23
5.1.8. Binding Acknowledgement (BA) Message . . . . . . 44 5.5.4. Cryptographic Functions . . . . . . . . . . . . . 24
5.1.9. Binding Missing (BM) Message . . . . . . . . . . 49 5.5.5. Return Routability Procedure . . . . . . . . . . 24
5.2. Mobility Header Parameters . . . . . . . . . . . . . . . 51 5.5.6. Applying Return Routability for Correspondent
5.2.1. Format . . . . . . . . . . . . . . . . . . . . . 51 Bindings . . . . . . . . . . . . . . . . . 28
5.2.2. Pad1 . . . . . . . . . . . . . . . . . . . . . . 52 5.5.7. Updating Node Keys and Nonces . . . . . . . . . . 29
5.2.3. PadN . . . . . . . . . . . . . . . . . . . . . . 52 5.5.8. Preventing Replay Attacks . . . . . . . . . . . . 30
5.2.4. Unique Identifier . . . . . . . . . . . . . . . . 53 5.5.9. Preventing Denial-of-Service Attacks . . . . . . 30
5.2.5. Alternate Care-of Address . . . . . . . . . . . . 53 5.5.10. Correspondent Binding Procedure Extensibility . . 31
5.2.6. Nonce Indices . . . . . . . . . . . . . . . . . . 54
5.2.7. Authentication Data . . . . . . . . . . . . . . . 54
5.3. Home Address Option . . . . . . . . . . . . . . . . . . . 55
5.4. Routing Header type 2 . . . . . . . . . . . . . . . . . . 58
5.4.1. Routing Header Packet format . . . . . . . . . . 58
5.4.2. Sending RH type 2 . . . . . . . . . . . . . . . . 59
5.4.3. Verification by receiver . . . . . . . . . . . . 60
5.4.4. Extension header ordering . . . . . . . . . . . . 60
5.4.5. Reversing type 2 routing headers . . . . . . . . 60
5.5. Mobile IPv6 Destination Option Sub-Options . . . . . . . 61
5.5.1. Pad1 . . . . . . . . . . . . . . . . . . . . . . 62
5.5.2. PadN . . . . . . . . . . . . . . . . . . . . . . 62
5.6. ICMP Home Agent Address Discovery Request Message . . . . 63
5.7. ICMP Home Agent Address Discovery Reply Message . . . . . 64
5.8. ICMP Mobile Prefix Solicitation Message Format . . . . . 66
5.9. ICMP Mobile Prefix Advertisement Message Format . . . . . 68
6. Modifications to IPv6 Neighbor Discovery 70 6. New IPv6 Protocols, Message Types, and Destination Option 31
6.1. Modified Router Advertisement Message Format . . . . . . 70 6.1. Mobility Header . . . . . . . . . . . . . . . . . . . . . 31
6.2. Modified Prefix Information Option Format . . . . . . . . 71 6.1.1. Format . . . . . . . . . . . . . . . . . . . . . 32
6.3. New Advertisement Interval Option Format . . . . . . . . 73 6.1.2. Binding Refresh Request (BRR) Message . . . . . . 33
6.4. New Home Agent Information Option Format . . . . . . . . 74 6.1.3. Home Test Init (HoTI) Message . . . . . . . . . . 34
6.5. Changes to Sending Router Advertisements . . . . . . . . 76 6.1.4. Care-of Test Init (CoTI) Message . . . . . . . . 36
6.6. Changes to Sending Router Solicitations . . . . . . . . . 77 6.1.5. Home Test (HoT) Message . . . . . . . . . . . . . 37
6.1.6. Care-of Test (CoT) Message . . . . . . . . . . . 39
6.1.7. Binding Update (BU) Message . . . . . . . . . . . 41
6.1.8. Binding Acknowledgement (BA) Message . . . . . . 45
6.1.9. Binding Error (BE) Message . . . . . . . . . . . 49
6.2. Mobility Options . . . . . . . . . . . . . . . . . . . . 51
6.2.1. Format . . . . . . . . . . . . . . . . . . . . . 51
6.2.2. Pad1 . . . . . . . . . . . . . . . . . . . . . . 52
6.2.3. PadN . . . . . . . . . . . . . . . . . . . . . . 52
6.2.4. Unique Identifier . . . . . . . . . . . . . . . . 53
6.2.5. Alternate Care-of Address . . . . . . . . . . . . 53
6.2.6. Nonce Indices . . . . . . . . . . . . . . . . . . 54
6.2.7. Binding Authorization Data . . . . . . . . . . . 54
6.3. Home Address Destination Option . . . . . . . . . . . . . 55
6.4. Routing Header type 2 . . . . . . . . . . . . . . . . . . 58
6.4.1. Routing Header Packet format . . . . . . . . . . 58
6.5. ICMP Home Agent Address Discovery Request Message . . . . 59
6.6. ICMP Home Agent Address Discovery Reply Message . . . . . 61
6.7. ICMP Mobile Prefix Solicitation Message Format . . . . . 63
6.8. ICMP Mobile Prefix Advertisement Message Format . . . . . 65
7. Requirements for Types of IPv6 Nodes 79 7. Modifications to IPv6 Neighbor Discovery 67
7.1. Requirements for All IPv6 Routers . . . . . . . . . . . . 79 7.1. Modified Router Advertisement Message Format . . . . . . 67
7.2. Requirements for IPv6 Home Agents . . . . . . . . . . . . 79 7.2. Modified Prefix Information Option Format . . . . . . . . 68
7.3. Requirements for IPv6 Mobile Nodes . . . . . . . . . . . 80 7.3. New Advertisement Interval Option Format . . . . . . . . 70
7.4. New Home Agent Information Option Format . . . . . . . . 71
7.5. Changes to Sending Router Advertisements . . . . . . . . 73
7.6. Changes to Sending Router Solicitations . . . . . . . . . 74
8. Correspondent Node Operation 82 8. Requirements for Types of IPv6 Nodes 75
8.1. Receiving Packets from a Mobile Node . . . . . . . . . . 82 8.1. Requirements for All IPv6 Hosts and Routers . . . . . . . 75
8.2. Receiving Binding Updates . . . . . . . . . . . . . . . . 82 8.2. Requirements for All IPv6 Routers . . . . . . . . . . . . 75
8.3. Requests to Cache a Binding . . . . . . . . . . . . . . . 83 8.3. Requirements for IPv6 Home Agents . . . . . . . . . . . . 76
8.4. Requests to Delete a Binding . . . . . . . . . . . . . . 84 8.4. Requirements for IPv6 Mobile Nodes . . . . . . . . . . . 77
8.5. Sending Binding Acknowledgements . . . . . . . . . . . . 84
8.6. Sending Binding Requests . . . . . . . . . . . . . . . . 85
8.7. Cache Replacement Policy . . . . . . . . . . . . . . . . 85
8.8. Receiving ICMP Error Messages . . . . . . . . . . . . . . 86
8.9. Sending Packets to a Mobile Node . . . . . . . . . . . . 87
9. Home Agent Operation 89 9. Correspondent Node Operation 78
9.1. Primary Care-of Address Registration . . . . . . . . . . 89 9.1. Conceptual Data Structures . . . . . . . . . . . . . . . 78
9.2. Primary Care-of Address De-Registration . . . . . . . . . 92 9.2. Receiving Packets from a Mobile Node . . . . . . . . . . 79
9.3. Intercepting Packets for a Mobile Node . . . . . . . . . 92 9.2.1. Processing Mobility Header (MH) Messages . . . . 79
9.4. Tunneling Intercepted Packets to a Mobile Node . . . . . 94 9.2.2. Receiving Packets with Home Address Destination
9.5. Handling Reverse Tunneled Packets from a Mobile Node . . 96 Option . . . . . . . . . . . . . . . . . . 80
9.6. Protecting Return Routability Packets . . . . . . . . . . 96 9.3. Return Routability Procedure . . . . . . . . . . . . . . 80
9.7. Home Prefix Propagation . . . . . . . . . . . . . . . . . 96 9.3.1. Receiving HoTI Messages . . . . . . . . . . . . . 81
9.8. Receiving Router Advertisement Messages . . . . . . . . . 97 9.3.2. Receiving CoTI Messages . . . . . . . . . . . . . 81
9.9. Dynamic Home Agent Address Discovery . . . . . . . . . . 98 9.3.3. Sending HoT Messages . . . . . . . . . . . . . . 82
9.9.1. Aggregate List of Home Network Prefixes . . . . . 100 9.3.4. Sending CoT Messages . . . . . . . . . . . . . . 82
9.9.2. Scheduling Prefix Deliveries to the Mobile Node . 101 9.4. Processing Bindings . . . . . . . . . . . . . . . . . . . 82
9.9.3. Sending Advertisements to the Mobile Node . . . . 103 9.4.1. Receiving Binding Updates . . . . . . . . . . . . 82
9.9.4. Lifetimes for Changed Prefixes . . . . . . . . . 105 9.4.2. Requests to Cache a Binding . . . . . . . . . . . 84
9.4.3. Requests to Delete a Binding . . . . . . . . . . 84
9.4.4. Sending Binding Acknowledgements . . . . . . . . 85
9.4.5. Sending Binding Refresh Requests . . . . . . . . 86
9.4.6. Sending Binding Error Messages . . . . . . . . . 87
10. Mobile Node Operation 105 9.5. Cache Replacement Policy . . . . . . . . . . . . . . . . 87
10.1. Sending Packets While Away from Home . . . . . . . . . . 105 9.6. Sending Packets to a Mobile Node . . . . . . . . . . . . 88
10.2. Interaction with Outbound IPsec Processing . . . . . . . 107 9.7. Receiving ICMP Error Messages . . . . . . . . . . . . . . 89
10.3. Receiving Packets While Away from Home . . . . . . . . . 108
10.4. Movement Detection . . . . . . . . . . . . . . . . . . . 109
10.5. Receiving Local Router Advertisement Messages . . . . . . 112
10.6. Forming New Care-of Addresses . . . . . . . . . . . . . . 114
10.7. Sending Binding Updates to the Home Agent . . . . . . . . 115
10.8. Dynamic Home Agent Address Discovery . . . . . . . . . . 117
10.9. Sending Binding Updates to Correspondent Nodes . . . . . 118
10.10. Receiving RR Messages . . . . . . . . . . . . . . . . . . 121
10.11. Establishing Forwarding from a Previous Care-of Address . 122
10.12. Retransmitting Binding Updates . . . . . . . . . . . . . 123
10.13. Rate Limiting for Sending Binding Updates . . . . . . . . 124
10.14. Receiving Binding Acknowledgements . . . . . . . . . . . 124
10.15. Receiving Binding Requests . . . . . . . . . . . . . . . 125
10.16. Receiving ICMP Error Messages . . . . . . . . . . . . . . 126
10.17. Receiving ICMP Error Messages . . . . . . . . . . . . . . 126
10.18. Sending Mobile Prefix Solicitations . . . . . . . . . . . 126
10.19. Receiving Mobile Prefix Advertisements . . . . . . . . . 127
10.20. Using Multiple Care-of Addresses . . . . . . . . . . . . 128
10.21. Routing Multicast Packets . . . . . . . . . . . . . . . . 128
10.22. Returning Home . . . . . . . . . . . . . . . . . . . . . 129
11. Protocol Constants 131 10. Home Agent Operation 90
12. Future Extensions 132 10.1. Conceptual Data Structures . . . . . . . . . . . . . . . 90
12.1. Piggybacking . . . . . . . . . . . . . . . . . . . . . . 132 10.2. Primary Care-of Address Registration . . . . . . . . . . 91
12.2. Triangular Routing and Unverified HAOs . . . . . . . . . 132 10.3. Primary Care-of Address De-Registration . . . . . . . . . 94
12.3. New Authorization Methods beyond RR . . . . . . . . . . . 132 10.4. Intercepting Packets for a Mobile Node . . . . . . . . . 95
10.5. Tunneling Intercepted Packets to a Mobile Node . . . . . 97
10.6. Handling Reverse Tunneled Packets from a Mobile Node . . 98
10.7. Protecting Return Routability Packets . . . . . . . . . . 99
10.8. Receiving Router Advertisement Messages . . . . . . . . . 99
10.9. Dynamic Home Agent Address Discovery . . . . . . . . . . 101
10.9.1. Aggregate List of Home Network Prefixes . . . . . 102
10.9.2. Scheduling Prefix Deliveries to the Mobile Node . 104
10.9.3. Sending Advertisements to the Mobile Node . . . . 106
10.9.4. Lifetimes for Changed Prefixes . . . . . . . . . 107
13. IANA Considerations 133 11. Mobile Node Operation 107
11.1. Conceptual Data Structures . . . . . . . . . . . . . . . 107
11.2. Packet Processing . . . . . . . . . . . . . . . . . . . . 110
11.2.1. Sending Packets While Away from Home . . . . . . 110
11.2.2. Interaction with Outbound IPsec Processing . . . 112
11.2.3. Receiving Packets While Away from Home . . . . . 114
11.2.4. Routing Multicast Packets . . . . . . . . . . . . 116
11.3. Home Agent and Prefix Management . . . . . . . . . . . . 116
11.3.1. Receiving Local Router Advertisement Messages . . 116
11.3.2. Dynamic Home Agent Address Discovery . . . . . . 118
11.3.3. Sending Mobile Prefix Solicitations . . . . . . . 119
11.3.4. Receiving Mobile Prefix Advertisements . . . . . 120
11.4. Movement . . . . . . . . . . . . . . . . . . . . . . . . 121
11.4.1. Movement Detection . . . . . . . . . . . . . . . 121
11.4.2. Forming New Care-of Addresses . . . . . . . . . . 124
11.4.3. Using Multiple Care-of Addresses . . . . . . . . 125
11.5. Return Routability Procedure . . . . . . . . . . . . . . 126
11.5.1. Sending Home and Care-of Test Init Messages . . . 126
11.5.2. Receiving Return Routability Messages . . . . . . 126
11.5.3. Retransmitting in the Return Routability Procedure 128
11.5.4. Rate Limiting for Return Routability Procedure . 128
11.6. Processing Bindings . . . . . . . . . . . . . . . . . . . 128
11.6.1. Sending Binding Updates to the Home Agent . . . . 128
11.6.2. Correspondent Binding Procedure . . . . . . . . . 130
11.6.3. Receiving Binding Acknowledgements . . . . . . . 133
11.6.4. Receiving Binding Refresh Requests . . . . . . . 134
11.6.5. Receiving Binding Error Messages . . . . . . . . 135
11.6.6. Forwarding from a Previous Care-of Address . . . 136
11.6.7. Returning Home . . . . . . . . . . . . . . . . . 137
11.6.8. Retransmitting Binding Updates . . . . . . . . . 139
11.6.9. Rate Limiting Binding Updates . . . . . . . . . . 140
11.7. Receiving ICMP Error Messages . . . . . . . . . . . . . . 140
14. Security Considerations 134 12. Protocol Constants 141
14.1. Security for the Tunneling to and from the Home Agent . . 134
14.2. Security for the Binding Updates to the Home Agent . . . 135 13. IANA Considerations 142
14. Security Considerations 143
14.1. Security for the Tunneling to and from the Home Agent . . 143
14.2. Security for the Binding Updates to the Home Agent . . . 144
14.3. Security for the Binding Updates to the Correspondent 14.3. Security for the Binding Updates to the Correspondent
Nodes . . . . . . . . . . . . . . . . . . . . . . . . 135 Nodes . . . . . . . . . . . . . . . . . . . . . . . . 144
14.4. Security for the Home Address Option . . . . . . . . . . 135 14.4. Security for the Home Address Destination Option . . . . 145
14.5. Firewall considerations . . . . . . . . . . . . . . . . . 136 14.5. Firewall considerations . . . . . . . . . . . . . . . . . 145
Acknowledgements 137 Acknowledgements 146
References 138 References 147
A. Changes from Previous Version of the Draft 140 A. State Machine for the Correspondent Binding Procedure 150
A.1. Changes from Draft Version ...-15 . . . . . . . . . . . . 140
A.2. Changes from Previous Versions of the Draft . . . . . . . 142
B. Remote Home Address Configuration 144 B. Changes from Previous Version of the Draft 159
B.1. Changes from Draft Version 16 . . . . . . . . . . . . . . 159
B.2. Changes from Draft Version 15 . . . . . . . . . . . . . . 161
B.3. Changes from Earlier Versions of the Draft . . . . . . . 162
Chairs' Addresses 145 C. Remote Home Address Configuration 164
Authors' Addresses 146 D. Future Extensions 165
D.1. Piggybacking . . . . . . . . . . . . . . . . . . . . . . 165
D.2. Triangular Routing and Unverified Home Addresses . . . . 166
D.3. New Authorization Methods beyond Return Routability . . . 166
Chairs' Addresses 167
Authors' Addresses 167
1. Introduction 1. Introduction
This document specifies the operation of mobile computers using This document specifies the operation of mobile computers using
Internet Protocol Version 6 (IPv6) [6]. Without specific support Internet Protocol Version 6 (IPv6) [6]. Without specific support
for mobility in IPv6, packets destined to a mobile node (host or for mobility in IPv6, packets destined to a mobile node (host or
router) would not be able to reach it while the mobile node is away router) would not be able to reach it while the mobile node is away
from its home link (the link on which its home IPv6 subnet prefix is from its home link (the link on which its home IPv6 subnet prefix is
in use), since routing is based on the subnet prefix in a packet's in use), since routing is based on the subnet prefix in a packet's
destination IP address. In order to continue communication in spite destination IP address. In order to continue communication in spite
of its movement, a mobile node could change its IP address each time of its movement, a mobile node could change its IP address each time
it moves to a new link, but the mobile node would then not be able it moves to a new link, but the mobile node would then not be able
to maintain transport and higher-layer connections when it changes to maintain transport and higher-layer connections when it changes
location. Mobility support in IPv6 is particularly important, as location. Mobility support in IPv6 is particularly important, as
mobile computers are likely to account for a majority or at least a mobile computers are likely to account for a majority or at least a
substantial fraction of the population of the Internet during the substantial fraction of the population of the Internet during the
lifetime of IPv6. lifetime of IPv6.
The protocol operation defined here, known as Mobile IPv6, allows a The protocol defined in this document, known as Mobile IPv6, allows
mobile node to move from one link to another without changing the a mobile node to move from one link to another without changing the
mobile node's IP address. A mobile node is always addressable by mobile node's IP address. A mobile node is always addressable by
its "home address", an IP address assigned to the mobile node within its "home address", an IP address assigned to the mobile node within
its home subnet prefix on its home link. Packets may be routed to its home subnet prefix on its home link. Packets may be routed to
the mobile node using this address regardless of the mobile node's the mobile node using this address regardless of the mobile node's
current point of attachment to the Internet, and the mobile node may current point of attachment to the Internet, and the mobile node may
continue to communicate with other nodes (stationary or mobile) after continue to communicate with other nodes (stationary or mobile) after
moving to a new link. The movement of a mobile node away from its moving to a new link. The movement of a mobile node away from its
home link is thus transparent to transport and higher-layer protocols home link is thus transparent to transport and higher-layer protocols
and applications. and applications.
skipping to change at page 2, line 12 skipping to change at page 2, line 12
hierarchical form of mobility management, but such extensions are hierarchical form of mobility management, but such extensions are
beyond the scope of this document. beyond the scope of this document.
The protocol specified in this document solves the problem of The protocol specified in this document solves the problem of
transparently routing packets to and from mobile nodes while away transparently routing packets to and from mobile nodes while away
from home. However, it does not attempt to solve all general from home. However, it does not attempt to solve all general
problems related to the use of mobile computers or wireless networks. problems related to the use of mobile computers or wireless networks.
In particular, this protocol does not attempt to solve: In particular, this protocol does not attempt to solve:
- Handling links with partial reachability, or unidirectional - Handling links with partial reachability, or unidirectional
connectivity, such as are often found in wireless networks. Some connectivity, such as are often found in wireless networks (but
aspects of this problem are addressed by the movement detection see Section 11.4.1).
procedure described in Section 10.4, but no attempt has been made
to fully solve this problem in its general form. Most aspects of
this problem can be solved by the workaround of restricting such
networks to only one router per link, although there are still
possible hidden terminal problems when two nodes on the same
link (on opposite sides of the router) attempt to communicate
directly.
- Access control on a link being visited by a mobile node. This - Access control on a link being visited by a mobile node.
is a general problem any time an unauthenticated node is allowed
to connect to any link layer. It is independent of whether the - Assistance for adaptive applications
connecting node uses Mobile IP, DHCP [2], or just "borrows" an IP
address on the link. - Mobile routers
- Service Discovery
- Distinguishing between packets lost due to bit errors vs.
network congestion
2. Comparison with Mobile IP for IPv4 2. Comparison with Mobile IP for IPv4
The design of Mobile IP support in IPv6 (Mobile IPv6) represents a The design of Mobile IP support in IPv6 (Mobile IPv6) represents a
natural combination of the experiences gained from the development natural combination of the experiences gained from the development
of Mobile IP support in IPv4 (Mobile IPv4) [25, 24, 26], together of Mobile IP support in IPv4 (Mobile IPv4) [25, 24, 26], together
with the opportunities provided by the design and deployment of a new with the opportunities provided by the design and deployment of a new
version of IP itself (IPv6) and the new protocol features offered version of IP itself (IPv6) and the new protocol features offered
by IPv6. Mobile IPv6 thus shares many features with Mobile IPv4, by IPv6. Mobile IPv6 thus shares many features with Mobile IPv4,
but the protocol is now fully integrated into IP and provides many but the protocol is now fully integrated into IP and provides many
skipping to change at page 3, line 32 skipping to change at page 2, line 53
functionality allows direct routing from any correspondent functionality allows direct routing from any correspondent
node to any mobile node, without needing to pass through node to any mobile node, without needing to pass through
the mobile node's home network and be forwarded by its home the mobile node's home network and be forwarded by its home
agent, and thus eliminates the problem of "triangle routing" agent, and thus eliminates the problem of "triangle routing"
present in the base Mobile IPv4 protocol [25]. The Mobile IPv4 present in the base Mobile IPv4 protocol [25]. The Mobile IPv4
"registration" functionality and the Mobile IPv4 Route "registration" functionality and the Mobile IPv4 Route
Optimization functionality are performed by a single protocol Optimization functionality are performed by a single protocol
rather than two separate (and different) protocols. rather than two separate (and different) protocols.
- Support is also integrated into Mobile IPv6 -- and into IPv6 - Support is also integrated into Mobile IPv6 -- and into IPv6
itself -- for allowing mobile nodes and Mobile IP to coexist itself -- for allowing Route Optimization to coexist efficiently
efficiently with routers that perform "ingress filtering" [7]. A with routers that perform "ingress filtering" [7]. A mobile
mobile node now uses its care-of address as the Source Address in node uses its care-of address as the Source Address in the
the IP header of packets it sends, allowing the packets to pass IP header of packets it sends, allowing the packets to pass
normally through ingress filtering routers. The home address normally through ingress filtering routers. The home address
of the mobile node is carried in the packet in a Home Address of the mobile node is carried in the packet in a Home Address
destination option, allowing the use of the care-of address in destination option, allowing the use of the care-of address in
the packet to be transparent above the IP layer. The ability the packet to be transparent above the IP layer. The ability to
to correctly process a Home Address option in a received packet correctly process a Home Address option in a received packet is
is required in all IPv6 nodes, whether mobile nor stationary, required in all IPv6 nodes, whether mobile or stationary, whether
whether host or router. host or router.
- The use of IPv6 destination options allows all Mobile IPv6
control traffic to be piggybacked on any existing IPv6 packets,
whereas in Mobile IPv4 and its Route Optimization extensions,
separate UDP packets were required for each control message.
- The use of the care-of address as the Source Address in each - The use of the care-of address as the Source Address in each
packet's IP header also simplifies routing of multicast packets packet's IP header also simplifies routing of multicast packets
sent by a mobile node. With Mobile IPv4, the mobile node sent by a mobile node. With Mobile IPv4, the mobile node
had to tunnel multicast packets to its home agent in order to had to tunnel multicast packets to its home agent in order to
transparently use its home address as the source of the multicast transparently use its home address as the source of the multicast
packets. With Mobile IPv6, the use of the Home Address option packets. With Mobile IPv6, the use of the Home Address option
allows the home address to be used but still be compatible with allows the home address to be used but still be compatible with
multicast routing that is based in part on the packet's Source multicast routing that is based in part on the packet's Source
Address. Address.
- There is no longer any need to deploy special routers as - There is no longer any need to deploy special routers as
"foreign agents" as are used in Mobile IPv4. In Mobile IPv6, "foreign agents" as are used in Mobile IPv4. In Mobile IPv6,
mobile nodes make use of IPv6 features, such as Neighbor mobile nodes make use of IPv6 features, such as Neighbor
Discovery [20] and Address Autoconfiguration [35], to operate in Discovery [20] and Address Autoconfiguration [33], to operate in
any location away from home without any special support required any location away from home without any special support required
from its local router. from the local router.
- The movement detection mechanism in Mobile IPv6 provides - The movement detection mechanism in Mobile IPv6 provides
bidirectional confirmation of a mobile node's ability to bidirectional confirmation of a mobile node's ability to
communicate with its default router in its current location communicate with its default router in its current location
(packets that the router sends are reaching the mobile node, and (packets that the router sends are reaching the mobile node, and
packets that the mobile node sends are reaching the router). packets that the mobile node sends are reaching the router).
This confirmation provides a detection of the "black hole" This confirmation provides a detection of the "black hole"
situation that may exist in some wireless environments where the situation that may exist in some wireless environments where the
link to the router does not work equally well in both directions, link to the router does not work equally well in both directions,
such as when the mobile node has moved out of good wireless such as when the mobile node has moved out of good wireless
skipping to change at page 4, line 45 skipping to change at page 4, line 12
of Mobile IP packet delivery. To avoid modifying the packet in of Mobile IP packet delivery. To avoid modifying the packet in
flight, however, packets intercepted and tunneled by a mobile flight, however, packets intercepted and tunneled by a mobile
node's home agent in Mobile IPv6 must still use encapsulation for node's home agent in Mobile IPv6 must still use encapsulation for
delivery to the mobile node. delivery to the mobile node.
- While a mobile node is away from home, its home agent intercepts - While a mobile node is away from home, its home agent intercepts
any packets for the mobile node that arrive at the home network, any packets for the mobile node that arrive at the home network,
using IPv6 Neighbor Discovery [20] rather than ARP [29] as is using IPv6 Neighbor Discovery [20] rather than ARP [29] as is
used in Mobile IPv4. The use of Neighbor Discovery improves used in Mobile IPv4. The use of Neighbor Discovery improves
the robustness of the protocol (e.g., due to the Neighbor the robustness of the protocol (e.g., due to the Neighbor
Advertisement "override" bit) and simplifies implementation Advertisement "override" bit) and decouples Mobile IP from any
of Mobile IP due to the ability to not be concerned with any particular link layer, unlike in ARP.
particular link layer as is required in ARP.
- The use of IPv6 encapsulation (and the Routing header) removes - The use of IPv6 encapsulation (and the Routing header) removes
the need in Mobile IPv6 to manage "tunnel soft state", which was the need in Mobile IPv6 to manage "tunnel soft state", which was
required in Mobile IPv4 due to limitations in ICMP for IPv4. Due required in Mobile IPv4 due to limitations in ICMP for IPv4. Due
to the definition of ICMP for IPv6, the use of tunnel soft state to the definition of ICMP for IPv6, the use of tunnel soft state
is no longer required in IPv6 for correctly relaying ICMP error is no longer required in IPv6 for correctly relaying ICMP error
messages from within the tunnel back to the original sender of messages from within the tunnel back to the original sender of
the packet. the packet.
- The dynamic home agent address discovery mechanism in Mobile IPv6 - The dynamic home agent address discovery mechanism in Mobile IPv6
uses IPv6 anycast [11] and returns a single reply to the mobile uses IPv6 anycast [11] and returns a single reply to the mobile
node, rather than the corresponding Mobile IPv4 mechanism that node, rather than the corresponding Mobile IPv4 mechanism that
used IPv4 directed broadcast and returned a separate reply from uses IPv4 directed broadcast and returns a separate reply from
each home agent on the mobile node's home link. The Mobile IPv6 each home agent on the mobile node's home link. The Mobile IPv6
mechanism is more efficient and more reliable, since only one mechanism is more efficient and more reliable, since only one
packet need be sent back to the mobile node. The mobile node is packet has to be sent back to the mobile node.
less likely to lose one of the replies because no "implosion" of
replies is required by the protocol.
- Mobile IPv6 defines an Advertisement Interval option on - Mobile IPv6 defines an Advertisement Interval option for
Router Advertisements (equivalent to Agent Advertisements in Router Advertisements (equivalent to Agent Advertisements in
Mobile IPv4), allowing a mobile node to decide for itself how Mobile IPv4), allowing a mobile node to decide for itself how
many Router Advertisements (Agent Advertisements) it is willing many Router Advertisements (Agent Advertisements) it is willing
to miss before declaring its current router unreachable. to miss before declaring its current router unreachable.
- The return routability procedure (see section 5.5) provides a
way to verify the that a mobile node is reachable at its claimed
home address and at its claimed care-of address. This allows
correspondent nodes to verify the authority of the Binding
Updates sent to it. Given that the return routability procedure
is light-weight and does not require participation in a security
infrastructure, it is expected that Route Optimization can
be deployed on a global scale between all mobile nodes and
correspondent nodes.
3. Terminology 3. Terminology
The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [3]. document are to be interpreted as described in RFC 2119 [3].
3.1. General Terms 3.1. General Terms
IP Internet Protocol Version 6 (IPv6). IP
node A device that implements IP. Internet Protocol Version 6 (IPv6).
router A node that forwards IP packets not explicitly node
addressed to itself.
host Any node that is not a router. A device that implements IP.
link A communication facility or medium over which nodes router
can communicate at the link layer, such as an
Ethernet (simple or bridged). A link is the layer
immediately below IP.
interface A node's attachment to a link. A node that forwards IP packets not explicitly addressed to
itself.
host
Any node that is not a router.
link
A communication facility or medium over which nodes can
communicate at the link layer, such as an Ethernet (simple or
bridged). A link is the layer immediately below IP.
interface
A node's attachment to a link.
subnet prefix subnet prefix
A bit string that consists of some number of initial
bits of an IP address. A bit string that consists of some number of initial bits of an
IP address.
interface identifier interface identifier
A number used to identify a node's interface on a
link. The interface identifier is the remaining A number used to identify a node's interface on a link. The
low-order bits in the node's IP address after the interface identifier is the remaining low-order bits in the
subnet prefix. node's IP address after the subnet prefix.
link-layer address link-layer address
A link-layer identifier for an interface, such as
IEEE 802 addresses on Ethernet links.
packet An IP header plus payload. A link-layer identifier for an interface, such as IEEE 802
addresses on Ethernet links.
Security Association packet
a security object shared between two nodes which
includes the data mutually agreed on for operation
of some cryptographic algorithm (typically including
a key, as defined above).
Security Policy Database (SPD) An IP header plus payload.
A database of security associations selectable by
rulesets (policies) that determine the packets for security association
which each security association is to be applied.
A security object shared between two nodes which includes the
data mutually agreed on for operation of some cryptographic
algorithm (typically including a key).
security policy database
A database of rules that describe what security associations
should be applied for different kinds of packets.
destination option
Destination options are carried by the IPv6 Destination Options
extension header. Mobile IPv6 defines one new destination
option, the Home Address destination option.
3.2. Mobile IPv6 Terms 3.2. Mobile IPv6 Terms
home address An IP address assigned to a mobile node within its home address
home link.
An IP address assigned to a mobile node, used as the permanent
address of the mobile node. This address is within the mobile
node's home link. Standard IP routing mechanisms will deliver
packets destined for a mobile node's home address to its home
link.
home subnet prefix home subnet prefix
The IP subnet prefix corresponding to a mobile
node's home address.
home link The link on which a mobile node's home subnet prefix The IP subnet prefix corresponding to a mobile node's home
is defined. Standard IP routing mechanisms will address.
deliver packets destined for a mobile node's home
address to its home link.
mobile node A node that can change its point of attachment from home link
one link to another, while still being reachable via
its home address.
movement A change in a mobile node's point of attachment to The link on which a mobile node's home subnet prefix is
the Internet such that it is no longer connected to defined.
the same link as it was previously. If a mobile
node is not currently attached to its home link, the mobile node
mobile node is said to be "away from home".
A node that can change its point of attachment from one link to
another, while still being reachable via its home address.
movement
A change in a mobile node's point of attachment to the Internet
such that it is no longer connected to the same link as it was
previously. If a mobile node is not currently attached to its
home link, the mobile node is said to be "away from home".
correspondent node correspondent node
A peer node with which a mobile node is
communicating. The correspondent node may be either A peer node with which a mobile node is communicating. The
mobile or stationary. correspondent node may be either mobile or stationary.
foreign subnet prefix foreign subnet prefix
Any IP subnet prefix other than the mobile node's
home subnet prefix.
foreign link Any link other than the mobile node's home link. Any IP subnet prefix other than the mobile node's home subnet
prefix.
home agent A router on a mobile node's home link with which foreign link
the mobile node has registered its current care-of
address. While the mobile node is away from home, Any link other than the mobile node's home link.
the home agent intercepts packets on the home
link destined to the mobile node's home address,
encapsulates them, and tunnels them to the mobile
node's registered care-of address.
care-of address care-of address
An IP address associated with a mobile node while
visiting a foreign link; the subnet prefix of this
IP address is a foreign subnet prefix. Among the
multiple care-of addresses that a mobile node
may have at a time (e.g., with different subnet
prefixes), the one registered with the mobile node's
home agent is called its "primary" care-of address.
binding The association of the home address of a mobile node An IP address associated with a mobile node while visiting a
with a care-of address for that mobile node, along foreign link; the subnet prefix of this IP address is a foreign
with the remaining lifetime of that association. subnet prefix. Among the multiple care-of addresses that a
mobile node may have at any given time (e.g., with different
subnet prefixes), the one registered with the mobile node's
home agent is called its "primary" care-of address.
Binding Key home agent
a key used for authenticating Binding Update
messages.
Binding Security Association (BSA) A router on a mobile node's home link with which the mobile
a security association established specifically node has registered its current care-of address. While the
for the purpose of producing and verifying mobile node is away from home, the home agent intercepts
authentication data passed with a Binding Update packets on the home link destined to the mobile node's home
destination option. address, encapsulates them, and tunnels them to the mobile
node's registered care-of address.
4. Overview of Mobile IPv6 binding
4.1. New IPv6 Protocols The association of the home address of a mobile node with a
care-of address for that mobile node, along with the remaining
lifetime of that association.
As mentioned in Section 4.2, Mobile IPv6 defines a new IPv6 protocol, binding procedure
the Mobility Header. This protocol is used to carry the following
messages:
Home Test Init A binding procedure is initiated by the mobile node to inform
either a correspondent node or the mobile node's home agent of
the current binding of the mobile node.
The Home Test Init message is used to initiate the Return binding authorization
Routability procedure from the mobile node to a correspondent
node. This procedure ensures that subsequence Binding Updates
are properly authorized to redirect the traffic of a particular
home address. The Home Test Init message is described in
detail in Section 5.1.3.
Care-of Test Init Binding procedure needs to be authorized to allow the recipient
to believe that the sender has the right to specify a new
binding.
The Care-of Test Init message is also used to initiate the return routability procedure
Return Routability procedure, for a particular care-of address.
The Care-of Test Init message is described in detail in
Section 5.1.4.
Home Test The return routability procedure authorizes binding procedures
by the use of a cryptographic cookie exchange.
The Home Test message carries a cookie which the mobile node correspondent binding procedure
needs before it can properly authorize itself for sending a
Binding Update. This message is an answer to the Home Test
Init message, and is described in detail in Section 5.1.5.
Care-of Test A return routability procedure followed by a binding procedure,
run between the mobile node and a correspondent node.
The Care-of Test message carries a cookie which the mobile node home binding procedure
needs before it can properly authorize itself for sending a
Binding Update. This message is an answer to the Care-of Test
Init message, and is described in detail in Section 5.1.6.
Binding Update A binding procedure between the mobile node and its home agent,
authorized by the use of IPsec.
A Binding Update message is used by a mobile node to notify nonce
a correspondent node or the mobile node's home agent of its
current binding. The Binding Update sent to the mobile node's
home agent to register its primary care-of address is marked as
a "home registration". A home registration MUST be protected
with IPsec, while other Binding Updates MUST be protected with
an authenticator as described in Section 4.5. The Binding
Update message and its specific authentication requirements are
described in detail in Section 5.1.7.
Binding Acknowledgement Nonces are random numbers used internally by the correspondent
node in the creation of cookies related to the return
routability procedure. The nonces are not specific to a mobile
node, and are kept secret within the correspondent node, only
used as one input in the creation of the cookies.
A Binding Acknowledgement message is used to acknowledge cookie
receipt of a Binding Update, if an acknowledgement was
requested in the Binding Update. An acknowledgement of a home
registration MUST be protected with IPsec, while other Binding
Update acknowledgements MUST be protected with an authenticator
as described in Section 4.5. The Binding Acknowledgement
message and its specific authentication requirements are
described in detail in Section 5.1.8.
Binding Request Cookies are numbers that are used by mobile nodes in the return
routability procedure.
A Binding Request message is used to request a mobile node care-of cookie
to send to the requesting node a Binding Update containing
the mobile node's current binding. This message is typically
used by a correspondent node to refresh a cached binding for a
mobile node, when the cached binding is in active use but the
binding's lifetime is close to expiration. No authentication
is required for the Binding Request message. The Binding
Request message is described in detail in Section 5.1.2.
Binding Missing A cookie sent directly to the mobile node's claimed care-of
address from the correspondent node.
The Binding Missing message is used by the correspondent node home cookie
to signal an inappropriate attempt to use the Home Address
Option without an existing binding. This message is described
in detail in Section 5.1.9.
Mobile IPv6 also defines a number of "parameters" for use within A cookie sent to the mobile node's claimed home address from
these messages; if included, any parameters MUST appear after the the correspondent node.
fixed portion of the option data specified in this document. The
presence of such parameters will be indicated by the Header Len
field within the message. When the Header Len is greater than the
length required for the message specified here, the remaining octets
are interpreted as parameters. The encoding and format of defined
parameters are described in Section 5.2.
Alignment requirements for the Mobility Header are same as for any mobile cookie
IPv6 protocol, i.e. they MUST be aligned on an 8-octet boundary.
We also require that the Mobility Header length is a multiple of 8
octets.
4.2. Basic Operation A cookie sent to the correspondent node from the mobile node,
and later returned to the mobile node. Mobile cookies are
produced randomly.
A mobile node is always addressable by its home address, whether it nonce index
The mobile node uses a particular set of cookies in the return
routability procedure. The cookies have been produced using a
particular set of nonces. A nonce index is used to indicate
which nonces have been used, without revealing the nonces
themselves.
binding key
a key used for authenticating binding cache management
messages.
binding security association
a security association established specifically for the purpose
of producing and verifying authentication data passed with a
Binding Authorization Data option.
4. Overview of Mobile IPv6
4.1. Basic Operation
A mobile node is always addressable at its home address, whether it
is currently attached to its home link or is away from home. While is currently attached to its home link or is away from home. While
a mobile node is at home, packets addressed to its home address are a mobile node is at home, packets addressed to its home address are
routed to it using conventional Internet routing mechanisms in the routed to it using conventional Internet routing mechanisms in the
same way as if the node were never mobile. Since the subnet prefix same way as if the node were stationary. Since the subnet prefix of
of a mobile node's home address is the subnet prefix (or one of the a mobile node's home address is one of the subnet prefixes of the
subnet prefixes) on the mobile node's home link (it is the mobile mobile node's home link, packets addressed to the mobile node will be
node's home subnet prefix), packets addressed to it will be routed to routed to its home link.
its home link.
While a mobile node is attached to some foreign link away from home, While a mobile node is attached to some foreign link away from home,
it is also addressable by one or more care-of addresses, in addition it is also addressable at one or more care-of addresses, in addition
to its home address. A care-of address is an IP address associated to its home address. A care-of address is an IP address associated
with a mobile node while visiting a particular foreign link. The with a mobile node while visiting a particular foreign link. The
subnet prefix of a mobile node's care-of address is the subnet prefix subnet prefix of a mobile node's care-of address is one of the subnet
(or one of the subnet prefixes) on the foreign link being visited by prefixes on the foreign link being visited by the mobile node; if
the mobile node; if the mobile node is connected to this foreign link the mobile node is connected to this foreign link while using that
while using that care-of address, packets addressed to this care-of care-of address, packets addressed to this care-of address will be
address will be routed to the mobile node in its location away from routed to the mobile node in its location away from home.
home.
The association between a mobile node's home address and care-of The association between a mobile node's home address and care-of
address is known as a "binding" for the mobile node. A mobile node address is known as a "binding" for the mobile node. A mobile node
typically acquires its care-of address through stateless [35] or typically acquires its care-of address through stateless [33] or
stateful (e.g., DHCPv6 [2]) Address Autoconfiguration, according stateful (e.g., DHCPv6 [2]) Address Autoconfiguration, according
to the methods of IPv6 Neighbor Discovery [20]. Other methods to the methods of IPv6 Neighbor Discovery [20]. Other methods
of acquiring a care-of address are also possible, such as static of acquiring a care-of address are also possible, such as static
pre-assignment by the owner or manager of a particular foreign link, pre-assignment by the owner or manager of a particular foreign
but details of such other methods are beyond the scope of this link, but details of such other methods are beyond the scope of
document. this document. The operation of the mobile node is specified in
Section 11.
While away from home, a mobile node registers one of its care-of While away from home, a mobile node registers one of its care-of
addresses with a router on its home link, requesting this router addresses with a router on its home link, requesting this router to
to function as the "home agent" for the mobile node. This binding function as the "home agent" for the mobile node. The mobile node
registration is done by the mobile node sending to the home agent performs this binding registration by sending a "Binding Update"
a packet containing a "Binding Update" destination option; the message to the home agent; the home agent then replies to the mobile
home agent then replies to the mobile node by returning a packet node by returning a "Binding Acknowledgement" message. The care-of
containing a "Binding Acknowledgement" destination option. The address associated with this binding registration is known as the
care-of address in this binding registered with its home agent is mobile node's "primary care-of address". The mobile node's home
known as the mobile node's "primary care-of address". The mobile agent thereafter uses proxy Neighbor Discovery to intercept any
node's home agent thereafter uses proxy Neighbor Discovery to IPv6 packets addressed to the mobile node's home address (or home
intercept any IPv6 packets addressed to the mobile node's home addresses) on the home link, and tunnels each intercepted packet
address (or home addresses) on the home link, and tunnels each to the mobile node's primary care-of address. To tunnel each
intercepted packet to the mobile node's primary care-of address. intercepted packet, the home agent encapsulates the packet using IPv6
To tunnel each intercepted packet, the home agent encapsulates the encapsulation [4], with the outer IPv6 header addressed to the mobile
packet using IPv6 encapsulation [4], with the outer IPv6 header node's primary care-of address. The operation of the home agent is
addressed to the mobile node's primary care-of address. specified in Section 10.
When a mobile node moves from one care-of address to a new care-of The Binding Update and Binding Acknowledgement messages, together
address on a new link, it is desirable for packets arriving at the with a "Binding Refresh Request" message, are also used to allow IPv6
previous care-of address to be tunneled to the mobile node's care-of nodes communicating with a mobile node are capable of dynamically
address. Since the purpose of a Binding Update is to establish learning and caching the mobile node's binding. This happens
exactly this kind of tunneling, it is specified to be used (at through the correspondent binding procedure which involves a return
least temporarily) for tunnels originating at the mobile node's routability test in order to authorize the establishment of the
previous care-of address, in exactly the same way that it is used binding, as specified in Sections 5.5.5 and 5.5.6. When sending a
for establishing tunnels from the mobile node's home address to the packet to any IPv6 destination, a node checks its cached bindings
mobile node's current care-of address. Section 10.11 describes the for an entry for the packet's destination address. If a cached
use of the Binding Update for this purpose. binding for this destination address is found, the node uses a new
type of IPv6 Routing header [6] (see section 6.4) to route the packet
to the mobile node by way of the care-of address indicated in this
binding. If, instead, the sending node has no cached binding for
this destination address, the node sends the packet normally (with
no Routing header), and the packet is subsequently intercepted and
tunneled by the mobile node's home agent as described above. Any
node communicating with a mobile node is referred to in this document
as a "correspondent node" of the mobile node, and may itself be
either a stationary node or a mobile node. The operation of the
correspondent node is specified in Section 9.
Section 10.20 discusses the reasons why it may be desirable for Mobile IPv6 also defines one additional IPv6 destination option.
a mobile node to use more than one care-of address at the same When a mobile node sends a packet while away from home, it could
time. However, a mobile node's primary care-of address is distinct generally use a tunnel via the home agent to send this packet.
among these in that the home agent maintains only a single care-of However, if the correspondent node in question has a binding for this
address registered for each mobile node, and always tunnels a mobile mobile node it can use deliver packets more directly. In this case
node's packets intercepted from its home link to this mobile node's the mobile node can the Source Address in the packet's IPv6 header to
registered primary care-of address. The home agent thus need not one of its current care-of addresses, and include a "Home Address"
implement any policy to determine the particular care-of address to destination option in the packet, giving the mobile node's home
which it will tunnel each intercepted packet. The mobile node alone address. Many routers implement security policies such as "ingress
controls the policy by which it selects the care-of addresses to filtering" [7] that do not allow forwarding of packets having a
register with its home agent. Source Address that appears topologically incorrect. By using the
care-of address as the IPv6 header Source Address, the packet will
be able to pass normally through such routers, and ingress filtering
rules will still be able to locate the true topological source of
the packet in the same way as packets from non-mobile nodes. By
also including the Home Address destination option in each packet,
the sending mobile node can communicate its home address to the
correspondent node receiving this packet, allowing the use of the
care-of address to be transparent above the Mobile IPv6 support level
(e.g., at the transport layer). The inclusion of a Home Address
destination option in a packet affects only the correspondent node's
receipt of this single packet; no state is created or modified in
the correspondent node as a result of receiving a Home Address
destination option in a packet.
It is possible that while a mobile node is away from home, some nodes It is possible that while a mobile node is away from home, some nodes
on its home link may be reconfigured, such that the router that was on its home link may be reconfigured, such that the router that was
operating as the mobile node's home agent is replaced by a different operating as the mobile node's home agent is replaced by a different
router serving this role. In this case, the mobile node may not router serving this role. In this case, the mobile node may not
know the IP address of its own home agent. Mobile IPv6 provides a know the IP address of its own home agent. Mobile IPv6 provides a
mechanism, known as "dynamic home agent address discovery", that mechanism, known as "dynamic home agent address discovery", that
allows a mobile node to dynamically discover the IP address of a allows a mobile node to dynamically discover the IP address of a
home agent on its home link with which it may register its (primary) home agent on its home link with which it may register its (primary)
care-of address while away from home. The mobile node sends an ICMP care-of address while away from home. The mobile node sends an ICMP
"Home Agent Address Discovery Request" message to the "Mobile IPv6 "Home Agent Address Discovery Request" message to the "Mobile IPv6
Home-Agents" anycast address for its own home subnet prefix [11] and Home-Agents" anycast address for its own home subnet prefix [11] and
thus reaches one of the (possibly many) routers on its home link thus reaches one of the routers on its home link currently operating
currently operating as a home agent. This home agent then returns an as a home agent. This home agent then returns an ICMP "Home Agent
ICMP "Home Agent Address Discovery Reply" message to the mobile node, Address Discovery Reply" message to the mobile node, including a list
including a list of home agents on the home link. This list of home of home agents on the home link. This procedure is specified in
agents is maintained by each home agent on the home link through use Sections 10.9 and 11.3.2.
of the Home Agent (H) bit in each home agent's periodic unsolicited
multicast Router Advertisements.
The Binding Update and Binding Acknowledgement destination options, When a mobile node moves from one care-of address to a new care-of
together with a "Binding Request" destination option, are also used address on a new link, it is desirable for packets arriving at
to allow IPv6 nodes communicating with a mobile node, to dynamically the previous care-of address to be tunneled to the mobile node's
learn and cache the mobile node's binding. When sending a packet new care-of address. Since the purpose of a Binding Update is
to any IPv6 destination, a node checks its cached bindings for an to establish exactly this kind of tunneling, it can be used (at
entry for the packet's destination address. If a cached binding for least temporarily) for tunnels originating at the mobile node's
this destination address is found, the node uses an IPv6 Routing previous care-of address, in exactly the same way that it is used
header [6] (instead of IPv6 encapsulation) to route the packet to for establishing tunnels from the mobile node's home address to the
the mobile node by way of the care-of address indicated in this mobile node's current care-of address. Section 11.6.6 describes the
binding. If, instead, the sending node has no cached binding for use of the Binding Update for this purpose.
this destination address, the node sends the packet normally (with
no Routing header), and the packet is subsequently intercepted and
tunneled by the mobile node's home agent as described above. Any
node communicating with a mobile node is referred to in this document
as a "correspondent node" of the mobile node, and may itself be
either a stationary node or a mobile node.
Since a Binding Update, Binding Acknowledgement, and Binding Request Section 11.4.3 discusses the reasons why it may be desirable for a
are each represented in a packet as an IPv6 destination option [6], mobile node to use more than one care-of address at the same time.
they may be included in any IPv6 packet. Any of these options can be However, a mobile node's primary care-of address is distinct among
sent in either of two ways: these in that the home agent maintains only a single care-of address
registered for each home address belonging to a mobile node, and
always tunnels packets sent to a mobile node's home address and
intercepted from its home link to this mobile node's registered
primary care-of address. The home agent thus need not implement any
policy to determine the particular care-of address to which it will
tunnel each intercepted packet. The mobile node alone controls the
policy by which it selects the care-of addresses to register with its
home agent.
- the messages can be included within any IPv6 packet carrying any 4.2. New IPv6 Protocols
payload such as TCP [31] or UDP [30].
- the messages can be sent as a separate IPv6 packet containing Mobile IPv6 defines a new IPv6 protocol, using the Mobility Header
no payload. In this case, the Next Header field in the last (see Section 6.1). This Header is used to carry the following
extension header in the packet is set to the value 59, to messages:
indicate "No Next Header" [6].
Mobile IPv6 also defines one additional IPv6 destination option. Home Test Init
When a mobile node sends a packet while away from home, it will
generally set the Source Address in the packet's IPv6 header to one The Home Test Init message is used to initiate the return
of its current care-of addresses, and will also include a "Home routability procedure from the mobile node to a correspondent
Address" destination option in the packet, giving the mobile node's node. This procedure ensures that subsequent Binding Updates
home address. Many routers implement security policies such as are properly authorized to redirect the traffic of a particular
"ingress filtering" [7] that do not allow forwarding of packets home address. The Home Test Init message is described in
that have a Source Address which appears topologically incorrect. detail in Section 6.1.3.
By using the care-of address as the IPv6 header Source Address,
the packet will be able to pass normally through such routers, Care-of Test Init
yet ingress filtering rules will still be able to locate the true
topological source of the packet in the same way as packets from The Care-of Test Init message is used to initiate the
non-mobile nodes. By also including the Home Address option in each correspondent routability procedure, for a particular care-of
packet, the sending mobile node can communicate its home address to address. The Care-of Test Init message is described in detail
the correspondent node receiving this packet, allowing the use of in Section 6.1.4.
the care-of address to be transparent above the Mobile IPv6 support
level (e.g., at the transport layer). The inclusion of a Home Home Test
Address option in a packet affects only the correspondent node's
receipt of this single packet; no state is created or modified in the The Home Test message carries a cookie which the mobile node
correspondent node as a result of receiving a Home Address option in needs before it can properly authorize itself for sending a
a packet. Binding Update. This message is sent in reply to the Home Test
Init message, and is described in detail in Section 6.1.5.
Care-of Test
The Care-of Test message carries another cookie which the
mobile node needs before it can properly authorize itself for
sending a Binding Update. This message is sent in reply to
the Care-of Test Init message, and is described in detail in
Section 6.1.6.
Binding Update
A Binding Update message is used by a mobile node to notify
a correspondent node or the mobile node's home agent of its
current binding. The Binding Update sent to the mobile node's
home agent to register its primary care-of address is marked
as a "home registration". The Binding Update message and its
specific authentication requirements are described in detail in
Section 6.1.7.
Binding Acknowledgement
A Binding Acknowledgement message is used to acknowledge
receipt of a Binding Update, if an acknowledgement was
requested in the Binding Update. The Binding Acknowledgement
message and its specific authentication requirements are
described in detail in Section 6.1.8.
Binding Refresh Request
A Binding Refresh Request message is used to request that
a mobile node send to the requesting node a Binding Update
containing the mobile node's current binding. This message
is typically used by a correspondent node to refresh a cached
binding for a mobile node, when the cached binding is in active
use but the binding's lifetime is close to expiration. The
Binding Refresh Request message is described in detail in
Section 6.1.2.
No authentication is required for the Binding Refresh Request
message.
Binding Error
The Binding Error message is used by the correspondent node to
signal an error related to mobility, such as an inappropriate
attempt to use the Home Address destination option without
an existing binding. This message is described in detail in
Section 6.1.9.
4.3. New IPv6 Destination Options 4.3. New IPv6 Destination Options
As mentioned in Section 4.2, the following new IPv6 destination Mobile IPv6 defines a new IPv6 destination option, the Home Address
option is defined for Mobile IPv6: destination option. This option is used in a packet sent by a mobile
node to inform the recipient of that packet of the mobile node's home
address. For packets sent by a mobile node while away from home,
the mobile node generally uses one of its care-of addresses as the
Source Address in the packet's IPv6 header. By including a Home
Address option in the packet, the correspondent node receiving the
packet is able to substitute the mobile node's home address for this
care-of address when processing the packet, thus making the use of
the care-of address transparent to the correspondent node above the
Mobile IPv6 support level. If the IP header of a packet carrying
a Home Address option is covered by authentication, then the Home
Address option MUST also be covered by this authentication, but no
other authentication is required for the Home Address option. See
Sections 6.3 and 11.2.2 for additional details about requirements
for the calculation and verification of the authentication data.
The Home Address destination option is described in detail in
Section 6.3.
Home Address 4.4. New IPv6 ICMP Messages
A Home Address option is used in a packet sent by a mobile Mobile IPv6 also introduces four new ICMP message types, two for use
node to inform the recipient of that packet of the mobile in the dynamic home agent address discovery mechanism, and two for
node's home address. For packets sent by a mobile node while renumbering and mobile configuration mechanisms. As discussed in
away from home, the mobile node generally uses one of its general in Section 4.1, the following two new ICMP message types are
care-of addresses as the Source Address in the packet's IPv6 used for home agent address discovery:
header. By including a Home Address option in the packet, the
correspondent node receiving the packet is able to substitute
the mobile node's home address for this care-of address when
processing the packet, thus making the use of the care-of
address transparent to the correspondent node. If the IP
header of a packet carrying a Home Address option is covered
by authentication, then the Home Address option MUST also be
covered by this authentication, but no other authentication
is required for the Home Address option. See sections 10.2
and 5.3 for additional details about requirements for the
calculation and verification of the authentication data. The
Home Address option is described in detail in Section 5.3.
Mobile IPv6 also defines a number of "sub-options" for use within Home Agent Address Discovery Request
destination options. If included, any sub-options MUST appear after
the fixed portion of the option data specified in this document. The
presence of such sub-options will be indicated by the Option Length
field within the option. When the Option Length is greater than the
length required for the option specified here, the remaining octets
are interpreted as sub-options. The encoding and format of defined
sub-options are described in Section 5.5.
4.4. Alignment Requirements for New Destination Options The ICMP Home Agent Address Discovery Request message is used
by a mobile node to initiate the dynamic home agent address
discovery mechanism. When attempting a home registration, the
mobile node may use this mechanism to discover the address of
one or more routers currently operating as home agents on its
home link, with which it may register while away from home.
The Home Agent Address Discovery Request message is described
in detail in Section 6.5.
IPv6 requires that options appearing in a Hop-by-Hop Options Home Agent Address Discovery Reply
header or Destination Options header be aligned in a packet so that
multi-octet values within the Option Data field of each option fall
on natural boundaries (i.e., fields of width n octets are placed
at an integer multiple of n octets from the start of the header,
for n = 1, 2, 4, or 8) [6]. Mobile IPv6 sub-options have similar
alignment requirements, so that multi-octet values within the
Sub-Option Data field of each sub-option fall on natural boundaries.
The alignment requirement of an option or sub-option is specified in
this document using the standard notation used elsewhere for IPv6
alignment requirements [6]. Specifically, the notation xn+y means
that the Option Type or Sub-Option Type field must fall at an integer
multiple of x octets from the start of the header, plus y octets.
For example:
2n means any 2-octet offset from the start of the header. The ICMP Home Agent Address Discovery Reply message is used by
a home agent to respond to a mobile node using the dynamic home
agent address discovery mechanism. When a home agent receives
a Home Agent Address Discovery Request message, it replies with
a Home Agent Address Discovery Reply message, giving a list
of the routers on the mobile node's home link serving as home
agents. The Home Agent Address Discovery Reply message is
described in detail in Section 6.6.
8n+2 means any 8-octet offset from the start of the header, The next two message types are used for network renumbering
plus 2 octets. and address configuration on the mobile node, as described in
Section 10.9.1:
4.5. Security Design Mobile Prefix Solicitation
4.5.1. Security Threats The ICMP Mobile Prefix Solicitation message is used by a mobile
node to request prefix information about the home subnet, in
order to retrieve prefixes that are served by home agents and
can be used to configure one or more home addresses, or to
refresh home addresses before the expiration of their validity.
This message is specified in Section 6.7.
The MIPv6 protocol needs to protect itself against the following main Mobile Prefix Advertisement
threats:
1. Threats against Binding Updates sent to home agents: a attacker The ICMP Mobile Prefix Advertisement is used by a home agent
might claim that a certain mobile node is currently at a to distribute information to a mobile node about prefixes on
different location than it really is. If the home agent accepts the home link which are available for use by the mobile node
the information sent to it as is, the mobile node might not get while away from home. This message may be sent as a response
traffic destined to it, and other nodes might get traffic they to a Mobile Prefix Solicitation, or due to network renumbering
didn't want. or other prefix changes. This message is specified in Section
Section 10.9.3.
2. Threats against route optimization with correspondent nodes: 4.5. Conceptual Data Structures
A malicious mobile node might lie about its home address. A
malicious mobile node might send a correspondent node binding This document describes the Mobile IPv6 protocol in terms of the
updates in which the home address is set to the address of following three conceptual data structures:
another node, the victim. If the correspondent node accepted
this forged binding update, then communications between the Binding Cache
correspondent node and the victim would be disrupted, because
packets that the correspondent node intended to send to the A cache, maintained by each IPv6 node, of bindings for other
victim would be sent to the wrong care-of address. This is a nodes. A separate Binding Cache is maintained by each IPv6
threat to confidentiality as well as availability, because an node for each of its IPv6 addresses. When sending a packet,
the Binding Cache is searched before the Neighbor Discovery
conceptual Destination Cache [20].
The Binding Cache for any one of a node's IPv6 addresses may
contain at most one entry for each mobile node home address.
The contents of all of a node's Binding Cache entries are
cleared when it reboots.
Binding Cache entries are marked either as "home registration"
entries or "correspondent registration" entries. Home
registration entries are deleted when its binding lifetime
expires, while other entries may be replaced at any time
through a local cache replacement policy.
Binding Update List
A list, maintained by each mobile node, recording information
for each Binding Update sent by this mobile node, for which the
Lifetime sent in that Binding Update has not yet expired. The
Binding Update List includes all bindings sent by the mobile
node: those to correspondent nodes, those to the mobile node's
home agent, and those to a home agent on the link on which the
mobile node's previous care-of address is located.
Home Agents List
A list, maintained by each home agent and each mobile node,
recording information about each home agent from which this
node has received recent a Router Advertisement in which the
Home Agent (H) bit is set. The home agents list is thus
similar to the Default Router List conceptual data structure
maintained by each host for Neighbor Discovery [20].
Each home agent maintains a separate Home Agents List for each
link on which it is serving as a home agent; this list is used
by a home agent in the dynamic home agent address discovery
mechanism. Each mobile node, while away from home, also
maintains a Home Agents List, to enable it to notify a home
agent on its previous link when it moves to a new link.
4.6. Binding Management
When a mobile node configures a new care-of address and decides to
use this new address as its primary care-of address, the mobile
node registers this new binding with its home agent by sending
the home agent a Binding Update. The mobile node indicates
that an acknowledgement is needed for this Binding Update and
continues to periodically retransmit it until acknowledged. The
home agent acknowledges the Binding Update by returning a Binding
Acknowledgement to the mobile node.
When a mobile node receives a packet tunneled to it from its home
agent, the mobile node uses that as an indication that the original
sending correspondent node has no Binding Cache entry for the mobile
node, since the correspondent node would otherwise have sent the
packet directly to the mobile node using a Routing header. The
mobile node SHOULD then start a correspondent binding procedure in
order to establish a binding. This would allow the correspondent
node to cache the mobile node's binding for routing future packets to
it.
A correspondent node with a Binding Cache entry for a mobile node may
refresh this binding, for example if the binding's lifetime is near
expiration, by sending a Binding Refresh Request to the mobile node.
Normally, a correspondent node will only refresh a Binding Cache
entry in this way if it is actively communicating with the mobile
node and has indications, such as an open TCP connection to the
mobile node, that it will continue this communication in the future.
When a mobile node receives a Binding Refresh Request, it MAY reply
by initiating a correspondent binding procedure.
A mobile node may use more than one care-of address at the same
time. Use of more than one care-of address by a mobile node may be
useful, for example, to improve smooth handover when the mobile node
moves from one wireless link to another. If each of these wireless
links is connected to the Internet through a separate base station,
such that the wireless transmission range from the two base stations
overlap, the mobile node may be able to remain connected to both
links while in the area of overlap. In this case, the mobile node
could acquire a new care-of address on the new link before moving
out of transmission range and disconnecting from the old link. The
mobile node may thus still accept packets at its old care-of address
while it works to update its home agent and correspondent nodes,
notifying them of its new care-of address on the new link.
Since correspondent nodes cache bindings, it is expected that
correspondent nodes usually will route packets directly to the mobile
node's care-of address, so that the home agent is rarely involved
with packet transmission to the mobile node. This is important for
scalability and reliability, and for minimizing overall network load.
By caching the care-of address of a mobile node, direct delivery of
packets can be achieved from the correspondent node to the mobile
node. Routing packets directly to the mobile node's care-of address
also eliminates congestion at the mobile node's home agent and home
link. In addition, the impact of any possible failure of the home
agent, the home link, or intervening networks leading to or from the
home link is reduced, since these nodes and links are not involved in
the delivery of most packets to the mobile node.
5. Overview of Mobile IPv6 Security
5.1. Threats
Any mobility solution must protect itself against misuses of the
mobility features. In Mobile IPv6, most of the potential threats
are concerned with denial of service. Some of the threats also
include potential for man-in-the-middle, hijacking, and impersonation
attacks. The main threats this protocol protects against are as
follows:
1. Threats against Binding Updates sent to home agents and
correspondent nodes. For instance, an attacker might claim that
a certain mobile node is currently at a different location than
it really is. If the home agent accepts the information sent to
it as is, the mobile node might not get traffic destined to it,
and other nodes might get traffic they did not want.
Similarly, a malicious mobile node might use the home address of
a victim node in a forged Binding Update to a correspondent node.
If such Binding Updates were accepted, the communications between
the correspondent node and the victim would be then be disrupted,
because packets that the correspondent node intended to send to
the victim would be sent to the wrong care-of address. This is
a threat to confidentiality as well as availability, because an
attacker might redirect packets meant for another node to itself attacker might redirect packets meant for another node to itself
in order to learn the content of those packets. in order to learn the content of those packets.
A malicious mobile node might lie about its care-of address. A A malicious mobile node might also send Binding Updates in
malicious mobile node might send a correspondent node binding which the care-of address is set to the address of a victim
updates in which the care-of address is set to the address of node or an address within a victim network. If such Binding
a victim node or an address within a victim network. If the Updates were accepted, the malicious mobile node could force the
correspondent node accepted this forged binding update, then the correspondent node into sending data to the victim node or the
malicious mobile could trick the correspondent into sending data victim network; the correspondent node's replies to messages sent
to the victim node or the victim network; the correspondent's by the malicious mobile node will be sent to the victim host
replies to messages sent by the malicious mobile will be sent or network. This could be used to cause a distributed denial
to the victim host or network. This could be used to cause a of service attack. Variations of this threat are described
distributed denial of service attack; the malicious mobile could elsewhere [1][31].
trick a large number of servers so that they all send a large
amount of data to the same victim node or network. Several
variations of this threat are described elsewhere [1][33].
A malicious node might also send a large number of invalid A malicious node might also send a large number of invalid
binding updates to a victim correspondent node. If each invalid Binding Updates to a victim node. If each Binding Update takes a
binding update took a significant amount of resources (such as significant amount of resources (such as CPU) to process before
CPU) to process before it could be recognized as invalid, then it it can be recognized either as valid or as invalid, then a denial
might be possible to cause a denial of service attack by sending of service attack can be caused by sending the correspondent node
the correspondent so may invalid binding updates that it has no so many invalid Binding Updates that it has no resources left for
resources left for other tasks. other tasks.
An attacker might also replay an old binding update. An attacker
might attempt to disrupt a mobile node's communications by
replaying a binding update that the node had sent earlier. If
the old binding update was accepted, packets destined for the
mobile node would be sent to its old location and not its current
location.
3. Threats where MIPv6 correspondent node functionality is used An attacker might also attempt to disrupt a mobile node's
to launch reflection attacks against other parties [34] [23]. communications by replaying a Binding Update that the node had
The Home Address Option can be used to direct response traffic sent earlier. If the old Binding Update was accepted, packets
against a node whose IP address appears in the option, without destined for the mobile node would be sent to its old location
giving a possibility for ingress filtering to catch the forged and not its current location.
"return address".
4. Threats where the tunnels between the mobile node and the home 2. Reflection attack threats against third partied with the help
agent are attacked to make it appear like the mobile node is of Mobile IPv6 correspondent nodes that do not use appropriate
sending traffic while it is not. security precautions. The Home Address destination option can be
used to direct response traffic toward a node whose IP address
appears in the option, without allowing ingress filtering to
catch the forged "return address" [32] [23].
5. Threats where IPv6 Routing Header -- which is employed in 3. Threats where an attacker forges tunneled packets between the
MIPv6 -- is used to circumvent IP-address based rules in mobile node and the home agent, making it appear that the traffic
firewalls or to reflect traffic from other nodes. The generality is coming from the mobile node when it is not.
of the Routing Header allows the kind of usage that opens
vulnerabilities, even if the usage that MIPv6 needs is safe.
6. The security mechanisms of MIPv6 may also be attacked themselves, 4. Threats against IPv6 functionality used by Mobile IPv6, such as
e.g. in order to force the participants to execute expensive the Routing header. The generality of the regular Routing Header
cryptographic operations or allocate memory for the purpose of would allow circumvention of IP-address based rules in firewalls
keeping state. or reflection of traffic to other nodes, even if the usage that
Mobile IPv6 requires is safe.
Most of the above threats are concerned with denial of service. Some 5. The security mechanisms of Mobile IPv6 may also be attacked
of the threats also open up possibilities for man-in-the-middle, themselves, e.g. in order to force the participants to execute
hijacking, and impersonation attacks. expensive cryptographic operations or allocate memory for the
purpose of keeping state.
4.5.2. Security Features 5.2. Features
This specification provides a number of security features. The main This specification provides a number of security features. The main
features are: features are:
- Protection of Binding Updates to home agents. - Protection of Binding Updates to home agents.
- Protection of Binding Updates to correspondent nodes. - Protection of Binding Updates to correspondent nodes.
- Protection against reflection attacks through the Home Address - Protection against reflection attacks through the Home Address
Option. destination option.
- Protection of tunnels between the mobile node and the home agent. - Protection of tunnels between the mobile node and the home agent.
- Preventing Routing Header vulnerabilities. - Preventing Routing Header vulnerabilities.
- Preventing Denial-of-Service attacks to the MIPv6 security - Preventing Denial-of-Service attacks to the Mobile IPv6 security
mechanisms themselves. mechanisms themselves.
Protecting the Binding Updates to home agents and to correspondent Protecting the Binding Updates to home agents and to arbitrary
nodes require very different security solutions due to the different correspondent nodes require very different security solutions due
situations. Mobile nodes and home agents know each other, and can to the different situations. Mobile nodes and home agents are
thus have a strong security association to reliably authenticate expected to be naturally subject to the network administration of
the exchanged messages. In this environment, IPsec Encapsulating the home domain, and thus to have a strong security association to
Security Payload (ESP) can be used to implement the necessary reliably authenticate the exchanged messages. With such a security
security features. See Section 4.5.5. arrangement, IPsec Encapsulating Security Payload (ESP) can be used
to implement the necessary security features. See Section 5.4.
The protection of Binding Updates to correspondents is a much harder It is expected that Mobile IPv6 will be used on a global basis
problem for the traditional strong authentication approach. It is between nodes belonging to different administrative domains.
expected that MIPv6 will be used on a global basis between nodes Building an authentication infrastructure to authenticate mobile
belonging under different administrative domains, hence building nodes and correspondent nodes would be a very demanding task in this
an authentication infrastructure to authenticate mobile nodes scale. Furthermore, traditional authentication infrastructure keep
and correspondent nodes would be a very demanding task. Thus, an track of correct IP addresses for all hosts is either impossible or
infrastructureless approach is necessary. Furthermore, making a at least very hard. That is, it isn't sufficient to authenticate
traditional authentication infrastructure keep track of correct mobile nodes, authorization to claim right to use an address is
IP addresses for all hosts is either impossible or at least very needed. Thus, an "infrastructureless" approach is necessary.
hard. That is, it isn't sufficient to authenticate mobile nodes,
authorization to claim right to use an address is needed.
A different approach is therefore necessary. The chosen method The chosen infrastructureless method verifies that the mobile
verifies that the mobile node is ``live'' (that is, it responds to node is "live" (that is, it responds to probes) at its home and
probes) at its home and care-of addresses by performing a cookie care-of addresses by performing a cookie exchange with the nodes
exchange with the addresses, and by requiring that the eventual in question, and by requiring that the eventual Binding Update is
binding update is cryptographically bound to the sent cookies. cryptographically bound to the exchanged cookies. Some additional
Some additional protection is provided by requiring the cookies be protection is provided by requiring the cookies be protected by
protected by ESP when forwarded by the Home Agent to the mobile node. ESP when exchanged between the mobile node and the correspondent
This method limits the vulnerabilities to those attackers who are node via the home agent. This method limits the vulnerabilities to
on the path between the Home Agent and the correspondent node. As those attackers who are on the path between the home agent and the
adversaries on this path would be able to cause also other types of correspondent node. As adversaries on this path would be able to
attacks, this is seen as sufficient base security between mobile and cause also other types of attacks, this is seen as sufficient base
correspondent nodes. security between mobile and correspondent nodes.
Vulnerabilities relating to the use of correspondent nodes as Vulnerabilities relating to the use of correspondent nodes as
reflectors via the Home Address Option can be solved as follows. We reflectors via the Home Address destination option can be solved as
ensure that the mobile node is authorized to use a given home address follows: We ensure that the mobile node is authorized to use a given
before HAO can be used. Such authorization is already performed in home address before this option can be used. Such authorization is
the context of Route Optimization, and therefore this specification already performed in the context of Route Optimization, and therefore
limits the use of the HAO to the situation where the correspondent this specification limits the use of the Home Address option to the
node already has a binding cache entry for the given home address. situation where the correspondent node already has a binding cache
entry for the given home address.
Tunnels between the mobile node and the home agent can be Tunnels between the mobile node and the home agent can be
protected by ensuring proper use of source addresses, and optional protected by ensuring proper use of source addresses, and optional
cryptographic protection. These procedures are discussed in cryptographic protection. These procedures are discussed in
Section 4.5.3. Section 5.3.
Vulnerabilities related to the Routing Header can be prevented by Potential abuses of the Routing Header can be prevented by using a
using a MIPv6 specific type of a Routing Header. This type provides Mobile IPv6 specific type of a Routing Header. This type provides
the necessary functionality but does not open vulnerabilities. the necessary functionality but does not open vulnerabilities.
Denial-of-Service threats against MIPv6 security mechanisms Denial-of-Service threats against Mobile IPv6 security mechanisms
themselves concern mainly the Binding Update procedures with themselves concern mainly the Binding Update procedures with
correspondent nodes. The protocol has been designed to limit the correspondent nodes. The protocol has been designed to limit the
effects of such attacks, as will be described in Section 4.5.6. effects of such attacks, as will be described in Section 5.5.9.
4.5.3. Securing Tunnels to and from the Home Agents 5.3. Tunnels to and from the Home Agents
Tunnels between the mobile node and the home agent need protection Mobile IPv6 tunneling -- as tunneling in general -- needs protection
so that it isn't possible, e.g., for anyone to pose as the home agent
and send traffic to the mobile node. To protect the tunnels to the
mobile node, the mobile node verifies that the outer IP address
corresponds to its home agent, to prevent attacks against the tunnel
from other IP addresses.
Tunnels from the mobile node to the home agent need protection
so that it isn't possible for anyone to send traffic through the so that it isn't possible for anyone to send traffic through the
home agent, pose as the mobile node, and escape detection through home agent, pose as the mobile node, and escape detection through
traditional tracing mechanisms. traditional tracing mechanisms.
If Binding Updates sent to the home agents are secure, and the home Binding Updates sent to the home agents are secure. The home
agent verifies the outer IP address corresponds to the current agent verifies that the outer IP address corresponds to the current
location of the mobile node, this prevents attacks against the tunnel location of the mobile node, to prevent attacks against the tunnel
from other IP addresses. This prevents attacks where the attacker from other IP addresses.
is controlled by ingress filtering, as well as attacks where the
attacker does not know the current care-of address of the mobile
node. Attackers who know the care-of address are not controlled by
ingress filtering could still send traffic through the home agent,
but they could also send spoofed packets without using a tunnel.
Encapsulating the tunneled traffic inside IPsec ESP offers an For tunneled traffic to and from the mobile node, encapsulating the
optional mechanism to protect the confidentiality and integrity of traffic inside IPsec ESP offers an optional mechanism to protect
the traffic against on-path attackers. the confidentiality and integrity of the traffic against on-path
attackers.
4.5.4. Securing Binding Updates to Home Agents 5.4. Binding Updates to Home Agents
Signaling between the mobile node and the home agent requires message Signaling between the mobile node and the home agent requires message
integrity, correct ordering and replay protection. integrity, correct ordering and replay protection.
In order to have this protection, the mobile node and the home agent In order to have this protection, the mobile node and the home agent
must have a security association. IPsec Encapsulating Security must have a security association. IPsec Encapsulating Security
Payload (ESP) can be used to for integrity protection when a non-null Payload (ESP) can be used for integrity protection when a non-null
authentication algorithm is applied. authentication algorithm is applied.
However, IPsec can provide replay protection only when dynamic However, IPsec can easily provide replay protection only if dynamic
security association establishment is used. This may not always be security association establishment is used. This may not always be
possible, and manual keying would be preferred in some cases. IPsec possible, and manual keying would be preferred in some cases. IPsec
also does not guarantee correct ordering of packets, only that they also does not guarantee correct ordering of packets, only that they
have not been replayed. Because of this, Mobile IPv6 does not rely have not been replayed. Because of this, Mobile IPv6 provides its
on IPsec replay protection and provides its own mechanism inside the own mechanism inside the Binding Update and Acknowledgement messages.
Binding Update and Acknowledgement messages. A sequence number field
is used to ensure correct ordering and to prevent replay protection.
Both the mobile node and the home agent MUST use non-volatile memory
to store the sequence number so that a reboot does not prevent the
acceptance of new Binding Updates.
A sliding window scheme is used for the sequence numbers. Therefore A sequence number field is used to ensure correct ordering. If the
the protection against replays and reordering attacks works when mobile node reboots and forgets its current sequence number, the home
the attacker remembers up to a maximum of 2^31 Binding Updates. agent uses the status value 141 (Sequence number out of window, see
The mobile node and the home agent MAY agree on a new key for the Section 6.1.8) to inform the mobile node of the use of an improper
security association before this many Binding Updates have been sent sequence number.
if this is an issue.
Note that while the required non-volatile memory is an additional Note that the the sequence number mechanism provides also a weak form
burden in particular for the mobile node, the use of sequence numbers of replay protection. However, if a home agent reboots and loses its
reduces the number of roundtrips necessary for the update procedure state regarding the sequence numbers, replay attacks become possible.
compared to other schemes that would not have required non-volatile If the home agent is vulnerable to this, the use of a key management
memory. Note also that implementations do not necessarily have to mechanism together with IPsec can be used to prevent replay attacks.
write the non-volatile memory every time they send a Binding Update,
if they always write a somewhat larger sequence number to the memory A sliding window scheme is used for the sequence numbers. The
and only update the memory again once the used sequence numbers go protection against replays and reordering attacks without a key
beyond this larger number. For instance, if the sequence number management mechanism works when the attacker remembers up to a
starts at 0, the value 100 can be written to the memory so that maximum of 2**15 Binding Updates.
the next write can be done when the sequence numbers from 0 to 99
have been used. This reduces the need for frequent updates to the
non-volatile memory, which improves performance and may be necessary
in some cases to lengthen the lifetime of the used memory components.
In order to protect messages exchanged between the mobile node and In order to protect messages exchanged between the mobile node and
the home agent with IPsec, appropriate Security Policy Database (SPD) the home agent with IPsec, appropriate security policy database
entries must be created. We need to avoid the possibility that a entries must be created. We need to avoid the possibility that a
mobile node could use its security association to send a Binding mobile node could use its security association to send a Binding
Update on behalf of another mobile node using the same home agent. Update on behalf of another mobile node using the same home agent.
In order to do this, the SPD entries MUST unequivocally identify a In order to do this, the security policy database entries MUST
single SA for any given home address and home agent. In order for unequivocally identify a single SA for any given home address and
the home address of the mobile node to be visible when the policy home agent. In order for the home address of the mobile node to be
check is made, the mobile node MUST use the Home Address Option in visible when the policy check is made, the mobile node MUST use the
Binding Updates sent to the home agent. The home address in the Home Home Address destination option in Binding Updates sent to the home
Address Option and the Binding Update message MUST be equal and MUST agent. The home address in the Home Address destination option and
be checked by the home agent. the Binding Update message MUST be equal and MUST be checked by the
home agent.
4.5.5. Securing Binding Updates to Correspondent Nodes 5.5. Binding Updates to Correspondent Nodes
Binding Updates to correspondent nodes are protected using the Return Binding Updates to correspondent nodes are protected using the return
Routability (RR) method. This method uses the following principles: routability procedure. The motivation for designing the return
routability procedure was to have sufficient support for Mobile IP,
without creating major new security problems. It was not our goal
to protect against attacks that were already possible before the
introduction of Mobile IP. This protocol does not defend against
an attacker who can monitor the home agent to correspondent node
path, as such attackers would in any case be able to mount an active
attack against the mobile node when it is at its home location. The
possibility of such attacks is not an impediment to the deployment of
Mobile IP, because these attacks are possible regardless of whether
Mobile IP is in use.
- A cookie exchange verifies that the mobile node is ``live'' at This protocol also protects against denial of service attacks in
its addresses, or is at least able to receive traffic on them. which the attacker pretends to be a mobile, but uses the victim's
address as the care of address, and so causes the correspondent node
to send the victim traffic that it does not expect. For example,
suppose that the correspondent node is a news site that will send a
high-bandwidth stream of video to anyone who asks for it. Note that
the use of flow-control protocols such as TCP does not necessarily
defend against this type of attack, because the attacker can fake the
acknowledgements. Even keeping TCP initial sequence numbers secret
doesn't help, because the attacker can receive the first few segments
(including the ISN) at its own address, and then redirect the stream
to the victim's address. This protocol defends against these attacks
by only completing if packets sent by the correspondent node to the
care of address are received and processed by an entity that is
willing to participate in the protocol. Normally, this will be the
mobile node.
- Protecting the eventual binding update cryptographically using For further information about the design rationale of the return
routability procedure, see [1] [31] [22] [23].
The return routability procedure method uses the following
principles:
- A cookie exchange verifies that the mobile node is reachable at
its addresses i.e. is at least able to transmit and receive
traffic at its addresses.
- The eventual Binding Update is protected cryptographically using
the cookies. the cookies.
- Requiring that the cookies be protected by ESP when forwarded by - Requiring that the cookies be protected by ESP when forwarded by
the Home Agent to the mobile node. the home agent to the mobile node.
- The use of symmetric exchanges were responses are sent to the - The use of symmetric exchanges where responses are sent to the
same address as the request was sent from, to avoid the use of same address as the request was sent from, to avoid the use of
this protocol in reflection attacks. this protocol in reflection attacks.
- Stateless operation at correspondent nodes until they receive the - Correspondent nodes operate in a stateless manner until they
a binding update that can be authorized. receive a Binding Update that can be authorized.
The RR protocol can be broken by an attacker on the route between the
home agent and the correspondent node, but not by attackers on the
network the mobile node is currently at and not from elsewhere on the
Internet.
Each correspondent node has a secret key, Kcn. This key does not
need to be shared with any other entity, so no key distribution
mechanism is needed for it. Each correspondent node also generates
a nonce, Nj, at regular intervals, for example every few minutes. A
correspondent node uses the same Kcn and Nj with all the mobiles it
is in communication with, so that it does not need to generate and
store a new Nj when a new mobile contacts it. Each value of Nj is
identified by the subscript j. This subscript is communicated in the
protocol, so that if Nj is replaced by N(j+1) part way through a run
of a protocol, the correspondent can distinguish messages that should
be checked against the old nonce from messages that should be checked
against the new nonce. Correspondent nodes keep both the current
value of Nj and a small set of previous values N(j-1), N(j-2), ...
Older values can be discarded, and messages using them will can be
rejected as replays.
Kcn can be either a fixed value or regularly updated. An update
of Kcn can be done at the same time as an update of Nj, so that j
identifies both the nonce and the key. A correspondent node can
generate a fresh Kcn each time that it boots to avoid the need for
secure persistent storage for Kcn.
The RR signaling happens as follows:
1. MN(HoA) -> CN: HoTI(HoA)
2. MN(CoA) -> CN: CoTI(CoA)
3. CN -> MN(HoA): HoT(K0, j)
4. CN -> MN(CoA): CoT(K1, l)
5. MN(CoA) -> CN: BU(HoA, CoA, MAC, j, l)
6. CN -> MN(CoA): BA(MAC)
7. CN -> MN(HoA): BR(MAC)
Messages 1 and 2 are sent simultaneously, as are messages 3 and
4. Message 5 actually creates a binding, and messages 6 and 7 are
optional. The messages are described in more detail below:
1. HoTI (Home Test Init) Message:
When a mobile nodes wants to perform route optimization it sends
a HoTI message to the correspondent node in order to initiate the
return routability verification for the Home Address.
MN(HoA) -> CN: HoA
This message tells the mobile node's home address to the
correspondent node. The address is used later to create a
cookie. This message is reverse tunneled through the Home Agent.
2. CoTI (Care-of Test Init) Message:
When a mobile nodes wants to perform route optimization it sends
a CoTI message to the correspondent node in order to initiate the
return routability verification for the care-of Address.
MN(CoA) -> CN: CoA
The second message is sent in parallel with the first one. It
tells the correspondent node the mobile node's care-of address,
which is later used to create a cookie. This message is sent
directly to the correspondent node.
3. HoT (Home Test) Message:
This message is sent in response to a HoTI message.
CN -> MN(HoA): K0, j
When the correspondent node receives the HoTI message, it
generates a cookie K0 as follows:
K0 = MAC_Kcn(HoA | Nj | 0)
The cookie and the value j are sent to the mobile node via the
Home Agent; it is an assumption of the protocol that the home
agent - mobile node route is secure. K0 also acts as a challenge
to test that the mobile can receive messages sent to its home
address.
The index j is carried along in the protocol to allow the CN
to later efficiently find the nonce value Nj that it used in
creating this cookie.
The notation used here is as follows. MAC_K(m) denotes a
message authentication code computed on message m with key K.
H(m) denotes a hash of message m. HMAC SHA1 function [15][21]
is used to compute the message authentication code, and SHA1
function [21] is used to compute the hash. The final ``0''
inside the MAC function is a 32-bit integer used to distinguish
home and care-of cookies from each other.
4. CoT (Care-of Test) Message:
This message is sent in response to a CoTI message.
CN -> MN(CoA): K1, i
The correspondent also sends a challenge to the mobile's care-of
address. When the correspondent node receives the CoTI message,
it generates a cookie K1 as follows:
K1 = MAC_Kcn(CoA | Ni | 1) The return routability procedure can be broken by an attacker on the
route between the home agent and the correspondent node, but not by
attackers on the network the mobile node is currently at and not from
elsewhere on the Internet.
The cookie and the value i are sent directly the mobile node. 5.5.1. Node Keys
The final 1 inside the MAC function is a 32-bit integer, again
used for distinguishing home and care-of cookies from each other.
Again, an index is sent along the cookie in order to identify Each correspondent node has a secret key, Kcn. This key is used by
the used nonce Ni. Note that i and j are likely to be the same the correspondent node to accept only the use of cookies which it has
in HoT and CoT messages, except when nonce values happen to have created itself. This key does not need to be shared with any other
changed between the reception of HoT and the CoT messages. entity, so no key distribution mechanism is needed for it.
5. BU (Binding Update) Message: A correspondent node can generate a fresh Kcn each time that it boots
to avoid the need for secure persistent storage for Kcn. Kcn can be
either a fixed value or regularly updated. Procedures for updating
Kcn are discussed later in Section 5.5.7.
When the MN has received both the HoT and CoT is has the cookies Kcn consists of 20 octets.
necessary to send the Binding Update.
MN(CoA) -> CN: BU, HoA, CoA, 5.5.2. Nonces
MAC_Kbu(CoA | HoA | BU | 0),
j, i
The mobile node hashes together the challenges and to form a Each correspondent node also generates a nonce at regular intervals,
session key (Kbu), and then uses this session key to authenticate for example every few minutes. A correspondent node uses the same
a binding update: Kcn and nonce with all the mobiles it is in communication with, so
that it does not need to generate and store a new nonce when a new
mobile contacts it. Each nonce is identified by a nonce index.
Nonce indices are 16-bit values that are e.g. incremented each time
a new nonce is created. The index value is communicated in the
protocol, so that if a nonce is replaced by new nonce during the run
of a protocol, the correspondent node can distinguish messages that
should be checked against the old nonce from messages that should be
checked against the new nonce. Correspondent nodes keep both the
current nonce and a small set of old nonces. Older values can be
discarded, and messages using them will be rejected as replays.
Kbu = H(K0 | K1) The specific nonce index values can not be used by mobile nodes to
determine the validity of the nonce. Expected validity times for
the nonces values and the procedures for updating them are discussed
later in Section 5.5.7.
The message contains j and i, so that the correspondent knows Nonce is an octet string of any length. The recommended length is 16
which value of Nj and Ni to use to recompute the session key. octets.
"BU" is the content of the BU message. Once the correspondent
node has verified the MAC, it can create a binding cache entry
for the mobile.
6. BA (Binding Acknowledgement) Message: 5.5.3. Cookies
The Binding Update is optionally acknowledged by the Three different types of cookies are used in the protocol:
correspondent node.
CN -> MN(CoA): BA, - Mobile cookie is sent to the correspondent node from the mobile
MAC_Kbu(CoA | HoA | BA | 0), node, and later returned to the mobile node. Mobile cookies are
produced randomly, and used to verify that the response matches
the request, and to ensure that parties who have not seen the
request can not spoof responses.
The correspondent node uses the same key (Kbu) to authenticate a - A home cookie sent to the mobile node from the correspondent node
binding acknowledgement. "BA" is the content of the BA message. via the home agent. Home cookies are produced cryptographically
from nonces.
7. BR (Binding Request) Message: - A care-of cookie sent directly to the mobile node from the
correspondent node. Home cookies are produced cryptographically
from nonces.
The correspondent node can optionally request a binding to be Mobile cookies are typically newly generated random values for each
refreshed using the Binding Request message. This message can be new request that needs them. They could also be changed periodically
authenticated using the same Kbu that was created earlier. only. The policy to use new or old mobile cookies is purely a local
matter for the mobile node.
CN -> MN(HoA): BR, Home and care-of cookies are produced by the correspondent node, and
MAC_Kbu(HoA | BR | 0), they are based on the currently active secret keys and nonces of the
correspondent node as well as the home or care-of address. Such a
cookie is valid as long as both the secret key and the nonce used to
create it are valid.
"BR" is the content of the BR message. 5.5.4. Cryptographic Functions
This protocol also protects the participants against replayed binding MAC_K(m) denotes a Message Authentication Code computed on message
updates. The attacker can't replay the same message due to the m with key K. In this specification, HMAC SHA1 function [15][21] is
sequence number which is a part of the MIPv6 binding update itself, used to compute these codes.
and the attacker can't modify the binding update since the MAC would
not verify after that. Care must be taken when removing bindings
at the correspondent node, however. If a binding is removed either
due to garbage collection, request, or expiration and the nonce
used in its creation is still valid, an attacker can replay the old
binding update. This can be prevented by having the correspondent
node change the nonce often enough to ensure that the nonces used
when removed entries were created are no longer valid. If many such
deletions occur the correspondent can batch them together to avoid
having to increment the nonce index too often.
4.5.6. Preventing Denial-of-Service Attacks H(m) denotes a hash of message m. In this specification, SHA1
function [21] is used to compute the hash.
The RR protocol has been designed with protection against resource 5.5.5. Return Routability Procedure
exhaustion Denial-of-Service attacks. In these attacks the victim
has only a limited amount of some resource (such as network bandwidth
or CPU cycles), and the attack consumes some of this resource. This
leaves the victim without enough resources to carry out other work.
The correspondent nodes do not have to retain any state about The return routability signaling happens as follows:
individual mobile nodes until an authentic binding update arrives.
This is achieved through the use of the nonces and Kcn that are
not specific to individual mobile nodes. Yet the cookies are
specific, but they can be reconstructed based on the CoA and HoA
information that arrives with the binding update. This means that
the correspondent nodes are safe against memory exhaustion attacks
except where on-path attackers are concerned. Due to the use of
symmetric cryptography, the correspondent nodes are relatively safe
against CPU resource exhaustion attacks as well.
Nevertheless, as [1] describes, there are situations it is impossible Mobile node Home agent Correspondent node
for the mobile and correspondent nodes to determine if they actually | |
need a binding or whether they just have been fooled into believing | Home Test Init(HoTI) |
so by an attacker. Therefore, it is necessary to treat situations | Src = home address, |
where such attacks are being made. | Dst = correspondent | |
| Parameters: | |
| - mobile cookie 1 | |
|------------------------->|------------------------->|
| | |
| |
| Care-of Test Init(CoTI) |
| Src = care-of address |
| Dst = correspondent |
| Parameters: |
| - mobile cookie 2 |
|---------------------------------------------------->|
| |
| Home Test (HoT) |
| Src = correspondent, |
| Dst = home address |
| Parameters: |
| - mobile cookie 1 |
| | - home cookie |
| | - home nonce index |
|<-------------------------|<-------------------------|
| | |
| |
| Care-of Test(CoT) |
| Src = correspondent, |
| Dst = care-of address |
| Parameters: |
| - mobile cookie 2 |
| - care-of cookie |
| - care-of nonce index |
|<----------------------------------------------------|
| |
The binding updates that are used in mobile IPv6 are only an The HoTI and CoTI messages are sent at the same time. The
optimization. A mobile node can communicate with a correspondent correspondent node returns the HoT and CoT messages as quickly as
node even if the correspondent refuses to accept any of its binding possible, and perhaps nearly simultaneously, requiring very little
updates. However, performance will suffer because packets from the processing. The four messages form the return routability procedure.
correspondent to the mobile will be routed via the mobile's home (After the return routability procedure, a binding will be created
agent rather than a more direct route. A correspondent can protect with a single request with an optional response.) Due to the
itself against some of the resource exhaustion attacks by stopping simultaneous sending of messages, the return routability procedure
processing binding updates when it is flooded with a large number of completes in 1 roundtrip (and the whole process completes in 1.5
binding updates that fail the cryptographic integrity checks. If a roundtrips excluding the acknowledgement message).
correspondent finds that it is spending more resources on checking
bogus binding updates than it is likely to save by accepting genuine
binding updates, then it can decide to reject all binding updates
without performing any cryptographic operations.
Additional information needed to make this decisions about responding The four messages (HoTI, CoTI, HoT, and CoT) belonging to the return
to requests will usually originate in layers above IP. For example, routability procedure are described in more detail below. The use of
TCP knows if the node has a queue of data that it is trying to send the results of the return routability procedure for authenticating a
to a peer. It is possible to produce a conforming implementation of correspondent binding procedure is described in Section 5.5.6.
the protocols in this memo without making use of information from
higher protocol layers, but implementations MAY be able to manage
resources more effectively by making use of such information.
4.5.7. Design Rationale HoTI
The motivation for designing the RR protocol was to have sufficient Home Test Init Message:
support for mobile IP, without creating major new security problems.
A protocol was needed against the new vulnerabilities introduced by
IP mobility. It was not our goal to protect against attacks that
were already possible before the introduction of IP mobility. This
protocol does not defend against an attacker who can monitor the home
agent to correspondent node path, as such attackers would in any case
be able to mount an active attack against the mobile node when it
is at its home location. The possibility of such attacks is not an
impediment to the deployment of mobile IP, because these attacks are
possible irrespective of whether mobile IP is in use or not.
This protocol also protects against denial of service attacks in When a mobile nodes wants to perform route optimization it
which the attacker pretends to be a mobile, but uses the victim's sends a HoTI message to the correspondent node in order to
address as the care of address, and so causes the correspondent initiate the return routability verification for the Home
to send the victim traffic that it does not want. For example, Address.
suppose that the correspondent is a news site that will send a
high-bandwidth stream of video to anyone who asks for it. Note that
the use of flow-control protocols such as TCP does not necessarily
defend against this type of attack, because the attacker can fake the
acknowledgements. Even keeping TCP initial sequence numbers secret
doesn't help, because the attacker can receive the first few segments
(including the ISN) at its own address, and then redirect the stream
to the victim's address. This protocol defends against these attacks
by only completing if packets sent by the correspondent to the care
of address are received and processed by an entity that is willing to
participate in the protocol. Normally, this will be the mobile node.
For further information about the design of RR and other protocols, Src = home address
see [1] [33] [22] [23]. Dst = correspondent
Parameters:
- mobile cookie 1
4.6. New IPv6 ICMP Messages This message conveys the mobile node's home address to the
correspondent node. The mobile node also sends along mobile
cookie C0 that the correspondent node must return later,
along with its own cookie that it generates based on the home
address. The HoTI message is reverse tunneled through the home
agent.
Mobile IPv6 also introduces four new ICMP message types, two for use CoTI
in the dynamic home agent address discovery mechanism, and two for
renumbering and mobile configuration mechanisms. As discussed in
general in Section 4.2, the following two new ICMP message types are
used for home agent address discovery:
Home Agent Address Discovery Request Care-of Test Init Message:
The ICMP Home Agent Address Discovery Request message is used When a mobile nodes wants to perform route optimization it
by a mobile node to initiate the dynamic home agent address sends a CoTI message to the correspondent node in order to
discovery mechanism. When attempting a home registration, the initiate the return routability verification for the care-of
mobile node may use this mechanism to discover the address of Address.
one or more routers currently operating as home agents on its
home link, with which it may register while away from home.
The Home Agent Address Discovery Request message is described
in detail in Section 5.6.
Home Agent Address Discovery Reply Src = care-of address
Dst = correspondent
Parameters:
- mobile cookie 2
The ICMP Home Agent Address Discovery Reply message is used by The second message is sent in parallel with the first one. It
a home agent to respond to a mobile node using the dynamic home conveys the mobile node's care-of address to the correspondent
agent address discovery mechanism. When a home agent receives node. The mobile node also sends along mobile cookie C1 that
a Home Agent Address Discovery Request message, it replies with the correspondent node must return later, along with its own
a Home Agent Address Discovery Reply message, giving a list cookie that it generates based on the care-of address. The
of the routers on the mobile node's home link serving as home CoTI message is sent directly to the correspondent node.
agents. The Home Agent Address Discovery Reply message is
described in detail in Section 5.7.
The next two message types are used for network renumbering HoT
and address configuration on the mobile node, as described in
Section 9.7:
Mobile Prefix Solicitation Home Test Message:
The ICMP Mobile Prefix Solicitation message is used by a mobile This message is sent in response to a HoTI message.
node to request prefix information about the home subnet, in
order to retrieve prefixes that are served by home agents and
can be used to configure one or more home addresses, or to
refresh home addresses before the expiration of their validity.
This message is specified in Section 5.8.
Mobile Prefix Advertisement Src = correspondent
Dst = home address
Parameters:
- mobile cookie 1
- home cookie
- home nonce index
The ICMP Mobile Prefix Advertisement is used by a home agent to When the correspondent node receives the HoTI message, it
distribute information to a mobile node about prefixes on the generates a 16 octet home cookie as follows:
home link which are available for use by the mobile node while
away from home. This message may be sent as a response to a
Mobile Prefix Solicitation, or due to network renumbering or
other prefix changes as specified in Section 9.9.3
4.7. Conceptual Data Structures home cookie = MAC_Kcn(home address | nonce)
This document describes the Mobile IPv6 protocol in terms of the The cookie is sent in the message to the mobile node via the
following three conceptual data structures: Home Agent; it is an assumption of the protocol that the home
agent - mobile node route is secure. Home cookie also acts as
a challenge to test that the mobile can receive messages sent
to its home address. Kcn is used in the production of home
cookie in order to allow the correspondent node to verify that
the cookies used later really came from itself, without forcing
the correspondent node to remember a list of all cookies it has
handed out.
Binding Cache Mobile cookie 1 from the mobile node is returned as well in the
HoT message, to ensure that the message comes from someone on
the path to the correspondent node.
A cache, maintained by each IPv6 node, of bindings for other The home nonce index is carried along in the protocol to allow
nodes. A separate Binding Cache SHOULD be maintained by each the correspondent node to later efficiently find the nonce
IPv6 node for each of its IPv6 addresses. The Binding Cache value Ni that it used in creating this cookie.
MAY be implemented in any manner consistent with the external
behavior described in this document, for example by being
combined with the node's Destination Cache as maintained by
Neighbor Discovery [20]. When sending a packet, the Binding
Cache is searched before the Neighbor Discovery conceptual
Destination Cache [20] (i.e., any Binding Cache entry for this
destination SHOULD take precedence over any Destination Cache
entry for the same destination). Each Binding Cache entry
conceptually contains the following fields:
- The home address of the mobile node for which this is the CoT
Binding Cache entry. This field is used as the key for
searching the Binding Cache for the destination address of
a packet being sent. If the destination address of the
packet matches the home address in the Binding Cache entry,
this entry SHOULD be used in routing that packet.
- The care-of address for the mobile node indicated by Care-of Test Message:
the home address field in this Binding Cache entry. If
the destination address of a packet being routed by a
node matches the home address in this entry, the packet
SHOULD be routed to this care-of address, as described in
Section 8.9, for packets originated by this node, or in
Section 9.4, if this node is the mobile node's home agent
and the packet was intercepted by it on the home link.
- A lifetime value, indicating the remaining lifetime This message is sent in response to a CoTI message.
for this Binding Cache entry. The lifetime value is
initialized from the Lifetime field in the Binding Update
that created or last modified this Binding Cache entry.
Once the lifetime on this entry expires, the entry MUST be
deleted from the Binding Cache.
- A flag indicating whether or not this Binding Cache entry Src = correspondent
is a "home registration" entry. Dst = care-of address
Parameters:
- mobile cookie 2
- care-of cookie
- care-of nonce index
- A flag indicating whether or not this Binding Cache entry The correspondent node also sends a challenge to the mobile's
represents a mobile node that should be advertised as a care-of address. When the correspondent node receives the CoTI
router in proxy Neighbor Advertisements sent by this node message, it generates a 16 octet care-of cookie as follows:
on its behalf. This flag is only valid if the Binding
Cache entry indicates that this is a "home registration"
entry.
- The length of the routing prefix for the home address. care-of cookie = MAC_Kcn(care-of address | nonce)
This field is only valid if the "home registration" flag is
set on this Binding Cache entry.
- The maximum value of the Sequence Number field received The cookie is sent directly to the mobile node at its care-of
in previous Binding Updates for this mobile node home address. Mobile cookie 2 from the mobile node is returned as
address. The Sequence Number field is 8 bits long, well, to ensure that the message comes from someone on the path
and all comparisons between Sequence Number values to the correspondent node.
MUST be performed modulo 2**8. For example, using an
implementation in the C programming language, a Sequence
Number value A is greater than another Sequence Number
value B if ((char)((a) - (b)) > 0), if the "int" data type
is a 8-bit signed integer.
- Recent usage information for this Binding Cache entry, as Again, an index is sent along the cookie in order to identify
needed to implement the cache replacement policy in use in the used nonce. Note that home and care-of nonce indices are
the Binding Cache and to assist in determining whether a likely to be the same in HoT and CoT messages, except when
Binding Request should be sent when the lifetime on this the correspondent node changed its nonce value between the
entry nears expiration. reception of HoTI and the CoTI messages.
- The Binding Security Association (BSA) to be be used when When the mobile node has received both the HoT and CoT messages, the
authenticating Binding Updates that are received for this return routability procedure is complete. As a result, the mobile
Binding Cache entry. node has the means to prove its authority to send a Binding Update
to the correspondent node. The mobile node hashes together the
challenges to form a 20 octet session key (Kbu):
- The Binding Security Association (BSA) to be be used when Kbu = H(home cookie | care-of cookie)
calculating authentication data for inclusion in Binding
Acknowledgements in response to Binding Updates that are
received for this Binding Cache entry.
An entry in a node's Binding Cache for which the node is Note that the correspondent node has not created any state at this
serving as a home agent is marked as a "home registration" point. It is unaware of the session key Kbu, though it can recreate
entry and SHOULD NOT be deleted by the home agent until the Kbu if it is presented the right addresses and nonce indices.
expiration of its binding lifetime. Other Binding Cache
entries MAY be replaced at any time by any reasonable local
cache replacement policy but SHOULD NOT be unnecessarily
deleted. The Binding Cache for any one of a node's IPv6
addresses may contain at most one entry for each mobile node
home address. The contents of a node's Binding Cache MUST NOT
be changed in response to a Home Address option in a received
packet. The contents of all of a node's Binding Cache entries,
for each of its IPv6 addresses, must be cleared when the node
reboots.
Binding Update List 5.5.6. Applying Return Routability for Correspondent Bindings
A list, maintained by each mobile node, recording information After the return routability procedure, the mobile node can proceed
for each Binding Update sent by this mobile node, for which the to perform a binding procedure with the correspondent node. An
Lifetime sent in that Binding Update has not yet expired. The overview of the binding procedure is shown below.
Binding Update List includes all bindings sent by the mobile
node: those to correspondent nodes, those to the mobile node's
home agent, and those to a home agent on the link on which the
mobile node's previous care-of address is located. However,
for multiple Binding Updates sent to the same destination
address, the Binding Update List contains only the most recent
Binding Update (i.e., with the greatest Sequence Number value)
sent to that destination. The Binding Update List MAY be
implemented in any manner consistent with the external behavior
described in this document. Each Binding Update List entry
conceptually contains the following fields:
- The IP address of the node to which a Binding Update was Mobile Node Correspondent node
sent. That node might still have a Binding Cache entry | |
created or updated from this Binding Update, if the Binding | 1. Binding Update |
Update was successfully received by that node (e.g., not | Src = care-of address, Dst = correspondent |
lost by the network) and if that node has not deleted the | Parameters: |
entry before its expiration (e.g., to reclaim space in its | - home address |
Binding Cache for other entries). | - a MAC |
| - home nonce index |
| - care-of nonce index |
| - sequence number |
| - ... |
|---------------------------------------------------->|
| |
| 2. Binding Acknowledgement |
| (if requested) |
| Src = correspondent, |
| Dst = care-of address |
| Parameters: |
| - sequence number |
| - ... |
|<----------------------------------------------------|
| |
- The home address for which that Binding Update was sent. Message 1 actually creates a binding, and message 2 is optional. The
This will be one of the following: correspondent binding procedure consists of the return routability
procedure followed by the messages 1 and 2.
* the mobile node's home addresses for typical Binding 1.
Updates (Sections 10.7 and 10.9), or
* the mobile node's previous care-of address for Binding Binding Update (BU) Message:
Updates sent to establish forwarding from the mobile
node's previous care-of address by a home agent from
this previous care-of address (Section 10.11).
- The care-of address sent in that Binding Update. This The mobile node uses the created session key Kbu to authorize
value is necessary for the mobile node to determine if it the Binding Update.
has sent a Binding Update giving its new care-of address to
this destination after changing its care-of address.
- The initial value of the Lifetime field sent in that Src = care-of address
Binding Update. Dst = correspondent
Parameters:
- home address
- MAC_Kbu(care-of address | correspondent node address | BU)
- home nonce index
- care-of nonce index
- sequence number
- ...
- The remaining lifetime of that binding. This lifetime is The message contains home and care-of nonce indices, so that
initialized from the Lifetime value sent in the Binding the correspondent node knows which nonces to use to recompute
Update and is decremented until it reaches zero, at which the session key. "BU" is the content of the Binding Update
time this entry MUST be deleted from the Binding Update message, excluding (1) the IP header, (2) any extension
List. headers between the IP header the Mobility Header, and (3) the
Authenticator field inside the Binding Update. The result of
the MAC_Kbu function is used as the Authenticator field in
the Binding Update. A sequence number will be used to match
an eventual acknowledgement with this message. The sequence
numbers start from a random value, which offers a weak form
of authentication also to the acknowledgement messages. The
three dots represent all the remaining (not security related)
information in the message.
- The maximum value of the Sequence Number field sent in Once the correspondent node has verified the MAC, it can create
previous Binding Updates to this destination. The Sequence a binding cache entry for the mobile.
Number field is 8 bits long, and all comparisons between
Sequence Number values MUST be performed modulo 2**8. For
example, using an implementation in the C programming
language, a Sequence Number value A is greater than another
Sequence Number value B if ((char)((a) - (b)) > 0), if the
"char" data type is a 8-bit signed integer.
- The time at which a Binding Update was last sent to this 2.
destination, as needed to implement the rate limiting
restriction for sending Binding Updates.
- The state of any retransmissions needed for this Binding Binding Acknowledgement (BA) Message:
Update, if the Acknowledge (A) bit was set in this Binding
Update. This state includes the time remaining until the
next retransmission attempt for the Binding Update, and the
current state of the exponential back-off mechanism for
retransmissions.
- A flag that, when set, indicates that future Binding The Binding Update is optionally acknowledged by the
Updates should not be sent to this destination. The correspondent node.
mobile node sets this flag in the Binding Update List
entry when it receives an ICMP Parameter Problem, Code 2,
error message in response to a Binding Update sent to that
destination, as described in Section 10.17.
Home Agents List Src = correspondent
Dst = care-of address
Parameters:
- sequence number
- ...
A list, maintained by each home agent and each mobile node, The Binding Acknowledgement is not authenticated in other ways
recording information about each home agent from which this than including the right sequence number in the reply. The
node has received a Router Advertisement in which the Home three dots represent all the remaining (not security related)
Agent (H) bit is set, for which the remaining lifetime for information in the message.
this list entry (defined below) has not yet expired. The
home agents list is thus similar to the Default Router
List conceptual data structure maintained by each host for
Neighbor Discovery [20], although the Home Agents List MAY be
implemented in any manner consistent with the external behavior
described in this document.
Each home agent maintains a separate Home Agents List for 5.5.7. Updating Node Keys and Nonces
each link on which it is serving as a home agent; this list
is used by a home agent in the dynamic home agent address
discovery mechanism. Each mobile node, while away from home,
also maintains a Home Agents List, to enable it to notify a
home agent on its previous link when it moves to a new link; a
mobile node MAY maintain a separate Home Agents List for each
link to which it is (or has recently) connected, or it MAY
maintain a single list for all links. Each Home Agents List
entry conceptually contains the following fields:
- The link-local IP address of a router on the link, that An update of Kcn can be done at the same time as an update of Ni, so
this node currently believes is operating as a home agent that i identifies both the nonce and the key. Old Kcn values have to
for that link. A new entry is created or an existing be therefore remembered as long as old nonce values.
entry is updated in the Home Agents List in response to
receipt of a valid Router Advertisement in which the Home
Agent (H) bit is set. The link-local address of the home
agent is learned through the Source Address of the Router
Advertisements received from it [20].
- One or more global IP addresses for this home agent, Before sending a Binding Update in Step 3, the mobile node has
learned through Prefix Information options with to wait for both the Home and Care-of Cookies to arrive. Due
the Router Address (R) bit set, received in Router to resource limitations, rapid deletion of bindings, or reboots
Advertisements from this link-local address. Global it can not be guaranteed that the cookies are still fresh and
addresses for the router in a Home Agents List entry MUST acceptable when the correspondent node uses them in the processing
be deleted once the prefix associated with that address is of the Binding Update. If the cookies have become too old, the
no longer valid [20]. correspondent node replies with an an error code in the Binding
Acknowledgement. The mobile node can then retry the return
routability procedure. However, it is recommended that correspondent
nodes try to keep these cookies acceptable as long as possible and
SHOULD NOT accept them beyond MAX_COOKIE_LIFE seconds.
Are there interactions with the new Router Given that the cookies are normally expected to be usable for
Advertisement stuff? some time, the mobile node MAY use them beyond a single run of the
return routability procedure. A fast moving mobile node may reuse
a recent Home Cookie from a correspondent node when moving to a new
location, and just acquire a new Care-of Cookie to show routability
in the new location. While this does not save roundtrips due to the
parallel nature of the home and care-of return routability tests, the
roundtrip through the home agent may be longer, and consequently this
optimization is often useful. A mobile node that has multiple home
addresses, may also use the same Care-of Cookie for Binding Updates
concerning all of these addresses.
- The remaining lifetime of this Home Agents List entry. If 5.5.8. Preventing Replay Attacks
a Home Agent Information Option is present in a Router
Advertisement received from a home agent, the lifetime of
the Home Agents List entry representing that home agent
is initialized from the Home Agent Lifetime field in the
option; otherwise, the lifetime is initialized from the
Router Lifetime field in the received Router Advertisement.
The Home Agents List entry lifetime is decremented until it
reaches zero, at which time this entry MUST be deleted from
the Home Agents List.
- The preference for this home agent; higher values The return routability procedure also protects the participants
indicate a more preferable home agent. The preference against replayed Binding Updates. The attacker can't replay the
value is taken from the Home Agent Preference field (a same message due to the sequence number which is a part of the
signed, twos-complement integer) in the received Router Binding Update, and the attacker can't modify the Binding Update
Advertisement, if the Router Advertisement contains a Home since the MAC would not verify after that. Care must be taken when
Agent Information Option, and is otherwise set to the removing bindings at the correspondent node, however. If a binding
default value of 0. A home agent uses this preference in is removed either due to garbage collection, request, or expiration
ordering the Home Agents List returned in an ICMP Home and the nonce used in its creation is still valid, an attacker can
Agent Address Discovery message in response to a mobile replay the old Binding Update. This can be prevented by having the
node's initiation of dynamic home agent address discovery. correspondent node change the nonce often enough to ensure that the
A mobile node uses this preference in determining which nonces used when removed entries were created are no longer valid.
of the home agents on its previous link to notify when it If many such deletions occur the correspondent node can batch them
moves to a new link. together to avoid having to increment the nonce index too often.
Can we delete the preference stuff? Is anyone using 5.5.9. Preventing Denial-of-Service Attacks
it?
4.8. Binding Management The return routability procedure has been designed with protection
against resource exhaustion Denial-of-Service attacks. In these
attacks the victim has only a limited amount of some resource (such
as network bandwidth or CPU cycles), and the attack consumes some of
this resource. This leaves the victim without enough resources to
carry out other work.
When a mobile node configures a new care-of address and decides to The correspondent nodes do not have to retain any state about
use this new address as its primary care-of address, the mobile individual mobile nodes until an authentic Binding Update arrives.
node registers this new binding with its home agent by sending This is achieved through the use of the nonces and Kcn that are not
the home agent a Binding Update. The mobile node indicates specific to individual mobile nodes. The cookies are specific, but
that an acknowledgement is needed for this Binding Update and they can be reconstructed based on the home and care-of address
continues to periodically retransmit it until acknowledged. The information that arrives with the Binding Update. This means that
home agent acknowledges the Binding Update by returning a Binding the correspondent nodes are safe against memory exhaustion attacks
Acknowledgement to the mobile node. except where on-path attackers are concerned. Due to the use of
symmetric cryptography, the correspondent nodes are relatively safe
against CPU resource exhaustion attacks as well.
When a mobile node receives a packet tunneled to it from its home Nevertheless, as [1] describes, there are situations in which it is
agent, the mobile node uses that as an indication that the original impossible for the mobile and correspondent nodes to determine if
sending correspondent node has no Binding Cache entry for the mobile they actually need a binding or whether they just have been fooled
node, since the correspondent node would otherwise have sent the into believing so by an attacker. Therefore, it is necessary to
packet directly to the mobile node using a Routing header. If the consider situations where such attacks are being made.
mobile node has a Binding Security Association (BSA) with that
correspondent node, the mobile node thus returns a Binding Update
to the correspondent node, allowing it to cache the mobile node's
binding for routing future packets to it. Although the mobile node
may request an acknowledgement for this Binding Update, it need not,
since subsequent packets from the correspondent node will continue
to be intercepted and tunneled by the mobile node's home agent,
effectively causing any needed Binding Update retransmission.
If the mobile node receives such a tunneled packet but does not have The binding updates that are used in Mobile IPv6 are only an
a BSA with the correspondent node, the mobile node SHOULD initiate optimization, albeit a very important optimization. A mobile node
the process of establishing the necessary security association by can communicate with a correspondent node even if the correspondent
following the procedures outlined in Section 4.5 refuses to accept any of its binding updates. However, performance
will suffer because packets from the correspondent node to the mobile
node will be routed via the mobile's home agent rather than a more
direct route. A correspondent node can protect itself against some
of the resource exhaustion attacks by not processing binding updates
when it is flooded with a large number of binding updates that fail
the cryptographic integrity checks. If a correspondent node finds
that it is spending more resources on checking bogus binding updates
than it is likely to save by accepting genuine binding updates, then
it MAY reject some or all Binding Updates without performing any
cryptographic operations.
A correspondent node with a Binding Cache entry for a mobile node Additional information needed to make this decision about responding
may refresh this binding, for example if the binding's lifetime to requests will usually originate in layers above IP. For example,
is near expiration, by sending a Binding Request to the mobile TCP knows if the node has a queue of data that it is trying to send
node. Normally, a correspondent node will only refresh a Binding to a peer. A conformant implementation of the protocols in this
Cache entry in this way if it is actively communicating with the specification is not required to make use of information from higher
mobile node and has indications, such as an open TCP connection to protocol layers, but implementations are likely to be able to manage
the mobile node, that it will continue this communication in the resources more effectively by making use of such information.
future. When a mobile node receives a Binding Request, it replies by
returning a Binding Update to the node sending the Binding Request.
A mobile node may use more than one care-of address at the same time, 5.5.10. Correspondent Binding Procedure Extensibility
although only one care-of address may be registered for it at its
home agent as its primary care-of address. The mobile node's home
agent will tunnel all intercepted packets for the mobile node to its
(single) registered primary care-of address, but the mobile node
will accept packets that it receives at any of its current care-of
addresses. Use of more than one care-of address by a mobile node
may be useful, for example, to improve smooth handover when the
mobile node moves from one wireless link to another. If each of
these wireless links is connected to the Internet through a separate
base station, such that the wireless transmission range from the
two base stations overlap, the mobile node may be able to remain
connected to both links while in the area of overlap. In this case,
the mobile node could acquire a new care-of address on the new link
before moving out of transmission range and disconnecting from the
old link. The mobile node may thus still accept packets at its
old care-of address while it works to update its home agent and
correspondent nodes, notifying them of its new care-of address on the
new link.
Since correspondent nodes cache bindings, it is expected that As discussed in Appendix D.3, in the future there may be other
correspondent nodes usually will route packets directly to the mobile mechanisms beyond the return routability procedure for authorizing
node's care-of address, so that the home agent is rarely involved mobile nodes to correspondent nodes. The nodes can use other methods
with packet transmission to the mobile node. This is essential for based on future definition of flag values in the Reserved fields of
scalability and reliability, and for minimizing overall network load. HoTI, HoT, CoTI, CoT, and BU messages. Nodes need assurance against
By caching the care-of address of a mobile node, optimal routing of bidding down attacks in this selection by following the procedure
packets can be achieved from the correspondent node to the mobile described in Section 14.3.
node. Routing packets directly to the mobile node's care-of address
also eliminates congestion at the mobile node's home agent and home
link. In addition, the impact of any possible failure of the home
agent, the home link, or intervening networks leading to or from the
home link is reduced, since these nodes and links are not involved in
the delivery of most packets to the mobile node.
5. New IPv6 Destination Options and Message Types 6. New IPv6 Protocols, Message Types, and Destination Option
5.1. Mobility Header 6.1. Mobility Header
The Mobility Header is used by mobile nodes, correspondent nodes, and The Mobility Header is used by mobile nodes, correspondent nodes, and
home agents in all messaging related to the creation and management home agents in all messaging related to the creation and management
of bindings. The Mobility Header is an IPv6 protocol. Rules of bindings. The Mobility Header is an IPv6 protocol. Rules
regarding how it is sent and what addresses are used in the IPv6 regarding how it is sent and what addresses are used in the IPv6
header are given separately in Sections 5.1.2 to 5.1.9. Mobile nodes header are given separately in Sections 6.1.2 through 6.1.9, which
MUST use reverse tunneling to send Mobility Header messages when the describe the message types used in this protocol.
source address is set to the home address of the mobile node.
5.1.1. Format 6.1.1. Format
The Mobility Header is identified by a Next Header value of 62 (XXX) The Mobility Header is identified by a Next Header value of 62 (XXX)
in the immediately preceding header, and has the following format: in the immediately preceding header, and has the following format:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Payload Proto | Header Len | MH Type | |Payload Proto | Header Len | MH Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Checksum | | | Checksum | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
| | | |
skipping to change at page 32, line 30 skipping to change at page 32, line 33
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Payload Proto Payload Proto
8-bit selector. Identifies the type of header immediately 8-bit selector. Identifies the type of header immediately
following the Mobility Header. Uses the same values as the following the Mobility Header. Uses the same values as the
IPv4 Protocol field [10]. IPv4 Protocol field [10].
This field is intended to be used by a future specification This field is intended to be used by a future specification
of piggybacking binding messages on payload packets (see of piggybacking binding messages on payload packets (see
Section 12.1). Section D.1).
Thus implementations conforming to this specification MUST set Implementations conforming to this specification SHOULD set the
the payload protocol type to NO_NXTHDR (59 decimal). payload protocol type to NO_NXTHDR (59 decimal).
Header Len Header Len
8-bit unsigned integer. Length of the Mobility Header in units 8-bit unsigned integer. Length of the Mobility Header in units
of 8 octets, including the the Payload Proto, MH Type, Header of 8 octets, including the the Payload Proto, MH Type, Header
Len, Checksum, and Message Data fields. Len, Checksum, and Message Data fields.
MH Type MH Type
16-bit selector. Identifies the particular mobility message in 16-bit selector. Identifies the particular mobility message
question. Legal values are defined in Sections 5.1.2 to 5.1.8. in question. Current values are specified in Sections 6.1.2
An unrecognized MH Type field SHOULD cause an error to be sent to 6.1.9. An unrecognized MH Type field causes an error to be
to the source. sent to the source.
Checksum Checksum
16-bit unsigned integer. This field contains the checksum 16-bit unsigned integer. This field contains the checksum
of the Mobility Header. The checksum is the 16-bit one's of the Mobility Header. The checksum is the 16-bit one's
complement of the one's complement sum of the entire Mobility complement of the one's complement sum of an octet string
Header starting with the Payload Proto field, prepended with a consisting of a "pseudo-header" followed by the entire
"pseudo-header" of IPv6 header fields, as specified in [IPv6, Mobility Header starting with the Payload Proto field. The
section 8.1]. The Next Header value used in the pseudo-header pseudo-header contains IPv6 header fields, as specified
is 62 (XXX). For computing the checksum, the checksum field is in Section 8.1 of [6]. The Next Header value used in the
set to zero. pseudo-header is 62 (XXX). For computing the checksum, the
checksum field is set to zero.
Message Data Message Data
A variable length field containing the data specific to the A variable length field containing the data specific to the
indicated Mobility Header type. indicated Mobility Header type.
5.1.2. Binding Request (BR) Message Mobile IPv6 also defines a number of "mobility options" for use
within these messages; if included, any options MUST appear after the
fixed portion of the message data specified in this document. The
presence of such options will be indicated by the Header Len field
within the message. When the Header Len is greater than the length
required for the message specified here, the remaining octets are
interpreted as mobility options options. The encoding and format of
defined options are described in Section 6.2.
The Binding Request (BR) message is used to request a mobile node's Alignment requirements for the Mobility Header are same as for any
binding from the mobile node. A packet containing a Binding Request IPv6 protocol Header. That is, they MUST be aligned on an 8-octet
message is sent in the same way as any packet to a mobile node boundary. We also require that the Mobility Header length is a
(Section 8.9). When a mobile node receives a packet containing a multiple of 8 octets.
Binding Request message and there already exists a Binding Update
List entry for the source of the Binding Request, it MAY start
a Return Routability Procedure (see Section 4.5) if it believes
the amount of traffic with the correspondent justifies the use of
Route Optimization. Note that the mobile node SHOULD NOT respond
Binding Requests from previously unknown correspondent nodes due to
Denial-of-Service concerns.
The Binding Request message uses the MH Type value 0. When this 6.1.2. Binding Refresh Request (BRR) Message
value is indicated in the MH Type field, the format of the Message
Data field in the Mobility Header is as follows: The Binding Refresh Request (BRR) message is used to request a
mobile node's binding from the mobile node. A packet containing
a Binding Refresh Request message is sent in the same way as any
packet to a mobile node (Section 9.6). When a mobile node receives
a packet containing a Binding Refresh Request message and there
already exists a Binding Update List entry for the source of the
Binding Refresh Request, it MAY start a return routability procedure
(see Section 5.5) if it believes the amount of traffic with the
correspondent justifies the use of Route Optimization. Note that
the mobile node SHOULD NOT respond to Binding Refresh Requests from
previously unknown correspondent nodes due to Denial-of-Service
concerns.
The Binding Refresh Request message uses the MH Type value 0. When
this value is indicated in the MH Type field, the format of the
Message Data field in the Mobility Header is as follows:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Reserved | | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
. . . .
. Parameters . . Mobility options .
. . . .
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Reserved Reserved
16-bit field reserved for future flags. These flag bits are 16-bit field reserved for future use. The value MUST be
reserved for future use, and MUST be initialized to zero by the initialized to zero by the sender, and MUST be ignored by the
sender, and MUST be ignored by the receiver. receiver.
Parameters
Variable-length field, of length such that the complete
Mobility Header is an integer multiple of 8 octets long.
Contains one or more TLV-encoded parameters. The receiver MUST
ignore and skip any parameters which it does not understand. A
Binding Request MUST include the following parameter:
- Authentication Data parameter. This parameter contains a
cryptographic hash value which is used to ensure that it
has been sent by the correspondent node. The authenticator
covering a Binding Acknowledgement MUST be computed over
a bitstring containing the following fields of the IPv6
header and the Mobility Header, in order:
* The Home Address of the mobile node, from the
Destination Address field of the IPv6 header.
* The address of the correspondent node, from the Source
Address field of the IPv6 header.
* The contents of the Mobility Header, excluding the
Authenticator field (inside the Authentication Data
parameter) which is included as zeroes for the purposes
of calculating the Authenticator.
* Four bytes of zero. This is included for a potential Mobility options
future extension.
The actual authenticator calculation over sequence of bits Variable-length field of such length that the complete Mobility
is described in Section 4.5. Header is an integer multiple of 8 octets long. Contains one
or more TLV-encoded mobility options. The encoding and format
of defined options are described in Section 6.2. The receiver
MUST ignore and skip any options which it does not understand.
There MAY be additional information, associated with this There MAY be additional information, associated with this
Binding Request message, that need not be present in all Binding Refresh Request message, that need not be present in
Binding Requests sent. This use of MH parameters also allows all Binding Requests sent. This use of mobility options also
for future extensions to the format of the Binding Request allows for future extensions to the format of the Binding
message to be defined. The encoding and format of defined Refresh Request message to be defined. The following options
parameters are described in Section 5.2. The following are valid in a Binding Refresh Request message:
parameters are valid in a Binding Request message:
- Unique Identifier Parameter - Unique Identifier Option
If no actual parameters are present in this message, no padding is - Binding Authorization option
necessary.
5.1.3. Home Test Init (HoTI) Message The Header Length field in the Mobility Header for this message
MUST be set to 1 (since unit is 8 octets) plus the total length of
all mobility options present (also in 8 octet units). If no actual
options are present in this message, no padding is necessary.
The Home Test Init (HoTI) message is used to initiate the Return 6.1.3. Home Test Init (HoTI) Message
Routability procedure from the mobile node to a correspondent node
(see Section 10.9). This message is always sent with the Source The Home Test Init (HoTI) message is used to initiate the return
Address set to the home address of the mobile node, Destination routability procedure from the mobile node to a correspondent node
Address set to the correspondent node's address, and is tunneled (see Section 11.6.2). The purpose of this message is to test the
through the home agent when the mobile node is away from home. reachability of the home address. This message is always sent with
the Source Address set to the home address of the mobile node,
Destination Address set to the correspondent node's address, and is
tunneled through the home agent when the mobile node is away from
home. Such tunneling SHOULD employ IPsec ESP in tunnel mode between
the home agent and the mobile node. This protection is guided by the
IPsec Policy Data Base. (Note the protection of HoTI messages is
different from the requirement to protect regular payload traffic,
which MAY use such tunnels as well.)
The HoTI message uses the MH Type value 1. When this value is The HoTI message uses the MH Type value 1. When this value is
indicated in the MH Type field, the format of the Message Data field indicated in the MH Type field, the format of the Message Data field
in the Mobility Header is as follows: in the Mobility Header is as follows:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Flags | | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Mobile cookie |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
. . . .
. Parameters . . Mobility Options .
. . . .
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Flags Reserved
16-bit field reserved for future flags. These flag bits are 16-bit field reserved for future use. This value MUST be
reserved for future use, and MUST be initialized to zero by the initialized to zero by the sender, and MUST be ignored by the
sender, and MUST be ignored by the receiver. receiver.
Parameters Mobile cookie
Variable-length field, of length such that the complete 32-bit field which contains a random value, mobile cookie 1,
Mobility Header is an integer multiple of 8 octets long. selected by the mobile node.
Contains one or more TLV-encoded parameters. The receiver MUST
ignore and skip any parameters which it does not understand. Mobility options
Variable-length field of such length that the complete Mobility
Header is an integer multiple of 8 octets long. Contains one
or more TLV-encoded mobility options. The receiver MUST ignore
and skip any options which it does not understand.
There MAY be additional information, associated with this There MAY be additional information, associated with this
message that need not be present in all HoTI messages. This message that need not be present in all HoTI messages. This
use of MH parameters also allows for future extensions to the use of mobility options also allows for future extensions to
format of the HoTI message to be defined. The encoding and the format of the HoTI message to be defined. The encoding and
format of defined parameters are described in Section 5.2. The format of defined options are described in Section 6.2. The
following parameters are valid in a HoTI message: following options are valid in a HoTI message:
- Unique Identifier Parameter
If no actual parameters are present in this message, 4 bytes of Pad1 - Unique Identifier Option
or PadN parameters are needed to make the length of the message a
multiple of 8.
The HoTI message SHOULD be protected by an IPsec policy that employs The Header Length field in the Mobility Header for this message
ESP between the home agent and the mobile node. MUST be set to 2 (since unit is 8 octets) plus the total length of
all mobility options present (also in 8 octet units). If no actual
options are present in this message, 4 bytes of padding is necessary.
A packet that includes a HoTI message MUST NOT include a Home Address A packet that includes a HoTI message MUST NOT include a Home Address
option. destination option.
5.1.4. Care-of Test Init (CoTI) Message 6.1.4. Care-of Test Init (CoTI) Message
The Care-of Test Init (CoTI) message is used to initiate the Return The Care-of Test Init (CoTI) message is used to initiate the return
Routability procedure from the mobile node to a correspondent node routability procedure from the mobile node to a correspondent node
(see Section 10.9). This message is always sent with the Source (see Section 11.6.2). The purpose of this message is to test the
Address set to the care-of address of the mobile node, and is sent reachability of the care-of address. This message is always sent
directly to the correspondent node. with the Source Address set to the care-of address of the mobile
node, and is sent directly to the correspondent node.
The CoTI message uses the MH Type value 2. When this value is The CoTI message uses the MH Type value 2. When this value is
indicated in the MH Type field, the format of the Message Data field indicated in the MH Type field, the format of the Message Data field
in the Mobility Header is as follows: in the Mobility Header is as follows:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Reserved | | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Mobile cookie |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
. . . .
. Parameters . . Mobility Options .
. . . .
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Reserved Reserved
16-bit field reserved for future flags. These flag bits are 16-bit field reserved for future use. The value MUST be
reserved for future use, and MUST be initialized to zero by the initialized to zero by the sender, and MUST be ignored by the
sender, and MUST be ignored by the receiver. receiver.
Parameters Mobile cookie
Variable-length field, of length such that the complete 32-bit field which contains a random value, mobile cookie 2,
Mobility Header is an integer multiple of 8 octets long. selected by the mobile node.
Contains one or more TLV-encoded parameters. The receiver MUST
ignore and skip any parameters which it does not understand. Mobility options
Variable-length field of such length that the complete Mobility
Header is an integer multiple of 8 octets long. Contains one
or more TLV-encoded mobility options. The receiver MUST ignore
and skip any options which it does not understand.
There MAY be additional information, associated with this There MAY be additional information, associated with this
message that need not be present in all CoTI messages. This message that need not be present in all CoTI messages. This
use of MH parameters also allows for future extensions to the use of mobility options also allows for future extensions to
format of the CoTI message to be defined. The encoding and the format of the CoTI message to be defined. The encoding and
format of defined parameters are described in Section 5.2. The format of defined options are described in Section 6.2. The
following parameters are valid in a CoTI message: following options are valid in a CoTI message:
- Unique Identifier Parameter - Unique Identifier Option
If no actual parameters are present in this message, no padding is The Header Length field in the Mobility Header for this message
necessary. MUST be set to 2 (since unit is 8 octets) plus the total length of
all mobility options present (also in 8 octet units). If no actual
options are present in this message, 4 bytes of padding is necessary.
A packet that includes a CoTI message MUST NOT include a Home Address A packet that includes a CoTI message MUST NOT include a Home Address
option. destination option.
5.1.5. Home Test (HoT) Message 6.1.5. Home Test (HoT) Message
The Home Test (HoT) message is an answer to the HoTI message, and The Home Test (HoT) message is a response to the HoTI message, and
is sent from the correspondent node to the mobile node (see Section is sent from the correspondent node to the mobile node (see Section
8.2). This message is always sent with the Destination Address set 8.2). This message is always sent with the Destination Address set
to the home address of the mobile node, Source Address set to the to the home address of the mobile node, Source Address set to the
address of the correspondent node, and is tunneled through the home address of the correspondent node, and is tunneled through the home
agent when the mobile node is away from home. agent when the mobile node is away from home. Such tunneling SHOULD
employ IPsec ESP in tunnel mode between the home agent and the mobile
node. This protection is guided by the IPsec Policy Data Base.
The HoT message uses the MH Type value 3. When this value is The HoT message uses the MH Type value 3. When this value is
indicated in the MH Type field, the format of the Message Data field indicated in the MH Type field, the format of the Message Data field
in the Mobility Header is as follows: in the Mobility Header is as follows:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Reserved | | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Home Nonce Index | | | Home Nonce Index | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Mobile cookie |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
+ + + +
| Home Cookie (128 bits) | | Home Cookie (128 bits) |
+ + + +
| | | |
+ + + +
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
. . . .
. Parameters . . Mobility options .
. . . .
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Reserved Reserved
32-bit field reserved for future flags. These flag bits are The two 16-bit fields are reserved for future use. These
reserved for future use, and MUST be set to zero, otherwise an values MUST be initialized to zero by the sender, and MUST be
error MUST be returned to the sender. ignored by the receiver.
Home Nonce Index Home Nonce Index
This field will be echoed back by the mobile node to the This field will be echoed back by the mobile node to the
correspondent node in a subsequent binding update. It correspondent node in a subsequent binding update. Strictly
will allow the correspondent node to select the appropriate speaking, this value is not necessary in the authentication,
challenge values to authenticate the binding update. but allows the correspondent node to efficiently find the nonce
value Ni that it used in creating the Home Cookie. Without
this field, the correspondent node would have to search through
all currently acceptable nonce values when testing for the
correctness of the authenticator sent in a Binding Update.
Mobile cookie
32-bit field which contains mobile cookie 1, returned by the
correspondent node.
Home Cookie Home Cookie
This field contains the cookie K0 in the Return Routability This field contains the home cookie in the return routability
Procedure; it is the first of two cookies which are to be procedure; it is the first of two cookies which are to be
processed to form a key which is then used to authenticate a processed to form a key which is then used to authenticate a
binding update. binding update.
Parameters Mobility options
Variable-length field, of length such that the complete Variable-length field of such length that the complete Mobility
Mobility Header is an integer multiple of 8 octets long. Header is an integer multiple of 8 octets long. Contains one
Contains one or more TLV-encoded parameters. The receiver MUST or more TLV-encoded mobility options. The receiver MUST ignore
ignore and skip any parameters which it does not understand. and skip any options which it does not understand.
There MAY be additional information, associated with this There MAY be additional information, associated with this
message that need not be present in all HoT messages. MH message that need not be present in all HoT messages. Mobility
parameters are used to carry that information. The encoding options are used to carry that information. The encoding and
and format of defined parameters are described in Section 5.2. format of defined options are described in Section 6.2. This
This use of MH parameters also allows for future extensions use of mobility options also allows for future extensions
to the format of the HoT message to be defined. This to the format of the HoT message to be defined. This
specification does not define any optional parameters for the specification does not define any options valid for the HoT
HoT message. message.
If no actual parameters are present in this message, 4 bytes of Pad1
or PadN parameters are needed to make the length of the message a
multiple of 8.
The HoT message SHOULD be protected by an IPsec policy that employs The Header Length field in the Mobility Header for this message
ESP between the home agent and the mobile node, in order to prevent MUST be set to 4 (since unit is 8 octets) plus the total length of
attackets e.g. on the same link as the MN to receive the Home all mobility options present (also in 8 octet units). If no actual
Cookie. options are present in this message, no padding is necessary.
5.1.6. Care-of Test (CoT) Message 6.1.6. Care-of Test (CoT) Message
The Care-of Test (CoT) message is an answer to the CoTI message, and The Care-of Test (CoT) message is a response to the CoTI message, and
is sent from the correspondent node to the mobile node (see Section is sent from the correspondent node to the mobile node (see Section
8.2). This message is always sent with the Source Address set to the 8.2). This message is always sent with the Source Address set to the
address of the correspondent node, the Destination Address set to address of the correspondent node, the Destination Address set to
the care-of address of the mobile node, and is sent directly to the the care-of address of the mobile node, and is sent directly to the
mobile node. mobile node.
The CoT message uses the MH Type value 4. When this value is The CoT message uses the MH Type value 4. When this value is
indicated in the MH Type field, the format of the Message Data field indicated in the MH Type field, the format of the Message Data field
in the Mobility Header is as follows: in the Mobility Header is as follows:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Reserved | | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Care-of Nonce Index | | | Care-of Nonce Index | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Mobile cookie |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
+ + + +
| Care-of Cookie (128 bits) | | Care-of Cookie (128 bits) |
+ + + +
| | | |
+ + + +
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
. . . .
. Parameters . . Mobility Options .
. . . .
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Reserved Reserved
32-bit field reserved for future flags. These flag bits are The two 16-bit fields and the one 32-bit field are reserved for
reserved for future use, and MUST be set to zero, otherwise an future use. These values MUST be initialized to zero by the
error MUST be returned to the sender. sender, and MUST be ignored by the receiver.
Care-of Nonce Index Care-of Nonce Index
This field will be echoed back by the mobile node to the This field will be echoed back by the mobile node to the
correspondent node in a subsequent binding update. It correspondent node in a subsequent binding update. It
will allow the correspondent node to select the appropriate will allow the correspondent node to select the appropriate
challenge values to authenticate the binding update. challenge values to authenticate the binding update.
Mobile cookie
32-bit field which contains the mobile cookie 2, returned by
the correspondent node.
Care-of Cookie Care-of Cookie
This field contains the cookie K1 in the Return Routability This field contains the care-of cookie in the return
Procedure; it is the second of two cookies which are to be routability procedure; it is the second of two cookies which
processed to form a key which is then used to authenticate a are to be processed to form a key which is then used to
binding update. authenticate a binding update.
Parameters Mobility options
Variable-length field, of length such that the complete Variable-length field of such length that the complete Mobility
Mobility Header is an integer multiple of 8 octets long. Header is an integer multiple of 8 octets long. Contains one
Contains one or more TLV-encoded parameters. The receiver MUST or more TLV-encoded mobility options. The receiver MUST ignore
ignore and skip any parameters which it does not understand. and skip any options which it does not understand.
There MAY be additional information, associated with this There MAY be additional information, associated with this
message that need not be present in all CoT messages. MH message that need not be present in all CoT messages. Mobility
parameters are used to carry that information. The encoding options are used to carry that information. The encoding and
and format of defined parameters are described in Section 5.2. format of defined options are described in Section 6.2. This
This use of MH parameters also allows for future extensions use of mobility options also allows for future extensions
to the format of the CoT message to be defined. This to the format of the CoT message to be defined. This
specification does not define any optional parameters for the specification does not define any options valid for the CoT
CoT message. message.
If no actual parameters are present in this message, 4 bytes of Pad1 The Header Length field in the Mobility Header for this message
or PadN parameters are needed to make the length of the message a MUST be set to 4 (since unit is 8 octets) plus the total length of
multiple of 8. all mobility options present (also in 8 octet units). If no actual
options are present in this message, no padding is necessary.
5.1.7. Binding Update (BU) Message 6.1.7. Binding Update (BU) Message
The Binding Update (BU) message is used by a mobile node to notify The Binding Update (BU) message is used by a mobile node to notify
other nodes of a new care-of address for itself. A packet containing other nodes of a new care-of address for itself. A packet containing
a Binding Update message is sent with the Source Address set to the a Binding Update message is sent with the Source Address set to the
care-of address of the mobile node and the Destination Address set to care-of address of the mobile node and the Destination Address set to
the correspondent node's address. the correspondent node's address.
The Binding Update message uses the MH Type value 5. When this value The Binding Update message uses the MH Type value 5. When this value
is indicated in the MH Type field, the format of the Message Data is indicated in the MH Type field, the format of the Message Data
field in the Mobility Header is as follows: field in the Mobility Header is as follows:
skipping to change at page 40, line 47 skipping to change at page 42, line 26
| | | |
+ + + +
| | | |
+ Home Address + + Home Address +
| | | |
+ + + +
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
. . . .
. Parameters . . Mobility options .
. . . .
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Acknowledge (A) Acknowledge (A)
The Acknowledge (A) bit is set by the sending mobile node to The Acknowledge (A) bit is set by the sending mobile node to
request a Binding Acknowledgement (Section 5.1.8) be returned request a Binding Acknowledgement (Section 6.1.8) be returned
upon receipt of the Binding Update. upon receipt of the Binding Update.
Home Registration (H) Home Registration (H)
The Home Registration (H) bit is set by the sending mobile node The Home Registration (H) bit is set by the sending mobile
to request the receiving node to act as this node's home agent. node to request that the receiving node should act as this
The destination of the packet carrying this message MUST be node's home agent. The destination of the packet carrying this
that of a router sharing the same subnet prefix as the home message MUST be that of a router sharing the same subnet prefix
address of the mobile node in the binding (given by the Home as the home address of the mobile node in the binding.
Address field in the Home Address option in the packet).
Single Address Only (S) Single Address Only (S)
If the `S' bit is set, the mobile node requests that the home If the `S' bit is set, the mobile node requests that the home
agent make no changes to any other Binding Cache entry except agent make no changes to any other Binding Cache entry except
for the particular one containing the home address specified in for the particular one containing the home address specified
the Home Address option. This disables home agent processing in the Home Address destination option. This disables home
for other related addresses, as is described in Section 9.1. agent processing for other related addresses, as is described
in Section 10.2.
Duplicate Address Detection (D) Duplicate Address Detection (D)
The Duplicate Address Detection (D) bit is set by the sending The Duplicate Address Detection (D) bit is set by the sending
mobile node to request the receiving node (the mobile node's mobile node to request that the receiving node (the mobile
home agent) to perform Duplicate Address Detection [35] on node's home agent) perform Duplicate Address Detection [33]
the mobile node's home link for the home address in this on the mobile node's home link for the home address in this
binding. This bit is only valid when the Home Registration (H) binding. This bit is only valid when the Home Registration (H)
and Acknowledge (A) bits are also set, and MUST NOT be set and Acknowledge (A) bits are also set, and MUST NOT be set
otherwise. If the Duplicate Address Detection performed by otherwise. If the Duplicate Address Detection performed by
the home agent fails, the Status field in the returned Binding the home agent fails, the Status field in the returned Binding
Acknowledgement will be set to 138 (Duplicate Address Detection Acknowledgement will be set to 138 (Duplicate Address Detection
failed). failed).
Reserved Reserved
This field is unused. It MUST be initialized to zero by the This field is unused. It MUST be initialized to zero by the
sender and MUST be ignored by the receiver. sender and MUST be ignored by the receiver.
Sequence # Sequence #
A 16-bit number used by the receiving node to sequence Binding A 16-bit number used by the receiving node to sequence Binding
Updates and by the sending node to match a returned Binding Updates and by the sending node to match a returned Binding
Acknowledgement with this Binding Update. Each Binding Update Acknowledgement with this Binding Update. Each Binding Update
sent by a mobile node MUST use a Sequence Number greater than sent by a mobile node MUST use a Sequence Number greater than
the Sequence Number value sent in the previous Binding Update the Sequence Number value sent in the previous Binding Update
(if any) to the same destination address (modulo 2**16, as (if any) to the same destination address (modulo 2**16, as
defined in Section 4.7). There is no requirement, however, defined in Section 4.5). There is no requirement, however,
that the Sequence Number value strictly increase by 1 with each that the Sequence Number value strictly increase by 1 with each
new Binding Update sent or received. Both home agents and new Binding Update sent or received, as long as the value stays
within the window. A Binding Acknowledgement with Status field
set to 141 (Sequence number out of window) will be returned
if the value is outside the window. Both home agents and
correspondent nodes use the sequence number also to prevent correspondent nodes use the sequence number also to prevent
replay attacks. replay attacks.
Lifetime Lifetime
32-bit unsigned integer. The number of seconds remaining 32-bit unsigned integer. The number of seconds remaining
before the binding MUST be considered expired. A value of all before the binding MUST be considered expired. A value of all
one bits (0xffffffff) indicates infinity. A value of zero one bits (0xffffffff) indicates infinity. A value of zero
indicates that the Binding Cache entry for the mobile node MUST indicates that the Binding Cache entry for the mobile node MUST
be deleted. be deleted.
Bindings established with correspondent nodes using the return
routability procedure MUST NOT exceed MAX_RR_BINDING_LIFE
seconds.
Home Address Home Address
This field tells the correspondent node the home address of the The home address of the mobile node associated with this
mobile node. Binding Update.
Parameters Mobility options
Variable-length field, of length such that the complete Variable-length field of such length that the complete Mobility
Mobility Header is an integer multiple of 8 octets long. Header is an integer multiple of 8 octets long. Contains one
Contains one or more TLV-encoded parameters. The receiver MUST or more TLV-encoded mobility options. The encoding and format
ignore and skip any parameters which it does not understand. A of defined options are described in Section 6.2. The receiver
Binding Update sent to a correspondent node MUST include the MUST ignore and skip any options which it does not understand.
following parameters: A Binding Update sent to a correspondent node MUST include the
following options when the return routability procedure is used
as the authorization method:
- Nonce Indices parameter. This parameter contains - Nonce Indices option. This option contains information the
information the correspondent node needs in order to find correspondent node needs in order to find the challenge
the challenge values Nj and Ni. values Ni and Nj.
- Authentication Data parameter. This parameter contains a - Binding Authorization Data option. This option contains
cryptographic hash value which is used to ensure that it a cryptographic hash value which is used to ensure that
has been sent by the same party who received the HoT and it has been sent by the same party who received the HoT
CoT messages. The authenticator covering a Binding Update and CoT messages. The authenticator covering a Binding
MUST be computed over a bitstring containing the following Update MUST be 96 bits and computed over a string of octets
fields of the IPv6 header and the Mobility Header, in containing the following fields of the IPv6 header and the
order: Mobility Header, in order:
* Care-of Address, in the Source Address field of the * Care-of Address, in the Source Address field of the
IPv6 header IPv6 header
* The address of the correspondent node, in the * The address of the correspondent node, in the
Destination Address field of the IPv6 header. Destination Address field of the IPv6 header.
* The contents of the Mobility Header, excluding the * The contents of the Mobility Header, excluding the
Authenticator field (within the Authentication Data Authenticator field (within the Binding Authorization
parameter) which is included as zeroes for the purposes Data mobility option) which is not included for the
of calculating the Authenticator. Parameters of the purposes of calculating the Authenticator. Options of
Mobility Header are included in the calculation. the Mobility Header are included in the calculation.
* Four bytes of zero.
The actual authenticator calculation over sequence of bits The actual authenticator calculation over a sequence of
is described in Section 4.5. bits is described in Section 5.5.
There MAY be additional information, associated with this There MAY be additional information, associated with this
Binding Update message, that need not be present in all Binding Binding Update message, that need not be present in all Binding
Updates sent. This use of MH parameters also allows for future Updates sent. This use of mobility options also allows for
extensions to the format of the Binding Update message to be future extensions to the format of the Binding Update message
defined. The encoding and format of defined parameters are to be defined. The following options are valid in a Binding
described in Section 5.2. The following parameters are valid Update message:
in a Binding Update message:
- Unique Identifier Parameter - Unique Identifier option
- Alternate Care-of Address Parameter - Binding Authorization Data option
If no actual parameters are present in this message, 4 bytes of Pad1 - Alternate Care-of Address option
or PadN parameters are needed to make the length of the message a
multiple of 8.
A Binding Update message to the correspondent node MUST NOT include The Header Length field in the Mobility Header for this message
the Home Address option in order to avoid reflection attacks MUST be set to 4 (since unit is 8 octets) plus the total length of
described in Section 4.5. A Binding Update to the home agent MUST all mobility options present (also in 8 octet units). If no actual
include the Home Address option in order to allow for the use of options are present in this message, no padding is necessary.
manually keyed IPsec in the protection of these messages.
When a packet contains both a Home Address Option and a Binding A Binding Update to the home agent MUST include the Home Address
Update message, the sender MUST use the same address in both. The destination option in order to allow for the use of manually keyed
receiver MUST check for the equal values and MUST silently discard a IPsec in the protection of these messages. Note also that as
packet that does not pass this test. described in Section 6.3, the Home Address destination option is not
accepted by correspondent nodes that do not have an existing binding
with the sender.
The home address of the mobile node in the binding given in the When a packet contains both a Home Address destination option and a
Binding Update message is that which was received as the value of the Binding Update message, the sender MUST use the same address in both.
Home Address field in the Home Address option in the packet. The receiver MUST check for equal values and MUST silently discard a
packet that does not pass this test.
The care-of address for the binding given in the Binding Update The care-of address for the binding given in the Binding Update
message is normally that which was received as the value in the message is normally that which was received as the value in the
Source Address field in the IPv6 header of the packet carrying the Source Address field in the IPv6 header of the packet carrying the
Binding Update message. However, a care-of address different from Binding Update message. However, a care-of address different from
the Source Address MAY be specified by including an Alternate Care-of the Source Address MAY be specified by including an Alternate Care-of
Address parameter in the Binding Update message. In any case, the Address mobility option in the Binding Update message. When such
care-of address MUST NOT be any IPv6 address which is prohibited message is sent to the correspondent node and the return routability
for use within a Routing Header; thus multicast addresses, the procedure is used as the authorization method, the Care-of Test Init
unspecified address, loop-back address, and link-local addresses and Care-of Test messages MUST have been performed for the address in
are excluded. Binding Updates indicating any such excluded care-of the Alternate Care-of Address option (not the Source Address). The
address MUST be silently discarded. contents of the Nonce Indices and the Authenticator mobility options
MUST be based on information gained in this test.
If the care-of address for the binding (specified either in an
Alternate Care-of Address parameter in the Binding Update message, if
present, or in the Source Address field in the packet's IPv6 header)
is equal to the home address of the mobile node, the Binding Update
message indicates that any existing binding for the mobile node MUST
be deleted. Likewise, if the Lifetime field in the Binding parameter
is equal to 0, the Binding Update message indicates that any existing
binding for the mobile node MUST be deleted. In each of these cases,
a Binding Cache entry for the mobile node MUST NOT be created in
response to receiving the Binding Update.
When the care-of address is NOT equal to the home address, In any case, the care-of address MUST NOT be any IPv6 address
what if we just delete that particular care-of address? which is prohibited for use within a Routing Header; thus multicast
addresses, the unspecified address, loop-back address, and link-local
addresses are excluded. Binding Updates indicating any such excluded
care-of address MUST be silently discarded.
The last Sequence Number value sent to a destination in a Binding The deletion of a binding can be indicated by setting the Lifetime
parameter is stored by the mobile node in its Binding Update List field to 0 or by setting the care-of address as equal to the home
entry for that destination; the last Sequence Number value received address (the care-of address can be specified either in an Alternate
from a mobile node in a Binding Update is stored by a correspondent Care-of Address mobility option in the Binding Update message, if
node in its Binding Cache entry for that mobile node. Thus, the present, or in the Source Address field in the packet's IPv6 header).
mobile node's and the correspondent node's knowledge of the last
sequence number expire at the same time. If the sending mobile node
has no Binding Update List entry, the Sequence Number may start at
any value; if the receiving correspondent node has no Binding Cache
entry for the sending mobile node, it MUST accept any Sequence Number
value in a received Binding Update from this mobile node. The mobile
node MUST NOT use the same Sequence Number in two different Binding
Updates to the same correspondent node, even if the Binding Updates
provide different care-of addresses.
5.1.8. Binding Acknowledgement (BA) Message 6.1.8. Binding Acknowledgement (BA) Message
The Binding Acknowledgement message is used to acknowledge receipt The Binding Acknowledgement message is used to acknowledge receipt
of a Binding Update message (Section 5.1.7). When a node receives of a Binding Update message (Section 6.1.7). When a node receives
a packet containing a Binding Update message, with this node being a packet containing a Binding Update message, with this node being
the destination of the packet, this node MUST return a Binding the destination of the packet, this node MUST return a Binding
Acknowledgement to the mobile node, if the Acknowledge (A) bit is Acknowledgement to the mobile node, if the Acknowledge (A) bit
set in the Binding Parameter carried in the Binding Update. The is set in the the Binding Update. The Binding Acknowledgement
Binding Acknowledgement message is sent to the Source Address of the message is sent to the Source Address of the Binding Update message
Binding Update message it is an answer to, with the source being the which is being acknowledged. The Source Address of the Binding
Destination Address from the Binding Update. Acknowledgement is the Destination Address from the Binding Update.
The Binding Acknowledgement message has the MH Type value 6. When The Binding Acknowledgement message has the MH Type value 6. When
this value is indicated in the MH Type field, the format of the this value is indicated in the MH Type field, the format of the
Message Data field in the Mobility Header is as follows: Message Data field in the Mobility Header is as follows:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Reserved | | Status | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Status | Reserved | Sequence # | | Sequence # | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Lifetime | | Lifetime |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Refresh | | Refresh |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
. . . .
. Parameters . . Mobility options .
. . . .
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Reserved Reserved
These fields are unused. They MUST be initialized to zero by These fields are unused. They MUST be initialized to zero by
the sender and MUST be ignored by the receiver. the sender and MUST be ignored by the receiver.
Status Status
skipping to change at page 46, line 35 skipping to change at page 47, line 39
142 142
Route optimization unnecessary due to low traffic Route optimization unnecessary due to low traffic
143 143
Invalid authenticator Invalid authenticator
144 144
Too old Home Nonce Index Expired Home Nonce Index
145 145
Too old Care-of Nonce Index Expired Care-of Nonce Index
Up-to-date values of the Status field are to be specified in Up-to-date values of the Status field are to be specified in
the most recent "Assigned Numbers" [32]. the most recent "Assigned Numbers" [30].
Sequence # Sequence #
The Sequence Number in the Binding Acknowledgement is copied The Sequence Number in the Binding Acknowledgement is copied
from the Sequence Number field in the Binding Update being from the Sequence Number field in the Binding Update being
acknowledged, for use by the mobile node in matching this acknowledged, for use by the mobile node in matching this
Acknowledgement with an outstanding Binding Update. Acknowledgement with an outstanding Binding Update.
Lifetime Lifetime
The granted lifetime, in seconds, for which this node will The granted lifetime, in seconds, for which this node SHOULD
SHOULD retain the entry for this mobile node in its Binding retain the entry for this mobile node in its Binding Cache.
Cache. Correspondent nodes should make an effort to honor Correspondent nodes should make an effort to honor the
the lifetimes, since an entry that was garbage collected too lifetimes, since an entry that was garbage collected too early
early might cause subsequent packets from the mobile node to might cause subsequent packets from the mobile node to be
be dropped, if they contained the Home Address Option. While dropped, if they contained the Home Address destination option.
this situation is recoverable since an error message is sent While this situation is recoverable since an error message is
to the mobile node, it causes an unnecessary break in the sent to the mobile node, it causes an unnecessary break in the
communications. communications.
Correspondent nodes SHOULD also retain a BCE entry for the Mobile nodes SHOULD send a new Binding Update well before the
purposes of accepting Home Address Options somewhat longer than expiration of this period in order to extend the lifetime and
they keep on using the entry for Route Optimization of outgoing not cause a disruption in communications. This is particularly
packets. This helps to avoid dropped packets, particularly necessary in order to prevent packets from being dropped due
when clock drift can be a problem. to the use of the Home Address destination option without an
existing Binding Cache Entry, and the possibility of clock
drift.
If the node sending the Binding Acknowledgement is serving If the node sending the Binding Acknowledgement is serving
as the mobile node's home agent, the Lifetime period also as the mobile node's home agent, the Lifetime period also
indicates the period for which this node will continue this indicates the period for which this node will continue this
service; if the mobile node requires home agent service from service; if the mobile node requires home agent service from
this node beyond this period, the mobile node MUST send a new this node beyond this period, the mobile node MUST send a new
Binding Update to it before the expiration of this period (even Binding Update to it before the expiration of this period (even
if it is not changing its primary care-of address), in order if it is not changing its primary care-of address), in order
to extend the lifetime. The value of this field is undefined to extend the lifetime. The value of this field is undefined
if the Status field indicates that the Binding Update was if the Status field indicates that the Binding Update was
skipping to change at page 47, line 38 skipping to change at page 48, line 46
Refresh Refresh
The recommended interval, in seconds, at which the mobile The recommended interval, in seconds, at which the mobile
node SHOULD send a new Binding Update to this node in order node SHOULD send a new Binding Update to this node in order
to "refresh" the mobile node's binding in this node's Binding to "refresh" the mobile node's binding in this node's Binding
Cache. This refreshing of the binding is useful in case the Cache. This refreshing of the binding is useful in case the
node fails and loses its cache state. The Refresh period is node fails and loses its cache state. The Refresh period is
determined by the node sending the Binding Acknowledgement (the determined by the node sending the Binding Acknowledgement (the
node caching the binding). If this node is serving as the node caching the binding). If this node is serving as the
mobile node's home agent, the Refresh value may be set, for mobile node's home agent, the Refresh value may be set, for
example, based on whether the node stores its Binding Cache example, based on whether the node stores its Binding Cache in
in volatile storage or in nonvolatile storage. Note that as volatile storage or in nonvolatile storage.
discussed in Section 4.5.4, home agents need to keep at least
some information about sequence numbers in non-volatile memory.
If the node sending the Binding Acknowledgement is not If the node sending the Binding Acknowledgement is not
serving as the mobile node's home agent, the Refresh period serving as the mobile node's home agent, the Refresh period
SHOULD be set equal to the Lifetime period in the Binding SHOULD be set equal to the Lifetime period in the Binding
Acknowledgement; even if this node loses this cache entry due Acknowledgement; even if this node loses this cache entry due
to a failure of the node, packets from it can still reach the to a failure of the node, packets from it can still reach the
mobile node through the mobile node's home agent, causing a new mobile node through the mobile node's home agent, causing a new
Binding Update to this node to allow it to recreate this cache Binding Update to this node to allow it to recreate this cache
entry. The value of this field is undefined if the Status entry. The value of this field is undefined if the Status
field indicates that the Binding Update was rejected. field indicates that the Binding Update was rejected.
Parameters Mobility options
Variable-length field, of length such that the complete
Mobility Header is an integer multiple of 8 octets long.
Contains one or more TLV-encoded parameters. The receiver MUST
ignore and skip any parameters which it does not understand.
A Binding Acknowledgement sent by a correspondent node MUST
include the following parameter:
- Authentication Data parameter. This parameter contains a
cryptographic hash value which is used to ensure that it
has been sent by the correspondent node. The authenticator
covering a Binding Acknowledgement MUST be computed over
a bitstring containing the following fields of the IPv6
header and the Mobility Header, in order:
* Care-of Address, in the Destination Address field of
the IPv6 header
* The address of the correspondent node, in the Source
Address field of the IPv6 header.
* The contents of the Mobility Header, excluding the
Authenticator field (inside the Authentication Data
parameter) which is included as zeroes for the purposes
of calculating the Authenticator.
* Four bytes of zero.
The actual authenticator calculation over sequence of bits Variable-length field of such length that the complete Mobility
is described in Section 4.5. Header is an integer multiple of 8 octets long. Contains one
or more TLV-encoded mobility options. The encoding and format
of defined options are described in Section 6.2. The receiver
MUST ignore and skip any options which it does not understand.
There MAY be additional information, associated with this There MAY be additional information, associated with this
Binding Acknowledgement message, that need not be present in Binding Acknowledgement message, that need not be present
all Binding Acknowledgements sent. This use of MH parameters in all Binding Acknowledgements sent. This use of mobility
also allows for future extensions to the format of the Binding options also allows for future extensions to the format of the
Acknowledgement message to be defined. The encoding and format Binding Acknowledgement message to be defined. The following
of defined parameters are described in Section 5.2. This options are valid for the Binding Acknowledgement message:
specification does not define any parameters valid for the
Binding Acknowledgement message.
If no actual parameters are present in this message, no padding is - Binding Authorization Data option
needed.
The Header Length field in the Mobility Header for this message
MUST be set to 3 (since unit is 8 octets) plus the total length of
all mobility options present (also in 8 octet units). If no actual
options are present in this message, 4 bytes of Pad1 or PadN mobility
options are needed to make the length of the message a multiple of 8.
The Header Length field does include this padding.
The Binding Acknowledgement is sent to the source address of the The Binding Acknowledgement is sent to the source address of the
Binding Update message, regardless of whether the Binding Update Binding Update message, regardless of whether the Binding Update
succeeded or failed. No Routing Headers are inserted to the message. succeeded or failed. No Routing Headers are added to the message.
If the mobile node sends a sequence number which is not within the If the mobile node sends a sequence number which is not within the
window of acceptable sequence numbers, then the home agent MUST send window of acceptable sequence numbers, then the home agent MUST send
back a Binding Acknowledgement with status code 141, and the last back a Binding Acknowledgement with status code 141, and the last
accepted sequence number in the Sequence Number field of the Binding accepted sequence number in the Sequence Number field of the Binding
Ack Parameter. Acknowledgement message.
5.1.9. Binding Missing (BM) Message 6.1.9. Binding Error (BE) Message
The Binding Missing (BM) message is used by the correspondent node The Binding Error (BE) message is used by the correspondent node to
to signal an inappropriate attempt to use the Home Address Option signal an error related to mobility, such as an inappropriate attempt
without an existing binding. A packet containing a Binding Missing to use the Home Address destination option without an existing
message is sent to the source address of the packet that contained binding. A packet containing a Binding Error message is sent to the
the Home Address Option i.e. to the care-of address of the mobile source address of the offending packet. For instance, in the case
node. The source address of the Binding Missing message is the of the Home Address destination option error, the packet is the one
that contained the Home Address destination option and therefore
the Binding Error message is sent to the care-of address of the
mobile node. The source address of the Binding Error message is the
correspondent node's address. correspondent node's address.
When a mobile node receives a packet containing a Binding Missing The Binding Error message uses the MH Type value 7. When this value
message, it should perform one of the following three actions: is indicated in the MH Type field, the format of the Message Data
field in the Mobility Header is as follows:
- If the mobile node does not have a Binding Update List entry for
the source of the Binding Missing message, it MUST ignore the
message. This is necessary to prevent loss of resources spent on
the Route Optimization signaling due to spoofed Binding Missing
messages.
- If the mobile node does have a Binding Update List entry but
has recent upper layer progress information that indicates
communications with the correspondent node are progressing, it
MAY ignore the message. This can be done in order to limit the
damage that spoofed Binding Missing messages can cause to ongoing
communications.
- If the mobile node does have a Binding Update List entry but
no upper layer progress information, it MUST remove the entry
and route further communications through the home agent. It
may also optionally start a Return Routability Procedure (see
Section 4.5).
The Binding Missing message uses the MH Type value 7. When this
value is indicated in the MH Type field, the format of the Message
Data field in the Mobility Header is as follows:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Reserved | | Status | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
+ + + +
| | | |
+ Home Address + + Home Address +
| | | |
+ + + +
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
. . . .
. Parameters . . Mobility Options .
. . . .
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Status
8-bit unsigned integer indicating the reason for this message.
The following such Status values are currently defined:
1
Home Address destination option used without a binding
2
Received message had an unknown value for the MH Type field
Reserved Reserved
16-bit field reserved for future flags. These flag bits are A 8-bit field reserved for future use. The value MUST be
reserved for future use, and MUST be initialized to zero by the initialized to zero by the sender, and MUST be ignored by the
sender, and MUST be ignored by the receiver. receiver.
Home Address Home Address
The home address that was contained in the Home Address Option. The home address that was contained in the Home Address
The mobile node uses this information to determine which destination option. The mobile node uses this information to
binding does not exist, if there mobile node has several home determine which binding does not exist, in cases where the
addresses. mobile node has several home addresses.
Parameters Mobility options
Variable-length field, of length such that the complete Variable-length field of such length that the complete Mobility
Mobility Header is an integer multiple of 8 octets long. Header is an integer multiple of 8 octets long. Contains one
Contains one or more TLV-encoded parameters. The receiver MUST or more TLV-encoded mobility options. The receiver MUST ignore
ignore and skip any parameters which it does not understand. and skip any options which it does not understand.
There MAY be additional information, associated with this There MAY be additional information, associated with this
Binding Missing message, that need not be present in all Binding Error message, that need not be present in all Binding
Binding Missings sent. This use of MH parameters also allows Error messages sent. This use of mobility options also allows
for future extensions to the format of the Binding Missing for future extensions to the format of the Binding Error
message to be defined. The encoding and format of defined message to be defined. The encoding and format of defined
parameters are described in Section 5.2. This specification options are described in Section 6.2. This specification does
does not define any parameters for the Binding Missing message. not define any options valid for the Binding Error message.
If no actual parameters are present in this message, no padding is The Header Length field in the Mobility Header for this message
needed. MUST be set to 3 (since unit is 8 octets) plus the total length of
all mobility options present (also in 8 octet units). If no actual
options are present in this message, no padding is necessary.
5.2. Mobility Header Parameters 6.2. Mobility Options
5.2.1. Format 6.2.1. Format
In order to allow optional fields that may not be needed in every use In order to allow optional fields that may not be needed in every use
of any given Mobility Header, and to allow future extensions to the of any given Mobility Header, and to allow future extensions to the
format of these messages to be defined, any of the Mobility Header format of these messages to be defined, any of the Mobility Header
messages defined in this document MAY include one or more parameters. messages defined in this document MAY include one or more mobility
options.
Such parameters are included in the data portion of the message Such options are included in the data portion of the message itself,
itself, after the fixed portion of the message data specified in after the fixed portion of the message data specified in section 6.1.
section 5.1.
The presence of such parameters will be indicated by the Header Len The presence of such options will be indicated by the Header Len of
of the Mobility Header. the Mobility Header.
These parameters are encoded within the remaining space of the These options are encoded within the remaining space of the message
message data for that message, using a type-length-value (TLV) format data for that message, using a type-length-value (TLV) format as
as follows: follows:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Parameter Type | Parameter Len | Parameter Data... |Option Type | Option Len | Option Data... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Parameter Type Option Type
8-bit identifier of the type of parameter. When processing a
Mobility Header containing a parameter for which the Parameter
Type value is not recognized by the receiver, the receiver MUST
quietly ignore and skip over the parameter, correctly handling
any remaining sub-options in the option.
Parameter Length 8-bit identifier of the type of mobility option. When
processing a Mobility Header containing an option for which
the Option Type value is not recognized by the receiver,
the receiver MUST quietly ignore and skip over the option,
correctly handling any remaining options in the message.
8-bit unsigned integer. Length of the Parameter Data field Option Length
of this parameter, in octets. The Parameter Len includes the
length of the Parameter Type and Parameter Len fields.
Parameter Data 8-bit unsigned integer. Length of this mobility option, in
octets. The Option Len does not include the length of the
Option Type and Option Len fields.
Variable-length field. Parameter -Type-specific data. Option Data
Parameters MUST be aligned on an 8-byte boundary, and have a length A variable length field that contains data specific to the
which is a multiple of 8. option.
The following subsections specify the Parameter types which are The following subsections specify the Option types which are
currently defined for use in the Mobility Header. currently defined for use in the Mobility Header.
Implementations MUST silently ignore any parameters that they do not Implementations MUST silently ignore any mobility options that they
understand. do not understand.
5.2.2. Pad1 6.2.2. Pad1
Pad1 Parameter (alignment requirement: none) The Pad1 option does not have any alignment requirements. Its format
is as follows:
0 0
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
| 0 | | 0 |
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
NOTE! the format of the Pad1 parameter is a special case -- it has NOTE! the format of the Pad1 option is a special case -- it has
neither Parameter Len nor Parameter Data fields. neither Option Len nor Option Data fields.
The Pad1 parameter is used to insert one octet of padding into the The Pad1 option is used to insert one octet of padding in the
Parameters area of a Mobility Header. If more than one octet of Mobility Options area of a Mobility Header. If more than one octet
padding is required, the PadN parameter, described next, should be of padding is required, the PadN option, described next, should be
used, rather than multiple Pad1 parameters. used rather than multiple Pad1 options.
5.2.3. PadN 6.2.3. PadN
PadN Parameter (alignment requirement: none) The PadN option does not have any alignment requirements. Its format
is as follows:
0 1 0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - - +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - -
| 1 | Parameter Len | Parameter Data | 1 | Option Len | Option Data
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - - +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - -
The PadN parameter is used to insert two or more octets of padding The PadN option is used to insert two or more octets of padding in
into the Parameters area of some Mobility Header message. For N the Mobility Options area of a Mobility Header message. For N octets
octets of padding, the Parameter Len field contains the value N, and of padding, the Option Len field contains the value N, and the Option
the Parameter Data consists of N-2 zero-valued octets. Parameter Data consists of N-2 zero-valued octets. Option data MUST be ignored
data MUST be ignored by the receiver. by the receiver.
5.2.4. Unique Identifier 6.2.4. Unique Identifier
Unique Identifier parameter (alignment requirement: 2n) The Unique Identifier option has the alignment requirement of 2n.
Its format is as follows:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 2 | 4 | Unique Identifier | | 2 | 4 | Unique Identifier |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The Unique Identifier parameter is valid only in Binding Request and The Unique Identifier option is valid only in Binding Refresh
Binding Update messages. The Unique Identifier field contains a Request, HoTI, CoTI, and Binding Update messages. The Unique
16-bit value that serves to uniquely identify a Binding Request among Identifier field contains a 16-bit value that serves to uniquely
those sent by this Source Address, and to allow the Binding Update identify a Binding Request among those sent by this Source Address,
to identify the specific Binding Request to which it responds. This and to allow the HoTI, CoTI, and Binding Update to identify the
matching of Binding Updates to Binding Requests is required in the specific Binding Refresh Request to which it responds. This matching
of Binding Updates to Binding Refresh Requests is required in the
procedure for renumbering the home subnet while a mobile node is away procedure for renumbering the home subnet while a mobile node is away
from home (Section 9.7). from home (Section 10.9.1).
5.2.5. Alternate Care-of Address 6.2.5. Alternate Care-of Address
Alternate Care-of Address parameter (alignment requirement: 8n+6) The Alternate Care-of Address option has an alignment requirement of
8n+6. Its format is as follows:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 3 | 18 | | 3 | 18 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
+ + + +
| | | |
+ Alternate Care-of Address + + Alternate Care-of Address +
| | | |
+ + + +
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The Alternate Care-of Address parameter is valid only in Binding The Alternate Care-of Address option is valid only in Binding Update
Update message. The Alternate Care-of Address field contains an message. The Alternate Care-of Address field contains an address to
address to use as the care-of address for the binding, rather than use as the care-of address for the binding, rather than using the
using the Source Address of the packet as the care-of address. Source Address of the packet as the care-of address.
5.2.6. Nonce Indices 6.2.6. Nonce Indices
Nonce Indices parameter (alignment requirement: 8n+6) The Nonce Indices option has an alignment requirement of 2n. Its
format is as follows:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 4 | 6 | | 4 | 6 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Home Nonce Index | Care-of Nonce Index | | Home Nonce Index | Care-of Nonce Index |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The Nonce Indices parameter is valid only in the Binding Update The Nonce Indices option is valid only in the Binding Update message,
message, and only when present together with an Authentication Data and only when present together with an Binding Authorization Data
parameter. option.
The Home Nonce Index field tells the correspondent node that receives The Home Nonce Index field tells the correspondent node that receives
the message which of the challenge values (Nj) are to be used to the message which of the challenge values (Ni) are to be used to
authenticate the Binding Update. authenticate the Binding Update.
The Care-of Nonce Index field tells the correspondent node that The Care-of Nonce Index field tells the correspondent node that
receives the message which of the challenge values (Ni) are to be receives the message which of the challenge values (Nj) are to be
used to authenticate the Binding Update. used to authenticate the Binding Update.
5.2.7. Authentication Data 6.2.7. Binding Authorization Data
Authentication Data parameter (alignment requirement: 8n+6) The Binding Authorization Data option has an alignment requirement of
4n+2. Its format is as follows:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 5 | 18 | | 5 | 2 + Len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| SPI |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
+ + + +
| Authenticator | | Authenticator |
+ + + +
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The Authentication Data parameter is valid only in the Binding The Binding Authorization Data option is valid only in the Binding
Request, Binding Update, and Binding Acknowledgment messages. Refresh Request, Binding Update, and Binding Acknowledgment messages.
The Security Parameters Index (SPI) field contains an arbitrary The Option Len field contains the value 2 + Len, where Len is the
32-bit value that uniquely identifies the used security association. length of the authenticator in octets.
This document specifies only one legal value for the SPI field. This
value, 0, signifies that no security association is present and the
cryptographic context MUST be established temporarily only for the
duration of processing this message. Messages that contain other
values of the SPI field SHOULD be silently discarded.
The Authenticator field contains a 96-bit cryptographic hash The Authenticator field contains a cryptographic value which can be
value. Rules for calculating this value are different for different used to determine that the message in question comes from the right
messages, and are described in Sections 5.1.2, 5.1.7 and 5.1.8. authority. Rules for calculating this value depend on the used
authorization procedure. This specification gives the rules only for
the return routability procedure. For this procedure, this option
can only appear in a Binding Update message and rules for calculating
the Authenticator value are described in Section 6.1.7.
5.3. Home Address Option 6.3. Home Address Destination Option
The Home Address destination option is used in a packet sent by a The Home Address destination option is used in a packet sent by a
mobile node while away from home, to inform the recipient of that mobile node while away from home, to inform the recipient of that
packet of the mobile node's home address. For packets sent by a packet of the mobile node's home address. For packets sent by a
mobile node while away from home, the mobile node generally uses one mobile node while away from home, the mobile node generally uses one
of its care-of addresses as the Source Address in the packet's IPv6 of its care-of addresses as the Source Address in the packet's IPv6
header. By including a Home Address option in the IPv6 Destination header. By including a Home Address option in the IPv6 Destination
Options header of the packet, the correspondent node receiving the Options header of the packet, the correspondent node receiving the
packet is able to substitute the mobile node's home address for this packet is able to substitute the mobile node's home address for
care-of address when processing the packet. This makes the use of this care-of address when processing the packet. This makes the
the care-of address transparent to the correspondent node. Note use of the care-of address transparent to the correspondent node
that multicast addresses, link-local addresses, loopback addresses, above the Mobile IPv6 support level. Note that multicast addresses,
IPv4 mapped addresses, and the unspecified address, MUST NOT be used link-local addresses, loopback addresses, IPv4 mapped addresses,
within a Home Address option. and the unspecified address, MUST NOT be used within a Home Address
option. The Home Address Option MUST not appear more than once in
any given packet, except inside the payload part of the packet if
tunneling is involved.
The Home Address option is encoded in type-length-value (TLV) format The Home Address option is encoded in type-length-value (TLV) format
as follows: as follows:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Option Type | Option Length | | Option Type | Option Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
+ + + +
| | | |
+ Home Address + + Home Address +
| | | |
+ + + +
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sub-Options...
+-+-+-+-+-+-+-+-+-+-+-+-
Option Type Option Type
201 = 0xC9 201 = 0xC9
Option Length Option Length
8-bit unsigned integer. Length of the option, in octets, 8-bit unsigned integer. Length of the option, in octets,
excluding the Option Type and Option Length fields. This field excluding the Option Type and Option Length fields. This field
MUST be set to 16 plus the total length of all sub-options MUST be set to 16.
present, including their Sub-Option Type and Sub-Option Len
fields.
Home Address Home Address
The home address of the mobile node sending the packet. The home address of the mobile node sending the packet.
Sub-Options IPv6 requires that options appearing in a Hop-by-Hop Options
header or Destination Options header be aligned in a packet so that
Additional information, associated with this Home Address multi-octet values within the Option Data field of each option fall
option, that need not be present in all Home Address options on natural boundaries (i.e., fields of width n octets are placed at
sent. This use of sub-options also allows for future an integer multiple of n octets from the start of the header, for
extensions to the format of the Home Address option to be n = 1, 2, 4, or 8) [6]. The alignment requirement [6] for the Home
defined. Currently, no valid sub-options are defined for use Address option is 8n+6.
in a Home Address option.
The alignment requirement [6] for the Home Address option is 8n+6. The three highest-order bits of the Option Type are encoded to
indicate specific processing of the option [6]. For the Home Address
option, these three bits are set to 110, indicating that any IPv6
node processing this option that does not recognize the Option Type
must discard the packet and, only if the packet's Destination Address
was not a multicast address, return an ICMP Parameter Problem,
Code 2, message to the packet's Source Address; and that the data
within the option cannot change en-route to the packet's final
destination.
The inclusion of a Home Address option in a packet affects the A packet MUST NOT contain more than one Home Address option, except
receiving node's processing of only this single packet; no state is that an encapsulated packet [4] MAY contain a separate Home Address
created or modified in the receiving node as a result of receiving a option associated with each encapsulating IP header.
Home Address option in a packet. In particular, the presence of a
Home Address option in a received packet MUST NOT alter the contents
of the receiver's Binding Cache and MUST NOT cause any changes in the
routing of subsequent packets sent by this receiving node.
The Home Address option MUST be placed as follows: The Home Address option MUST be placed as follows:
- After the Routing Header, if that header is present - After the Routing Header, if that header is present
- Before the Fragment Header, if that header is present - Before the Fragment Header, if that header is present
- Before the AH Header or ESP Header, if either one of those - Before the AH Header or ESP Header, if either one of those
headers is present headers is present
Due to the threat of reflection attacks through the use of this Due to the threat of reflection attacks through the use of this
option, this specification requires that packets containing Home option, this specification requires that packets containing Home
Address Option MUST be dropped if there is no corresponding Binding Address option MUST be dropped if there is no corresponding Binding
Cache Entry for that home address with the currently registered Cache Entry for that home address with the currently registered
care-of address matching the source address of the packet. If the care-of address matching the source address of the packet. If the
packet is dropped, the correspondent nodes SHOULD send the Binding packet is dropped, the correspondent nodes SHOULD send the Binding
Missing message to the source address of the packet that contained Error message to the source address of the packet that contained the
the Home Address Option (see Section 5.1.9). These messages SHOULD Home Address option (see Section 6.1.9). The Status field in this
be rate-limited. message should be set to 1. These messages SHOULD be rate-limited.
No additional authentication of the Home Address option is No additional authentication of the Home Address option is
required, except that if the IPv6 header of a packet is covered required, except that if the IPv6 header of a packet is covered
by authentication, then that authentication MUST also cover the by authentication, then that authentication MUST also cover the
Home Address option; this coverage is achieved automatically by the Home Address option; this coverage is achieved automatically by the
definition of the Option Type code for the Home Address option, since definition of the Option Type code for the Home Address option, since
it indicates that the data within the option cannot change en-route it indicates that the data within the option cannot change en-route
to the packet's final destination, and thus the option is included in to the packet's final destination, and thus the option is included in
the authentication computation. By requiring that any authentication the authentication computation. By requiring that any authentication
of the IPv6 header also cover the Home Address option, the security of the IPv6 header also cover the Home Address option, the security
of the Source Address field in the IPv6 header is not compromised by of the Source Address field in the IPv6 header is not compromised by
the presence of a Home Address option. Security issues related to the presence of a Home Address option. Security issues related to
the Home Address option are discussed further in Section 4.5. When the Home Address option are discussed further in Section 5. When
attempting to verify authentication data in a packet that contains attempting to verify authentication data in a packet that contains
a Home Address option, the receiving node MUST make the calculation a Home Address option, the receiving node MUST make the calculation
as if the care-of address were present in the Home Address option, as if the care-of address were present in the Home Address option,
and the home address were present in the source IPv6 address field and the home address were present in the source IPv6 address field
of the IPv6 header. This conforms with the calculation specified in of the IPv6 header. This conforms with the calculation specified in
section 10.2. section 11.2.2.
A packet MUST NOT contain more than one Home Address option, except
that an encapsulated packet [4] MAY contain a separate Home Address
option associated with each encapsulating IP header.
The three highest-order bits of the Option Type are encoded to The inclusion of a Home Address destination option in a packet
indicate specific processing of the option [6]. For the Home Address affects the receiving node's processing of only this single packet;
option, these three bits are set to 110, indicating that any IPv6 no state is created or modified in the receiving node as a result
node processing this option that does not recognize the Option Type of receiving a Home Address option in a packet. In particular, the
must discard the packet and, only if the packet's Destination Address presence of a Home Address option in a received packet MUST NOT alter
was not a multicast address, return an ICMP Parameter Problem, the contents of the receiver's Binding Cache and MUST NOT cause any
Code 2, message to the packet's Source Address; and that the data changes in the routing of subsequent packets sent by this receiving
within the option cannot change en-route to the packet's final node.
destination.
5.4. Routing Header type 2 6.4. Routing Header type 2
Mobile IPv6 uses a routing header to carry the Home Address for Mobile IPv6 uses a Routing header to carry the Home Address for
packets sent from a correspondent node to a mobile node, which the packets sent from a correspondent node to a mobile node. The Care of
Care of Address of the MN is carried in the IPv6 destination field. Address of the mobile node is carried in the IPv6 destination field.
This uses a different routing header type than what is defined This uses a different Routing header type than defined for "regular"
for ``regular'' IPv6 source routing to make it possible for e.g., IPv6 source routing, enabling firewalls to apply different rules
firewalls to have different rules for source routing versus MIPv6. to source routed packets than to MIPv6. This Routing header type
This routing header type (type 2) is restricted to only carry one (Type 2) is restricted to carry only one IPv6 address. All IPv6
IPv6 address and all IPv6 nodes which process it MUST verify that the nodes which process this Routing header MUST verify that the address
address contained in the routing header is the home address of the contained within is the node's own home address in order to prevent
node in order to prevent packets with this routing header type to be packets from being forwarded outside the node.
forwarded after decrementing the segments left field.
5.4.1. Routing Header Packet format 6.4.1. Routing Header Packet format
The Type 2 Routing header has the following format: The Type 2 Routing header has the following format:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Next Header | Hdr Ext Len=2 | Routing Type=2|Segments Left=1| | Next Header | Hdr Ext Len=2 | Routing Type=2|Segments Left=1|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Reserved | | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
+ + + +
skipping to change at page 58, line 52 skipping to change at page 58, line 51
Protocol field [10]. Protocol field [10].
Hdr Ext Len Hdr Ext Len
8-bit unsigned integer. Length of the Routing header in 8-bit unsigned integer. Length of the Routing header in
8-octet units, not including the first 8 octets. For the Type 8-octet units, not including the first 8 octets. For the Type
2 Routing header, Hdr Ext Len is always 2. 2 Routing header, Hdr Ext Len is always 2.
Routing Type Routing Type
2. 8-bit unsigned integer that contains the value 2.
Segments Left Segments Left
8-bit unsigned integer. Number of route segments remaining, 8-bit unsigned integer. Number of route segments remaining;
i.e., number of explicitly listed intermediate nodes still to i.e., number of explicitly listed intermediate nodes still to
be visited before reaching the final destination. For the type be visited before reaching the final destination. Packets
2 routing header, Segments left is always 1. transmitted through an interface have Segments left is always 1
in this type of Routing header.
Reserved Reserved
32-bit reserved field. Initialized to zero for transmission; 32-bit reserved field. Initialized to zero for transmission,
ignored on reception. and ignored on reception.
Home Address Home Address
The Home Address of the destination Mobile Node. The Home Address of the destination Mobile Node.
5.4.2. Sending RH type 2 The ordering rules for extension headers in an IPv6 packet are
described in Section 4.1 of [6]. The new Routing header (Type 2)
A correspondent node sends packets with a routing header based on the defined for Mobile IPv6 follows the same ordering as other routing
content of the binding cache. Conceptually this is done by the IP headers. If more than one Routing header (e.g., both a Type 0 and a
layer inspecting the binding cache and if there is an entry for the Type 2 Routing header are present), the Type 2 Routing header should
destination address (the Home Address) then the IP layer inserts a follow all other Routing headers. Otherwise the order of routing
routing header of type 2 based on the ordering rules below and moves headers is independent of their type and follows [6].
the Home Address to the Home Address field in the RH and places the
Care of Address in the IPv6 destination field.
Note that following the above conceptually model in an implementation
creates some additional requirements for path MTU discovery since the
packetization layer (e.g., TCP and applications using UDP) need to be
aware of the size of the headers added by the IP layer on the sending
node.
The IP layer will insert the routing header before performing IPsec
processing. The IPsec Security Policy Database will be consulted
based on the IP source address and the final IP destination (which
will be in the routing header). The definition of AH ensures that
the AH calculation is done on the packet in the form it will have on
the receiver after advancing the routing header.
5.4.3. Verification by receiver
A node receiving a packet addressed to itself (i.e., one of the
node's addresses is in the IPv6 destination field) follows the next
header chain of headers and processes them. When it encounters a
routing header of type 2 during this processing it performs the
following checks. If any of these checks fail the node MUST silently
discard the packet.
- The node is a mobile node.
- The length field in the RH is exactly 2
- The segments left field in the RH is exactly 1
- The Home Address field in the RH is (one of) the node's Home
Address(es)
Once the above checks have been performed the routing header
processing. Conceptually this follows the same model as in RFC 2460
i.e. swap the IPv6 destination field with the Home Address field
in the RH, decrement segments left, and resubmit the packet to IP
for processing the next header. However, in the case of RH type 2
this can be simplified since it is known that the packet will not be
forwarded to a different node.
Since IPsec headers follow the Routing Header any IPsec processing
will operate on the packet with the HoA in the IP destination field
and segments left being zero. Thus AH will see the packet in the
same "shape" as the AH calculation on the sender.
5.4.4. Extension header ordering
Section 4.1 in RFC 2460 lists the extension header ordering. The
introduction of Routing Header type 2 potentially allows there to be
multiple routing headers in a single packet. If this is the case
the Routing Header type 2 should follow any Routing header of other
type but otherwise the order constraints for routing headers is
independent of their type and follows RFC 2460.
5.4.5. Reversing type 2 routing headers
In addition, the general procedures defined by IPv6 for Routing In addition, the general procedures defined by IPv6 for Routing
headers suggest that a received Routing header MAY be automatically headers suggest that a received Routing header MAY be automatically
"reversed" to construct a Routing header for use in any response "reversed" to construct a Routing header for use in any response
packets sent by upper-layer protocols, if the received packet packets sent by upper-layer protocols, if the received packet is
is authenticated [6]. This MUST NOT be done to type 2 routing authenticated [6]. This MUST NOT be done automatically for Type 2
headers. Routing headers.
5.5. Mobile IPv6 Destination Option Sub-Options
In order to allow future extensions to the format of MIPv6
destination options, any of the Mobile IPv6 destination options
defined in this document MAY include one or more sub-options.
Such sub-options are included in the data portion of the destination
option itself, after the fixed portion of the option data specified
for that particular destination option (Section 5.3). The presence
of such sub-options will be indicated by the Option Length field.
When the Option Length is greater than the standard length defined
for that destination option, the remaining octets are interpreted as
sub-options.
These sub-options are encoded within the remaining space of the
option data for that option, using a type-length-value (TLV) format
as follows:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Sub-Option Type| Sub-Option Len| Sub-Option Data...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Sub-Option Type
8-bit identifier of the type of sub-option. When processing
a Mobile IPv6 destination option containing a sub-option for
which the Sub-Option Type value is not recognized by the
receiver, the receiver SHOULD quietly ignore and skip over the
sub-option, correctly handling any remaining sub-options in the
option.
Sub-Option Length
8-bit unsigned integer. Length of the Sub-Option Data field
of this sub-option, in octets. The Sub-Option Len does not
include the length of the Sub-Option Type and Sub-Option Len
fields.
Sub-Option Data
Variable-length field. Sub-Option-Type-specific data.
As with IPv6 options appearing in a Hop-by-Hop Options header
or Destination Options header [6], individual sub-options within
a Mobile IPv6 destination option may have specific alignment
requirements, to ensure that multi-octet values within Sub-Option
Data fields fall on natural boundaries. The alignment requirement
of each sub-option is specified as part of the definition of each
sub-option below.
Each section above defining the Mobile IPv6 destination options
specifies which of the defined sub-options is valid for that
destination option. In addition, there are two padding sub-options,
Pad1 and PadN (defined below), which are used when necessary to align
subsequent sub-options. The Pad1 and PadN sub-options are valid for
all Mobile IPv6 destination options. Unlike the padding options
used in Hop-by-Hop Options header or Destination Options header [6],
there is no requirement for padding the total size of any Mobile IPv6
destination option to a multiple of 8 octets in length, and the
Pad1 and PadN sub-options SHOULD NOT be used for this purpose. All
Mobile IPv6 sub-options defined in this document MUST be recognized
by all Mobile IPv6 implementations.
5.5.1. Pad1
Pad1 Sub-Option (alignment requirement: none)
0
0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+
| 0 |
+-+-+-+-+-+-+-+-+
NOTE! the format of the Pad1 sub-option is a special
case -- it has neither Sub-Option Len nor Sub-Option Data
fields.
The Pad1 sub-option is used to insert one octet of padding
into the Sub-Options area of a Mobile IPv6 option. If more
than one octet of padding is required, the PadN sub-option,
described next, should be used, rather than multiple Pad1
sub-options.
5.5.2. PadN
PadN Sub-Option (alignment requirement: none)
0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - -
| 1 | Sub-Option Len| Sub-Option Data
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - -
The PadN sub-option is used to insert two or more octets of
padding into the Sub-Options area of a Mobile IPv6 option.
For N octets of padding, the Sub-Option Len field contains
the value N-2, and the Sub-Option Data consists of N-2
zero-valued octets.
5.6. ICMP Home Agent Address Discovery Request Message 6.5. ICMP Home Agent Address Discovery Request Message
The ICMP Home Agent Address Discovery Request message is used by a The ICMP Home Agent Address Discovery Request message is used by a
mobile node to initiate the dynamic home agent address discovery mobile node to initiate the dynamic home agent address discovery
mechanism, as described in Sections 9.9 and 10.8. The mobile mechanism, as described in Sections 10.9 and 11.3.2. The mobile
node sends a Home Agent Address Discovery Request message to the node sends a Home Agent Address Discovery Request message to the
"Mobile IPv6 Home-Agents" anycast address for its own home subnet "Mobile IPv6 Home-Agents" anycast address for its own home subnet
prefix [11], and one of the home agents there responds to the mobile prefix [11], and one of the home agents responds to the mobile node
node with a Home Agent Address Discovery Reply message giving a list with a Home Agent Address Discovery Reply message, providing a list
of the routers on the mobile node's home link serving as home agents. of the routers on the mobile node's home link serving as home agents.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum | | Type | Code | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identifier | Reserved | | Identifier | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type Type
150 <To Be Assigned by IANA> 150 <To Be Assigned by IANA>
Code Code
0 0
Checksum Checksum
skipping to change at page 63, line 49 skipping to change at page 60, line 29
Reply messages to this Home Agent Address Discovery Request Reply messages to this Home Agent Address Discovery Request
message. message.
Reserved Reserved
This field is unused. It MUST be initialized to zero by the This field is unused. It MUST be initialized to zero by the
sender and MUST be ignored by the receiver. sender and MUST be ignored by the receiver.
The Source Address of the Home Agent Address Discovery Request The Source Address of the Home Agent Address Discovery Request
message packet MUST be one of the mobile node's current care-of message packet MUST be one of the mobile node's current care-of
addresses. The home agent then MUST return the Home Agent Address addresses. The home agent MUST then return the Home Agent Address
Discovery Reply message directly to the Source Address chosen by Discovery Reply message directly to the Source Address chosen by the
the mobile node Note that, at the time of performing this dynamic mobile node. Note that, at the time of performing this dynamic home
home agent address discovery, it is likely that the mobile node not agent address discovery, it is likely that the mobile node is not
registered with any home agent within the specified anycast group. registered with any home agent within the specified anycast group.
5.7. ICMP Home Agent Address Discovery Reply Message 6.6. ICMP Home Agent Address Discovery Reply Message
The ICMP Home Agent Address Discovery Reply message is used by a The ICMP Home Agent Address Discovery Reply message is used by
home agent to respond to a mobile node using the dynamic home agent a home agent to respond to a mobile node using the dynamic home
address discovery mechanism, as described in Sections 9.9 and 10.8. agent address discovery mechanism, as described in Sections 10.9
The mobile node sends a Home Agent Address Discovery Request message and 11.3.2. The mobile node sends a Home Agent Address Discovery
to the "Mobile IPv6 Home-Agents" anycast address for its own home Request message to the "Mobile IPv6 Home-Agents" anycast address
subnet prefix [11], and one of the home agents there responds to the for its own home subnet prefix [11], and one of the home agents
mobile node with a Home Agent Address Discovery Reply message giving responds to the mobile node with a Home Agent Address Discovery Reply
a list of the routers on the mobile node's home link serving as home message, providing a list of the routers on the mobile node's home
agents. link serving as home agents.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum | | Type | Code | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identifier | | | Identifier | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
| | | |
+ Reserved + + Reserved +
skipping to change at page 66, line 5 skipping to change at page 63, line 5
This field is unused. It MUST be initialized to zero by the This field is unused. It MUST be initialized to zero by the
sender and MUST be ignored by the receiver. sender and MUST be ignored by the receiver.
Home Agent Addresses Home Agent Addresses
A list of addresses of home agents on the home link for the A list of addresses of home agents on the home link for the
mobile node. The number of addresses present in the list is mobile node. The number of addresses present in the list is
indicated by the remaining length of the IPv6 packet carrying indicated by the remaining length of the IPv6 packet carrying
the Home Agent Address Discovery Reply message. the Home Agent Address Discovery Reply message.
5.8. ICMP Mobile Prefix Solicitation Message Format 6.7. ICMP Mobile Prefix Solicitation Message Format
The ICMP Mobile Prefix Solicitation Message is sent by a mobile node The ICMP Mobile Prefix Solicitation Message is sent by a mobile node
to its home agent while it is away from home. The purpose of the to its home agent while it is away from home. The purpose of the
message is to solicit a Mobile Prefix Advertisement from the home message is to solicit a Mobile Prefix Advertisement from the home
agent, which will allow the mobile node to gather prefix information agent, which will allow the mobile node to gather prefix information
about its home network. This information can be used to configure about its home network. This information can be used to configure
home address(es) by stateless address autoconfiguration [35], home address(es) by stateless address autoconfiguration [33],
or update address(es) according to changes in prefix information or update address(es) according to changes in prefix information
supplied by the home agent. supplied by the home agent.
The Mobile Prefix Solicitation is similar to the Router Solicitation The Mobile Prefix Solicitation is similar to the Router Solicitation
used in Neighbor Discovery [20], except it is routed from the mobile used in Neighbor Discovery [20], except it is routed from the mobile
node on the visited network to the home agent on the home network by node on the visited network to the home agent on the home network by
usual unicast routing rules. usual unicast routing rules.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
skipping to change at page 66, line 45 skipping to change at page 63, line 45
Destination Address Destination Address
The address of the mobile node's home agent. This home agent The address of the mobile node's home agent. This home agent
must be on the link which the mobile node wishes to learn must be on the link which the mobile node wishes to learn
prefix information about. prefix information about.
Hop Limit Hop Limit
Set to an initial hop limit value, and this message is routed Set to an initial hop limit value, and this message is routed
according to the rules of a typical unicast packet. A hop according to the rules of a typical unicast packet. A hop
limit of 64 is currently suggested [32]. limit of 64 is currently suggested [30].
Authentication Header Authentication Header
If a Security Association for the IP Authentication Header If a Security Association for the IP Authentication Header
exists between the sender and the destination address, then the exists between the sender and the destination address, then the
sender SHOULD include this header. [subject to change] sender SHOULD include this header. [subject to change]
ICMP Fields: ICMP Fields:
Type Type
skipping to change at page 68, line 5 skipping to change at page 65, line 5
Checksum Checksum
The ICMP checksum [5]. The ICMP checksum [5].
Reserved Reserved
This field is unused. It MUST be initialized to zero by the This field is unused. It MUST be initialized to zero by the
sender and MUST be ignored by the receiver. sender and MUST be ignored by the receiver.
5.9. ICMP Mobile Prefix Advertisement Message Format 6.8. ICMP Mobile Prefix Advertisement Message Format
A home agent will send a Mobile Prefix Advertisement message to a A home agent will send a Mobile Prefix Advertisement message to a
mobile node to distribute prefix information about the home link mobile node to distribute prefix information about the home link
while the mobile node is traveling away from the home network. This while the mobile node is traveling away from the home network. This
will occur in response to a Mobile Prefix Solicitation with an will occur in response to a Mobile Prefix Solicitation with an
Advertisement, or by an unsolicited Advertisement sent according to Advertisement, or by an unsolicited Advertisement sent according to
the rules in Section 5.9. the rules in Section 10.9.1.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum | | Type | Code | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Options ... | Options ...
+-+-+-+-+-+-+-+-+-+-+-+- +-+-+-+-+-+-+-+-+-+-+-+-
IP Fields: IP Fields:
Source Address Source Address
The home agent's address as the mobile node would
expect to see it (i.e. same prefix) The home agent's address as the mobile node would expect to see
it (i.e., same network prefix)
Destination Address Destination Address
If this message is a response to a Mobile Prefix
Solicitation, the Source Address field from that If this message is a response to a Mobile Prefix Solicitation,
packet. For unsolicited messages, the mobile node's the Source Address field from that packet. For unsolicited
care-of address SHOULD be used, if it is currently messages, the mobile node's care-of address SHOULD be used, if
registered with the home agent. Otherwise, the it is currently registered with the home agent. Otherwise, the
mobile node's home address SHOULD be used. mobile node's home address SHOULD be used.
Authentication Header Authentication Header
This header MUST be sent, unless the mobile node
has not yet configured, and is using its care-of An AH header MUST be included unless the mobile node has yet to
address. [subject to change] configure a home address.
ICMP Fields: ICMP Fields:
Type Type
153 <To Be Assigned by IANA> 153 <To Be Assigned by IANA>
Code Code
0 0
Checksum Checksum
The ICMP checksum [5]. The ICMP checksum [5].
Options: Options:
Prefix Information Prefix Information
Each message contains one or more Prefix Information options, Each message contains one or more Prefix Information options.
which contain the prefix(es) the mobile node should configure Each option carries the prefix(es) that the mobile node
its home address(es) with. Section 9.7 describes which should use to configure its home address(es). Section 10.9.1
prefixes should be advertised to the mobile node. describes which prefixes should be advertised to the mobile
node.
The Prefix Information option is defined in Section 4.6.2 The Prefix Information option is defined in Section 4.6.2
of [20], with modifications defined in Section 6.2 of this of [20], with modifications defined in Section 7.2 of this
specification. The home agent MUST use this modified Prefix specification. The home agent MUST use this modified Prefix
Information option to send the aggregate list of home network Information option to send the aggregate list of home network
prefixes as defined in Section 9.9.1. prefixes as defined in Section 10.9.1.
The Mobile Prefix Advertisement sent by the home agent MAY include The Mobile Prefix Advertisement sent by the home agent MAY include
the Source Link-layer Address option defined in RFC 2461 [20], or the the Source Link-layer Address option defined in RFC 2461 [20], or the
Advertisement Interval option specified in Section 6.3. Advertisement Interval option specified in Section 7.3.
Future versions of this protocol may define new option types. Home Future versions of this protocol may define new option types. Mobile
Agents MUST silently ignore any options they do not recognize and nodes MUST silently ignore any options they do not recognize and
continue processing the message. continue processing the message.
6. Modifications to IPv6 Neighbor Discovery 7. Modifications to IPv6 Neighbor Discovery
6.1. Modified Router Advertisement Message Format 7.1. Modified Router Advertisement Message Format
Mobile IPv6 modifies the format of the Router Advertisement Mobile IPv6 modifies the format of the Router Advertisement
message [20] by the addition of a single flag bit to indicate that message [20] by the addition of a single flag bit to indicate that
the router sending the Advertisement message is serving as a home the router sending the Advertisement message is serving as a home
agent on this link. The format of the Router Advertisement message agent on this link. The format of the Router Advertisement message
is as follows: is as follows:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 71, line 5 skipping to change at page 68, line 5
The Home Agent (H) bit is set in a Router Advertisement to The Home Agent (H) bit is set in a Router Advertisement to
indicate that the router sending this Router Advertisement is indicate that the router sending this Router Advertisement is
also functioning as a Mobile IP home agent on this link. also functioning as a Mobile IP home agent on this link.
Reserved Reserved
Reduced from a 6-bit field to a 5-bit field to account for the Reduced from a 6-bit field to a 5-bit field to account for the
addition of the Home Agent (H) bit. addition of the Home Agent (H) bit.
6.2. Modified Prefix Information Option Format 7.2. Modified Prefix Information Option Format
Mobile IPv6 requires knowledge of a router's global address for two Mobile IPv6 requires knowledge of a router's global address for two
reasons: reasons:
- To allow a home agent (a router) to learn the address of all - To allow a home agent (a router) to learn the address of all
other home agents on the link for which it is providing home other home agents on the link for which it is providing home
agent service, for use in building its Home Agents List as agent service, for use in building its Home Agents List as
part of the dynamic home agent address discovery mechanism part of the dynamic home agent address discovery mechanism
(Sections 9.9 and 10.8). (Sections 10.9 and 11.3.2).
- To allow a mobile node to send a Binding Update to a router on - To allow a mobile node to send a Binding Update to a router on
the link on which its previous care-of address is located, for the link on which its previous care-of address is located, for
purposes of establishing forwarding from this previous care-of purposes of establishing forwarding from this previous care-of
address to its new care-of address (Section 10.11). address to its new care-of address (Section 11.6.6).
However, Neighbor Discovery [20] only advertises a router's However, Neighbor Discovery [20] only advertises a router's
link-local address, by requiring this address to be used as the IP link-local address, by requiring this address to be used as the IP
Source Address of each Router Advertisement. Source Address of each Router Advertisement.
Mobile IPv6 extends Neighbor Discovery to allow a router to easily Mobile IPv6 extends Neighbor Discovery to allow a router to easily
and efficiently advertise its global address, by the addition of a and efficiently advertise its global address, by the addition of a
single flag bit in the format of a Prefix Information option for single flag bit in the format of a Prefix Information option for
use in Router Advertisement messages. The format of the Prefix use in Router Advertisement messages. The format of the Prefix
Information option is as follows: Information option is as follows:
skipping to change at page 73, line 5 skipping to change at page 70, line 5
Information option with the Router Address (R) bit set. Information option with the Router Address (R) bit set.
All routers SHOULD include at least one Prefix Information option All routers SHOULD include at least one Prefix Information option
with the Router Address (R) bit set, in each unsolicited multicast with the Router Address (R) bit set, in each unsolicited multicast
Router Advertisement that they send. If multiple Advertisements Router Advertisement that they send. If multiple Advertisements
are being sent instead of a single larger unsolicited multicast are being sent instead of a single larger unsolicited multicast
Advertisement, at least one of these multiple Advertisements SHOULD Advertisement, at least one of these multiple Advertisements SHOULD
include a Prefix Information option with the Router Address (R) bit include a Prefix Information option with the Router Address (R) bit
set. set.
6.3. New Advertisement Interval Option Format 7.3. New Advertisement Interval Option Format
Mobile IPv6 defines a new Advertisement Interval option, used in Mobile IPv6 defines a new Advertisement Interval option, used in
Router Advertisement messages to advertise the interval at which the Router Advertisement messages to advertise the interval at which the
sending router sends unsolicited multicast Router Advertisements. sending router sends unsolicited multicast Router Advertisements.
The format of the Advertisement Interval option is as follows: The format of the Advertisement Interval option is as follows:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Reserved | | Type | Length | Reserved |
skipping to change at page 73, line 47 skipping to change at page 70, line 47
32-bit unsigned integer. The maximum time, in milliseconds, 32-bit unsigned integer. The maximum time, in milliseconds,
between successive unsolicited router Router Advertisement between successive unsolicited router Router Advertisement
messages sent by this router on this network interface. Using messages sent by this router on this network interface. Using
the conceptual router configuration variables defined by the conceptual router configuration variables defined by
Neighbor Discovery [20], this field MUST be equal to the value Neighbor Discovery [20], this field MUST be equal to the value
MaxRtrAdvInterval, expressed in milliseconds. MaxRtrAdvInterval, expressed in milliseconds.
Routers MAY include this option in their Router Advertisements. A Routers MAY include this option in their Router Advertisements. A
mobile node receiving a Router Advertisement containing this option mobile node receiving a Router Advertisement containing this option
SHOULD utilize the specified Advertisement Interval for that router SHOULD utilize the specified Advertisement Interval for that router
in its movement detection algorithm, as described in Section 10.4. in its movement detection algorithm, as described in Section 11.4.1.
This option MUST be silently ignored for other Neighbor Discovery This option MUST be silently ignored for other Neighbor Discovery
messages. messages.
6.4. New Home Agent Information Option Format 7.4. New Home Agent Information Option Format
Mobile IPv6 defines a new Home Agent Information option, used in Mobile IPv6 defines a new Home Agent Information option, used in
Router Advertisement messages sent by a home agent to advertise Router Advertisement messages sent by a home agent to advertise
information specific to this router's functionality as a home agent. information specific to this router's functionality as a home agent.
The format of the Home Agent Information option is as follows: The format of the Home Agent Information option is as follows:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Reserved | | Type | Length | Reserved |
skipping to change at page 74, line 49 skipping to change at page 71, line 49
ordering the addresses returned to a mobile node in the Home ordering the addresses returned to a mobile node in the Home
Agent Addresses field of a Home Agent Address Discovery Reply Agent Addresses field of a Home Agent Address Discovery Reply
message. Higher values mean more preferable. If this option message. Higher values mean more preferable. If this option
is not included in a Router Advertisement in which the Home is not included in a Router Advertisement in which the Home
Agent (H) bit is set, the preference value for this home agent Agent (H) bit is set, the preference value for this home agent
SHOULD be considered to be 0. Values greater than 0 indicate a SHOULD be considered to be 0. Values greater than 0 indicate a
home agent more preferable than this default value, and values home agent more preferable than this default value, and values
less than 0 indicate a less preferable home agent. less than 0 indicate a less preferable home agent.
The manual configuration of the Home Agent Preference value The manual configuration of the Home Agent Preference value
is described in Section 7.2. In addition, the sending home is described in Section 8.3. In addition, the sending home
agent MAY dynamically set the Home Agent Preference value, for agent MAY dynamically set the Home Agent Preference value, for
example basing it on the number of mobile nodes it is currently example basing it on the number of mobile nodes it is currently
serving or on its remaining resources for serving additional serving or on its remaining resources for serving additional
mobile nodes; such dynamic settings are beyond the scope of mobile nodes; such dynamic settings are beyond the scope of
this document. Any such dynamic setting of the Home Agent this document. Any such dynamic setting of the Home Agent
Preference, however, MUST set the preference appropriately, Preference, however, MUST set the preference appropriately,
relative to the default Home Agent Preference value of 0 that relative to the default Home Agent Preference value of 0 that
may be in use by some home agents on this link (i.e., a home may be in use by some home agents on this link (i.e., a home
agent not including a Home Agent Information option in its agent not including a Home Agent Information option in its
Router Advertisements will be considered to have a Home Agent Router Advertisements will be considered to have a Home Agent
skipping to change at page 75, line 23 skipping to change at page 72, line 23
home agent in units of seconds. The default value is the same home agent in units of seconds. The default value is the same
as the Router Lifetime, as specified in the main body of the as the Router Lifetime, as specified in the main body of the
Router Advertisement message. The maximum value corresponds Router Advertisement message. The maximum value corresponds
to 18.2 hours. A value of 0 MUST NOT be used. The Home Agent to 18.2 hours. A value of 0 MUST NOT be used. The Home Agent
Lifetime applies only to this router's usefulness as a home Lifetime applies only to this router's usefulness as a home
agent; it does not apply to information contained in other agent; it does not apply to information contained in other
message fields or options. message fields or options.
Home agents MAY include this option in their Router Advertisements. Home agents MAY include this option in their Router Advertisements.
This option MUST NOT be included in a Router Advertisement in which This option MUST NOT be included in a Router Advertisement in which
the Home Agent (H) bit (see Section 6.1) is not set. If this option the Home Agent (H) bit (see Section 7.1) is not set. If this option
is not included in a Router Advertisement in which the Home Agent (H) is not included in a Router Advertisement in which the Home Agent (H)
bit is set, the lifetime for this home agent MUST be considered to be bit is set, the lifetime for this home agent MUST be considered to
the same as the Router Lifetime in the Router Advertisement. be the same as the Router Lifetime in the Router Advertisement.
If multiple Advertisements are being sent instead of a single
larger unsolicited multicast Advertisement, all of the multiple
Advertisements with the Router Address (R) bit set MUST include this
option with the same contents, otherwise this option MUST be omitted
from all Advertisements.
This option MUST be silently ignored for other Neighbor Discovery This option MUST be silently ignored for other Neighbor Discovery
messages. messages.
If both the Home Agent Preference and Home Agent Lifetime are set If both the Home Agent Preference and Home Agent Lifetime are set
to their default values specified above, this option SHOULD NOT be to their default values specified above, this option SHOULD NOT be
included in the Router Advertisement messages sent by this home included in the Router Advertisement messages sent by this home
agent. agent.
6.5. Changes to Sending Router Advertisements 7.5. Changes to Sending Router Advertisements
The Neighbor Discovery protocol specification [20] limits routers to The Neighbor Discovery protocol specification [20] limits routers to
a minimum interval of 3 seconds between sending unsolicited multicast a minimum interval of 3 seconds between sending unsolicited multicast
Router Advertisement messages from any given network interface Router Advertisement messages from any given network interface
(limited by MinRtrAdvInterval and MaxRtrAdvInterval), stating that: (limited by MinRtrAdvInterval and MaxRtrAdvInterval), stating that:
"Routers generate Router Advertisements frequently enough "Routers generate Router Advertisements frequently enough
that hosts will learn of their presence within a few that hosts will learn of their presence within a few
minutes, but not frequently enough to rely on an absence minutes, but not frequently enough to rely on an absence
of advertisements to detect router failure; a separate of advertisements to detect router failure; a separate
skipping to change at page 76, line 54 skipping to change at page 73, line 54
Use of these modified limits MUST be configurable, and specific Use of these modified limits MUST be configurable, and specific
knowledge of the type of network interface in use SHOULD be taken knowledge of the type of network interface in use SHOULD be taken
into account in configuring these limits for each network interface. into account in configuring these limits for each network interface.
When sending unsolicited multicast Router Advertisements more When sending unsolicited multicast Router Advertisements more
frequently than the standard limit on unsolicited multicast frequently than the standard limit on unsolicited multicast
Advertisement frequency, the sending router need not include all Advertisement frequency, the sending router need not include all
options in each of these Advertisements, but it SHOULD include at options in each of these Advertisements, but it SHOULD include at
least one Prefix Information option with the Router Address (R) bit least one Prefix Information option with the Router Address (R) bit
set (Section 6.2) in each. set (Section 7.2) in each.
6.6. Changes to Sending Router Solicitations 7.6. Changes to Sending Router Solicitations
In addition to the limit on routers sending unsolicited multicast In addition to the limit on routers sending unsolicited multicast
Router Advertisement messages (Section 6.5), Neighbor Discovery Router Advertisement messages (Section 7.5), Neighbor Discovery
defines limits on nodes sending Router Solicitation messages, such defines limits on nodes sending Router Solicitation messages, such
that a node SHOULD send no more than 3 Router Solicitations, and that that a node SHOULD send no more than 3 Router Solicitations, and that
these 3 transmissions SHOULD be spaced at least 4 seconds apart. these 3 transmissions SHOULD be spaced at least 4 seconds apart.
However, these limits prevent a mobile node from finding a new However, these limits prevent a mobile node from finding a new
default router (and thus a new care-of address) quickly as it moves default router (and thus a new care-of address) quickly as it moves
about. about.
Mobile IPv6 relaxes this limit such that, while a mobile node is away Mobile IPv6 relaxes this limit such that, while a mobile node is away
from home, it MAY send Router Solicitations more frequently. The from home, it MAY send Router Solicitations more frequently. The
following limits for sending Router Solicitations are recommended for following limits for sending Router Solicitations are recommended for
skipping to change at page 78, line 5 skipping to change at page 75, line 5
sends Router Solicitations unless it has received a positive sends Router Solicitations unless it has received a positive
indication (such as from lower network layers) that it has moved indication (such as from lower network layers) that it has moved
to a new link. After successfully acquiring a new care-of to a new link. After successfully acquiring a new care-of
address, the mobile node SHOULD also increase the rate at which address, the mobile node SHOULD also increase the rate at which
it will send Router Solicitations when it next begins searching it will send Router Solicitations when it next begins searching
for a new default router and care-of address. for a new default router and care-of address.
- A mobile node that is currently configured with a care-of address - A mobile node that is currently configured with a care-of address
SHOULD NOT send Router Solicitations to the default router SHOULD NOT send Router Solicitations to the default router
on it current link, until its movement detection algorithm on it current link, until its movement detection algorithm
(Section 10.4) determines that it has moved and that its current (Section 11.4.1) determines that it has moved and that its
care-of address might no longer be valid. current care-of address might no longer be valid.
7. Requirements for Types of IPv6 Nodes 8. Requirements for Types of IPv6 Nodes
Mobile IPv6 places some special requirements on the functions Mobile IPv6 places some special requirements on the functions
provided by different types of IPv6 nodes. This section summarizes provided by different types of IPv6 nodes. This section summarizes
those requirements, identifying the functionality each requirement those requirements, identifying the functionality each requirement
is intended to support. Further details on this functionality is is intended to support. Further details on this functionality is
provided in the following sections. provided in the following sections.
7.1. Requirements for All IPv6 Routers 8.1. Requirements for All IPv6 Hosts and Routers
Since any IPv6 node may at any time be a correspondent node of a
mobile node, either sending a packet to a mobile node or receiving a
packet from a mobile node, the following requirements apply to ALL
IPv6 nodes (whether host or router, whether mobile or stationary):
- Every IPv6 node MUST be able to process a Home Address option
received in any IPv6 packet.
- Every IPv6 node SHOULD be able to participate in a return
routability procedure, process Binding Update messages, and to
return a Binding Acknowledgement option if the Acknowledge (A)
bit is set in the received Binding Update.
- Every IPv6 node SHOULD be able to maintain a Binding Cache of the
bindings received in accepted Binding Updates.
8.2. Requirements for All IPv6 Routers
The following requirements apply to all IPv6 routers, even those not The following requirements apply to all IPv6 routers, even those not
serving as a home agent for Mobile IPv6: serving as a home agent for Mobile IPv6:
- Every IPv6 router SHOULD be able to send an Advertisement - Every IPv6 router SHOULD be able to send an Advertisement
Interval option in each of its Router Advertisements, to aid Interval option in each of its Router Advertisements, to aid
movement detection by mobile nodes. The use of this option in movement detection by mobile nodes. The use of this option in
Router Advertisements MUST be configurable. Router Advertisements MUST be configurable.
- Every IPv6 router SHOULD be able to support sending unsolicited - Every IPv6 router SHOULD be able to support sending unsolicited
multicast Router Advertisements at the faster rate described in multicast Router Advertisements at the faster rate described in
Section 6.5. The use of this faster rate MUST be configurable. Section 7.5. The use of this faster rate MUST be configurable.
- Each router SHOULD include at least one prefix with the 'R' bit - Each router SHOULD include at least one prefix with the 'R' bit
set and with its full IP address in its router advertisements. set and with its full IP address in its router advertisements.
- Filtering routers SHOULD be able to have different rules for - Filtering routers SHOULD support different rules for Type 0 and
routing header type 2 than for other routing headers so that Type 2 Routing headers so that filtering of source routed packets
type 2 can be allowed in order to allow Mobile IPv6 traffic (Type 0) will not necessarily limit MIPv6 traffic via Type 2
while still having the option to filter out other use of routing Routing headers.
headers.
7.2. Requirements for IPv6 Home Agents 8.3. Requirements for IPv6 Home Agents
In order for a mobile node to operate correctly while away from home, In order for a mobile node to operate correctly while away from home,
at least one IPv6 router on the mobile node's home link must function at least one IPv6 router on the mobile node's home link must function
as a home agent for the mobile node. The following additional as a home agent for the mobile node. The following additional
requirements apply to all IPv6 routers capable of serving as a home requirements apply to all IPv6 routers capable of serving as a home
agent: agent:
- Every home agent MUST be able to maintain an entry in its Binding - Every home agent MUST be able to maintain an entry in its Binding
Cache for each mobile node for which it is serving as the home Cache for each mobile node for which it is serving as the home
agent. Each such Binding Cache entry records the mobile node's agent. Each such Binding Cache entry records the mobile node's
skipping to change at page 80, line 10 skipping to change at page 76, line 34
- Every home agent MUST be able to intercept packets (using proxy - Every home agent MUST be able to intercept packets (using proxy
Neighbor Discovery) addressed to a mobile node for which it is Neighbor Discovery) addressed to a mobile node for which it is
currently serving as the home agent, on that mobile node's home currently serving as the home agent, on that mobile node's home
link, while the mobile node is away from home. link, while the mobile node is away from home.
- Every home agent MUST be able to encapsulate such intercepted - Every home agent MUST be able to encapsulate such intercepted
packets in order to tunnel them to the primary care-of address packets in order to tunnel them to the primary care-of address
for the mobile node indicated in its binding in the home agent's for the mobile node indicated in its binding in the home agent's
Binding Cache. Binding Cache.
- Every home agent MUST support decapsulating reverse tunneled
packets sent to it from a mobile node's home address. Every home
agent MUST also check that the source address in the tunneled
packets corresponds to the currently registered location of the
mobile node.
- Every home agent MUST be able to return a Binding Acknowledgement - Every home agent MUST be able to return a Binding Acknowledgement
option in response to a Binding Update option received with the message in response to a Binding Update option received with the
Acknowledge (A) bit set. Acknowledge (A) bit set.
- Every home agent MUST maintain a separate Home Agents List for - Every home agent MUST maintain a separate Home Agents List for
each link on which it is serving as a home agent, as described in each link on which it is serving as a home agent, as described in
Section 4.7. Section 4.5.
- Every home agent MUST be able to accept packets addressed to - Every home agent MUST be able to accept packets addressed to
the "Mobile IPv6 Home-Agents" anycast address for the subnet the "Mobile IPv6 Home-Agents" anycast address for the subnet
on which it is serving as a home agent [11], and MUST be on which it is serving as a home agent [11], and MUST be
able to participate in dynamic home agent address discovery able to participate in dynamic home agent address discovery
(Section 9.9). (Section 10.9).
- Every home agent SHOULD support a configuration mechanism to - Every home agent SHOULD support a configuration mechanism to
allow a system administrator to manually set the value to be sent allow a system administrator to manually set the value to be sent
by this home agent in the Home Agent Preference field of the Home by this home agent in the Home Agent Preference field of the Home
Agent Information Option in Router Advertisements that it sends. Agent Information Option in Router Advertisements that it sends.
- Every home agent SHOULD support sending ICMP Mobile - Every home agent SHOULD support sending ICMP Mobile
Prefix Advertisements, and SHOULD respond to Mobile Prefix Prefix Advertisements, and SHOULD respond to Mobile Prefix
Solicitations. Solicitations.
7.3. Requirements for IPv6 Mobile Nodes 8.4. Requirements for IPv6 Mobile Nodes
Finally, the following requirements apply to all IPv6 nodes capable Finally, the following requirements apply to all IPv6 nodes capable
of functioning as mobile nodes: of functioning as mobile nodes:
- Every IPv6 mobile node MUST be able to perform IPv6 - Every IPv6 mobile node MUST be able to perform IPv6 encapsulation
decapsulation [4]. and decapsulation [4].
- Every IPv6 mobile node MUST support sending Binding Update - Every IPv6 mobile node MUST support the return routability
options, as specified in Sections 10.7, 10.9, and 10.11; and MUST procedure and sending Binding Update messages, as specified in
be able to receive and process Binding Acknowledgement options, Sections 11.6.1, 11.6.2, and 11.6.6; and MUST be able to receive
as specified in Section 10.14. and process Binding Acknowledgement messages, as specified in
Section 11.6.3.
- Every IPv6 mobile node MUST support use of the dynamic home agent - Every IPv6 mobile node MUST support use of the dynamic home agent
address discovery mechanism, as described in Section 10.8. address discovery mechanism, as described in Section 11.3.2.
- Every IPv6 mobile node MUST maintain a Binding Update List in - Every IPv6 mobile node MUST maintain a Binding Update List in
which it records the IP address of each other node to which it which it records the IP address of each other node to which it
has sent a Binding Update, for which the Lifetime sent in that has sent a Binding Update, for which the Lifetime sent in that
binding has not yet expired. binding has not yet expired.
- Every IPv6 mobile node MUST support receiving a Binding Request - Every IPv6 mobile node MUST support receiving a Binding Refresh
option, by responding with a Binding Update option. Request, by responding with a Binding Update message.
- Every IPv6 mobile node MUST support sending packets containing a - Every IPv6 mobile node MUST support sending packets containing a
Home Address option; this option MUST be included in all packets Home Address option. This option MUST be included in all packets
sent while away from home, if the packet would otherwise have sent to a correspondent node when the following three conditions
been sent with the mobile node's home address as the IP Source apply: The correspondent node has a binding with this mobile
Address. node. The mobile node is away from home. The packet would
otherwise have been sent with the mobile node's home address as
the IP Source Address.
- Every IPv6 mobile node MUST maintain a Home Agents List, as - Every IPv6 mobile node MUST maintain a Home Agents List, as
described in Section 4.7. described in Section 4.5.
- Every mobile node MUST support receiving Mobile Prefix - Every mobile node MUST support receiving Mobile Prefix
Advertisements and reconfiguring its home address based on the Advertisements and reconfiguring its home address based on the
prefix information contained therein. prefix information contained therein.
8. Correspondent Node Operation 9. Correspondent Node Operation
A correspondent node is any node communicating with a mobile node. This section explains the special processing required for the return
The correspondent node, itself, may be stationary or mobile, and may routability and binding procedures, as well as to manage the binding
possibly also be functioning as a home agent for Mobile IPv6. The cache, handle ICMP messages and send packets to a mobile node.
procedures in this section thus apply to all IPv6 nodes.
8.1. Receiving Packets from a Mobile Node 9.1. Conceptual Data Structures
Packets sent by a mobile node while away from home generally include Each IPv6 node maintains a Binding Cache of bindings for other nodes.
a Home Address option. When any node receives a packet containing A separate Binding Cache SHOULD be maintained by each IPv6 node for
a Home Address option, it MUST process the option in a manner each of its IPv6 addresses. The Binding Cache MAY be implemented in
consistent with exchanging the Home Address field from the Home any manner consistent with the external behavior described in this
Address option into the IPv6 header, replacing the original value of document, for example by being combined with the node's Destination
the Source Address field there. However, any actual modifications to Cache as maintained by Neighbor Discovery [20]. When sending a
the Source Address field in the packet's IPv6 header MUST be carried packet, the Binding Cache is searched before the Neighbor Discovery
out in such a fashion that further processing of such a packet after conceptual Destination Cache [20] (i.e., any Binding Cache entry for
all IPv6 options processing (e.g., at the transport layer) does not this destination SHOULD take precedence over any Destination Cache
need to know that the original Source Address was a care-of address, entry for the same destination).
or that the Home Address option was used in the packet.
Each Binding Cache entry conceptually contains the following fields:
- The home address of the mobile node for which this is the Binding
Cache entry. This field is used as the key for searching the
Binding Cache for the destination address of a packet being sent.
If the destination address of the packet matches the home address
in the Binding Cache entry, this entry SHOULD be used in routing
that packet.
- The care-of address for the mobile node indicated by the home
address field in this Binding Cache entry. If the destination
address of a packet being routed by a node matches the home
address in this entry, the packet SHOULD be routed to this
care-of address, as described in Section 9.6, for packets
originated by this node, or in Section 10.5, if this node is the
mobile node's home agent and the packet was intercepted by it on
the home link.
- A lifetime value, indicating the remaining lifetime for this
Binding Cache entry. The lifetime value is initialized from
the Lifetime field in the Binding Update that created or last
modified this Binding Cache entry. Once the lifetime of this
entry expires, the entry MUST be deleted from the Binding Cache.
- A flag indicating whether or not this Binding Cache entry is a
"home registration" entry.
- A flag indicating whether or not this Binding Cache entry
represents a mobile node that should be advertised as a router in
proxy Neighbor Advertisements sent by this node on its behalf.
This flag is only valid if the Binding Cache entry indicates that
this is a "home registration" entry.
- The length of the routing prefix for the home address. This
field is only valid if the "home registration" flag is set on
this Binding Cache entry.
- The maximum value of the Sequence Number field received in
previous Binding Updates for this mobile node home address.
The Sequence Number field is 16 bits long, and all comparisons
between Sequence Number values MUST be performed modulo 2**16.
For example, using an implementation in the C programming
language, a Sequence Number value A is greater than another
Sequence Number value B if ((short)((a) - (b)) > 0), if the
"short" data type is a 16-bit signed integer.
- Recent usage information for this Binding Cache entry, as needed
to implement the cache replacement policy in use in the Binding
Cache and to assist in determining whether a Binding Refresh
Request should be sent when the lifetime of this entry nears
expiration.
Binding Cache entries not marked as "home registrations" MAY be
replaced at any time by any reasonable local cache replacement policy
but SHOULD NOT be unnecessarily deleted. The Binding Cache for any
one of a node's IPv6 addresses may contain at most one entry for
each mobile node home address. The contents of a node's Binding
Cache MUST NOT be changed in response to a Home Address option in
a received packet. The contents of all of a node's Binding Cache
entries, for each of its IPv6 addresses, MUST be cleared when the
node reboots.
9.2. Receiving Packets from a Mobile Node
Packets sent by a mobile node with either a Home Address destination
option or a Mobility Header (or both) require special processing at
the correspondent node as explained below.
9.2.1. Processing Mobility Header (MH) Messages
All IPv6 correspondent nodes MUST observe the following rules when
processing Mobility Header messages:
1. If an MH message of unknown type is received (Section 6.1, the
correspondent node SHOULD issue a Binding Error message to the
packet's Source Address with Status field set to 2. Finally, the
correspondent node MUST discard the packet.
2. If the "Next Header" field is not NO_NXTHDR (59 decimal), the
packet MUST be silently discarded.
3. The checksum must be verified as per Section 6.1.
Subsequent checks depend on the particular Mobility Header message.
There are two types of Mobility Header messages. The return
routability procedure (Section 9.3) is used to verify liveness of the
mobile node at both its home address as well as its care-of address.
These liveness probes are used to secure binding updates.
The other type of Mobility Header messages are directly concerned
with managing bindings (Section 9.4).
9.2.2. Receiving Packets with Home Address Destination Option
Packets sent by a mobile node while away from home MAY include a Home
Address destination option, if the correspondent node has a Binding
Cache Entry for that home address. It MUST process the option in a
manner consistent with exchanging the Home Address field from the
Home Address option into the IPv6 header, replacing the original
value of the Source Address field there. However, any actual
modifications to the Source Address field in the packet's IPv6 header
MUST be carried out in such a fashion that further processing of such
a packet after all IPv6 options processing (e.g., at the transport
layer) does not depend on that information to know that the original
Source Address was a care-of address, or that the Home Address option
was used in the packet.
Since the sending mobile node uses its home address at the transport Since the sending mobile node uses its home address at the transport
layer when sending such a packet, the use of the care-of address layer when sending such a packet, the use of the care-of address
and Home Address option is transparent to both the mobile node and and Home Address option is transparent to both the mobile node and
the correspondent node above the level of the Home Address option the correspondent node above the level of the Home Address option
generation and processing. generation and processing.
8.2. Receiving Binding Updates Packets containing Home Address Option MUST be dropped if there is
no corresponding Binding Cache Entry for that home address. In this
case, the correspondent nodes SHOULD send the Binding Error message
to the source address of the packet that contained the Home Address
Option (see Section 6.1.9).
Before accepting a Binding Update option received in any packet, the 9.3. Return Routability Procedure
receiving node MUST validate the Binding Update according to the
following tests: A correspondent node engages in the return routability procedure in
order to secure a subsequent Binding Update. This is a requirement
in order to authorize the creation of new bindings as well as to
refresh existing ones. In particular, these messages are used to
establish the mobile node's liveness (responsiveness to packets) at
both its care-of address as well as its home address.
9.3.1. Receiving HoTI Messages
The HoTI message initiates the return routability procedure from the
mobile node's home address to the correspondent node.
The correspondent node verifies the following:
- MH Type field for this message is 1.
- The Header Extension Length field MUST be greater than or equal
to the length specified in Section 6.1.3.
- The packet MUST NOT include a Home Address destination option.
In preparation for sending the corresponding HoT Message, the
correspondent node checks that it has the necessary material
to engage in a return routability procedure, as specified in
Section 5.5. For that procedure, the correspondent node MUST have a
secret Kcn and a nonce Nj. If it does not have this material yet,
it MUST produce it before continuing with the return routability
procedure.
Section 9.3.3 specifies further processing.
9.3.2. Receiving CoTI Messages
The CoTI message initiates the return routability procedure from the
mobile node's care-of address location to the correspondent node.
The correspondent node verifies the following:
- MH Type field for this message is 2.
- The Header Extension Length field MUST be greater than or equal
to the length specified in Section 6.1.4.
- The packet MUST NOT include a Home Address destination option.
In preparation for sending the corresponding CoT Message, the
correspondent node checks that it has the necessary material
to engage in a return routability procedure, as specified in
Section 5.5. For that procedure, the correspondent node MUST have a
secret Kcn and a nonce Nl. If it does not have this material yet,
it MUST produce it before continuing with the return routability
procedure.
Section 9.3.4 specifies further processing.
9.3.3. Sending HoT Messages
Unless already created, the correspondent node creates a "Home
Cookie" and an associated "Home Nonce Index". It then creates a
HoT message (Section 6.1.5) and sends it to the mobile node at the
latter's home address.
9.3.4. Sending CoT Messages
Unless already created, the correspondent node creates a "Care-of
Cookie" and an associated "Care-of Nonce Index". It then creates a
CoT message (Section 6.1.6) and sends it to the mobile node at the
latter's care-of address.
9.4. Processing Bindings
This section explains how the correspondent node processes the
binding cache messages. These messages are:
- Binding Update
- Binding Refresh Request
- Binding Acknowledgement
- Binding Error
9.4.1. Receiving Binding Updates
Before accepting a Binding Update message, the receiving node MUST
validate the Binding Update according to the following tests:
- The packet MUST NOT contain a Home Address option.
- The Header Len field in the Binding Update option is greater than
or equal to the length specified in Section 6.1.7.
- The Sequence Number field in the Binding Update message is
greater than the Sequence Number received in the previous Binding
Update for this home address, if any. As noted in Section 5.5,
this Sequence Number comparison MUST be performed modulo 2**16.
- The packet meets the specific authentication requirements for - The packet meets the specific authentication requirements for
Binding Updates, defined in Section 4.5. Binding Updates, defined in Section 5.5.
- The packet MUST contain a Home Address option. When the return routability procedure is used as an authorization
method, the following are also required:
- The Option Length field in the Binding Update option is greater - The correspondent node MUST re-generate the Home Cookie and the
than or equal to the length specified in Section 5.1.7. Care-of Cookie from the information contained in the packet.
It then generates the session key Kbu and uses it to verify
the authenticator field in the Binding Update as specified in
Section 6.1.7. Note that a care-of address different from the
Source Address MAY have been specified by including an Alternate
Care-of Address mobility option in the Binding Update message.
When such message is received and the return routability
procedure is used as an authorization method, the correspondent
node MUST verify the authenticator by using the address within
the Alternate Care-of Address in the calculations.
- The Sequence Number field in the Binding Update option is greater - The Home and Care-of Nonce Index values in the Nonce Indices
than the Sequence Number received in the previous Binding Update mobility option are recognized by the correspondent node. As
for this home address, if any. As noted in Section 4.7, this described in Section 5.5, the correspondent node discards Nonce
Sequence Number comparison MUST be performed modulo 2**8. values that are too old.
If the mobile node sends a sequence number which is not greater than If the mobile node sends a sequence number which is not greater than
the sequence number from the last successful Binding Update, then the the sequence number from the last successful Binding Update, then the
receiving node MUST send back a Binding Acknowledgement with status receiving node MUST send back a Binding Acknowledgement with status
code 141, and the last accepted sequence number in the Sequence code 141, and the last accepted sequence number in the Sequence
Number field of the Binding Acknowledgement. Number field of the Binding Acknowledgement.
Any Binding Update which fails to satisfy all of these tests for any If the mobile node sends a Home or Care-of Nonce Index value which is
other reason (than insufficiency of the Sequence Number) MUST be no longer recognized by the correspondent node, then the receiving
silently ignored, and the packet carrying the Binding Update MUST be node MUST send back a Binding Acknowledgement with status code 144 or
discarded. 145, respectively.
Any Binding Update which fails to satisfy all of these tests for
any reason other than insufficiency of the Sequence Number or Nonce
Indices MUST be silently ignored, and the packet carrying the Binding
Update MUST be discarded.
In this section, the care-of address refers to the IPv6 address, In this section, the care-of address refers to the IPv6 address,
which was originally located in the IPv6 header when the packet was which was originally located in the IPv6 header when the packet was
transmitted by the mobile node. transmitted by the mobile node.
If the Binding Update is valid according to the tests above, then the If the Binding Update is valid according to the tests above, then the
Binding Update is processed further as follows: Binding Update is processed further as follows:
- If the Lifetime specified in the Binding Update is nonzero and - If the Lifetime specified in the Binding Update is nonzero and
the specified Care-of Address is not equal to the home address the specified Care-of Address is not equal to the home address
for the binding, then this is a request to cache a binding for for the binding, then this is a request to cache a binding for
the mobile node. If the Home Registration (H) bit is set in the the mobile node. If the Home Registration (H) bit is set in the
Binding Update, the Binding Update is processed according to the Binding Update, the Binding Update is processed according to the
procedure specified in Section 9.1; otherwise, it is processed procedure specified in Section 10.2; otherwise, it is processed
according to the procedure specified in Section 8.3. according to the procedure specified in Section 9.4.2.
- If the Lifetime specified in the Binding Update is zero or the - If the Lifetime specified in the Binding Update is zero or the
specified Care-of Address matches the home address for the specified Care-of Address matches the home address for the
binding, then this is a request to delete the mobile node's binding, then this is a request to delete the mobile node's
cached binding. If the Home Registration (H) bit is set in the cached binding. If the Home Registration (H) bit is set in the
Binding Update, the Binding Update is processed according to the Binding Update, the Binding Update is processed according to the
procedure specified in Section 9.2; otherwise, it is processed procedure specified in Section 10.3; otherwise, it is processed
according to the procedure specified in Section 8.4. according to the procedure specified in Section 9.4.3.
8.3. Requests to Cache a Binding 9.4.2. Requests to Cache a Binding
When a node receives a Binding Update, it MUST validate it and When a node receives a Binding Update, it MUST validate it and
determine the type of Binding Update according to the steps described determine the type of Binding Update according to the steps described
in Section 8.2. This section describes the processing of a valid in Section 9.4.1. This section describes the processing of a valid
Binding Update that requests a node to cache a mobile node's binding, Binding Update that requests a node to cache a mobile node's binding,
for which the Home Registration (H) bit is not set in the Binding for which the Home Registration (H) bit is not set in the Binding
Update. Update.
In this case, the receiving node SHOULD create a new entry in its In this case, the receiving node SHOULD create a new entry in its
Binding Cache for this mobile node (or update its existing Binding Binding Cache for this mobile node, or update its existing Binding
Cache entry for this mobile node, if such an entry already exists). Cache entry for this mobile node, if such an entry already exists.
The new Binding Cache entry records the association between this The Binding Cache entry records the association between this home
home address and the care-of address for the binding. The lifetime address and the care-of address for the binding. The lifetime for
for the Binding Cache entry is initialized from the Lifetime field the Binding Cache entry is initialized from the Lifetime field
specified in the Binding Update, although this lifetime MAY be specified in the Binding Update, although this lifetime MAY be
reduced by the node caching the binding; the lifetime for the Binding reduced by the node caching the binding; the lifetime for the Binding
Cache entry MUST NOT be greater than the Lifetime value specified in Cache entry MUST NOT be greater than the Lifetime value specified in
the Binding Update. Any Binding Cache entry MUST be deleted after the Binding Update. Any Binding Cache entry MUST be deleted after
the expiration of this lifetime in the Binding Cache entry. the expiration its lifetime.
8.4. Requests to Delete a Binding The Sequence Number value received from a mobile node in a Binding
Update is stored by a correspondent node in its Binding Cache entry
for that mobile node. If the receiving correspondent node has no
Binding Cache entry for the sending mobile node, it MUST accept any
Sequence Number value in a received Binding Update from this mobile
node.
9.4.3. Requests to Delete a Binding
When a node receives a Binding Update, it MUST validate it and When a node receives a Binding Update, it MUST validate it and
determine the type of Binding Update according to the steps described determine the type of Binding Update according to the steps described
in Section 8.2. This section describes the processing of a valid in Section 9.4.1. This section describes the processing of a valid
Binding Update that requests a node to delete a mobile node's binding Binding Update that requests a node to delete a mobile node's binding
from its Binding Cache, for which the Home Registration (H) bit is from its Binding Cache, for which the Home Registration (H) bit is
not set in the Binding Update. In this case, the receiving node MUST not set in the Binding Update.
delete any existing entry in its Binding Cache for this mobile node.
8.5. Sending Binding Acknowledgements Any existing binding for the mobile node MUST be deleted. A Binding
Cache entry for the mobile node MUST NOT be created in response to
receiving the Binding Update.
When any node receives a packet containing a Binding Update option In order to prevent replayed binding updates after a binding cache
entry has been deleted the correspondent node needs to make sure that
the nonce indices used to create the binding are no longer valid.
This applies whether the binding is deleted due to it timing out
(lifetime expiry) or being deleted explicitly by the mobile node.
If a binding cache entry is logically deleted and either the home
nonce index or the care-of nonce index used to create (or last
update) the binding are still valid, the correspondent node must
behave as if it retains the state about the binding (including the
sequence number) until at least one of the cookies has become too
old.
A possible way to implement this is to mark the binding cache entry
so that it does not effect sending and receiving of packets, but
so that it is found when a binding update is received. Another
way is to mark the used nonces immediately too old. However, this
method may cause some unnecessary failures and retries with ongoing
return routability procedures with other mobile nodes. Furthermore,
unless the mobile node has requested a Binding Acknowledgement,
it is possible that this method may even cause an error in the
return routability procedure procedure to go unnoticed, and data
packets to be dropped through the use of the Home Address destination
option without an existing binding. The effect is similar to packet
loss during the return routability procedure, but may in certain
circumstances significantly increase the problems.
9.4.4. Sending Binding Acknowledgements
When any node receives a packet containing a Binding Update message
in which the Acknowledge (A) bit is set, it MUST return a Binding in which the Acknowledge (A) bit is set, it MUST return a Binding
Acknowledgement option acknowledging receipt of the Binding Update. Acknowledgement message acknowledging receipt of the Binding Update.
If the node accepts the Binding Update and creates or updates If the node accepts the Binding Update and creates or updates an
an entry in its Binding Cache for this binding, and the `A' bit entry in its Binding Cache for this binding, the Status field in the
was set in the Binding Update, the Status field in the Binding Binding Acknowledgement MUST be set to a value less than 128; if, on
Acknowledgement MUST be set to a value less than 128; if, on the the other hand the Binding Update is accepted and the `A' bit is not
other hand the Binding Update is accepted and the `A' bit is not set, set, the node SHOULD NOT send a Binding Acknowledgement. If the node
the node SHOULD NOT send a Binding Acknowledgement. If the node
rejects the Binding Update and does not create or update an entry for rejects the Binding Update and does not create or update an entry for
this binding, a Binding Acknowledgement MUST be sent even if the `A' this binding, a Binding Acknowledgement MUST be sent even if the `A'
bit was not sent, and the Status field in the Binding Acknowledgement bit was not set, and the Status field in the Binding Acknowledgement
MUST be set to a value greater than or equal to 128. Specific values MUST be set to a value greater than or equal to 128. Specific values
for the Status field are described in Section 5.1.8 and in the most for the Status field are described in Section 6.1.8 and in the most
recent "Assigned Numbers" [10]. recent "Assigned Numbers" [10].
The packet in which the Binding Acknowledgement is returned The packet in which the Binding Acknowledgement is returned
MUST meet the specific authentication requirements for Binding MUST meet the specific authentication requirements for Binding
Acknowledgements, defined in Section 4.5. Furthermore, if the packet Acknowledgements, defined in Section 5.5. Furthermore, if the packet
is to be sent to the mobile node at any address other than the mobile is to be sent to the mobile node at any address other than the mobile
node's home address, it MUST be sent using a Routing header (even if node's home address, it MUST be sent using a Routing header (even if
the binding was rejected). The intermediate IP address, to which the binding was rejected). The intermediate IP address, to which
the packet will be delivered immediately before the home address, is the packet will be delivered immediately before the home address, is
determined as follows: determined as follows:
- Whenever the Binding Update is accepted with a nonzero lifetime, - Whenever the Binding Update is accepted with a nonzero lifetime,
the routing header will be constructed using the care-of address the routing header will be constructed using the care-of address
as described in Section 8.9. as described in Section 9.6.
- Otherwise, if the Source IP Address of the packet containing - Otherwise, if the Source IP Address of the packet containing
the Binding Update, is legal for inclusion in a Routing Header, the Binding Update, is legal for inclusion in a Routing Header,
the routing header will be constructed using that IP address. the routing header will be constructed using that IP address.
Note that multicast addresses, link-local addresses, loopback Note that multicast addresses, link-local addresses, loopback
addresses, IPv4 mapped addresses, and the unspecified address, addresses, IPv4 mapped addresses, and the unspecified address,
MUST NOT be used within a Routing Header for the Binding MUST NOT be used within a Routing Header for the Binding
Acknowledgement. Acknowledgement.
- Otherwise, if the Binding Update has a zero lifetime but the Otherwise, if the Binding Update has a zero lifetime but the Source
Source IP address is not allowable for use within the Routing IP address is not allowable for use within the Routing Header,
Header, the Binding Acknowledgment MUST be sent to the mobile the Binding Acknowledgment MUST be sent to the mobile node's home
node's home address. address.
In response to a Binding Update, a node MAY send a Binding
Acknowledgement even when the 'A' bit is not set in the Binding
Update. This would happen, for instance, if a mobile node attempted
to send a Binding Update with the 'H' bit set to a correspondent
node.
8.6. Sending Binding Requests 9.4.5. Sending Binding Refresh Requests
Entries in a node's Binding Cache MUST be deleted when their lifetime Entries in a node's Binding Cache MUST be deleted when their lifetime
expires. If such an entry is still in active use in sending packets expires. If such an entry is still in active use in sending packets
to a mobile node, the next packet sent to the mobile node will be to a mobile node, the next packet sent to the mobile node will be
routed normally to the mobile node's home link, where it will be routed normally to the mobile node's home link, where it will be
intercepted and tunneled to the mobile node. The mobile node will intercepted and tunneled to the mobile node. The mobile node will
then return a Binding Update to the sender, allowing it to create then return a Binding Update to the sender, allowing it to create
a new Binding Cache entry for sending future packets to the mobile a new Binding Cache entry for sending future packets to the mobile
node. Communication with the mobile node continues uninterrupted, node. Communication with the mobile node continues uninterrupted,
but the forwarding of this packet through the mobile node's home but the forwarding of this packet through the mobile node's home
agent creates additional overhead and latency in delivering packets agent creates additional overhead and latency in delivering packets
to the mobile node. Such routing paths could, for instance, to the mobile node. Such routing paths could, for instance,
temporarily or permanently disrupt any negotiated Quality of Service temporarily or permanently disrupt any negotiated Quality of Service
reservations which had been made by the mobile node on its home reservations which had been made by the mobile node on its home
network. network.
If the sender knows that the Binding Cache entry is still in active If the sender knows that the Binding Cache entry is still in active
use, it MAY send a Binding Request option to the mobile node in use, it MAY send a Binding Refresh Request message to the mobile node
an attempt to avoid this overhead and latency due to deleting and in an attempt to avoid this overhead and latency due to deleting and
recreating the Binding Cache entry. Since a Binding Request is a recreating the Binding Cache entry. When the mobile node receives a
destination option, it may, for example, be included in any packet packet from some sender containing a Binding Refresh Request option,
already being sent to the mobile node, such as a packet that is part it MAY start a return routability procedure, if necessary, before
of ongoing TCP communication with the mobile node. When the mobile sending its current binding and a new lifetime in a new Binding
node receives a packet from some sender containing a Binding Request Update.
option, it returns a Binding Update option to that sender, giving its
current binding and a new lifetime.
8.7. Cache Replacement Policy The correspondent node MAY retransmit Binding Refresh Request
messages provided that rate limitation is applied. The correspondent
node SHOULD stop retransmitting when it receive a Home Test Init
message, as the mobile node is responsible for retransmissions during
the return routability procedure.
9.4.6. Sending Binding Error Messages
If the correspondent node receives a packet with a Home Address
destination option it MUST verify that it has a binding for that
mobile node. Specifically, it MUST have a binding entry for the
mobile node's home address (as obtained from the Home Address option)
at the mobile node's care-of address (from the IP source address of
the packet). If the correspondent node does not find such a binding
entry, it MUST discard the packet and return a Binding Error message
(Section 6.1.9).
9.5. Cache Replacement Policy
Conceptually, a node maintains a separate timer for each entry in its Conceptually, a node maintains a separate timer for each entry in its
Binding Cache. When creating or updating a Binding Cache entry in Binding Cache. When creating or updating a Binding Cache entry in
response to a received and accepted Binding Update, the node sets the response to a received and accepted Binding Update, the node sets the
timer for this entry to the specified Lifetime period. Any entry in timer for this entry to the specified Lifetime period. Any entry in
a node's Binding Cache MUST be deleted after the expiration of the a node's Binding Cache MUST be deleted after the expiration of the
Lifetime specified in the Binding Update from which the entry was Lifetime specified in the Binding Update from which the entry was
created or last updated. created or last updated.
Each node's Binding Cache will, by necessity, have a finite size. Each node's Binding Cache will, by necessity, have a finite size.
A node MAY use any reasonable local policy for managing the space A node MAY use any reasonable local policy for managing the space
within its Binding Cache, except that any entry marked as a "home within its Binding Cache, except that any entry marked as a "home
registration" (Section 9.1) MUST NOT be deleted from the cache registration" (Section 10.2) MUST NOT be deleted from the cache until
until the expiration of its lifetime period. When such a "home the expiration of its lifetime period. When such "home registration"
registration" entry is deleted, in addition the home agent MUST also entries are deleted, the home agent MUST also cease intercepting
cease intercepting packets on the mobile node's home link addressed packets on the mobile node's home link addressed to the mobile node
to the mobile node (Section 9.3), just as if the mobile node had (Section 10.4), just as if the mobile node had de-registered its
deregistered its primary care-of address (see Section 9.2). primary care-of address (see Section 10.3).
When attempting to add a new "home registration" entry in response When attempting to add a new "home registration" entry in response
to a Binding Update with the Home Registration (H) bit set, if to a Binding Update with the Home Registration (H) bit set, if no
insufficient space exists (and sufficient space cannot be reclaimed) sufficient space can be found, the node MUST reject the Binding
in the node's Binding Cache, the node MUST reject the Binding Update and MUST return a Binding Acknowledgement to the sending
Update and SHOULD return a Binding Acknowledgement to the sending
mobile node, in which the Status field is set to 131 (insufficient mobile node, in which the Status field is set to 131 (insufficient
resources). When otherwise attempting to add a new entry to its resources). When otherwise attempting to add a new entry to its
Binding Cache, a node MAY, if needed, choose to drop any entry Binding Cache, a node MAY, if needed, choose to drop any entry
already in its Binding Cache, other than a "home registration" already in its Binding Cache, other than "home registration"
entry, in order to make space for the new entry. For example, a entries, in order to make space for the new entry. For example, a
"least-recently used" (LRU) strategy for cache entry replacement "least-recently used" (LRU) strategy for cache entry replacement
among entries not marked as a "home registration" is likely to among entries not marked as "home registrations" is likely to
work well unless the size of the Binding Cache is substantially work well unless the size of the Binding Cache is substantially
insufficient. insufficient.
Any binding dropped from a node's Binding Cache due to lack of cache Any binding dropped from a node's Binding Cache due to lack of cache
space will be rediscovered and a new cache entry created, if the space will be rediscovered and a new cache entry created, if the
binding is still in active use by the node for sending packets. If binding is still in active use by the node for sending packets. If
the node sends a packet to a destination for which it has dropped the the node sends a packet to a destination for which it has dropped the
entry from its Binding Cache, the packet will be routed normally, entry from its Binding Cache, the packet will be routed normally,
leading to the mobile node's home link. There, the packet will be leading to the mobile node's home link. There, the packet will be
intercepted by the mobile node's home agent and tunneled to the intercepted by the mobile node's home agent and tunneled to the
mobile node's current primary care-of address. As when a Binding mobile node's current primary care-of address. This indirect routing
Cache entry is initially created, this indirect routing to the mobile to the mobile node through its home agent will result in the mobile
node through its home agent will result in the mobile node sending node sending a Binding Update to this sending node when it receives
a Binding Update to this sending node when it receives the tunneled the tunneled packet, allowing it to again add an entry for this
packet, allowing it to add an entry again for this destination mobile destination mobile node to its Binding Cache.
node to its Binding Cache.
8.8. Receiving ICMP Error Messages 9.6. Sending Packets to a Mobile Node
Before sending any packet, the sending node SHOULD examine its
Binding Cache for an entry for the destination address to which the
packet is being sent. If the sending node has a Binding Cache entry
for this address, the sending node SHOULD use a Routing header to
route the packet to this mobile node (the destination node) by way
of the care-of address in the binding recorded in that Binding Cache
entry. For example, assuming use of a Type 2 Routing header (see
Section 6.4), if no other use of a Routing header is involved in
the routing of this packet, the mobile node sets the fields in the
packet's IPv6 header and Routing header as follows:
- The Destination Address in the packet's IPv6 header is set to
the mobile node's care-of address copied from the Binding Cache
entry.
- The Routing header is initialized to contain a single route
segment, with an Address of the mobile node's home address (the
original destination address to which the packet was being sent).
Following the definition of a Type 2 Routing header 6.4, this packet
will be routed to the mobile node's care-of address, where it will
be delivered to the mobile node (the mobile node has associated the
care-of address with its network interface).
Note that following the above conceptual model in an implementation
creates some additional requirements for path MTU discovery since the
layer that decides the packet size (e.g., TCP and applications using
UDP) needs to be aware of the size of the headers added by the IP
layer on the sending node.
If, instead, the sending node has no Binding Cache entry for the
destination address to which the packet is being sent, the sending
node simply sends the packet normally, with no Routing header. If
the destination node is not a mobile node (or is a mobile node that
is currently at home), the packet will be delivered directly to this
node and processed normally by it. If, however, the destination node
is a mobile node that is currently away from home, the packet will
be intercepted by the mobile node's home agent and tunneled (using
IPv6 encapsulation [4]) to the mobile node's current primary care-of
address, as described in Section 10.5. The mobile node MAY then send
a Binding Update to the sending node, as described in Section 11.6.2,
allowing the sending node to create a Binding Cache entry for its use
in sending subsequent packets to this mobile node.
9.7. Receiving ICMP Error Messages
When a correspondent node sends a packet to a mobile node, if the When a correspondent node sends a packet to a mobile node, if the
correspondent node has a Binding Cache entry for the destination correspondent node has a Binding Cache entry for the destination
address of the packet, then the correspondent node uses a Routing address of the packet, then the correspondent node uses a Routing
header to deliver the packet to the mobile node through the care-of header to deliver the packet to the mobile node through the care-of
address in the binding recorded in the Binding Cache entry. Any ICMP address in the binding recorded in the Binding Cache entry. Any ICMP
error message caused by the packet on its way to the mobile node will error message caused by the packet on its way to the mobile node will
be returned normally to the correspondent node. be returned normally to the correspondent node.
On the other hand, if the correspondent node has no Binding Cache On the other hand, if the correspondent node has no Binding Cache
skipping to change at page 87, line 21 skipping to change at page 89, line 32
care-of address. Any ICMP error message caused by the packet on care-of address. Any ICMP error message caused by the packet on
its way to the mobile node while in the tunnel, will be transmitted its way to the mobile node while in the tunnel, will be transmitted
to the mobile node's home agent (the source of the tunnel). By to the mobile node's home agent (the source of the tunnel). By
the definition of IPv6 encapsulation [4], the home agent (as the the definition of IPv6 encapsulation [4], the home agent (as the
encapsulating node) MUST relay certain ICMP error messages back encapsulating node) MUST relay certain ICMP error messages back
to the original sender of the packet, which in this case is the to the original sender of the packet, which in this case is the
correspondent node. correspondent node.
Likewise, if a packet for a mobile node arrives at the mobile node's Likewise, if a packet for a mobile node arrives at the mobile node's
previous link and is intercepted there by a home agent for the mobile previous link and is intercepted there by a home agent for the mobile
node's previous care-of address as described in Section 10.11 (e.g., node's previous care-of address as described in Section 11.6.6 (e.g.,
the mobile node moved after the packet was sent), that home agent the mobile node moved after the packet was sent), that home agent
will encapsulate and tunnel the packet to the mobile node's new will encapsulate and tunnel the packet to the mobile node's new
care-of address. As above, any ICMP error message caused by the care-of address. As above, any ICMP error message caused by the
packet while in this tunnel will be returned to that home agent (the packet while in this tunnel will be returned to that home agent (the
source of the tunnel), which MUST relay certain ICMP error messages source of the tunnel), which MUST relay certain ICMP error messages
back to the correspondent node [4]. The relayed packet MUST NOT back to the correspondent node [4]. The relayed packet MUST NOT
contain a routing header entry with the care-of address of the mobile contain a routing header entry with the care-of address of the mobile
node. node.
Thus, in all cases, any meaningful ICMP error messages caused Thus, in all cases, any meaningful ICMP error messages caused
by packets from a correspondent node to a mobile node will be by packets from a correspondent node to a mobile node will be
returned to the correspondent node. If the correspondent node returned to the correspondent node. If the correspondent node
receives persistent ICMP Destination Unreachable messages after receives persistent ICMP Destination Unreachable messages after
sending packets to a mobile node based on an entry in its Binding sending packets to a mobile node based on an entry in its Binding
Cache, the correspondent node MUST delete this Binding Cache Cache, the correspondent node SHOULD delete this Binding Cache
entry. If the correspondent node subsequently transmits another entry. If the correspondent node subsequently transmits another
packet to the mobile node, the packet will be routed to the mobile packet to the mobile node, the packet will be routed to the mobile
node's home link, intercepted by the mobile node's home agent, and node's home link, intercepted by the mobile node's home agent, and
tunneled to the mobile node's primary care-of address using IPv6 tunneled to the mobile node's primary care-of address using IPv6
encapsulation. The mobile node will then return a Binding Update to encapsulation. The mobile node will then return a Binding Update to
the correspondent node, allowing it to recreate a (correct) Binding the correspondent node, allowing it to recreate a (correct) Binding
Cache entry for the mobile node. Cache entry for the mobile node.
8.9. Sending Packets to a Mobile Node 10. Home Agent Operation
Before sending any packet, the sending node SHOULD examine its 10.1. Conceptual Data Structures
Binding Cache for an entry for the destination address to which the
packet is being sent. If the sending node has a Binding Cache entry
for this address, the sending node SHOULD use a Routing header to
route the packet to this mobile node (the destination node) by way
of the care-of address in the binding recorded in that Binding Cache
entry. For example, assuming use of a Type 0 Routing header [6], if
no other use of a Routing header is involved in the routing of this
packet, the mobile node sets the fields in the packet's IPv6 header
and Routing header as follows:
- The Destination Address in the packet's IPv6 header is set to Each home agent MUST maintain a Binding Cache and Home Agents List.
the mobile node's care-of address copied from the Binding Cache
entry.
- The Routing header is initialized to contain a single route The rules for maintaining a Binding Cache are same for home
segment, with an Address of the mobile node's home address (the agents and correspondent nodes, and have already been described in
original destination address to which the packet was being sent). Section 9.1. In addition, if an entry in a node's Binding Cache
for which the node is serving as a home agent is marked as a "home
registration" entry, it SHOULD NOT be deleted by the home agent until
the expiration of its binding lifetime.
Following the definition of a Type 0 Routing header [6], this packet The Home Agents List is maintained by each home agent (as well as
will be routed to the mobile node's care-of address, where it will each mobile node), recording information about each home agent from
be delivered to the mobile node (the mobile node has associated the which this node has received a Router Advertisement in which the Home
care-of address with its network interface). Normal processing of Agent (H) bit is set, for which the remaining lifetime for this list
the Routing header by the mobile node will then proceed as follows: entry (defined below) has not yet expired. The home agents list is
thus similar to the Default Router List conceptual data structure
maintained by each host for Neighbor Discovery [20], although the
Home Agents List MAY be implemented in any manner consistent with the
external behavior described in this document.
- The mobile node swaps the Destination Address in the packet's Each home agent maintains a separate Home Agents List for each link
IPv6 header and the Address specified in the Routing header. on which it is serving as a home agent; this list is used by a home
This results in the packet's IP Destination Address being set to agent in the dynamic home agent address discovery mechanism. Each
the mobile node's home address. mobile node, while away from home, also maintains a Home Agents
List, to enable it to notify a home agent on its previous link when
it moves to a new link; a mobile node MAY maintain a separate Home
Agents List for each link to which it is (or has recently) connected,
or it MAY maintain a single list for all links. Each Home Agents
List entry conceptually contains the following fields:
- The mobile node then resubmits the packet to its IPv6 module for - The link-local IP address of a router on the link, that this
further processing, "looping back" the packet inside the mobile node currently believes is operating as a home agent for that
node. Since the mobile node recognizes its own home address as link. A new entry is created or an existing entry is updated
one of its current IP addresses, the packet is processed further in the Home Agents List in response to receipt of a valid
within the mobile node, in the same way then as if the mobile Router Advertisement in which the Home Agent (H) bit is set.
node was at home. The link-local address of the home agent is learned through
the Source Address of the Router Advertisements received from
it [20].
If, instead, the sending node has no Binding Cache entry for the - One or more global IP addresses for this home agent, learned
destination address to which the packet is being sent, the sending through Prefix Information options with the Router Address (R)
node simply sends the packet normally, with no Routing header. If bit set, received in Router Advertisements from this link-local
the destination node is not a mobile node (or is a mobile node that address. Global addresses for the router in a Home Agents List
is currently at home), the packet will be delivered directly to this entry MUST be deleted once the prefix associated with that
node and processed normally by it. If, however, the destination node address is no longer valid [20].
is a mobile node that is currently away from home, the packet will
be intercepted by the mobile node's home agent and tunneled (using
IPv6 encapsulation [4]) to the mobile node's current primary care-of
address, as described in Section 9.4. The mobile node will then send
a Binding Update to the sending node, as described in Section 10.9,
allowing the sending node to create a Binding Cache entry for its use
in sending subsequent packets to this mobile node.
It is possible that a correspondent node, having no knowledge Are there interactions with the new Router Advertisement
of the mobile node's care-of address, would still (for reasons stuff?
unspecified here but not necessarily related to mobility) attempt
to deliver a packet, either to or by way of the mobile node's home
address, by using a routing header. If the correspondent node
subsequently accepts a Binding Update and creates a Binding Cache
entry for the mobile node, then afterwards, the routing header used
by the corresponding node which includes the mobile node's home
address SHOULD also include the mobile node's care-of address. The
correspondent node SHOULD put the mobile node's care-of address as
the intermediate node address immediately preceding the mobile node's
home address. When the care-of address is the first intermediate
node address, this implies that the care-of address is to be placed
in the Destination Address of the IPv6 header, and the mobile
node's home address is the first entry in the type 0 routing header.
Otherwise, the correspondent node MUST insert the mobile node's
care-of address immediately before the home address entry in the
routing header.
9. Home Agent Operation - The remaining lifetime of this Home Agents List entry. If a Home
Agent Information Option is present in a Router Advertisement
received from a home agent, the lifetime of the Home Agents List
entry representing that home agent is initialized from the Home
Agent Lifetime field in the option; otherwise, the lifetime
is initialized from the Router Lifetime field in the received
Router Advertisement. The Home Agents List entry lifetime is
decremented until it reaches zero, at which time this entry MUST
be deleted from the Home Agents List.
9.1. Primary Care-of Address Registration - The preference for this home agent; higher values indicate a more
preferable home agent. The preference value is taken from the
Home Agent Preference field (a signed, twos-complement integer)
in the received Router Advertisement, if the Router Advertisement
contains a Home Agent Information Option, and is otherwise set
to the default value of 0. A home agent uses this preference
in ordering the Home Agents List returned in an ICMP Home
Agent Address Discovery message in response to a mobile node's
initiation of dynamic home agent address discovery. A mobile
node uses this preference in determining which of the home agents
on its previous link to notify when it moves to a new link.
Can we delete the preference stuff? Is anyone using it?
10.2. Primary Care-of Address Registration
When a node receives a Binding Update, it MUST validate it and When a node receives a Binding Update, it MUST validate it and
determine the type of Binding Update according to the steps described determine the type of Binding Update according to the steps described
in Section 8.2. This section describes the processing of a valid in Section 9.4.1. This section describes the processing of a valid
Binding Update that requests the receiving node to serve as its home Binding Update that requests the receiving node to serve as its home
agent, registering its primary care-of address. agent, registering its primary care-of address.
To begin processing the Binding Update, the home agent MUST perform To begin processing the Binding Update, the home agent MUST perform
the following sequence of tests: the following sequence of tests:
- If the node is not a router that implements home agent - If the node is not a router that implements home agent
functionality, then the node MUST reject the Binding Update and functionality, then the node MUST reject the Binding Update
SHOULD return a Binding Acknowledgement to the mobile node, in and MUST return a Binding Acknowledgement to the mobile node,
which the Status field is set to 132 (home registration not in which the Status field is set to 132 (home registration not
supported). supported).
- Else, if the home address for the binding (the Home Address field - Else, if the home address for the binding (the Home Address field
in the packet's Home Address option) is not an on-link IPv6 in the packet's Home Address option) is not an on-link IPv6
address with respect to the home agent's current Prefix List, address with respect to the home agent's current Prefix List,
then the home agent MUST reject the Binding Update and SHOULD then the home agent MUST reject the Binding Update and SHOULD
return a Binding Acknowledgement to the mobile node, in which the return a Binding Acknowledgement to the mobile node, in which the
Status field is set to 133 (not home subnet). Status field is set to 133 (not home subnet).
- Else, if the home agent chooses to reject the Binding Update for - Else, if the home agent chooses to reject the Binding Update for
any other reason (e.g., insufficient resources to serve another any other reason (e.g., insufficient resources to serve another
mobile node as a home agent), then the home agent SHOULD return a mobile node as a home agent), then the home agent SHOULD return a
Binding Acknowledgement to the mobile node, in which the Status Binding Acknowledgement to the mobile node, in which the Status
field is set to an appropriate value to indicate the reason for field is set to an appropriate value to indicate the reason for
the rejection. the rejection.
- A Home Address destination option MUST be present in the message,
and the value of the Home Address field in this option MUST
correspond to the Home Address field in the Binding Update.
- Finally, if the Duplicate Address Detection (D) bit is set in - Finally, if the Duplicate Address Detection (D) bit is set in
the Binding Update, this home agent MUST ensure that Duplicate the Binding Update, this home agent MUST perform Duplicate
Address Detection [35] has been performed on the mobile node's Address Detection [33] on the mobile node's home link for the
home link for the link-local address associated with the home link-local address associated with the home address in this
address in this binding, and thus to ensure that no other node binding, before returning the Binding Acknowledgement. This
on the home link can possibly use the mobile node's home address ensures that no other node on the home link can possibly use
(before returning the Binding Acknowledgement). The address the mobile node's home address. The address used for Duplicate
used for Duplicate Address Detection SHOULD be the mobile node's Address Detection SHOULD be the mobile node's link-local address.
link-local address. Normal processing for Duplicate Address Normal processing for Duplicate Address Detection specifies that,
Detection specifies that, in certain cases, the node SHOULD in certain cases, the node SHOULD delay sending the initial
delay sending the initial Neighbor Solicitation message of Neighbor Solicitation message of Duplicate Address Detection by a
Duplicate Address Detection by a random delay between 0 and random delay between 0 and MAX_RTR_SOLICITATION_DELAY [20, 33];
MAX_RTR_SOLICITATION_DELAY [20, 35]; however, in this case, the however, in this case, the home agent SHOULD NOT perform such a
home agent SHOULD NOT perform such a delay. If this Duplicate delay. If this Duplicate Address Detection fails, then the home
Address Detection fails, then the home agent MUST reject the agent MUST reject the Binding Update and MUST return a Binding
Binding Update and SHOULD return a Binding Acknowledgement Acknowledgement to the mobile node, in which the Status field is
to the mobile node, in which the Status field is set to 138 set to 138 (Duplicate Address Detection failed). When the home
(Duplicate Address Detection failed). When the home agent sends agent sends a successful Binding Acknowledgement to the mobile
a successful Binding Acknowledgement to the mobile node, in node, in response to a Binding Update with the `D' bit set, the
response to a Binding Update with the `D' bit set, the home agent home agent assures to the mobile node that its home address will
assures to the mobile node that its home address will continue to continue to be kept unique by the home agent at least as long
be valid at least as long as the mobile node transmits Binding as the mobile node transmits Binding Updates with new care-of
Updates with new care-of addresses for that home address. addresses for that home address.
If the home agent does not reject the Binding Update, then it becomes If the home agent does not reject the Binding Update, then it becomes
or remains the home agent for the mobile node. The home agent MUST or remains the home agent for the mobile node. The home agent MUST
then create a new entry in its Binding Cache for this mobile node (or then create a new entry in its Binding Cache for this mobile node,
update its existing Binding Cache entry for this mobile node, if such or update its existing Binding Cache entry, if such an entry already
an entry already exists). The home address of the mobile node is exists. The home address of the mobile node is taken to be the
taken to be the value which, when the packet was originally received, value which, when the packet was originally received, was located
was located in the Home Address field in the packet's Home Address in the Home Address field in the packet's Home Address option. The
option. The care-of address for this Binding Cache entry is taken care-of address for this Binding Cache entry is taken to be the value
to be the value which, when the packet was originally received, was which, when the packet was originally received, was located either in
located either in the Alternate Care-of Address sub-option in the the Alternate Care-of Address option in the Binding Update option,
Binding Update option, if present, or from the Source Address field if present, or from the Source Address field in the packet's IPv6
in the packet's IPv6 header, otherwise. header, otherwise.
The home agent MUST mark this Binding Cache entry as a "home The home agent MUST mark this Binding Cache entry as a "home
registration" to indicate that the node is serving as a home registration" to indicate that the node is serving as a home
agent for this binding. Binding Cache entries marked as a "home agent for this binding. Binding Cache entries marked as a "home
registration" MUST be excluded from the normal cache replacement registration" MUST be excluded from the normal cache replacement
policy used for the Binding Cache (Section 8.7) and MUST NOT be policy used for the Binding Cache (Section 9.5) and MUST NOT be
removed from the Binding Cache until the expiration of the Lifetime removed from the Binding Cache until the expiration of the Lifetime
period. period.
The lifetime for the Binding Cache entry MUST NOT be greater than the If the `S' bit field in the Binding Update is zero, The home agent
remaining valid lifetime for the subnet prefix in the mobile node's creates or updates Binding Cache entries for each of possibly
home address specified with the Binding Update, and MUST NOT be
greater than the Lifetime value specified in the Binding Update. The
remaining valid lifetime for this prefix is determined by the home
agent based on its own Prefix List entry for this prefix [20].
If the `S' bit field in the Binding Update is zero, The Home Agent
creates or updates Binding Cache entries for each of possible
several home addresses. The set of such home addresses is formed several home addresses. The set of such home addresses is formed
by replacing the routing prefix for the given home address with by replacing the routing prefix for the given home address with
all other routing prefixes that are supported by the home agent all other routing prefixes that are supported by the home agent
processing the Binding Update. The Home Agent creates such a processing the Binding Update. The home agent creates such a
separate primary care-of address registration for each such home separate primary care-of address registration for each such home
address. Note that the same considerations for Duplicate Address address. Note that the same considerations for Duplicate Address
Detection apply for each affected home address. The lifetime for Detection apply for each affected home address.
the each Binding Cache entry MUST NOT be greater than the minimum
remaining valid lifetime for all subnet prefixes on the mobile The lifetime of the Binding Cache entry depends on a number of
node's home link. If the value of the Lifetime field specified by factors:
the mobile node in its Binding Update is greater than this prefix
lifetime, the home agent MUST decrease the binding lifetime to less - The lifetime for the Binding Cache entry MUST NOT be greater
than or equal to the prefix valid lifetime. The home agent MAY than the remaining valid lifetime for the subnet prefix in the
further decrease the specified lifetime for the binding, for example mobile node's home address specified with the Binding Update,
based on a local policy. The resulting lifetime is stored by the and MUST NOT be greater than the Lifetime value specified in the
home agent in the Binding Cache entry, and this Binding Cache entry Binding Update. The remaining valid lifetime for this prefix is
MUST be deleted by the home agent after the expiration of this determined by the home agent based on its own Prefix List entry
lifetime. for this prefix [20].
- , However, if the `S' bit field in the Binding Update is zero,
the lifetime for the each Binding Cache entry MUST NOT be greater
than the minimum remaining valid lifetime for all subnet prefixes
on the mobile node's home link. If the value of the Lifetime
field specified by the mobile node in its Binding Update is
greater than this prefix lifetime, the home agent MUST decrease
the binding lifetime to less than or equal to the prefix valid
lifetime.
- The home agent MAY further decrease the specified lifetime for
the binding, for example based on a local policy. The resulting
lifetime is stored by the home agent in the Binding Cache entry,
and this Binding Cache entry MUST be deleted by the home agent
after the expiration of this lifetime.
Regardless of the setting of the 'A' bit in the Binding Update, the Regardless of the setting of the 'A' bit in the Binding Update, the
home agent MUST return a Binding Acknowledgement to the mobile node, home agent MUST return a Binding Acknowledgement to the mobile node,
constructed as follows: constructed as follows:
- The Status field MUST be set to a value indicating success; this - The Status field MUST be set to a value 0, indicating success.
value MUST be less than 128. The only currently defined success
Status value is 0, indicating simply that the Binding Update was
accepted.
- The Sequence Number field MUST be copied from the Sequence Number - The Sequence Number field MUST be copied from the Sequence Number
given in the Binding Update. given in the Binding Update.
- The Lifetime field MUST be set to the remaining lifetime for - The Lifetime field MUST be set to the remaining lifetime for
the binding as set by the home agent in its "home registration" the binding as set by the home agent in its "home registration"
Binding Cache entry for the mobile node, as described above. Binding Cache entry for the mobile node, as described above.
- The Refresh field MUST be set to a value less than or equal to - The Refresh field MUST be set to a value less than or equal to
the Lifetime value being returned in the Binding Update. If the the Lifetime value being returned in the Binding Update. If the
skipping to change at page 91, line 51 skipping to change at page 94, line 26
then the Refresh field SHOULD be set to the same value as the then the Refresh field SHOULD be set to the same value as the
Lifetime field; otherwise, the home agent MAY set the Refresh Lifetime field; otherwise, the home agent MAY set the Refresh
field to a value less than the Lifetime field, to indicate that field to a value less than the Lifetime field, to indicate that
the mobile node SHOULD attempt to refresh its home registration the mobile node SHOULD attempt to refresh its home registration
at the indicated shorter interval (although the home agent will at the indicated shorter interval (although the home agent will
still retain the registration for the Lifetime period, even if still retain the registration for the Lifetime period, even if
the mobile node does not refresh its registration within the the mobile node does not refresh its registration within the
Refresh period). Refresh period).
In addition, the home agent MUST follow the procedure defined in In addition, the home agent MUST follow the procedure defined in
Section 9.3 to intercept packets on the mobile node's home link Section 10.4 to intercept packets on the mobile node's home link
addressed to the mobile node, while the home agent is serving as the addressed to the mobile node, while the home agent is serving as
home agent for this mobile node. the home agent for this mobile node. The home agent MUST also be
prepared to accept reverse tunneled packets from the new care-of
address of the mobile node, as described in Section 10.6. Finally,
the home agent MUST also propagate new home network prefixes, as
described in Section 10.9.1.
9.2. Primary Care-of Address De-Registration 10.3. Primary Care-of Address De-Registration
When a node receives a Binding Update, it MUST validate it and When a node receives a Binding Update, it MUST validate it and
determine the type of Binding Update according to the steps described determine the type of Binding Update according to the steps described
in Section 8.2. This section describes the processing of a valid in Section 9.4.1. This section describes the processing of a valid
Binding Update that requests the receiving node to no longer serve as Binding Update that requests the receiving node to no longer serve as
its home agent, de-registering its primary care-of address. its home agent, de-registering its primary care-of address.
To begin processing the Binding Update, the home agent MUST perform To begin processing the Binding Update, the home agent MUST perform
the following test: the following test:
- If the receiving node has no entry in its Binding Cache for this - If the receiving node has no entry marked as a "home
mobile node that is marked as a "home registration", then this registration" in its Binding Cache for this mobile node, then
node MUST reject the Binding Update and SHOULD return a Binding this node MUST reject the Binding Update and SHOULD return a
Acknowledgement to the mobile node, in which the Status field is Binding Acknowledgement to the mobile node, in which the Status
set to 137 (not home agent for this mobile node). field is set to 137 (not home agent for this mobile node).
If the home agent does not reject the Binding Update as described If the home agent does not reject the Binding Update as described
above, then it MUST delete any existing entry in its Binding Cache above, then it MUST delete any existing entry in its Binding Cache
for this mobile node, and proceed as follows. for this mobile node, and proceed as follows.
The home agent MUST return a Binding Acknowledgement to the mobile The home agent MUST return a Binding Acknowledgement to the mobile
node, constructed as follows: node, constructed as follows:
- The Status field MUST be set to a value indicating success (the - The Status field MUST be set to a value 0, indicating success.
value MUST be less than 128). The only currently defined success
Status value is 0, indicating simply that the Binding Update was
accepted.
- The Sequence Number field MUST be copied from the Sequence Number - The Sequence Number field MUST be copied from the Sequence Number
given in the Binding Update. given in the Binding Update.
- The Lifetime field MUST be set to zero. - The Lifetime field MUST be set to zero.
- The Refresh field MUST be set to zero. - The Refresh field MUST be set to zero.
In addition, the home agent MUST stop intercepting packets on the In addition, the home agent MUST stop intercepting packets on
mobile node's home link addressed to the mobile node (Section 9.3). the mobile node's home link that are addressed to the mobile node
(Section 10.4).
The rules for selecting the Destination IP address (and possibly The rules for selecting the Destination IP address (and possibly
Routing Header construction) for the Binding Acknowledgement to the Routing Header construction) for the Binding Acknowledgement to the
mobile node are the same as in section 8.5. mobile node are the same as in section 9.4.4.
9.3. Intercepting Packets for a Mobile Node 10.4. Intercepting Packets for a Mobile Node
While a node is serving as the home agent for mobile node (while the While a node is serving as the home agent for mobile node (while the
node has an entry in its Binding Cache for this mobile node that is node has an entry in its Binding Cache for this mobile node that is
marked as a "home registration"), this node MUST attempt to intercept marked as a "home registration"), this node MUST attempt to intercept
packets on the mobile node's home link addressed to the mobile node, packets on the mobile node's home link that are addressed to the
and MUST tunnel each intercepted packet to the mobile node using mobile node, and MUST tunnel each intercepted packet to the mobile
using IPv6 encapsulation [4]. node using IPv6 encapsulation [4].
In order to intercept such packets on the home link, when a node In order to intercept such packets on the home link, when a node
begins serving as the home agent for some mobile node (it did not begins serving as the home agent for some mobile node (it did not
already have a Binding Cache entry for this mobile node marked as a already have a Binding Cache entry for this mobile node marked as a
"home registration"), then the home agent MUST multicast onto the "home registration"), then the home agent MUST multicast onto the
home link a "gratuitous" Neighbor Advertisement message [20] on home link a "gratuitous" Neighbor Advertisement message [20] on
behalf of the mobile node. Specifically, the home agent performs the behalf of the mobile node. Specifically, the home agent performs the
following steps: following steps:
- The home agent examines the value of the `S' bit in the new "home - The home agent examines the value of the `S' bit in the new "home
skipping to change at page 93, line 28 skipping to change at page 96, line 6
address specified for this binding. If, instead, this bit is address specified for this binding. If, instead, this bit is
zero, then the following step is carried out for each address zero, then the following step is carried out for each address
for the mobile node formed from the interface identifier in for the mobile node formed from the interface identifier in
the mobile node's home address in this binding (the remaining the mobile node's home address in this binding (the remaining
low-order bits in the address after the configured subnet low-order bits in the address after the configured subnet
prefix), together with each one of the subnet prefixes currently prefix), together with each one of the subnet prefixes currently
considered by the home agent to be on-link (including both the considered by the home agent to be on-link (including both the
link-local and site-local prefix). link-local and site-local prefix).
- For each specific IP address for the mobile node determined - For each specific IP address for the mobile node determined
in the first step above, the home agent multicasts onto the in the first step above, the home agent sends a Neighbor
home link (to the all-nodes multicast address) a Neighbor Advertisement message [20] to the all-nodes multicast address
Advertisement message [20] on behalf of the mobile node, to on the home link, to advertise the home agent's own link-layer
advertise the home agent's own link-layer address for this IP address for this IP address on behalf of the mobile node.
address.
All fields in each such Neighbor Advertisement message SHOULD be All fields in each such Neighbor Advertisement message SHOULD be
set in the same way they would be set by the mobile node itself set in the same way they would be set by the mobile node itself
if sending this Neighbor Advertisement while at home [20], with if sending this Neighbor Advertisement while at home [20], with
the following exceptions: the following exceptions:
* The Target Address in the Neighbor Advertisement message MUST * The Target Address in the Neighbor Advertisement message MUST
be set to the specific IP address for the mobile node. be set to the specific IP address for the mobile node.
* The Advertisement MUST include a Target Link-layer Address * The Advertisement MUST include a Target Link-layer Address
option specifying the home agent's link-layer address. option specifying the home agent's link-layer address.
* The Router (R) bit in the Advertisement MUST be copied from * The Router (R) bit in the Advertisement MUST be set to zero.
the corresponding bit in the home agent's Binding Cache entry
for the mobile node.
* The Solicited Flag (S) in the Advertisement MUST NOT be set, * The Solicited Flag (S) in the Advertisement MUST NOT be set,
since it was not solicited by any Neighbor Solicitation since it was not solicited by any Neighbor Solicitation
message. message.
* The Override Flag (O) in the Advertisement MUST be set, * The Override Flag (O) in the Advertisement MUST be set,
indicating that the Advertisement SHOULD override any indicating that the Advertisement SHOULD override any
existing Neighbor Cache entry at any node receiving it. existing Neighbor Cache entry at any node receiving it.
Any node on the home link receiving one of the Neighbor Advertisement Any node on the home link receiving one of the Neighbor Advertisement
messages described above will thus update its Neighbor Cache to messages described above will thus update its Neighbor Cache to
associate the mobile node's address with the home agent's link associate the mobile node's address with the home agent's link
layer address, causing it to transmit any future packets for the layer address, causing it to transmit any future packets for the
mobile node normally destined to this address instead to the mobile mobile node normally destined to this address instead to the mobile
node's home agent. Since multicasts on the local link (such as node's home agent. Since multicasting on the local link (such as
Ethernet) are typically not guaranteed to be reliable, the home Ethernet) is typically not guaranteed to be reliable, the home
agent MAY retransmit this Neighbor Advertisement message up to agent MAY retransmit this Neighbor Advertisement message up to
MAX_ADVERT_REXMIT times to increase its reliability. It is still MAX_ADVERT_REXMIT times to increase its reliability. It is still
possible that some nodes on the home link will not receive any of possible that some nodes on the home link will not receive any of
these Neighbor Advertisements, but these nodes will eventually be these Neighbor Advertisements, but these nodes will eventually be
able to detect the link-layer address change for the mobile node's able to detect the link-layer address change for the mobile node's
home address, through use of Neighbor Unreachability Detection [20]. home address, through use of Neighbor Unreachability Detection [20].
While a node is serving as a home agent for some mobile node (it While a node is serving as a home agent for some mobile node (it
still has a "home registration" entry for this mobile node in its still has a "home registration" entry for this mobile node in its
Binding Cache), the home agent uses IPv6 Neighbor Discovery [20] to Binding Cache), the home agent uses IPv6 Neighbor Discovery [20] to
intercept unicast packets on the home link addressed to the mobile intercept unicast packets on the home link addressed to the mobile
node's home address. In order to intercept packets in this way, node's home address. In order to intercept packets in this way, the
the home agent MUST act as a proxy for this mobile node, and reply home agent MUST act as a proxy for this mobile node, and reply to any
to any received Neighbor Solicitation messages for it. When a home received Neighbor Solicitation messages for it. When a home agent
agent receives a Neighbor Solicitation message, it MUST check if the receives a Neighbor Solicitation message, it MUST check if the Target
Target Address specified in the message matches the home address Address specified in the message matches the home address of any
of any mobile node for which it has a Binding Cache entry marked mobile node for which it has a Binding Cache entry marked as a "home
as a "home registration". This check MUST include all possible registration". (Note that Binding Update messages with the `S' bit
home addresses for the mobile node, based on the subnet prefixes set to zero will result in multiple Binding Cache entries, so checks
currently considered to be on-link by the home agent (including the on all these entries necessarily include all possible home addresses
corresponding link-local address and site-local address), if the for the mobile node).
Prefix Length in the Binding Cache entry for this mobile node (from
the Binding Update that created this Cache entry) is nonzero.
If such an entry exists in the home agent's Binding Cache, the home If such an entry exists in the home agent's Binding Cache, the home
agent MUST reply to the Neighbor Solicitation message with a Neighbor agent MUST reply to the Neighbor Solicitation message with a Neighbor
Advertisement message, giving the home agent's own link-layer address Advertisement message, giving the home agent's own link-layer address
as the link-layer address for the specified Target Address. In as the link-layer address for the specified Target Address. In
addition, the Router (R) bit in the Advertisement MUST be copied from addition, the Router (R) bit in the Advertisement MUST be copied from
the corresponding bit in the home agent's Binding Cache entry for the the corresponding bit in the home agent's Binding Cache entry for the
mobile node. Acting as a proxy in this way allows other nodes on mobile node. Acting as a proxy in this way allows other nodes on
the mobile node's home link to resolve the mobile node's IPv6 home the mobile node's home link to resolve the mobile node's IPv6 home
address, and allows the home agent to defend these addresses on the address, and allows the home agent to defend these addresses on the
home link for Duplicate Address Detection [20]. home link for Duplicate Address Detection [20].
9.4. Tunneling Intercepted Packets to a Mobile Node 10.5. Tunneling Intercepted Packets to a Mobile Node
For any packet sent to a mobile node from the mobile node's home For any packet sent to a mobile node from the mobile node's home
agent (for which the home agent is the original sender of the agent (for which the home agent is the original sender of the
packet), the home agent is operating as a correspondent node of packet), the home agent is operating as a correspondent node of
the mobile node for this packet and the procedures described in the mobile node for this packet and the procedures described in
Section 8.9 apply. The home agent (as a correspondent node) uses a Section 9.6 apply. The home agent (as a correspondent node) uses a
Routing header to route the packet to the mobile node by way of the Routing header to route the packet to the mobile node by way of the
care-of address in the home agent's Binding Cache (the mobile node's care-of address in the home agent's Binding Cache (the mobile node's
primary care-of address, in this case). primary care-of address, in this case).
While the mobile node is away from home and this node is acting While the mobile node is away from home and this node is acting
as the mobile node's home agent, the home agent intercepts any as the mobile node's home agent, the home agent intercepts any
packets on the home link addressed to the mobile node's home address packets on the home link addressed to the mobile node's home address
(including addresses formed from other on-link prefixes, if the (including addresses formed from other on-link prefixes, if the
Prefix Length field was nonzero in the Binding Update), as described Prefix Length field was nonzero in the Binding Update), as described
in Section 9.3. The home agent cannot use a Routing header to in Section 10.4. The home agent cannot use a Routing header to
forward these intercepted packets to the mobile node, since it cannot forward these intercepted packets to the mobile node, since it cannot
modify the packet in flight without invalidating any existing IPv6 modify the packet in flight without invalidating any existing IPv6
AH [12] or ESP [13] header present in the packet. AH [12] or ESP [13] header present in the packet.
In order to forward each intercepted packet to the mobile node, the In order to forward each intercepted packet to the mobile node, the
home agent MUST tunnel the packet to the mobile node using IPv6 home agent MUST tunnel the packet to the mobile node using IPv6
encapsulation [4]; the tunnel entry point node is the home agent, encapsulation [4]; the tunnel entry point node is the home agent,
and the tunnel exit point node is the primary care-of address as and the tunnel exit point node is the primary care-of address as
registered with the home agent. When a home agent encapsulates registered with the home agent. When a home agent encapsulates
an intercepted packet for forwarding to the mobile node, the home an intercepted packet for forwarding to the mobile node, the home
agent sets the Source Address in the prepended tunnel IP header to agent sets the Source Address in the new tunnel IP header to the
the home agent's own IP address, and sets the Destination Address home agent's own IP address, and sets the Destination Address
in the tunnel IP header to the mobile node's primary care-of in the tunnel IP header to the mobile node's primary care-of
address. When received by the mobile node (using its primary care-of address. When received by the mobile node (using its primary care-of
address), normal processing of the tunnel header [4] will result in address), normal processing of the tunnel header [4] will result in
decapsulation and processing of the original packet by the mobile decapsulation and processing of the original packet by the mobile
node. node.
However, packets addressed to the mobile node's link-local address However, packets addressed to the mobile node's link-local address
MUST NOT be tunneled to the mobile node. Instead, such a packet MUST MUST NOT be tunneled to the mobile node. Instead, such a packet MUST
be discarded, and the home agent SHOULD return an ICMP Destination be discarded, and the home agent SHOULD return an ICMP Destination
Unreachable, Code 3, message to the packet's Source Address (unless Unreachable, Code 3, message to the packet's Source Address (unless
skipping to change at page 96, line 10 skipping to change at page 98, line 31
to the mobile node; such packets SHOULD be silently discarded to the mobile node; such packets SHOULD be silently discarded
(after delivering to other local multicast recipients). Multicast (after delivering to other local multicast recipients). Multicast
packets addressed to a multicast address with scope larger packets addressed to a multicast address with scope larger
than link-local but smaller than global (e.g., site-local and than link-local but smaller than global (e.g., site-local and
organization-local) [9], to which the mobile node is subscribed, organization-local) [9], to which the mobile node is subscribed,
SHOULD be tunneled to the mobile node by default, but this behavior SHOULD be tunneled to the mobile node by default, but this behavior
MUST be configurable to disable it; this default behavior might MUST be configurable to disable it; this default behavior might
change at some point in the future as the definition of these scopes change at some point in the future as the definition of these scopes
become more completely defined in IPv6. become more completely defined in IPv6.
9.5. Handling Reverse Tunneled Packets from a Mobile Node 10.6. Handling Reverse Tunneled Packets from a Mobile Node
A home agent MUST support decapsulating reverse tunneled packets Unless a binding has been established between the mobile node and a
sent to it from a mobile node's home address. Such reverse tunneled correspondent node, traffic from the mobile node to the correspondent
packets MAY be discarded unless accompanied by a valid AH or ESP node goes through a reverse tunnel. This tunnel extends between the
header. This support for reverse tunneling allows mobile nodes to mobile node and the home agent. Home agents MUST support reverse
defeat certain kinds of traffic analysis. Requiring IPsec headers tunneling as follows:
on reverse tunneled packets allows the home agent to protect the
home network against unwarranted intrusions by malicious nodes
masquerading as a mobile node with a home address on the network
served by the home agent.
9.6. Protecting Return Routability Packets - The tunneled traffic arrives to the home agent using IPv6
encapsulation [4].
The Return Routability procedure described in Section 4.5 assumes - The tunnel entry point is the primary care-of address as
that the confidentiality of the HoT message is protected as it is registered with the home agent and the tunnel exit point is the
tunneled from the home agent to the mobile node. Therefore, the home home agent.
agent MUST protect these packets using IPsec ESP with a non-null
encryption transform. It is also useful, but not required to protect
other RR related messages.
As described earlier, the Binding Update and Binding Acknowledgement - When a home agent decapsulates a tunneled packet from the mobile
messages already need protection even if they are not tunneled. As node, the home agent verifies that the Source Address in the
these messages employ the Mobility Header in a similar manner to tunnel IP header is the mobile node's primary care-of address.
the RR messages, it is sufficient to set up IPsec Security Policy
Database in a manner that protects all traffic to the mobile node
and back with IPsec ESP if the protocol in the packet is Mobility
Header.
9.7. Home Prefix Propagation Reverse tunneled packets MAY be discarded unless accompanied by a
valid AH or ESP header, depending on the security policies used by
the home agent. In any case, the home agent MUST check that the
source address in the tunneled packets corresponds to the currently
registered location of the mobile node, as otherwise any node in the
Internet could send traffic through the home agent and escape ingress
filtering limitations.
IPv6 provides mechanisms as part of Neighbor Discovery [20] and The support for authenticated reverse tunneling allows the home agent
Address Autoconfiguration [35] to aid in mobile node configuration to protect the home network and correspondent nodes from malicious
when a mobile node turns on, and in renumbering a subnet, such as nodes masquerading as a mobile node, even if they know the current
when a site switches to a new network service provider. location of the real mobile node.
In renumbering, new prefixes and addresses can be introduced for the 10.7. Protecting Return Routability Packets
subnet and old ones can be deprecated and removed. These mechanisms
are defined to work while all nodes using the old prefixes are at
home, connected to the link using these prefixes. Mobile IPv6
extends these mechanisms for the case in which one or more mobile
nodes using the old prefixes are away from home and registered at the
home agent while the renumbering takes place.
In the IPv6 renumbering mechanism, nodes on the visited link receive The return routability procedure described in Section 5 assumes that
Mobile Prefix Advertisements messages with Prefix Information the confidentiality of the HoTI and HoT messages is protected as
Options, which give the valid lifetime and preferred lifetime for it is tunneled from the home agent to the mobile node. Therefore,
available prefixes on the link [20]. the home agent MUST support IPsec ESP for the protection of packets
belonging to the return routability procedure. Support for a
non-null encryption transform MUST be available. In this case it
isn't necessary to distinguish between different kinds of packets
within the return routability procedure.
Mobile IPv6 arranges to propagate relevant prefix information The use of ESP for protection of the return routability procedure is
to the mobile node when it is away from home, so that it may be optional and controlled by configuration of the IPsec security policy
used in mobile node home address configuration, and in network database both at the mobile node and at the home agent.
renumbering. To avoid possible security attacks from forged Mobile
Prefix Advertisements all such Advertisements must be authenticated
to the mobile node by its home agent using IPsec [14, 12, 13] if a
security associate exists (i.e. unless the mobile node does not yet
have a home address configured).
9.8. Receiving Router Advertisement Messages As described earlier, the Binding Update and Binding Acknowledgement
messages require protection between the home agent and the mobile
node. These messages and the return routability messages employ
the same protocol from the point of view of the security policy
database, the Mobility Header. One way to set up the security policy
database is to have one rule for the Mobility Header traffic between
the mobile node and the home agent addresses, and an optional rule
following it for Mobility Header traffic between the mobile node and
any other address.
For each link on which a router provides service as a home agent, the 10.8. Receiving Router Advertisement Messages
router maintains a Home Agents List recording information about all
other home agents on that link. This list is used in the dynamic For each link on which a router provides service as a home agent,
home agent address discovery mechanism, described in Section 9.9. the router maintains a Home Agents List recording information
The information for the list is learned through receipt of the about all other home agents on that link. This list is used in
periodic unsolicited multicast Router Advertisements from each other the dynamic home agent address discovery mechanism, described in
home agent on the link, in which the Home Agent (H) bit is set, in a Section 10.9. The information for the list is learned through
manner similar to the Default Router List conceptual data structure receipt of the periodic unsolicited multicast Router Advertisements,
maintained by each host for Neighbor Discovery [20]. in a manner similar to the Default Router List conceptual data
structure maintained by each host for Neighbor Discovery [20]. In
the construction of the Home Agents List, the Router Advertisements
are from each other home agent on the link, and the Home Agent (H)
bit is set in them.
On receipt of a valid Router Advertisement, as defined in the On receipt of a valid Router Advertisement, as defined in the
processing algorithm specified for Neighbor Discovery [20], the home processing algorithm specified for Neighbor Discovery [20], the home
agent performs the following steps, in addition to any steps already agent performs the following steps, in addition to any steps already
required of it by Neighbor Discovery: required of it by Neighbor Discovery:
- If the Home Agent (H) bit in the Router Advertisement is not set, - If the Home Agent (H) bit in the Router Advertisement is not set,
skip all of the following steps. check to see if the sending node has an entry in the current Home
Agents List. If it does, delete the corresponding entry. In any
- If the Home Agent (H) bit in the Router Advertisement is not set, case all of the following steps are skipped.
and the sending node has an entry in the current Home Agents
List, delete the corresponding entry. Subsequently, skip all of
the following steps.
- Otherwise, extract the Source Address from the IP header of the - Otherwise, extract the Source Address from the IP header of the
Router Advertisement. This is the link-local IP address on this Router Advertisement. This is the link-local IP address on this
link of the home agent sending this Advertisement [20]. link of the home agent sending this Advertisement [20].
- Determine from the Router Advertisement the preference for this - Determine from the Router Advertisement the preference for this
home agent. If the Router Advertisement contains a Home Agent home agent. If the Router Advertisement contains a Home Agent
Information Option, then the preference is taken from the Home Information Option, then the preference is taken from the Home
Agent Preference field in the option; otherwise, the default Agent Preference field in the option; otherwise, the default
preference of 0 MUST be used. preference of 0 MUST be used.
skipping to change at page 98, line 36 skipping to change at page 100, line 51
the Home Agents List maintained by the receiving home agent, and the Home Agents List maintained by the receiving home agent, and
the lifetime for the sending home agent, as determined above, the lifetime for the sending home agent, as determined above,
is non-zero, create a new entry in the list, and initialize its is non-zero, create a new entry in the list, and initialize its
lifetime and preference to the values determined above. lifetime and preference to the values determined above.
- If the Home Agents List entry for the link-local address of - If the Home Agents List entry for the link-local address of
the home agent sending this Advertisement was not deleted as the home agent sending this Advertisement was not deleted as
described above, determine any global address(es) of the home described above, determine any global address(es) of the home
agent based on each Prefix Information option received in agent based on each Prefix Information option received in
this Advertisement in which the Router Address (R) bit is set this Advertisement in which the Router Address (R) bit is set
(Section 6.2). For each such global address determined from this (Section 7.2). For each such global address determined from this
Advertisement, add this global address to the list of global Advertisement, add this global address to the list of global
addresses for this home agent in this Home Agents List entry. addresses for this home agent in this Home Agents List entry.
A home agent SHOULD maintain an entry in its Home Agents List for A home agent SHOULD maintain an entry in its Home Agents List for
each such valid home agent address until that entry's lifetime each such valid home agent address until that entry's lifetime
expires, after which time the entry MUST be deleted. expires, after which time the entry MUST be deleted.
9.9. Dynamic Home Agent Address Discovery 10.9. Dynamic Home Agent Address Discovery
A mobile node, while away from home, MAY use the dynamic home agent A mobile node, while away from home, MAY use the dynamic home agent
address discovery mechanism in section 10.8 to attempt to discover address discovery mechanism in section 11.3.2 to attempt to discover
the address of one or more routers serving as home agents on its home the address of one or more routers serving as home agents on its home
link. This discovery might become necessary, for example, if some link. This discovery might become necessary, for example, if some
nodes on its home link have been reconfigured while the mobile node nodes on its home link have been reconfigured while the mobile node
has been away from home, such that the router that was operating as has been away from home, such that the router that was operating as
the mobile node's home agent has been replaced by a different router the mobile node's home agent has been replaced by a different router
serving this role. serving this role.
As described in Section 10.8, a mobile node attempts dynamic home As described in Section 11.3.2, a mobile node attempts dynamic
agent address discovery by sending an ICMP Home Agent Address home agent address discovery by sending an ICMP Home Agent Address
Discovery Request message to the "Mobile IPv6 Home-Agents" anycast Discovery Request message to the "Mobile IPv6 Home-Agents" anycast
address [11] for its home IP subnet prefix, using its care-of address address [11] for its home IP subnet prefix, using its care-of address
as the Source Address of the packet. A home agent receiving such a as the Source Address of the packet. A home agent receiving such a
Home Agent Address Discovery Request message that is serving this Home Agent Address Discovery Request message that is serving this
subnet (the home agent is configured with this anycast address on one subnet (the home agent is configured with this anycast address on one
of its network interfaces) SHOULD return an ICMP Home Agent Address of its network interfaces) SHOULD return an ICMP Home Agent Address
Discovery Reply message to the mobile node (at its care-of address Discovery Reply message to the mobile node (at its care-of address
that was used as the Source Address of the Request message), with the that was used as the Source Address of the Request message), with the
Source Address of the Reply packet set to one of the global unicast Source Address of the Reply packet set to one of the global unicast
addresses of the home agent. The Home Agent Addresses field in the addresses of the home agent. The Home Agent Addresses field in the
Reply message is constructed as follows: Reply message is constructed as follows:
- The Home Agent Addresses field SHOULD contain one global IP - The Home Agent Addresses field SHOULD contain one global IP
address for each home agent currently listed in this home address for each home agent currently listed in this home
agent's own Home Agents List (Section 4.7). However, if this agent's own Home Agents List (Section 4.5). However, if this
home agent's own global IP address would be placed in the list home agent's own global IP address would be placed in the list
(as described below) as the first entry in the list, then this (as described below) as the first entry in the list, then this
home agent SHOULD NOT include its own address in the Home Agent home agent SHOULD NOT include its own address in the Home Agent
Addresses field in the Reply message. Not placing this home Addresses field in the Reply message. Not placing this home
agent's own IP address in the list will cause the receiving agent's own IP address in the list will cause the receiving
mobile node to consider this home agent as the most preferred mobile node to consider this home agent as the most preferred
home agent; otherwise, this home agent will be considered to be home agent; otherwise, this home agent will be considered to be
preferred in its order given by its place in the list returned. preferred in its order given by its place in the list returned.
- The IP addresses in the Home Agent Addresses field SHOULD be - The IP addresses in the Home Agent Addresses field SHOULD be
skipping to change at page 99, line 51 skipping to change at page 102, line 15
- Among home agents with equal preference, their IP addresses - Among home agents with equal preference, their IP addresses
in the Home Agent Addresses field SHOULD be listed in an in the Home Agent Addresses field SHOULD be listed in an
order randomized with respect to other home agents with equal order randomized with respect to other home agents with equal
preference, each time a Home Agent Address Discovery Reply preference, each time a Home Agent Address Discovery Reply
message is returned by this home agent. message is returned by this home agent.
- For each entry in this home agent's Home Agents List, if more - For each entry in this home agent's Home Agents List, if more
than one global IP address is associated with this list entry, than one global IP address is associated with this list entry,
then one of these global IP addresses SHOULD be selected then one of these global IP addresses SHOULD be selected
to include in the Home Agent Addresses field in the Reply to include in the Home Agent Addresses field in the Reply
message. As described in Section 4.7, one Home Agents List message. As described in Section 4.5, one Home Agents List
entry, identified by the home agent's link-local address, entry, identified by the home agent's link-local address,
exists for each home agent on the link; associated with that exists for each home agent on the link; associated with that
list entry is one or more global IP addresses for this home list entry is one or more global IP addresses for this home
agent, learned through Prefix Information options with the agent, learned through Prefix Information options with the
Router Address (R) bit is set, received in Router Advertisements Router Address (R) bit is set, received in Router Advertisements
from this link-local address. from this link-local address.
The selected global IP address for each home agent to include in The selected global IP address for each home agent to include in
forming the Home Agent Addresses field in the Reply message MUST forming the Home Agent Addresses field in the Reply message MUST
be the global IP address of the respective home agent sharing a be the global IP address of the respective home agent sharing a
skipping to change at page 100, line 26 skipping to change at page 102, line 42
being fragmented (or rejected by an intermediate router with an being fragmented (or rejected by an intermediate router with an
ICMP Packet Too Big message [5]), if the resulting total packet ICMP Packet Too Big message [5]), if the resulting total packet
size containing the complete list of home agents in the Home size containing the complete list of home agents in the Home
Agent Addresses field would exceed the minimum IPv6 MTU [6], the Agent Addresses field would exceed the minimum IPv6 MTU [6], the
home agent SHOULD reduce the number of home agent IP addresses home agent SHOULD reduce the number of home agent IP addresses
returned in the packet to the number of addresses that will fit returned in the packet to the number of addresses that will fit
without exceeding this limit. The home agent addresses returned without exceeding this limit. The home agent addresses returned
in the packet SHOULD be those from the complete list with the in the packet SHOULD be those from the complete list with the
highest preference. highest preference.
9.9.1. Aggregate List of Home Network Prefixes 10.9.1. Aggregate List of Home Network Prefixes
IPv6 provides mechanisms for node configuration when it turns on,
and in renumbering a subnet, such as when a site switches to a new
network service provider. These mechanisms are a part of Neighbor
Discovery [20] and Address Autoconfiguration [33].
In renumbering, new prefixes and addresses can be introduced for the
subnet and old ones can be deprecated and removed. These mechanisms
are defined to work while all nodes using the old prefixes are at
home, connected to the link using these prefixes. Mobile IPv6
extends these mechanisms to work also with mobile nodes that are away
from home when the renumbering takes place.
Mobile IPv6 arranges to propagate relevant prefix information to the
mobile node when it is away from home, so that it may be used in
mobile node home address configuration, and in network renumbering.
In this mechanism, mobile nodes away from home receive Mobile Prefix
Advertisements messages with Prefix Information Options, which give
the valid lifetime and preferred lifetime for available prefixes on
the home link.
To avoid possible security attacks from forged Mobile Prefix
Advertisements all such Advertisements must be authenticated to the
mobile node by its home agent using IPsec [14, 12, 13] if a security
associate exists (i.e. unless the mobile node does not yet have a
home address configured).
A mobile node on a remote network SHOULD autoconfigure all of the A mobile node on a remote network SHOULD autoconfigure all of the
global IP addresses, which it would autoconfigure if it were attached global IP addresses, which it would autoconfigure if it were attached
to its home network, from network prefixes representing network to its home network, from network prefixes representing network
addresses that are served by home agents. Site-local addresses MAY addresses that are served by home agents. Site-local addresses MAY
be autoconfigured if the mobile node is roaming in a network on the be autoconfigured if the mobile node is roaming in a network on the
same site as its home addresses. Site-local addresses and addresses same site as its home addresses. Site-local addresses and addresses
not served by a home agent MUST NOT be autoconfigured, since they are not served by a home agent MUST NOT be autoconfigured, since they are
unusable in the remote network. unusable in the remote network.
skipping to change at page 101, line 24 skipping to change at page 104, line 13
address as belonging to the home agent. Treat the lifetimes address as belonging to the home agent. Treat the lifetimes
of these prefixes as decrementing in real time, as defined in of these prefixes as decrementing in real time, as defined in
section 6.2.7 of RFC 2461 [20]. section 6.2.7 of RFC 2461 [20].
- Do not perform consistency checks on valid prefixes received in - Do not perform consistency checks on valid prefixes received in
Router Advertisements on the home network that do not exist in Router Advertisements on the home network that do not exist in
the home agent's AdvPrefixList. Instead, if the prefixes already the home agent's AdvPrefixList. Instead, if the prefixes already
exist in the aggregate list, update the prefix lifetime fields in exist in the aggregate list, update the prefix lifetime fields in
the aggregate list according to the rules specified for hosts in the aggregate list according to the rules specified for hosts in
section 6.3.4 of RFC 2461 (Neighbor Discovery [20]) and section section 6.3.4 of RFC 2461 (Neighbor Discovery [20]) and section
5.5.3 of RFC 2462 (Stateless Address Autoconfiguration [35]). 5.5.3 of RFC 2462 (Stateless Address Autoconfiguration [33]).
- If the L flag is set on valid prefixes received in a Router - If the L flag is set on valid prefixes received in a Router
Advertisement, and that prefix already exists in the aggregate Advertisement, and that prefix already exists in the aggregate
list, set the flag in the aggregate list. Ignore the flag if it list, set the flag in the aggregate list. Ignore the flag if it
is clear. is clear.
- Delete prefixes from the aggregate list when their valid - Delete prefixes from the aggregate list when their valid
lifetimes expire. lifetimes expire.
The home agent uses the information in the aggregate list to The home agent uses the information in the aggregate list to
construct Mobile Prefix Advertisements, possibly including Binding construct Mobile Prefix Advertisements. It may be possible to
Acknowledgement or Binding Request destination options, for delivery construct an aggregate list by combining information contained in the
to a mobile node for which it is maintaining a current binding. home agent's AdvPrefixList and its Home Agents List used for Dynamic
It may be possible to construct an aggregate list by combining Home Agent Address Discovery (Section 11.3.2).
information contained in the home agent's AdvPrefixList and its
Home Agents List used for Dynamic Home Agent Address Discovery
(Section 10.8).
9.9.2. Scheduling Prefix Deliveries to the Mobile Node 10.9.2. Scheduling Prefix Deliveries to the Mobile Node
A home agent serving a mobile node will schedule the delivery of new A home agent serving a mobile node will schedule the delivery of new
prefix information to that mobile node when any of the following prefix information to that mobile node when any of the following
conditions occur: conditions occur:
MUST: MUST:
- The valid or preferred lifetime or the state of the flags changes - The valid or preferred lifetime or the state of the flags changes
for the prefix of the mobile node's registered home address for the prefix of the mobile node's registered home address.
changes
- The mobile node requests the information with a Router - The mobile node requests the information with a Mobile Prefix
Solicitation (see section 10.18). Solicitation (see section 11.3.3).
MAY: MAY:
- A new prefix is added to the aggregate list - A new prefix is added to the aggregate list.
- The valid or preferred lifetime or the state of the flags changes - The valid or preferred lifetime or the state of the flags changes
for a prefix which is not used in any binding cache entry for for a prefix which is not used in any binding cache entry for
this mobile node this mobile node.
The home agent uses the following algorithm to determine when to send The home agent uses the following algorithm to determine when to send
prefix information to the mobile node. prefix information to the mobile node.
- If the mobile node has not received the prefix information within - If the mobile node has not received the prefix information within
the last HomeRtrAdvInterval seconds, then transmit the prefix the last HomeRtrAdvInterval seconds, then transmit the prefix
information. This MAY be done according to a periodically information. This MAY be done according to a periodically
scheduled transmission. scheduled transmission.
- If a mobile node sends a solicitation, answer right away. - If a mobile node sends a solicitation, answer right away.
- If a prefix in the aggregate list that matches the mobile - If a prefix in the aggregate list that matches the mobile node's
node's home registration is added, or if its information changes home registration is added, or if its information changes in
in any way that does not cause the mobile node's address to any way that does not cause the mobile node's address to go
go deprecated, ensure that a transmission is scheduled, and deprecated, ensure that a transmission is scheduled (as described
calculate RAND_ADV_DELAY in order to randomize the time at which below), and calculate RAND_ADV_DELAY in order to randomize the
the transmission is scheduled. time at which the transmission is scheduled.
- If there are any unacknowledged changes to prefix information
when a Binding Update arrives for the home registration, send
a Mobile Prefix Advertisement to the mobile node immediately.
The Mobile Prefix Advertisement SHOULD have the Binding
Acknowledgement as a Destination Option. If an advertisement
was previously scheduled for the mobile node, cancel that
advertisement.
- If a home registration expires, cancel any scheduled - If a home registration expires, cancel any scheduled
advertisements to the mobile node. advertisements to the mobile node.
If the home agent already has scheduled the transmission of a Router Assume that the home agent already has scheduled the transmission of
Advertisement to the mobile node, and if the freshly calculated a Router Advertisement to the mobile node. New information should
RAND_ADV_DELAY would cause another transmission BEFORE the Preferred be added to the existing scheduled transmission, if the freshly
Lifetime of the mobile node's home address derived from the prefix calculated RAND_ADV_DELAY would cause another transmission before
whose advertisement information has changed, then add the new the expiration of the Preferred Lifetime of the mobile node's home
information to be transmitted to the existing scheduled transmission. address derived from the prefix whose advertisement information has
In this case, the home agent does not perform the following algorithm changed. In this case, the home agent does not perform the following
to schedule an advertisement to the mobile node. algorithm to schedule an advertisement to the mobile node.
Otherwise, the home agent uses the following algorithm to compute Otherwise, the home agent uses the following algorithm to compute
a fresh value for RAND_ADV_DELAY, the offset from the current time a fresh value for RAND_ADV_DELAY, the offset from the current time
for the scheduled transmission. If there is already a scheduled for the scheduled transmission. If there is already a scheduled
transmission, add the data from the existing scheduled transmission transmission, add the data from the existing scheduled transmission
to the newly scheduled transmission, deleting the previously to the newly scheduled transmission, deleting the previously
scheduled transmission event. scheduled transmission event.
If the mobile node's binding expires before the Preferred Lifetime,
then return. The mobile node will get the revised information with
its next Binding Acknowledgement. Otherwise, continue with the
following computation.
MAX_SCHEDULE_DELAY == min (MAX_PFX_ADV_DELAY, Preferred Lifetime)
for the newly advertised Preferred Lifetime.
Then compute RAND_ADV_DELAY ==
MinRtrAdvInt + rand()*(MAX_SCHEDULE_DELAY - MinRtrAdvInt)
RAND_ADV_DELAY is the offset from the current time to be used RAND_ADV_DELAY is the offset from the current time to be used
to schedule the necessary advertisement to the mobile node. The to schedule the necessary advertisement to the mobile node. The
computation is expected to alleviate bursts of advertisements when computation is expected to alleviate bursts of advertisements when
prefix information changes. In addition, a home agent MAY further prefix information changes. In addition, a home agent MAY further
reduce the rate of packet transmission by further delaying individual reduce the rate of packet transmission by further delaying individual
advertisements, if needed to avoid overwhelming local network advertisements, if needed to avoid overwhelming local network
resources. resources.
9.9.3. Sending Advertisements to the Mobile Node Calculate the newly advertised Preferred Lifetime as follows.
MAX_SCHEDULE_DELAY == min (MAX_PFX_ADV_DELAY, Preferred Lifetime)
Then compute RAND_ADV_DELAY ==
MinRtrAdvInt + rand()*(MAX_SCHEDULE_DELAY - MinRtrAdvInt)
The home agent SHOULD periodically continue to retransmit an
unsolicited Advertisement to the mobile node, until it is
acknowledged by the receipt from the mobile node of a Binding Update
matching the Binding Refresh Request in the packet (i.e., with
matching Unique Identifier mobility option). The home agent MUST
wait PREFIX_ADV_TIMEOUT before the first retransmission, and double
the retransmission wait time for every succeeding retransmission, up
until a maximum of PREFIX_ADV_RETRIES attempts. If the mobile node's
bindings expire before the matching Binding Update has been received,
then the home agent MUST NOT attempt any more retransmissions, even
if not all PREFIX_ADV_RETRIES have been retransmitted. After another
Binding Update is received from the mobile node, and if the mobile
node has not returned to the home network in the meantime, the home
agent SHOULD begin the process again of transmitting the unsolicited
Advertisement.
A Binding Update matches a Binding Refresh Request if it specifies
a binding for the mobile node to which the Binding Refresh Request
was sent and contains a Unique Identifier mobility option matching
the unique identifier sent in the Unique Identifier option in the
Binding Refresh Request. In the solicited case, the mobile node will
retransmit solicitations until one is received; thus, the home agent
SHOULD NOT retransmit the responding advertisement.
If while the home agent is still retransmitting a Mobile Prefix
Advertisement to the mobile node, another condition as described
above occurs on the home link causing another Prefix Advertisement to
be sent to the mobile node, the home agent SHOULD combine any Prefix
Information options in the unacknowledged Mobile Prefix Advertisement
into the new Advertisement, discard the old Advertisement, and then
begin retransmitting the new one. according to the algorithm in
section 10.9.2. The home agent MUST generate a new unique identifier
for use in the Unique Identifier Option in the Binding Refresh
Request tunneled with the new Mobile Prefix Advertisement.
10.9.3. Sending Advertisements to the Mobile Node
When sending a Mobile Prefix Advertisement to the mobile node, the When sending a Mobile Prefix Advertisement to the mobile node, the
home agent MUST construct the packet as follows: home agent MUST construct the packet as follows:
- The Source Address in the packet's IPv6 header MUST be set to - The Source Address in the packet's IPv6 header MUST be set to
the home agent's IP address to which the mobile node addressed the home agent's IP address to which the mobile node addressed
its current home registration, or its default global home agent its current home registration, or its default global home agent
address if no binding exists. address if no binding exists.
- If a security association exists with the mobile node's address, - If a security association exists with the mobile node's address,
the packet MUST be protected by IPsec [14, 12, 13] to guard the packet MUST be protected by IPsec [14, 12, 13] to guard
against malicious Mobile Prefix Advertisements. The IPsec against malicious Mobile Prefix Advertisements. The IPsec
protection MUST provide sender authentication, data integrity protection MUST provide sender authentication, data integrity
protection, and replay protection, covering the Mobile Prefix protection, and replay protection, covering the Mobile Prefix
Advertisement. Advertisement.
- The advertisement MUST include a Binding Request destination - A separate Binding Refresh Request message MUST be sent in
option if this is the first advertisement for a home addition to the advertisement, if this is the first advertisement
registration, or if there was a change in prefix information for a home registration, or if there was a change in prefix
since the last acknowledged advertisement was sent to the mobile information since the last acknowledged advertisement was sent to
node for the home registration. The Binding Request destination the mobile node for the home registration. The Binding Refresh
option MUST include a Unique Identifier Sub-Option (Section 5.5), Request message MUST include a Unique Identifier mobility option
with the unique identifier in the sub-option data set to a value (Section 6.2.4), with the unique identifier in the option data
different than that in any other Binding Request sent recently by set to a value different than that in any other Binding Refresh
this home agent. It is assumed that this requirement can be met Request sent recently by this home agent. It is assumed that
by maintaining a simple 16-bit "wrap-around" counter to generate this requirement can be met by maintaining a simple 16-bit
unique identifiers for Binding Requests that contain a Unique "wrap-around" counter to generate unique identifiers for Binding
Identifier Sub-Option, incremented each time a Binding Request Refresh Requests that contain a Unique Identifier option,
containing a Unique Identifier Sub-Option is sent. incremented each time a Binding Refresh Request containing a
Unique Identifier option is sent.
- If the advertisement was solicited, it should be destined - If the advertisement was solicited, it should be destined
(and authenticated, if possible) to the source address of (and authenticated, if possible) to the source address of
the solicitation. If it was triggered by prefix changes or the solicitation. If it was triggered by prefix changes or
renumbering, the advertisement's destination will be the mobile renumbering, the advertisement's destination will be the mobile
node's home address in the binding which triggered the rule. node's home address in the binding which triggered the rule.
- The packet MUST be sent as any other unicast IPv6 packet. If a - The packet MUST be sent as any other unicast IPv6 packet. If a
care-of address is used, the packet will be delivered directly. care-of address is used, the packet will be delivered directly.
If a binding exists, the home agent will send the packet with If a binding exists, the home agent will send the packet with
a routing header containing the care-of address, as any other a routing header containing the care-of address, as any other
packet sent to the mobile node originated by the home agent packet sent to the mobile node originated by the home agent
(rather than using IPv6 encapsulation, as would be used by the (rather than using IPv6 encapsulation, as would be used by the
home agent for intercepted packets). home agent for intercepted packets).
The home agent SHOULD periodically continue to retransmit an 10.9.4. Lifetimes for Changed Prefixes
unsolicited Advertisement to the mobile node, until it is
acknowledged by the receipt from the mobile node of a Binding Update
matching the Binding Request in the packet (i.e., with matching
Sequence Number). The home agent MUST wait PREFIX_ADV_TIMEOUT
before the first retransmission, and double the retransmission wait
time for every succeeding retransmission, up until a maximum of
PREFIX_ADV_RETRIES attempts. If the mobile node's bindings expire
before the matching Binding Update has been received, then the home
agent MUST NOT attempt any more retransmissions, even if not all
PREFIX_ADV_RETRIES have been retransmitted. After another Binding
Update is received from the mobile node, and if the mobile node has
not returned to the home network in the meantime, the home agent
SHOULD begin the process again of transmitting the unsolicited
Advertisement.
A Binding Update matches a Binding Request if it specifies a As described in Section 10.2, the lifetime returned by the home agent
binding for the mobile node to which the Binding Request was sent in a Binding Acknowledgement MUST be no greater than the remaining
and contains a Unique Identifier Sub-Option matching the unique valid lifetime for the subnet prefix in the mobile node's home
identifier sent in the Unique Identifier Sub-Option in the Binding address. This limit on the binding lifetime serves to prohibit use
Request. In the solicited case, the mobile node will retransmit of a mobile node's home address after it becomes invalid.
solicitations until one is received; thus, the home agent SHOULD NOT
retransmit the responding advertisement.
If while the home agent is still retransmitting a Mobile Prefix 11. Mobile Node Operation
Advertisement to the mobile node, another condition as described
above occurs on the home link causing another Prefix Advertisement to
be sent to the mobile node, the home agent SHOULD combine any Prefix
Information options in the unacknowledged Mobile Prefix Advertisement
into the new Advertisement, discard the old Advertisement, and then
begin retransmitting the new one. according to the algorithm in
section 9.9.2. The home agent MUST generate a new unique identifier
for use in the Unique Identifier Sub-Option in the Binding Request
tunneled with the new Mobile Prefix Advertisement.
9.9.4. Lifetimes for Changed Prefixes 11.1. Conceptual Data Structures
As described in Section 9.1, the lifetime returned by the home Each mobile node MUST maintain a Binding Update List and Home Agents
agent in a Binding Acknowledgement MUST be no greater than the List.
remaining valid lifetime for the subnet prefix in the mobile node's
home address. Furthermore, as described in Section 10.9, Binding
Updates sent by the mobile node to other nodes MUST use a lifetime no
greater than the remaining lifetime of its home registration of its
primary care-of address. These limits on the binding lifetime serve
to prohibit use of a mobile node's home address after it becomes
invalid. The mobile node SHOULD further limit the lifetimes that it
sends on any Binding Updates to be within the remaining preferred
lifetime for the prefix in its home address.
When the lifetime for a changed prefix decreases, and the change The rules for maintaining a Home Agents List are same for home agents
would cause cached bindings at correspondent nodes in the Binding and correspondent nodes, and have been described in Section 10.1.
Update List to be stored past the newly shortened lifetime, the
mobile node MUST issue a Binding Update to all such correspondent
nodes.
10. Mobile Node Operation The Binding Update List records information for each Binding Update
sent by this mobile node, for which the Lifetime sent in that Binding
Update has not yet expired. The Binding Update List includes all
bindings sent by the mobile node: those to correspondent nodes,
those to the mobile node's home agent, and those to a home agent
on the link on which the mobile node's previous care-of address is
located. It also contains Binding Updates which are waiting for
the completion of the return routability procedure before they can
be sent. However, for multiple Binding Updates sent to the same
destination address, the Binding Update List contains only the most
recent Binding Update (i.e., with the greatest Sequence Number value)
sent to that destination. The Binding Update List MAY be implemented
in any manner consistent with the external behavior described in this
document.
10.1. Sending Packets While Away from Home Each Binding Update List entry conceptually contains the following
fields:
- The IP address of the node to which a Binding Update was sent.
If the Binding Update was successfully received by that node
(e.g., not lost by the network), a Binding Cache entry may have
been created or updated based on this Binding Update. The
Binding Cache entry may still exist, if that node has not deleted
the entry before its expiration (e.g., to reclaim space in its
Binding Cache for other entries).
- The home address for which that Binding Update was sent. This
will be one of the following:
* one the mobile node's home addresses for typical Binding
Updates (Sections 11.6.1 and 11.6.2), or
* the mobile node's previous care-of address for Binding
Updates sent to establish forwarding from the mobile node's
previous location (Section 11.6.6).
- The care-of address sent in that Binding Update. This value
is necessary for the mobile node to determine if it has sent a
Binding Update giving its new care-of address to this destination
after changing its care-of address.
- The initial value of the Lifetime field sent in that Binding
Update.
- The remaining lifetime of that binding. This lifetime is
initialized from the Lifetime value sent in the Binding Update
and is decremented until it reaches zero, at which time this
entry MUST be deleted from the Binding Update List.
- The maximum value of the Sequence Number field sent in previous
Binding Updates to this destination. The Sequence Number field
is 16 bits long, and all comparisons between Sequence Number
values MUST be performed modulo 2**16. For example, using an
implementation in the C programming language, a Sequence Number
value A is greater than another Sequence Number value B if
((short)((a) - (b)) > 0), if the "short" data type is a 16-bit
signed integer.
- The time at which a Binding Update was last sent to this
destination, as needed to implement the rate limiting restriction
for sending Binding Updates.
- The state of any retransmissions needed for this Binding Update,
if the Acknowledge (A) bit was set in this Binding Update. This
state includes the time remaining until the next retransmission
attempt for the Binding Update, and the current state of the
exponential back-off mechanism for retransmissions.
- A flag that, when set, indicates that future Binding Updates
should not be sent to this destination. The mobile node sets
this flag in the Binding Update List entry when it receives an
ICMP Parameter Problem, Code 1, error message in response to
a return routability message or Binding Update sent to that
destination, as described in Section 11.7.
The Binding Update list also conceptually contains data related to
running the return routability procedure. This data is relevant only
for Binding Updates sent to correspondent nodes.
- The time at which a Home Test Init or Care-of Test Init message
was last sent to this destination, as needed to implement the
rate limiting restriction for the return routability procedure.
- The state of any retransmissions needed for this return
routability procedure. This state includes the time remaining
until the next retransmission attempt and the current state of
the exponential back-off mechanism for retransmissions.
- Mobile cookie values used the Home Test Init and Care-of Test
Init messages.
- Home and care-of cookies received from the correspondent node.
- Home and care-of nonce indices received from the correspondent
node.
- The time at which each of the cookies was received from this
correspondent node, as needed to implement cookie reuse while
moving.
11.2. Packet Processing
11.2.1. Sending Packets While Away from Home
While a mobile node is away from home, it continues to use its home While a mobile node is away from home, it continues to use its home
address as well as also using one or more care-of addresses. When address, as well as also using one or more care-of addresses. When
sending a packet while away from home, a mobile node MAY choose among sending a packet while away from home, a mobile node MAY choose among
these in selecting the address that it will use as the source of the these in selecting the address that it will use as the source of the
packet, as follows: packet, as follows:
- From the point of view of protocol layers and applications above - From the point of view of protocol layers and applications
Mobile IP (e.g., transport protocols), the mobile node will above Mobile IP (e.g., transport protocols), the mobile node
generally use its home address as the source of the packet for will generally use its home address as the source of the packet
most packets, even while away from home, since Mobile IP is for most packets, even while away from home, since Mobile IP
designed to make mobility transparent to such software. Doing is designed to make mobility transparent to such software.
so also makes the node's mobility---and the fact that it is For packets sent that are part of transport-level connections
currently away from home---transparent to the correspondent nodes established while the mobile node was at home, the mobile node
with which it communicates. For packets sent that are part of MUST use its home address. Likewise, for packets sent that are
transport-level connections established while the mobile node part of transport-level connections that the mobile node may
was at home, the mobile node MUST use its home address in this still be using after moving to a new location, the mobile node
way. Likewise, for packets sent that are part of transport-level SHOULD use its home address in this way. When sending such
connections that the mobile node may still be using after moving packets, the delivery method depends on whether a binding exists
to a new location, the mobile node SHOULD use its home address with the correspondent node. If a binding exists, the mobile
in this way. When sending such packets, Mobile IP will modify node SHOULD send the packets directly to the correspondent node.
the packet to move the home address into a Home Address option Otherwise, if a binding does not exist, the mobile node MUST use
and will set the IPv6 header's Source Address field to one of reverse tunneling. Detailed operation for both of these cases is
the mobile node's care-of addresses; these modifications to described later in this section.
the packet are then reversed in the node receiving the packet,
restoring the mobile node's home address to be the packet's
Source Address before processing by higher protocol layers and
applications.
- For short-term communication, particularly for communication that - For short-term communication, particularly for communication that
may easily be retried if it fails, the mobile node MAY choose may easily be retried if it fails, the mobile node MAY choose
to directly use one of its care-of addresses as the source of to directly use one of its care-of addresses as the source of
the packet, thus not requiring the use of a Home Address option the packet, thus not requiring the use of a Home Address option
in the packet. An example of this type of communication might in the packet. An example of this type of communication might
be DNS queries sent by the mobile node [17, 18]. Using the be DNS queries sent by the mobile node [17, 18]. Using the
mobile node's care-of address as the source for such queries will mobile node's care-of address as the source for such queries will
generally have a lower overhead than using the mobile node's generally have a lower overhead than using the mobile node's
home address, since no extra options need be used in either the home address, since no extra options need be used in either the
skipping to change at page 106, line 29 skipping to change at page 111, line 4
that the communication being sent fits within this general type that the communication being sent fits within this general type
of communication, however, the mobile node SHOULD NOT use its of communication, however, the mobile node SHOULD NOT use its
care-of address as the source of the packet in this way. care-of address as the source of the packet in this way.
For packets sent by a mobile node while it is at home, no special For packets sent by a mobile node while it is at home, no special
Mobile IP processing is required for sending this packet. Likewise, Mobile IP processing is required for sending this packet. Likewise,
if the mobile node uses any address other than its home address as if the mobile node uses any address other than its home address as
the source of a packet sent while away from home (from the point of the source of a packet sent while away from home (from the point of
view of higher protocol layers or applications, as described above), view of higher protocol layers or applications, as described above),
no special Mobile IP processing is required for sending that packet. no special Mobile IP processing is required for sending that packet.
In each case, the packet is simply addressed and transmitted in the In each case, the packet is simply addressed and transmitted in the
same way as any normal IPv6 packet. same way as any normal IPv6 packet.
For each other packet sent by the mobile node (i.e., packets sent For each other packet sent by the mobile node (i.e., packets
while away from home, using the mobile node's home address as sent while away from home, using the mobile node's home address
the source, from the point of view of higher protocol layers and as the source, from the point of view of higher protocol layers
applications), special Mobile IP processing of the packet is required and applications), special Mobile IP processing of the packet is
for the insertion of the Home Address option. Specifically: required. This can be done in two ways, as described above. These
ways are:
- Construct the packet using the mobile node's home address as the direct delivery
packet's Source Address, in the same way as if the mobile node
were at home. This preserves the transparency of Mobile IP to
higher protocol layers (e.g., to TCP).
- Insert a Home Address option into the packet, with the Home This is manner of delivering packets does not require going
Address field copied from the original value of the Source through the home network, and typically will enable faster and
Address field in the packet. more reliable transmission. A mobile node SHOULD arrange to
supply the home address in a Home Address option, and allowing
the IPv6 header's Source Address field to be set to one of the
mobile node's care-of addresses; the correspondent node will
then use the address supplied in the Home Address option to
serve the function traditionally done by the Source IP address
in the IPv6 header. the mobile node's home address is then
supplied to higher protocol layers and applications.
- Change the Source Address field in the packet's IPv6 header to Specifically:
one of the mobile node's care-of addresses. This will typically
be the mobile node's current primary care-of address, but MUST
be a care-of address with a subnet prefix that is on-link on the
network interface on which the mobile node will transmit the
packet.
By using the care-of address as the Source Address in the IPv6 - Construct the packet using the mobile node's home address
header, with the mobile node's home address instead in the Home as the packet's Source Address, in the same way as if the
Address option, the packet will be able to safely pass through any mobile node were at home. This preserves the transparency
router implementing ingress filtering [7]. of Mobile IP to higher protocol layers (e.g., TCP).
10.2. Interaction with Outbound IPsec Processing - Insert a Home Address option into the packet, with the Home
Address field copied from the original value of the Source
Address field in the packet.
- Change the Source Address field in the packet's IPv6 header
to one of the mobile node's care-of addresses. This will
typically be the mobile node's current primary care-of
address, but MUST be a care-of address with a subnet prefix
that is on-link on the network interface on which the
mobile node will transmit the packet.
By using the care-of address as the Source Address in the IPv6
header, with the mobile node's home address instead in the Home
Address option, the packet will be able to safely pass through
any router implementing ingress filtering [7].
reverse tunneling
This is the mechanism which tunnels the packets via the home
agent. It isn't as efficient as the above mechanism, but is
needed if there is no binding yet with the correspondent node.
Specifically:
- The packet is sent to the home agent using IPv6
encapsulation [4].
- The Source Address in the tunnel packet is the primary
care-of address as registered with the home agent.
- The Destination Address in the tunnel packet is the home
agent's address.
Reverse tunneled packets MAY be protected using a AH or ESP
header, depending on the security policies used by the home
agent. The support for encrypted reverse tunneling allows
mobile nodes to defeat certain kinds of traffic analysis, and
provides a mechanism by which routers on the home network can
distinguish authorized traffic from other possibly malicious
traffic.
11.2.2. Interaction with Outbound IPsec Processing
This section sketches the interaction between outbound Mobile This section sketches the interaction between outbound Mobile
IP processing and outbound IP Security (IPsec) processing for IP processing and outbound IP Security (IPsec) processing for
packets sent by a mobile node while away from home. Any specific packets sent by a mobile node while away from home. Any specific
implementation MAY use algorithms and data structures other than implementation MAY use algorithms and data structures other than
those suggested here, but its processing MUST be consistent with the those suggested here, but its processing MUST be consistent with the
effect of the operation described here and with the relevant IPsec effect of the operation described here and with the relevant IPsec
specifications. In the steps described below, it is assumed that specifications. In the steps described below, it is assumed that
IPsec is being used in transport mode [14] and that the mobile node IPsec is being used in transport mode [14] and that the mobile node
is using its home address as the source for the packet (from the is using its home address as the source for the packet (from the
point of view of higher protocol layers or applications, as described point of view of higher protocol layers or applications, as described
in Section 10.1): in Section 11.2.1):
- The packet is created by higher layer protocols and applications - The packet is created by higher layer protocols and applications
(e.g., by TCP) as if the mobile node were at home and Mobile IP (e.g., by TCP) as if the mobile node were at home and Mobile IP
were not being used. Mobile IP is transparent to such higher were not being used. Mobile IP is transparent to such higher
layers. layers.
- As part of outbound packet processing in IP, the packet is - As part of outbound packet processing in IP, the packet is
compared against the IPsec Security Policy Database (SPD) to compared against the IPsec security policy database to determine
determine what processing is required for the packet [14]. what processing is required for the packet [14].
- If IPsec processing is required, the packet is either mapped to - If IPsec processing is required, the packet is either mapped to
an existing Security Association (or SA bundle), or a new SA (or an existing Security Association (or SA bundle), or a new SA (or
SA bundle) is created for the packet, according to the procedures SA bundle) is created for the packet, according to the procedures
defined for IPsec. defined for IPsec.
- Since the mobile node is away from home, the mobile is either - Since the mobile node is away from home, the mobile is either
using reverse tunneling or route optimization to reach the using reverse tunneling or route optimization to reach the
correspondent node. correspondent node.
If reverse tunneling is used, the packet is constructed in the If reverse tunneling is used, the packet is constructed in the
normal manner and then tunneled through through the home agent. normal manner and then tunneled through the home agent.
If route optimization is in use, the mobile node inserts a Home If route optimization is in use, the mobile node inserts a Home
Address option into the packet, replacing the Source Address Address destination option into the packet, replacing the Source
in the packet's IP header with a care-of address suitable for Address in the packet's IP header with a care-of address suitable
the link on which the packet is being sent, as described in for the link on which the packet is being sent, as described in
Section 10.1. The Destination Options header in which the Home Section 11.2.1. The Destination Options header in which the Home
Address option is inserted MUST appear in the packet after the Address destination option is inserted MUST appear in the packet
Routing Header, if present, and before the AH [12] (or ESP [13]) after the Routing Header, if present, and before the AH [12] (or
header, so that the Home Address option is processed by the ESP [13]) header, so that the Home Address destination option is
destination node before the AH or ESP header is processed. processed by the destination node before the AH or ESP header is
processed.
Finally, once the packet is fully assembled, the necessary IPsec Finally, once the packet is fully assembled, the necessary IPsec
authentication (and encryption, if required) processing is authentication (and encryption, if required) processing is
performed on the packet, initializing the Authentication Data performed on the packet, initializing the Authentication Data
in the AH or ESP header. The AH authentication data MUST be in the AH or ESP header. The AH authentication data MUST be
calculated as if the following were true: calculated as if the following were true:
* the IPv6 source address in the IPv6 header contains the * the IPv6 source address in the IPv6 header contains the
mobile node's home address, mobile node's home address,
* the Home Address field of the Home Address destination option * the Home Address field of the Home Address destination option
(section 5.3) contains the new care-of address. (section 6.3) contains the new care-of address.
- This allows, but does not require, the receiver of the - This allows, but does not require, the receiver of the packet
packet containing a Home Address Option to exchange the two containing a Home Address destination option to exchange the
fields of the incoming packet, simplifying processing for all two fields of the incoming packet, simplifying processing for
subsequent packet headers. The mechanics of implementation all subsequent packet headers. The mechanics of implementation
do not absolutely require such an exchange to occur; other do not absolutely require such an exchange to occur; other
implementation strategies may be more appropriate, as long as the implementation strategies may be more appropriate, as long as the
result of the authentication calculation remain the same. result of the authentication calculation remains the same.
In addition, when using any automated key management protocol [14] In addition, when using any automated key management protocol [14]
(such as IKE [8]) to create any new SA (or SA bundle) while away (such as IKE [8]) to create a new SA (or SA bundle) while away from
from home, a mobile node MUST take special care in its processing of home, a mobile node MUST take special care in its processing of the
the key management protocol. Otherwise, other nodes with which the key management protocol. Otherwise, other nodes with which the
mobile node must communicate as part of the automated key management mobile node must communicate as part of the automated key management
protocol processing may be unable to correctly deliver packets to protocol processing may be unable to correctly deliver packets to
the mobile node if they and/or the mobile node's home agent do the mobile node if they and/or the mobile node's home agent do
not then have a current Binding Cache entry for the mobile node. not then have a current Binding Cache entry for the mobile node.
For the default case of using IKE as the automated key management For the default case of using IKE as the automated key management
protocol [8][14], such problems can be avoided by the following protocol [8][14], such problems can be avoided by the following
requirements on the use of IKE by a mobile node while away from home: requirements on the use of IKE by a mobile node while away from home:
- The mobile node MUST use its care-of address as the Source - The mobile node MUST use its care-of address as the Source
Address of all packets it sends as part of the key management Address of all packets it sends as part of the key management
protocol (without use of Mobile IP for these packets, as protocol (without use of Mobile IP for these packets, as
suggested in Section 10.1). suggested in Section 11.2.1).
- In addition, for all security associations bound to the mobile - In addition, for all security associations bound to the mobile
node's home address established by way of IKE, the mobile node node's home address established by way of IKE, the mobile node
MUST include an ISAKMP Identification Payload [16] in the IKE MUST include an ISAKMP Identification Payload [16] in the IKE
exchange, giving the mobile node's home address as the initiator exchange, giving the mobile node's home address as the initiator
of the Security Association [28]. of the Security Association [28].
10.3. Receiving Packets While Away from Home 11.2.3. Receiving Packets While Away from Home
While away from home, a mobile node will receive packets addressed to While away from home, a mobile node will receive packets addressed to
its home address, by one of three methods: its home address, by one of three methods:
- Packets sent by a correspondent node that does not have a - Packets sent by a correspondent node that does not have a
Binding Cache entry for the mobile node, will be sent by the Binding Cache entry for the mobile node, will be sent by the
correspondent node in the same way as any normal IP packet. Such correspondent node in the same way as any normal IP packet. Such
packets will then be intercepted by the mobile node's home agent, packets will then be intercepted by the mobile node's home agent,
encapsulated using IPv6 encapsulation [4], and tunneled to the encapsulated using IPv6 encapsulation [4], and tunneled to the
mobile node's primary care-of address. mobile node's primary care-of address.
- Packets sent by a correspondent node that has a Binding Cache - Packets sent by a correspondent node that has a Binding Cache
entry for the mobile node that contains the mobile node's current entry for the mobile node that contains the mobile node's current
care-of address, will be sent by the correspondent node using care-of address, will be sent by the correspondent node using
a Routing header. The packet will be addressed to the mobile a type 2 Routing header. The packet will be addressed to the
node's care-of address, with the final hop in the Routing header mobile node's care-of address, with the final hop in the Routing
directing the packet to the mobile node's home address; the header directing the packet to the mobile node's home address;
processing of this last hop of the Routing header is entirely the processing of this last hop of the Routing header is entirely
internal to the mobile node, since the care-of address and home internal to the mobile node, since the care-of address and home
address are both addresses within the mobile node. address are both addresses within the mobile node.
- Packets sent by a correspondent node that has a Binding Cache - Packets sent by a correspondent node that has a Binding
entry for the mobile node that contains an out-of-date care-of Cache entry for the mobile node that contains an out-of-date
address for the mobile node, will be sent by the correspondent care-of address for the mobile node, will also be sent by the
node using a Routing header, as described above. If the mobile correspondent node using a type 2 Routing header, as described
node sent a Binding Update to a home agent on the link on which above. If the mobile node sent a Binding Update to a home agent
its previous care-of address is located (Section 10.11), and on the link on which its previous care-of address is located
if this home agent is still serving as a home agent for the (Section 11.6.6), and if this home agent is still serving as
mobile node's previous care-of address, then such a packet will a home agent for the mobile node's previous care-of address,
be intercepted by this home agent, encapsulated using IPv6 then such a packet will be intercepted by this home agent,
encapsulation [4], and tunneled to the mobile node's new care-of encapsulated using IPv6 encapsulation [4], and tunneled to the
address (registered with this home agent). mobile node's new care-of address (registered with this home
agent).
For packets received by the first of these methods, the mobile node
MUST check that the IPv6 source address of the tunnel packet is the
IP address of its home agent.
For packets received by either the first or last of these three For packets received by either the first or last of these three
methods, the mobile node SHOULD send a Binding Update to the original methods, the mobile node SHOULD send a Binding Update to the original
sender of the packet, as described in Section 10.9, subject to sender of the packet, as described in Section 11.6.2, subject to
the rate limiting defined in Section 10.13. The mobile node MUST the rate limiting defined in Section 11.6.9. The mobile node MUST
also process the received packet in the manner defined for IPv6 also process the received packet in the manner defined for IPv6
encapsulation [4], which will result in the encapsulated (inner) encapsulation [4], which will result in the encapsulated (inner)
packet being processed normally by upper-layer protocols within the packet being processed normally by upper-layer protocols within the
mobile node, as if it had been addressed (only) to the mobile node's mobile node, as if it had been addressed (only) to the mobile node's
home address. home address.
For packets received by the second method above (using a Routing For packets received by the second method above (using a Type 2
header), the mobile node MUST process the received packet in Routing header), the following rules will result in the packet being
the manner defined for the type of IPv6 Routing header used (see processed normally by upper-layer protocols within the mobile node,
Section 5.4), which will result in the packet being processed as if it had been addressed to the mobile node's home address.
normally by upper-layer protocols within the mobile node, as if it
had been addressed (only) to the mobile node's home address.
10.4. Movement Detection A node receiving a packet addressed to itself (i.e., one of the
node's addresses is in the IPv6 destination field) follows the next
header chain of headers and processes them. When it encounters
a Type 2 Routing header during this processing it performs the
following checks. If any of these checks fail the node MUST silently
discard the packet.
- The length field in the RH is exactly 2.
- The segments left field in the RH is either 0 or 1.
- The Home Address field in the RH is one of the node's home
addresses, if the segments left field was 1.
Once the above checks have been performed, the node swaps the IPv6
destination field with the Home Address field in the RH, decrements
segments left, and resubmits the packet to IP for processing the
next header. Conceptually this follows the same model as in RFC
2460. However, in the case of Type 2 Routing header this can be
simplified since it is known that the packet will not be forwarded to
a different node.
The definition of AH requires the sender to calculate the AH
integrity check value of a routing header in a way as it appears in
the receiver after it has processed the header. Since IPsec headers
follow the Routing Header, any IPsec processing will operate on
the packet with the home address in the IP destination field and
segments left being zero. Thus, the AH calculations at the sender
and receiver will have an identical view of the packet.
/
11.2.4. Routing Multicast Packets
A mobile node that is connected to its home link functions in the
same way as any other (stationary) node. Thus, when it is at home,
a mobile node functions identically to other multicast senders and
receivers. This section therefore describes the behavior of a mobile
node that is not on its home link.
In order to receive packets sent to some multicast group, a mobile
node must join that multicast group. One method by which a mobile
node MAY join the group is via a (local) multicast router on the
foreign link being visited. The mobile node SHOULD use one of its
care-of addresses that shares a subnet prefix with the multicast
router, as the source IPv6 address of its multicast group membership
control messages. If the multicast applications depend on the
address of the joining node, the mobile node MAY establish a binding
with the router and use the Home Address destination option in the
sent control messages.
Alternatively, a mobile node MAY join multicast groups via a
bi-directional tunnel to its home agent. The mobile node tunnels its
multicast group membership control packets to its home agent, and the
home agent forwards multicast packets down the tunnel to the mobile
node.
A mobile node that wishes to send packets to a multicast group
also has two options: (1) send directly on the foreign link being
visited; or (2) send via a tunnel to its home agent. Because
multicast routing in general depends upon the Source Address used in
the IPv6 header of the multicast packet, a mobile node that tunnels a
multicast packet to its home agent MUST use its home address as the
IPv6 Source Address of the inner multicast packet.
11.3. Home Agent and Prefix Management
11.3.1. Receiving Local Router Advertisement Messages
Each mobile node maintains a Home Agents List recording information
about all home agents from which it receives a Router Advertisement,
for which the home agent lifetime indicated in that Router
Advertisement has not yet expired. This list is used by the mobile
node to enable it to send a Binding Update to the global unicast
address of a home agent on its previous link when it moves to a new
link, as described in Section 11.6.6. On receipt of a valid Router
Advertisement, as defined in the processing algorithm specified for
Neighbor Discovery [20], the mobile node performs the following
steps, in addition to any steps already required of it by Neighbor
Discovery.
- If the Home Agent (H) bit in the Router Advertisement is not set,
and the sending node currently has an entry in the node's Home
Agents List, delete the corresponding entry. Subsequently, skip
all of the following steps.
- Otherwise, extract the Source Address from the IP header of the
Router Advertisement. This is the link-local IP address on this
link of the home agent sending this Advertisement [20].
- Determine from the Router Advertisement the preference for this
home agent. If the Router Advertisement contains a Home Agent
Information Option, then the preference is taken from the Home
Agent Preference field in the option; otherwise, the default
preference of 0 MUST be used.
- Determine from the Router Advertisement the lifetime for
this home agent. If the Router Advertisement contains a Home
Agent Information Option, then the lifetime is taken from
the Home Agent Lifetime field in the option; otherwise, the
lifetime specified by the Router Lifetime field in the Router
Advertisement SHOULD be used.
- If the link-local address of the home agent sending this
Advertisement is already present in this mobile node's Home
Agents List and the received home agent lifetime value is zero,
immediately delete this entry in the Home Agents List.
- Otherwise, if the link-local address of the home agent sending
this Advertisement is already present in the receiving mobile
node's Home Agents List, reset its lifetime and preference to the
values determined above.
- If the link-local address of the home agent sending this
Advertisement, as determined above, is not already present in the
Home Agents List maintained by the receiving mobile node, and
the lifetime for the sending home agent, as determined above,
is non-zero, create a new entry in the list, and initialize its
lifetime and preference to the values determined above.
- If the Home Agents List entry for the link-local address of
the home agent sending this Advertisement was not deleted as
described above, determine any global address(es) of the home
agent based on each Prefix Information option received in
this Advertisement in which the Router Address (R) bit is set
(Section 7.2). For each such global address determined from this
Advertisement, add this global address to the list of global
addresses for this home agent in this Home Agents List entry.
A mobile node SHOULD maintain an entry in its Home Agents List for
each such valid home agent address until that entry's lifetime
expires, after which time the entry MUST be deleted.
11.3.2. Dynamic Home Agent Address Discovery
Sometimes, when the mobile node needs to send a Binding Update to its
home agent to register its new primary care-of address, as described
in Section 11.6.1, the mobile node may not know the address of any
router on its home link that can serve as a home agent for it. For
example, some nodes on its home link may have been reconfigured while
the mobile node has been away from home, such that the router that
was operating as the mobile node's home agent has been replaced by a
different router serving this role.
In this case, the mobile node MAY attempt to discover the address of
a suitable home agent on its home link. To do so, the mobile node
sends an ICMP Home Agent Address Discovery Request message to the
"Mobile IPv6 Home-Agents" anycast address [11] for its home subnet
prefix. As described in Section 10.9, the home agent on its home
link that receives this Request message will return an ICMP Home
Agent Address Discovery Reply message, giving this home agent's own
global unicast IP address along with a list of the global unicast IP
address of each other home agent operating on the home link.
The mobile node, upon receiving this Home Agent Address Discovery
Reply message, MAY then send its home registration Binding Update to
the home agent address given as the IP Source Address of the packet
carrying the Reply message or to any of the unicast IP addresses
listed in the Home Agent Addresses field in the Reply. For example,
if necessary, the mobile node MAY attempt its home registration
with each of these home agents, in turn, by sending each a Binding
Update and waiting for the matching Binding Acknowledgement, until
its registration is accepted by one of these home agents. In trying
each of the returned home agent addresses, the mobile node SHOULD try
each in the order listed in the Home Agent Addresses field in the
received Home Agent Address Discovery Reply message. If the home
agent identified by the Source Address field in the IP header of the
packet carrying the Home Agent Address Discovery Reply message is
not listed in the Home Agent Addresses field in the Reply, it SHOULD
be tried before the first address given in the list; otherwise, it
SHOULD be tried in its listed order.
If the mobile node has a current registration with some home agent
on its home link (the Lifetime for that registration has not yet
expired), then the mobile node MUST attempt any new registration
first with that home agent. If that registration attempt fails
(e.g., times out or is rejected), the mobile node SHOULD then
reattempt this registration with another home agent on its home link.
If the mobile node knows of no other suitable home agent, then it MAY
attempt the dynamic home agent address discovery mechanism described
above.
If, after a mobile node transmits a Home Agent Address Discovery
Request message to the Home Agents Anycast address, it does not
receive a corresponding Home Agent Address Discovery Reply message
within INITIAL_DHAAD_TIMEOUT seconds, the mobile node MAY retransmit
the same Request message to the same anycast address. This
retransmission MAY be repeated up to a maximum of DHAAD_RETRIES
attempts. Each retransmission MUST be delayed by twice the time
interval of the previous retransmission.
11.3.3. Sending Mobile Prefix Solicitations
When a mobile node has a home address that is about to become
invalid, it sends a Mobile Prefix Solicitation to its home agent
in an attempt to acquire fresh routing prefix information. The
new information also enables the mobile node to participate in
renumbering operations affecting the home network, as described in
section 10.9.1.
The mobile node SHOULD send a Solicitation to the home agent when
its home address will become invalid within MaxRtrAdvInterval
seconds, where this value is acquired in a previous Mobile Prefix
Advertisement from the home agent. If no such value is known, the
value MAX_PFX_ADV_DELAY seconds is used instead (see section 12).
If the mobile node does not have a valid home address available for
use as the IP source address, it MAY use its care-of address, but
there will not be a security association between the home agent
and the care-of address for the corresponding Advertisement to be
authenticated.
This solicitation follows the same retransmission rules specified for
Router Solicitations [20], except that the initial retransmission
interval is specified to be INITIAL_SOLICIT_TIMER (see section 12).
As described in Section 11.6.2, Binding Updates sent by the mobile
node to other nodes MUST use a lifetime no greater than the remaining
lifetime of its home registration of its primary care-of address.
The mobile node SHOULD further limit the lifetimes that it sends on
any Binding Updates to be within the remaining preferred lifetime
(see Section 10.9.2) for the prefix in its home address.
When the lifetime for a changed prefix decreases, and the change
would cause cached bindings at correspondent nodes in the Binding
Update List to be stored past the newly shortened lifetime, the
mobile node MUST issue a Binding Update to all such correspondent
nodes.
These limits on the binding lifetime serve to prohibit use of a
mobile node's home address after it becomes invalid.
11.3.4. Receiving Mobile Prefix Advertisements
Section 10.9.1 describes the operation of a home agent to support
boot time configuration and renumbering a mobile node's home subnet
while the mobile node is away from home. The home agent sends Mobile
Prefix Advertisement messages to the mobile node while away from
home, giving "important" Prefix Information options that describe
changes in the prefixes in use on the mobile node's home link.
When a mobile node receives a Mobile Prefix Advertisement, it MUST
validate it according to the following tests:
- The Source Address of the IP packet carrying the Mobile Prefix
Advertisement is the same as the home agent address to which the
mobile node last sent an accepted "home registration" Binding
Update to register its primary care-of address. Otherwise, if
no such registrations have been made, it SHOULD be the mobile
node's stored home agent address, if one exists. Otherwise, if
the mobile node has not yet discovered its home agent's address,
it MUST NOT accept Mobile Prefix Advertisements.
- The packet MUST be protected by IPsec [14, 12, 13] to guard
against malicious prefix advertisements, if a security
association exists (i.e. unless the mobile node does not yet
have a home address configured). The IPsec protection MUST
provide sender authentication, data integrity protection, and
replay protection, covering the advertisement.
Any received Mobile Prefix Advertisement not meeting all of these
tests MUST be silently discarded.
If a received Mobile Prefix Advertisement is not discarded according
to the tests listed above, the mobile node MUST process the Prefix
Information Options as if they arrived in a Router Advertisement
on the mobile node's home link [20]. Such processing may result
in the mobile node configuring a new home address, although due
to separation between preferred lifetime and valid lifetime, such
changes should not affect most communication by the mobile node, in
the same way as for nodes that are at home.
If the advertisement contains a Binding Refresh Request option, the
mobile node SHOULD return a Binding Update, which will be viewed by
the home agent as an acknowledgement of the corresponding Mobile
Prefix Advertisement, which it can cease transmitting.
In addition, if processing of this Advertisement resulted in the
mobile node configuring a new home address, and if the method used
for this new home address configuration would require the mobile node
to perform Duplicate Address Detection [33] for the new address if
the mobile node were located at home, then the mobile node MUST set
the Duplicate Address Detection (D) bit in this Binding Update to
its home agent, to request the home agent to perform this Duplicate
Address Detection on behalf of the mobile node.
11.4. Movement
11.4.1. Movement Detection
A mobile node MAY use any combination of mechanisms available to it A mobile node MAY use any combination of mechanisms available to it
to detect when it has moved from one link to another. The primary to detect when it has moved from one link to another. The primary
movement detection mechanism for Mobile IPv6 defined here uses the movement detection mechanism for Mobile IPv6 defined here uses the
facilities of IPv6 Neighbor Discovery, including Router Discovery and facilities of IPv6 Neighbor Discovery, including Router Discovery and
Neighbor Unreachability Detection, although the mobile node SHOULD Neighbor Unreachability Detection, although the mobile node SHOULD
supplement this mechanism with other information whenever it is supplement this mechanism with other information whenever it is
available to the mobile node (e.g., from lower protocol layers). The available to the mobile node (e.g., from lower protocol layers). The
description here is based on the conceptual model of the organization description here is based on the conceptual model of the organization
and data structures defined by Neighbor Discovery [20]. and data structures defined by Neighbor Discovery [20].
skipping to change at page 110, line 29 skipping to change at page 121, line 40
from the Router Advertisement and Prefix Information options) used to from the Router Advertisement and Prefix Information options) used to
expire the entry when it becomes invalid. expire the entry when it becomes invalid.
While away from home, a mobile node typically selects one router While away from home, a mobile node typically selects one router
from its Default Router List to use as its default router, and one from its Default Router List to use as its default router, and one
subnet prefix advertised by that router from its Prefix List to use subnet prefix advertised by that router from its Prefix List to use
as the subnet prefix in its primary care-of address. A mobile node as the subnet prefix in its primary care-of address. A mobile node
MAY also have associated additional care-of addresses, using other MAY also have associated additional care-of addresses, using other
subnet prefixes from its Prefix List. The method by which a mobile subnet prefixes from its Prefix List. The method by which a mobile
node selects and forms a care-of address from the available subnet node selects and forms a care-of address from the available subnet
prefixes is described in Section 10.6. The mobile node registers prefixes is described in Section 11.4.2. The mobile node registers
its primary care-of address with its home agent, as described in its primary care-of address with its home agent, as described in
Section 10.7. Section 11.6.1.
While a mobile node is away from home and using some router as its While a mobile node is away from home and using some router as its
default router, it is important for the mobile node to be able to default router, it is important for the mobile node to be able to
quickly detect when that router becomes unreachable, so that it quickly detect when that router becomes unreachable, so that it
can switch to a new default router and (if needed, according to can switch to a new default router and (if needed, according to
prefix advertisement) to a new primary care-of address. Since some prefix advertisement) to a new primary care-of address. Since some
links (notably wireless) do not necessarily work equally well in links (notably wireless) do not necessarily work equally well in
both directions, it is likewise important for the mobile node to both directions, it is likewise important for the mobile node to
detect when it becomes unreachable for packets sent from its default detect when it becomes unreachable for packets sent from its default
router, so that the mobile node can take steps to ensure that any router, so that the mobile node can take steps to ensure that any
skipping to change at page 111, line 43 skipping to change at page 123, line 5
node can be sure that at least one Advertisement sent by the router node can be sure that at least one Advertisement sent by the router
has been lost. It is thus possible for the mobile node to implement has been lost. It is thus possible for the mobile node to implement
its own policy for determining the number of Advertisements from its own policy for determining the number of Advertisements from
its current default router it is willing to tolerate losing before its current default router it is willing to tolerate losing before
deciding to switch to a different router from which it may currently deciding to switch to a different router from which it may currently
be correctly receiving Advertisements. be correctly receiving Advertisements.
On some types of network interfaces, the mobile node MAY also On some types of network interfaces, the mobile node MAY also
supplement this monitoring of Router Advertisements, by setting its supplement this monitoring of Router Advertisements, by setting its
network interface into "promiscuous" receive mode, so that it is able network interface into "promiscuous" receive mode, so that it is able
to receive all packets on the link, including those not link-level to receive all packets on the link, including those not addressed to
addressed to it (i.e., disabling link-level address filtering). The it at the link layer (i.e., disabling link-level address filtering).
mobile node will then be able to detect any packets sent by the The mobile node will then be able to detect any packets sent by the
router, in order to detect reachability from the router. This use of router, in order to detect reachability from the router. This use of
promiscuous mode may be useful on very low bandwidth (e.g., wireless) promiscuous mode may be useful on very low bandwidth (e.g., wireless)
links, but its use MUST be configurable on the mobile node since it links, but its use MUST be configurable on the mobile node since it
is likely to consume additional energy resources. is likely to consume additional energy resources.
If the above means do not provide indication that the mobile node If the above means do not provide indication that the mobile node
is still reachable from its current default router (for instance, is still reachable from its current default router (for instance,
the mobile node receives no packets from the router for a period the mobile node receives no packets from the router for a period
of time), then the mobile node SHOULD attempt to actively probe of time), then the mobile node SHOULD attempt to actively probe
the router with Neighbor Solicitation messages, even if it is not the router with Neighbor Solicitation messages, even if it is not
skipping to change at page 112, line 41 skipping to change at page 124, line 5
node is reachable. For example, a mobile node MAY use signal node is reachable. For example, a mobile node MAY use signal
strength or signal quality information (with suitable hysteresis) for strength or signal quality information (with suitable hysteresis) for
its link with the available routers to decide when to switch to a new its link with the available routers to decide when to switch to a new
primary care-of address using that router rather than its current primary care-of address using that router rather than its current
default router (and current primary care-of address). Even though default router (and current primary care-of address). Even though
the mobile node's current default router may still be reachable in the mobile node's current default router may still be reachable in
terms of Neighbor Unreachability Detection, the mobile node MAY use terms of Neighbor Unreachability Detection, the mobile node MAY use
such lower-layer information to determine that switching to a new such lower-layer information to determine that switching to a new
default router would provide a better connection. default router would provide a better connection.
10.5. Receiving Local Router Advertisement Messages 11.4.2. Forming New Care-of Addresses
Each mobile node maintains a Home Agents List recording information
about all home agents from which it receives a Router Advertisement,
for which the home agent lifetime indicated in that Router
Advertisement has not yet expired. This list is used by the mobile
node to enable it to send a Binding Update to the global unicast
address of a home agent on its previous link when it moves to a new
link, as described in Section 10.11. On receipt of a valid Router
Advertisement, as defined in the processing algorithm specified for
Neighbor Discovery [20], the mobile node performs the following
steps, in addition to any steps already required of it by Neighbor
Discovery.
- If the Home Agent (H) bit in the Router Advertisement is not set,
and the sending node currently has an entry in the node's Home
Agents List, delete the corresponding entry. Subsequently, skip
all of the following steps.
- Otherwise, extract the Source Address from the IP header of the
Router Advertisement. This is the link-local IP address on this
link of the home agent sending this Advertisement [20].
- Determine from the Router Advertisement the preference for this
home agent. If the Router Advertisement contains a Home Agent
Information Option, then the preference is taken from the Home
Agent Preference field in the option; otherwise, the default
preference of 0 MUST be used.
- Determine from the Router Advertisement the lifetime for
this home agent. If the Router Advertisement contains a Home
Agent Information Option, then the lifetime is taken from
the Home Agent Lifetime field in the option; otherwise, the
lifetime specified by the Router Lifetime field in the Router
Advertisement SHOULD be used.
- If the link-local address of the home agent sending this
Advertisement is already present in this mobile node's Home
Agents List and the received home agent lifetime value is zero,
immediately delete this entry in the Home Agents List.
- Otherwise, if the link-local address of the home agent sending
this Advertisement is already present in the receiving mobile
node's Home Agents List, reset its lifetime and preference to the
values determined above.
- If the link-local address of the home agent sending this
Advertisement, as determined above, is not already present in the
Home Agents List maintained by the receiving mobile node, and
the lifetime for the sending home agent, as determined above,
is non-zero, create a new entry in the list, and initialize its
lifetime and preference to the values determined above.
- If the Home Agents List entry for the link-local address of
the home agent sending this Advertisement was not deleted as
described above, determine any global address(es) of the home
agent based on each Prefix Information option received in
this Advertisement in which the Router Address (R) bit is set
(Section 6.2). For each such global address determined from this
Advertisement, add this global address to the list of global
addresses for this home agent in this Home Agents List entry.
A mobile node SHOULD maintain an entry in its Home Agents List for
each such valid home agent address until that entry's lifetime
expires, after which time the entry MUST be deleted.
10.6. Forming New Care-of Addresses
After detecting that it has moved from one link to another (i.e., its After detecting that it has moved from one link to another (i.e., its
current default router has become unreachable and it has discovered current default router has become unreachable and it has discovered
a new default router), a mobile node SHOULD form a new primary a new default router), a mobile node SHOULD form a new primary
care-of address using one of the on-link subnet prefixes advertised care-of address using one of the on-link subnet prefixes advertised
by the new router. A mobile node MAY form a new primary care-of by the new router. A mobile node MAY form a new primary care-of
address at any time, except that it MUST NOT do so too frequently. address at any time, except that it MUST NOT do so too frequently.
Specifically, a mobile node MUST NOT send a Binding Update about a Specifically, a mobile node MUST NOT send a Binding Update about a
new care-of address to its home agent (which is required to register new care-of address to its home agent (which is required to register
the new address as its primary care-of address) more often than once the new address as its primary care-of address) more often than once
skipping to change at page 114, line 29 skipping to change at page 124, line 29
node MAY form a new (non-primary) care-of address using that subnet node MAY form a new (non-primary) care-of address using that subnet
prefix, even when it has not switched to a new default router. A prefix, even when it has not switched to a new default router. A
mobile node can have only one primary care-of address at a time mobile node can have only one primary care-of address at a time
(which is registered with its home agent), but it MAY have an (which is registered with its home agent), but it MAY have an
additional care-of address for any or all of the prefixes on its additional care-of address for any or all of the prefixes on its
current link. Furthermore, since a wireless network interface may current link. Furthermore, since a wireless network interface may
actually allow a mobile node to be reachable on more than one link at actually allow a mobile node to be reachable on more than one link at
a time (i.e., within wireless transmitter range of routers on more a time (i.e., within wireless transmitter range of routers on more
than one separate link), a mobile node MAY have care-of addresses than one separate link), a mobile node MAY have care-of addresses
on more than one link at a time. The use of more than one care-of on more than one link at a time. The use of more than one care-of
address at a time is described in Section 10.20. address at a time is described in Section 11.4.3.
As described in Section 4, in order to form a new care-of address, As described in Section 4, in order to form a new care-of address,
a mobile node MAY use either stateless [35] or stateful (e.g., a mobile node MAY use either stateless [33] or stateful (e.g.,
DHCPv6 [2]) Address Autoconfiguration. If a mobile node needs to DHCPv6 [2]) Address Autoconfiguration. If a mobile node needs to
send packets as part of the method of address autoconfiguration, send packets as part of the method of address autoconfiguration,
it MUST use an IPv6 link-local address rather than its own IPv6 it MUST use an IPv6 link-local address rather than its own IPv6
home address as the Source Address in the IPv6 header of each such home address as the Source Address in the IPv6 header of each such
autoconfiguration packet. autoconfiguration packet.
In some cases, a mobile node may already know a (constant) IPv6 In some cases, a mobile node may already know a (constant) IPv6
address that has been assigned to it for its use only while address that has been assigned to it for its use only while
visiting a specific foreign link. For example, a mobile node may be visiting a specific foreign link. For example, a mobile node may be
statically configured with an IPv6 address assigned by the system statically configured with an IPv6 address assigned by the system
administrator of some foreign link, for its use while visiting that administrator of some foreign link, for its use while visiting that
link. If so, rather than using Address Autoconfiguration to form a link. If so, rather than using Address Autoconfiguration to form a
new care-of address using this subnet prefix, the mobile node MAY use new care-of address using this subnet prefix, the mobile node MAY use
its own pre-assigned address as its care-of address on this link. its own pre-assigned address as its care-of address on this link.
After forming a new care-of address, a mobile node MAY perform After forming a new care-of address, a mobile node MAY perform
Duplicate Address Detection [35] on that new address to confirm its Duplicate Address Detection [33] on that new address to confirm its
uniqueness. However, doing so represents a tradeoff between safety uniqueness. However, doing so represents a trade-off between safety
(ensuring that the new address is not used if it is a duplicate (ensuring that the new address is not used if it is a duplicate
address) and overhead (performing Duplicate Address Detection address) and overhead (performing Duplicate Address Detection
requires the sending of one or more additional packets over what requires the sending of one or more additional packets over what
may be, for example, a slow wireless link through which the mobile may be, for example, a slow wireless link through which the mobile
node is connected). Performing Duplicate Address Detection also in node is connected). Performing Duplicate Address Detection also in
general would cause a delay before the mobile node could use the general would cause a delay before the mobile node could use the
new care-of address, possibly causing the mobile node to be unable new care-of address, possibly causing the mobile node to be unable
to continue communication with correspondent nodes for some period to continue communication with correspondent nodes for some period
of time. For these reasons, a mobile node, after forming a new of time. For these reasons, a mobile node, after forming a new
care-of address, MAY begin using the new care-of address without care-of address, MAY begin using the new care-of address without
skipping to change at page 115, line 21 skipping to change at page 125, line 21
Detection, although it SHOULD in most cases (e.g., unless network Detection, although it SHOULD in most cases (e.g., unless network
bandwidth or battery consumption for communication is of primary bandwidth or battery consumption for communication is of primary
concern) begin Duplicate Address Detection asynchronously when it concern) begin Duplicate Address Detection asynchronously when it
begins use of the address, allowing the Duplicate Address Detection begins use of the address, allowing the Duplicate Address Detection
procedure to complete in parallel with normal communication using the procedure to complete in parallel with normal communication using the
address. address.
In addition, normal processing for Duplicate Address Detection In addition, normal processing for Duplicate Address Detection
specifies that, in certain cases, the node SHOULD delay sending the specifies that, in certain cases, the node SHOULD delay sending the
initial Neighbor Solicitation message of Duplicate Address Detection initial Neighbor Solicitation message of Duplicate Address Detection
by a random delay between 0 and MAX_RTR_SOLICITATION_DELAY [20, 35]; by a random delay between 0 and MAX_RTR_SOLICITATION_DELAY [20, 33];
however, in this case, the mobile node SHOULD NOT perform such a however, in this case, the mobile node SHOULD NOT perform such a
delay in its use of Duplicate Address Detection, unless the mobile delay in its use of Duplicate Address Detection, unless the mobile
node is initializing after rebooting. node is initializing after rebooting.
10.7. Sending Binding Updates to the Home Agent 11.4.3. Using Multiple Care-of Addresses
After deciding to change its primary care-of address as described As described in Section 11.4.2, a mobile node MAY use more than one
in Sections 10.4 and 10.6, a mobile node MUST register this care-of care-of address at a time. Particularly in the case of many wireless
networks, a mobile node effectively might be reachable through
multiple links at the same time (e.g., with overlapping wireless
cells), on which different on-link subnet prefixes may exist. A
mobile node SHOULD select a primary care-of address from among those
care-of addresses it has formed using any of these subnet prefixes,
based on the movement detection mechanism in use, as described in
Section 11.4.1. When the mobile node selects a new primary care-of
address, it MUST register it with its home agent by sending it a
Binding Update with the Home Registration (H) and Acknowledge (A)
bits set, as described in Section 11.6.1.
To assist with smooth handovers, a mobile node SHOULD retain
its previous primary care-of address as a (non-primary) care-of
address, and SHOULD still accept packets at this address, even after
registering its new primary care-of address with its home agent.
This is reasonable, since the mobile node could only receive packets
at its previous primary care-of address if it were indeed still
connected to that link. If the previous primary care-of address was
allocated using stateful Address Autoconfiguration [2], the mobile
node may not wish to release the address immediately upon switching
to a new primary care-of address.
11.5. Return Routability Procedure
This section defines the rules that the mobile node must follow
when performing the return routability procedure. Appendix A
specifies also a (non-normative) state-machine that describes the
same procedure. Section 11.6.2 describes the rules when the return
routability procedure needs to be initiated.
11.5.1. Sending Home and Care-of Test Init Messages
A mobile node that initiates a return routability procedure MUST
send (in parallel) a Home Test Init message and a Care-of Test Init
messages. A Home Test Init message MUST be created as described
in Section 6.1.3. A Care-of Test Init message MUST be created as
described in Section 6.1.4.
When sending a Home Test Init or Care-of Test Init message the mobile
node MUST record in its Binding Update List the following fields from
the messages:
- The IP address of the node to which the message was sent.
- The home address for which the binding is desired. This value
will appear in the Source Address field of the Home Test Init
message.
- The time at which each of these messages was sent.
- The mobile cookie used in the messages.
11.5.2. Receiving Return Routability Messages
Upon receiving a packet carrying a Home Test message, a mobile node
MUST validate the packet according to the following tests:
- The Header Len field in the Mobility Header is greater than or
equal to the length specified in Section 6.1.5.
- The Source Address of the packet belongs to a correspondent
node for which the mobile node has a Binding Update List entry
with a state indicating that return routability procedure is in
progress.
- The Binding Update List indicates that no home cookie has been
received yet.
- The Destination Address of the packet has the home address of the
mobile node, and the packet has been received in a tunnel from
the home agent.
- The Mobile Cookie field in the message matches the value stored
in the Binding Update List.
Any Home Test message not satisfying all of these tests MUST be
silently ignored. Otherwise, the mobile node MUST record the Home
Nonce Index and Home Cookie in the Binding Update List. If the
Binding Update List entry does not have a Care-of Cookie, the mobile
node SHOULD continue waiting for additional messages.
Upon receiving a packet carrying a Care-of Test message, a mobile
node MUST validate the packet according to the following tests:
- The Header Len field in the Mobility Header is greater than or
equal to the length specified in Section 6.1.6.
- The Source Address of the packet belongs to a correspondent
node for which the mobile node has a Binding Update List entry
with a state indicating that return routability procedure is in
progress.
- The Binding Update List indicates that no care-of cookie has been
received yet.
- The Destination Address of the packet is the current care-of
address of the mobile node.
- The Mobile Cookie field in the message matches the value stored
in the Binding Update List.
Any Care-of Test message not satisfying all of these tests MUST be
silently ignored. Otherwise, the mobile node MUST record the Care-of
Nonce Index and Care-of Cookie in the Binding Update List. If the
Binding Update List entry does not have a Home Cookie, the mobile
node SHOULD continue waiting for additional messages.
If after receiving either the Home Test or the Care-of Test message
and performing the above actions, the Binding Update List entry
has both the Home and the Care-of Cookies, the return routability
procedure is complete. The mobile node SHOULD then proceed with
sending a Binding Update message as described in Section 11.6.2.
Correspondent nodes from the time before this specification was
published may not not support the Mobility Header protocol. These
nodes will respond to Home Test Init and Care-of Test Init messages
with an ICMP Parameter Problem code 1. The mobile node SHOULD
take such messages as an indication that the correspondent node
can not provide route optimization, and revert back to the use of
bidirectional routing.
11.5.3. Retransmitting in the Return Routability Procedure
The mobile node is responsible for retransmissions in the return
routability procedure.
When the mobile node sends a Home Test Init or Care-of Test Init
message, it has to determine a value for the initial retransmission
timer. It should use the specified value of INITIAL_BINDACK_TIMEOUT
for this initial retransmission timer.
If, after sending either a Home Test Init or Care-of Test Init
message and the mobile node fails to receive a valid, matching
Home Test or Care-of Test message within the selected initial
retransmission interval, the mobile node SHOULD retransmit
the original message, until a valid answer is received. The
retransmissions by the mobile node MUST use an exponential
back-off process, in which the timeout period is doubled upon each
retransmission until either the node receives a valid response or the
timeout period reaches the value MAX_BINDACK_TIMEOUT.
11.5.4. Rate Limiting for Return Routability Procedure
A mobile node MUST NOT send Home Test Init or Care-of Test
Init messages to any individual node more often than once per
MAX_UPDATE_RATE seconds. After sending MAX_FAST_UPDATES consecutive
messages to a particular node with the same care-of address, the
mobile node SHOULD reduce its rate of sending these messages to that
node, to the rate of SLOW_UPDATE_RATE per second. The mobile node
MAY continue to send these messages at this slower rate indefinitely,
in hopes that the node will eventually be able to complete the return
routability procedure.
11.6. Processing Bindings
11.6.1. Sending Binding Updates to the Home Agent
After deciding to change its primary care-of address as described in
Sections 11.4.1 and 11.4.2, a mobile node MUST register this care-of
address with its home agent in order to make this its primary care-of address with its home agent in order to make this its primary care-of
address. To do so, the mobile node sends a packet to its home agent address. To do so, the mobile node sends a packet to its home agent
containing a Binding Update option, with the packet constructed as containing a Binding Update message, with the packet constructed as
follows: follows:
- The Home Registration (H) bit MUST be set in the Binding Update. - The Home Registration (H) bit MUST be set in the Binding Update.
- The Acknowledge (A) bit MUST be set in the Binding Update. - The Acknowledge (A) bit MUST be set in the Binding Update.
- The packet MUST contain a Home Address option, giving the mobile - The packet MUST contain a Home Address destination option, giving
node's home address for the binding. the mobile node's home address for the binding.
- The care-of address for the binding MUST be used as the Source - The care-of address for the binding MUST be used as the Source
Address in the packet's IPv6 header, unless an Alternate Care-of Address in the packet's IPv6 header, unless an Alternate Care-of
Address sub-option is included in the Binding Update option. Address mobility option is included in the Binding Update
message.
- The `S' bit is set to the zero to request the mobile node's home - The `S' bit is set to the zero to request the mobile node's home
agent to serve as a home agent for all home addresses for the agent to serve as a home agent for all home addresses for the
mobile node based on all on-link subnet prefixes on the home mobile node based on all on-link subnet prefixes on the home
link; this is the default behavior. If the mobile node desires link; this is the default behavior. If the mobile node desires
that only a single home address should be affected by this that only a single home address should be affected by this
Binding Update, the `S' bit can be set to 1. Binding Update, the `S' bit can be set to 1.
- The value specified in the Lifetime field SHOULD be less than - The value specified in the Lifetime field SHOULD be less than
or equal to the remaining lifetime of the home address and the or equal to the remaining lifetime of the home address and the
care-of address specified for the binding. care-of address specified for the binding.
The Acknowledge (A) bit in the Binding Update requests the home agent The Acknowledge (A) bit in the Binding Update requests the home agent
to return a Binding Acknowledgement in response to this Binding to return a Binding Acknowledgement in response to this Binding
Update. As described in Section 5.1.8, the mobile node SHOULD Update. As described in Section 6.1.8, the mobile node SHOULD
retransmit this Binding Update to its home agent until it receives retransmit this Binding Update to its home agent until it receives
a matching Binding Acknowledgement. Once reaching a retransmission a matching Binding Acknowledgement. Once reaching a retransmission
timeout period of MAX_BINDACK_TIMEOUT, the mobile node SHOULD restart timeout period of MAX_BINDACK_TIMEOUT, the mobile node SHOULD restart
the process of delivering the Binding Update, but trying instead the the process of delivering the Binding Update, but trying instead the
next Home Agent from its Home Agent list (see section 10.8). If next home agent from its Home Agents List (see Section 11.3.2). If
there is only one home agent in the Home Agent list, the mobile node there is only one home agent in the Home Agents List, the mobile node
instead SHOULD continue to periodically retransmit the Binding Update instead SHOULD continue to periodically retransmit the Binding Update
at this rate until acknowledged (or until it begins attempting to at this rate until acknowledged (or until it begins attempting to
register a different primary care-of address). See section 10.12 for register a different primary care-of address). See Section 11.6.8
information about retransmitting Binding Updates. for information about retransmitting Binding Updates.
The Prefix Length field in the Binding Update allows the mobile node Depending on the value of the Single Address Only (S) bit in the
to request its home agent to serve all home addresses for the mobile Binding Update, the home agent is requested to serve either a single
node, as indicated by the interface identifier in the mobile node's home address or all home home addresses for the mobile node. Until
home address (the remaining low-order bits after the indicated subnet the lifetime of this registration expires, the home agent considers
prefix), together with each on-link subnet prefix on the home link. itself the home agent for each such home address of the mobile node.
Until the lifetime of this registration expires, the home agent As the set of on-link subnet prefixes on the home link changes over
considers itself the home agent for each such home address of the time, the home agent changes the set of home addresses for this
mobile node. As the set of on-link subnet prefixes on the home link mobile node for which it is serving as the home agent.
changes over time, the home agent changes the set of home addresses
for this mobile node for which it is serving as the home agent. Each Binding Update MUST be authenticated as coming from the right
mobile node, as defined in Section 5.4. The mobile node MUST use a
Home Address destination option in Binding Updates sent to the home
agent in order to allow the IPsec policies to be matched with the
right home address. The home address in the Home Address destination
option and the Binding Update message MUST be equal (and this will be
checked by the home agent).
When sending a Binding Update to its home agent, the mobile node MUST When sending a Binding Update to its home agent, the mobile node MUST
also create or update the corresponding Binding Update List entry, as also create or update the corresponding Binding Update List entry, as
specified in Section 10.9. specified in Section 11.6.2.
The last Sequence Number value sent to the home agent in a Binding
Update is stored by the mobile node. If the sending mobile node has
no knowledge of the right Sequence Number value, it may start at any
value. If the home agent rejects the value, it sends back a Binding
Acknowledgement with status code 141, and the last accepted sequence
number in the Sequence Number field of the Binding Acknowledgement.
The mobile node MUST store this information and use the next Sequence
Number value for the next Binding Update it sends.
If the mobile node has additional home addresses using a different If the mobile node has additional home addresses using a different
interface identifier, then the mobile node SHOULD send an additional interface identifier, then the mobile node SHOULD send an additional
packet containing a Binding Update to its home agent to register the packet containing a Binding Update to its home agent to register the
care-of address for each such other home address (or set of home care-of address for each such other home address (or set of home
addresses sharing an interface identifier). These additional Binding addresses sharing an interface identifier).
Updates MUST each be sent as a separate packet. Each care-of address
MUST be authenticated within the Binding Update as coming from the
home address being associated with the care-of address, as defined in
Section 4.5.
While the mobile node is away from home, it relies on the home agent While the mobile node is away from home, it relies on the home agent
to participate in Duplicate Address Detection (DAD) to defend its to participate in Duplicate Address Detection (DAD) to defend its
home address against stateless autoconfiguration performed by another home address against stateless autoconfiguration performed by another
node. Therefore, the mobile node SHOULD set the Duplicate Address node. Therefore, the mobile node SHOULD set the Duplicate Address
Detection (D) bit based on any requirements for DAD that would apply Detection (D) bit based on any requirements for DAD that would apply
to the mobile node if it were at home [20, 35]. If the mobile to the mobile node if it were at home [20][33]. If the mobile
node's recent Binding Update was accepted by the home agent, and the node's recent Binding Update was accepted by the home agent, and the
lifetime for that Binding Update has not yet expired, the mobile node lifetime for that Binding Update has not yet expired, the mobile node
SHOULD NOT set the `D' bit in the new Binding Update; the home agent SHOULD NOT set the `D' bit in the new Binding Update; the home agent
will already be defending the home address(es) of the mobile node and will already be defending the home address(es) of the mobile node and
does not need to perform DAD again. does not need to perform DAD again.
The home agent will only perform DAD for the mobile node's home The home agent will only perform DAD for the mobile node's home
address when the mobile node has supplied a valid binding between address when the mobile node has supplied a valid binding between
its home address and a care-of address. If some time elapses during its home address and a care-of address. If some time elapses during
which the mobile node has no binding at the home agent, it might be which the mobile node has no binding at the home agent, it might
possible for another node to autoconfigure the mobile node's home be possible for another node to autoconfigure the mobile node's
address. Therefore, the mobile node MUST treat creation of a new home address. Therefore, the mobile node MUST treat creation of
binding with the home agent using an existing home address the same a new binding with the home agent using an existing home address
as creation of a new home address. In the unlikely event that the the same as creation of a new home address. In the unlikely event
mobile node's home address is autoconfigured as the IPv6 address that the mobile node's home address is autoconfigured as the IPv6
of another network node on the home network, the home agent will address of another network node on the home network, the home agent
reply to the mobile node's subsequent Binding Update with a Binding will reply to the mobile node's subsequent Binding Update with a
Acknowledgement showing Status 138, Duplicate Address Detection Binding Acknowledgement containing a Status of 138, Duplicate Address
failed. In this case, the mobile node MUST NOT attempt to re-use Detection failed. In this case, the mobile node MUST NOT attempt to
the same home address. It SHOULD continue to register care-of re-use the same home address. It SHOULD continue to register care-of
addresses for its other home addresses, if any. The mobile node MAY addresses for its other home addresses, if any. The mobile node MAY
also attempt to acquire a new home address to replace the one for also attempt to acquire a new home address to replace the one for
which Status 138 was received, for instance by using the techniques which Status 138 was received, for instance by using the techniques
described in appendix B. described in Appendix B.
10.8. Dynamic Home Agent Address Discovery
Sometimes, when the mobile node needs to send a Binding Update to its
home agent to register its new primary care-of address, as described
in Section 10.7, the mobile node may not know the address of any
router on its home link that can serve as a home agent for it. For
example, some nodes on its home link may have been reconfigured while
the mobile node has been away from home, such that the router that
was operating as the mobile node's home agent has been replaced by a
different router serving this role.
In this case, the mobile node MAY attempt to discovery the address of
a suitable home agent on its home link. To do so, the mobile node
sends an ICMP Home Agent Address Discovery Request message to the
"Mobile IPv6 Home-Agents" anycast address [11] for its home subnet
prefix. This packet MUST NOT contain a Home Address option and must
be sent using the mobile node's care-of address as the Source Address
in the packet's IP header (the packet is sent from the care-of
address, not using Mobile IP). As described in Section 9.9, the home
agent on its home link that receives this Request message will return
an ICMP Home Agent Address Discovery Reply message, giving this home
agent's own global unicast IP address along with a list of the global
unicast IP address of each other home agent operating on the home
link.
The mobile node, upon receiving this Home Agent Address Discovery
Reply message, MAY then send its home registration Binding Update to
the home agent address given as the IP Source Address of the packet
carrying the Reply message or to any of the unicast IP addresses
listed in the Home Agent Addresses field in the Reply. For example,
if necessary, the mobile node MAY attempt its home registration
with each of these home agents, in turn, by sending each a Binding
Update and waiting for the matching Binding Acknowledgement, until
its registration is accepted by one of these home agents. In trying
each of the returned home agent addresses, the mobile node SHOULD try
each in the order listed in the Home Agent Addresses field in the
received Home Agent Address Discovery Reply message. If the home
agent identified by the Source Address field in the IP header of the
packet carrying the Home Agent Address Discovery Reply message is
not listed in the Home Agent Addresses field in the Reply, it SHOULD
be tried before the first address given in the list; otherwise, it
SHOULD be tried in its listed order.
If the mobile node has a current registration with some home agent 11.6.2. Correspondent Binding Procedure
on its home link (the Lifetime for that registration has not yet
expired), then the mobile node MUST attempt any new registration
first with that home agent. If that registration attempt fails
(e.g., times out or is rejected), the mobile node SHOULD then
reattempt this registration with another home agent on its home link.
If the mobile node knows of no other suitable home agent, then it MAY
attempt the dynamic home agent address discovery mechanism described
above.
If, after a mobile node transmits a Home Agent Address Discovery When the mobile node is assured that its home address is valid, it
Request message to the Home Agents Anycast address, it does not MAY at any time initiate a correspondent binding procedure with
receive a corresponding Home Agent Address Discovery Reply message the purpose of allowing the correspondent node to cache the mobile
within INITIAL_DHAAD_TIMEOUT seconds, the mobile node MAY retransmit node's current care-of address. The mobile node is responsible for
the same Request message to the same anycast address. This the initiation and completion of this procedure, as well as any
retransmission MAY be repeated up to a maximum of DHAAD_RETRIES retransmissions that may be needed (subject to the rate limiting
attempts. Each retransmission MUST be delayed by twice the time defined in Section 11.6.9).
interval of the previous retransmission.
10.9. Sending Binding Updates to Correspondent Nodes This section defines the rules that the mobile node must follow
when performing the correspondent binding procedure. Appendix A
specifies also a (non-normative) state-machine that describes the
same procedure.
When the mobile node is assured that its home address is valid, The mobile node can be assured that its home address is still valid,
it MAY send a Binding Update to any correspondent node at any for example, by the home agent's use the 'D' bit of Binding Updates
time to allow the correspondent node to cache the mobile node's (see Section 10.2). In any Binding Update sent by a mobile node,
current care-of address (subject to the rate limiting defined in the care-of address (either the Source Address in the packet's IPv6
Section 10.13). See for example the home agent's use the 'D' bit header or the Care-of Address in the Alternate Care-of Address
of Binding Updates (in section 9.1) for how the mobile node can be mobility option of the Binding Update) MUST be set to one of the
assured that its home address is still valid. In any Binding Update care-of addresses currently in use by the mobile node or to the
sent by a mobile node, the care-of address (either the Source Address mobile node's home address. A mobile node MAY set the care-of
in the packet's IPv6 header or the Care-of Address in the Alternate address differently for sending Binding Updates to different
Care-of Address Sub-Option of the Binding Update) MUST be set to one correspondent nodes.
of the care-of addresses currently in use by the mobile node or to
the mobile node's home address.
A mobile node MAY choose to keep its location private from certain A mobile node MAY choose to keep its location private from
correspondent nodes, and thus need not send new Binding Updates to certain correspondent nodes, and thus need not initiate the
those correspondents. A mobile node MAY also send a Binding Update return routability procedure, or send new Binding Updates to those
to such a correspondent node to instruct it to delete any existing correspondents. A mobile node MAY also send a Binding Update to
such a correspondent node to instruct it to delete any existing
binding for the mobile node from its Binding Cache, as described in binding for the mobile node from its Binding Cache, as described in
Section 5.1.7. No other IPv6 nodes are authorized to send Binding Section 6.1.7. However, all Binding Updates to the correspondent
Updates on behalf of a mobile node. node require the successful completion of the return routability
procedure first, as no other IPv6 nodes are authorized to send
Binding Updates on behalf of a mobile node.
If set to one of the mobile node's current care-of addresses (the If set to one of the mobile node's current care-of addresses (the
care-of address given MAY differ from the mobile node's primary care-of address given MAY differ from the mobile node's primary
care-of address), the Binding Update requests the correspondent node care-of address), the Binding Update requests the correspondent node
to create or update an entry for the mobile node in the correspondent to create or update an entry for the mobile node in the correspondent
node's Binding Cache to record this care-of address for use in node's Binding Cache in order to record this care-of address for use
sending future packets to the mobile node. In this case, the value in sending future packets to the mobile node. In this case, the
specified in the Lifetime field sent in the Binding Update SHOULD be value specified in the Lifetime field sent in the Binding Update
less than or equal to the remaining lifetime of the home address and SHOULD be less than or equal to the remaining lifetime of the home
the care-of address specified for the binding. address and the care-of address specified for the binding.
If, instead, the care-of address is set to the mobile node's home If, instead, the care-of address is set to the mobile node's home
address, the Binding Update requests the correspondent node to delete address, the Binding Update requests the correspondent node to delete
any existing Binding Cache entry that it has for the mobile node. any existing Binding Cache entry that it has for the mobile node.
A mobile node MAY set the care-of address differently for sending
Binding Updates to different correspondent nodes.
When sending any Binding Update, the mobile node MUST record in its
Binding Update List the following fields from the Binding Update:
- The IP address of the node to which the Binding Update was sent.
- The home address for which the Binding Update was sent (the value
in the Home Address option in the packet carrying the Binding
Update).
- The initial lifetime of the binding, initialized from the
Lifetime field sent in the Binding Update.
- The remaining lifetime of the binding, also initialized from
the Lifetime field sent in the Binding Update. This remaining
lifetime value counts down and may also be reduced when the
matching Binding Acknowledgement is received, based on the
Lifetime value specified in that Binding Acknowledgement, as
described in Section 10.14. When the remaining lifetime reaches
zero, the Binding Update List entry MUST be deleted.
The mobile node MUST retain in its Binding Update List information
about all Binding Updates sent, for which the lifetime of the binding
has not yet expired. However, when sending a Binding Update, if an
entry already exists in the mobile node's Binding Update List for
an earlier Binding Update sent to that same destination node, the
existing Binding Update List entry is updated to reflect the new
Binding Update rather than creating a new Binding Update List entry.
When a mobile node sends a Binding Update to its home agent When a mobile node sends a Binding Update to its home agent
to register a new primary care-of address (as described in to register a new primary care-of address (as described in
Section 10.7), the mobile node SHOULD also send a Binding Update Section 11.6.1), the mobile node SHOULD also start a return
to each other node for which an entry exists in the mobile node's routability procedure to each other node for which an entry exists
Binding Update List, as detailed below. Thus, other relevant nodes in the mobile node's Binding Update List, as detailed below. Upon
are generally kept updated about the mobile node's binding and can successful return routability procedure, a Binding Update message is
send packets directly to the mobile node using the mobile node's sent. Thus, other relevant nodes are generally kept updated about
current care-of address. the mobile node's binding and can send packets directly to the mobile
node using the mobile node's current care-of address.
The mobile node, however, need not send these Binding Updates The mobile node, however, need not initiate these actions immediately
immediately after configuring a new care-of address. For example, after configuring a new care-of address. For example, the mobile
since the Binding Update is a destination option and can be included node MAY delay initiating the return routability procedure to any
in any packet sent by a mobile node, the mobile node MAY delay correspondent node for a short period of time, if it isn't certain
sending a new Binding Update to any correspondent node for a that there's traffic to the correspondent node. This is particularly
short period of time, in hopes that the needed Binding Update useful if the mobile node anticipates that it is not going to stay
can be included in some packet that the mobile node sends to that long in this location.
correspondent node for some other reason (for example, as part of
some TCP connection in use). In this case, when sending a packet
to some correspondent node, the mobile node SHOULD check in its
Binding Update List to determine if a new Binding Update to this
correspondent node is needed, and SHOULD include the new Binding
Update in this packet as necessary.
In addition, when a mobile node receives a packet for which the In addition, when a mobile node receives a packet for which the
mobile node can deduce that the original sender of the packet either mobile node can deduce that the original sender of the packet either
has no Binding Cache entry for the mobile node, or a stale entry has no Binding Cache entry for the mobile node, or a stale entry
for the mobile node in its Binding Cache, the mobile node SHOULD for the mobile node in its Binding Cache, the mobile node SHOULD
return a Binding Update to the sender giving its current care-of initiate a return routability procedure with the sender, in order to
address (subject to the rate limiting defined in Section 10.13). finally update the sender's Binding Cache with the current care-of
In particular, the mobile node SHOULD return a Binding Update in address (subject to the rate limiting defined in Section 11.6.9).
response to receiving a packet that meets all of the following tests: In particular, the mobile node SHOULD initiate a return routability
procedure in response to receiving a packet that meets all of the
following tests:
- The packet was tunneled using IPv6 encapsulation. - The packet was tunneled using IPv6 encapsulation.
- The Destination Address in the tunnel (outer) IPv6 header is - The Destination Address in the tunnel (outer) IPv6 header is
equal to any of the mobile node's care-of addresses. equal to any of the mobile node's care-of addresses.
- The Destination Address in the original (inner) IPv6 header - The Destination Address in the original (inner) IPv6 header
is equal to one of the mobile node's home addresses; or this is equal to one of the mobile node's home addresses; or this
Destination Address is equal to one of the mobile node's previous Destination Address is equal to one of the mobile node's previous
care-of addresses for which the mobile node has an entry in its care-of addresses for which the mobile node has an entry in its
Binding Update List, representing an unexpired Binding Update Binding Update List, representing an unexpired Binding Update
sent to a home agent on the link on which its previous care-of sent to a home agent on the link on which its previous care-of
address is located (Section 10.11). address is located (Section 11.6.6).
- The Source Address in the tunnel (outer) IPv6 header differs from - The Source Address in the tunnel (outer) IPv6 header differs from
the Source Address in the original (inner) IPv6 header. the Source Address in the original (inner) IPv6 header.
The destination address to which the Binding Update should be sent The destination address to which the procedure should be initiated to
in response to receiving a packet meeting all of the above tests is in response to receiving a packet meeting all of the above tests is
the Source Address in the original (inner) IPv6 header of the packet. the Source Address in the original (inner) IPv6 header of the packet.
The home address for which this Binding Update is sent should be the The home address for which this Binding Update is sent should be the
Destination Address of the original (inner) packet. Destination Address of the original (inner) packet.
Binding Updates sent to correspondent nodes are not generally Binding Updates sent to correspondent nodes are not generally
required to be acknowledged. However, if the mobile node wants required to be acknowledged. However, if the mobile node wants
to be sure that its new care-of address has been entered into a to be sure that its new care-of address has been entered into a
correspondent node's Binding Cache, the mobile node MAY request an correspondent node's Binding Cache, the mobile node MAY request an
acknowledgement by setting the Acknowledge (A) bit in the Binding acknowledgement by setting the Acknowledge (A) bit in the Binding
Update. In this case, however, the mobile node SHOULD NOT continue Update. In this case, however, the mobile node SHOULD NOT continue
to retransmit the Binding Update once the retransmission timeout to retransmit the Binding Update once the retransmission timeout
period has reached MAX_BINDACK_TIMEOUT. period has reached MAX_BINDACK_TIMEOUT.
10.10. Receiving RR Messages The mobile node SHOULD create a Binding Update message as follows:
Upon receiving a packet carrying a HoT message, a mobile node MUST
validate the packet according to the following tests:
- The Header Len field in the Mobility Header is greater than or
equal to the length specified in Section 5.1.5.
- The Source Address of the packet belongs to a correspondent node
that the mobile node wishes to use Route Optimization with.
- The Source Address of the packet belongs to a correspondent
node for which the mobile node has a Binding Update List entry
with a state indicating that Return Routability procedure is in
progress.
- The Destination Address of the packet has the home address of the
mobile node, and the packet has been received in a tunnel from
the home agenet.
Any HoT not satisfying all of these tests MUST be silently ignored.
Otherwise, the mobile node MUST record the Home Nonce Index and Home
Cookie in the Binding Update List. If the Binding Update List entry
does not have a Care-of Cookie, the mobile node SHOULD continue
waiting for additional messages.
Upon receiving a packet carrying a CoT message, a mobile node MUST
validate the packet according to the following tests:
- The Header Len field in the Mobility Header is greater than or
equal to the length specified in Section 5.1.5.
- The Source Address of the packet belongs to a correspondent node
that the mobile node wishes to use Route Optimization with.
- The Source Address of the packet belongs to a correspondent
node for which the mobile node has a Binding Update List entry
with a state indicating that Return Routability procedure is in
progress.
- The Destination Address of the packet is the current care-of
address of the mobile node.
Any CoT not satisfying all of these tests MUST be silently ignored.
Otherwise, the mobile node MUST record the Care-of Nonce Index and
Care-of Cookie in the Binding Update List. If the Binding Update
List entry does not have a Home Cookie, the mobile node SHOULD
continue waiting for additional messages.
If after receiving either the HoT or the CoT message and performing
the above actions, the Binding Update List entry has both the Home
and the Care-of Cookies, the mobile node SHOULD send a Binding Update
message as described in Section 10.9.
10.11. Establishing Forwarding from a Previous Care-of Address
When a mobile node connects to a new link and forms a new care-of
address, it MAY establish forwarding of packets from a previous
care-of address to this new care-of address. To do so, the mobile
node sends a Binding Update to any home agent on the link on which
the previous care-of address is located, indicating this previous
care-of address as the home address for the binding, and giving its
new care-of address as the binding's care-of address. Such packet
forwarding allows packets destined to the mobile node from nodes that
have not yet learned the mobile node's new care-of address, to be
forwarded to the mobile node rather than being lost once the mobile
node is no longer reachable at this previous care-of address.
In constructing this Binding Update, the mobile node utilizes the
following specific steps:
- The Home Address field in the Home Address option in the packet
carrying the Binding Update MUST be set to the previous care-of
address for which packet forwarding is being established.
- The care-of address for the new binding MUST be set to the new
care-of address to which packets destined to the previous care-of
address are to be forwarded. Normally, this care-of address for
the binding is specified by setting the Source Address of the
packet carrying the Binding Update, to this address. However,
the mobile node MAY instead include an Alternate Care-of Address
sub-option in the Binding Update option, with its Alternate
Care-of Address field set to the care-of address for the binding.
- The Home Registration (H) bit MUST also be set in this Binding
Update, to request this home agent to temporarily act as a home
agent for this previous care-of address.
This home agent will thus tunnel packets for the mobile node (packets
destined to its specified previous care-of address) to its new
care-of address. All of the procedures defined for home agent
operation MUST be followed by this home agent for this registration.
Note that this home agent does not necessarily know (and need not
know) the mobile node's (permanent) home address as part of this
registration.
The packet carrying the Binding Update MUST be addressed to
this home agent's global unicast address. Normally, this global
unicast address is learned by the mobile node based on the Router
Advertisements received by the mobile node (Section 6.2) while
attached to the link on which this previous care-of address and this
home agent are located; the mobile node obtains this home agent
address from its Home Agents List (Section 4.7). Alternatively,
the mobile node MAY use dynamic home agent address discovery
(Section 10.8) to discover the global unicast address of a home agent
on this previous link, but it SHOULD use an address from its Home
Agents List if available for the prefix it used to form this previous
care-of address.
As with any packet containing a Binding Update (see section 5.1.7),
the Binding Update packet to this home agent MUST meet the
authentication requirements for Binding Updates, defined in
Section 4.5.
10.12. Retransmitting Binding Updates
When the mobile node sends a Binding Update, it has to determine - The Source Address of the IPv6 header MUST contain the current
a value for the initial retransmission timer. If the mobile node care-of address of the mobile node.
is changing or updating an existing binding at the home agent, it
should use the specified value of INITIAL_BINDACK_TIMEOUT for this
initial retransmission timer. If on the other hand the mobile node
does not have an existing binding at the home agent, it SHOULD use a
value for the initial retransmission timer that is at least 1.5 times
longer than (RetransTimer * DupAddrDetectTransmits). This value is
likely to be substantially longer than the otherwise specified value
of INITIAL_BINDACK_TIMEOUT that would be used by the mobile node.
This longer retransmission interval will allow the the home agent
to complete the DAD procedure which is mandated in this case, as
detailed in section 10.7.
If, after sending a Binding Update in which the care-of address has - The Destination Address of the IPv6 header MUST contain the
changed and the Acknowledge (A) bit is set, a mobile node fails address of the correspondent node.
to receive a valid, matching Binding Acknowledgement within the
selected initial retransmission interval, the mobile node SHOULD
retransmit the Binding Update, until a Binding Acknowledgement is
received. Such a retransmitted Binding Update MUST use a Sequence
Number value greater than that used for the previous transmission of
this Binding Update. The retransmissions by the mobile node MUST
use an exponential back-off process, in which the timeout period
is doubled upon each retransmission until either the node receives
a Binding Acknowledgement or the timeout period reaches the value
MAX_BINDACK_TIMEOUT.
10.13. Rate Limiting for Sending Binding Updates - The Mobility Header is constructed according to rules in
Section 6.1.7, including the authenticator field which is
calculated based on the received Home and Care-of Cookies.
A mobile node MUST NOT send Binding Updates about the same binding to The last Sequence Number value sent to a destination in a Binding
any individual node more often than once per MAX_UPDATE_RATE seconds. Update is stored by the mobile node in its Binding Update List entry
After sending MAX_FAST_UPDATES consecutive Binding Updates to a for that destination. If the sending mobile node has no Binding
particular node with the same care-of address, the mobile node SHOULD Update List entry, the Sequence Number SHOULD start at a random
reduce its rate of sending Binding Updates to that node, to the rate value. The mobile node MUST NOT use the same Sequence Number in two
of SLOW_UPDATE_RATE per second. The mobile node MAY continue to send different Binding Updates to the same correspondent node, even if the
Binding Updates at this slower rate indefinitely, in hopes that the Binding Updates provide different care-of addresses.
node will eventually be able to process a Binding Update and begin
to route its packets directly to the mobile node at its new care-of
address.
10.14. Receiving Binding Acknowledgements 11.6.3. Receiving Binding Acknowledgements
Upon receiving a packet carrying a Binding Acknowledgement, a mobile Upon receiving a packet carrying a Binding Acknowledgement, a mobile
node MUST validate the packet according to the following tests: node MUST validate the packet according to the following tests:
- The packet meets the authentication requirements for Binding - The packet meets the authentication requirements for Binding
Acknowledgements, defined in Section 4.5. Acknowledgements, defined in Sections 6.1.8 and 5. That is,
if the Binding Update was sent to the home agent, underlying
IPsec protection is used. If the Binding Update was sent to the
correspondent node, the authenticator field MUST be present and
have a valid value.
- The Option Length field in the Binding Acknowledgement option is - The Header Len field in the Binding Acknowledgement message is
greater than or equal to the length specified in Section 5.1.8. greater than or equal to the length specified in Section 6.1.8.
- The Sequence Number field matches the Sequence Number sent by the - The Sequence Number field matches the Sequence Number sent by the
mobile node to this destination address in an outstanding Binding mobile node to this destination address in an outstanding Binding
Update. Update.
Any Binding Acknowledgement not satisfying all of these tests MUST be Any Binding Acknowledgement not satisfying all of these tests MUST be
silently ignored, although the remainder of the packet (i.e., other silently ignored.
options, extension headers, or payload) SHOULD be processed normally
according to any procedure defined for that part of the packet.
When a mobile node receives a packet carrying a valid Binding When a mobile node receives a packet carrying a valid Binding
Acknowledgement, the mobile node MUST examine the Status field as Acknowledgement, the mobile node MUST examine the Status field as
follows: follows:
- If the Status field indicates that the Binding Update was - If the Status field indicates that the Binding Update was
accepted (the Status field is less than 128), then the mobile accepted (the Status field is less than 128), then the mobile
node MUST update the corresponding entry in its Binding Update node MUST update the corresponding entry in its Binding Update
List to indicate that the Binding Update has been acknowledged; List to indicate that the Binding Update has been acknowledged;
the mobile node MUST then stop retransmitting the Binding Update. the mobile node MUST then stop retransmitting the Binding Update.
skipping to change at page 125, line 32 skipping to change at page 134, line 40
the timer countdown beginning at the time that the Binding Update the timer countdown beginning at the time that the Binding Update
was sent. was sent.
- If the Status field indicates that the Binding Update was - If the Status field indicates that the Binding Update was
rejected (the Status field is greater than or equal to 128), then rejected (the Status field is greater than or equal to 128), then
the mobile node MUST delete the corresponding Binding Update List the mobile node MUST delete the corresponding Binding Update List
entry, and it MUST also stop retransmitting the Binding Update. entry, and it MUST also stop retransmitting the Binding Update.
Optionally, the mobile node MAY then take steps to correct the Optionally, the mobile node MAY then take steps to correct the
cause of the error and retransmit the Binding Update (with a new cause of the error and retransmit the Binding Update (with a new
Sequence Number value), subject to the rate limiting restriction Sequence Number value), subject to the rate limiting restriction
specified in Section 10.13. specified in Section 11.6.9.
10.15. Receiving Binding Requests 11.6.4. Receiving Binding Refresh Requests
When a mobile node receives a packet containing a Binding Refresh
Request message and there already exists a Binding Update List
entry for the source of the Binding Refresh Request, it MAY start
a return routability procedure (see Section 5) if it believes
the amount of traffic with the correspondent justifies the use of
Route Optimization. Note that the mobile node SHOULD NOT respond
Binding Requests from previously unknown correspondent nodes due to
Denial-of-Service concerns.
If the return routability procedure completes successfully, a
Binding Update message SHOULD be sent as described in Section 11.6.2.
When a mobile node receives a packet containing a Binding Request,
it SHOULD return to the sender a packet containing a Binding Update.
The Lifetime field in this Binding Update SHOULD be set to a new The Lifetime field in this Binding Update SHOULD be set to a new
lifetime, extending any current lifetime remaining from a previous lifetime, extending any current lifetime remaining from a previous
Binding Update sent to this node (as indicated in any existing Binding Update sent to this node (as indicated in any existing
Binding Update List entry for this node), except that this lifetime Binding Update List entry for this node), and lifetime SHOULD
MUST NOT exceed the remaining lifetime for the mobile node's primary again be less than or equal to the remaining lifetime of the home
care-of address registration at its home agent. When sending this registration and the care-of address specified for the binding. When
Binding Update, the mobile node MUST update its Binding Update List sending this Binding Update, the mobile node MUST update its Binding
in the same way as for any other Binding Update sent by the mobile Update List in the same way as for any other Binding Update sent by
node. the mobile node.
Note, however, that the mobile node MAY choose to keep its current
binding private from the sender of the Binding Request. In this
case, the mobile node instead SHOULD return a Binding Update to the
sender, in which the Lifetime field is set to zero and the care-of
address is set to the mobile node's home address.
If the Binding Request for which the Binding Update is being returned
contains a Unique Identifier Sub-Option, the Binding Update MUST also
include a Unique Identifier Sub-Option. The unique identifier in the
Sub-Option Data field of the Unique Identifier Sub-Option MUST be
copied from the unique identifier carried in the Binding Request.
10.16. Receiving ICMP Error Messages
10.17. Receiving ICMP Error Messages
The Option Type value for a Binding Update option specifies that
any node receiving this option that does not recognize the Option
Type SHOULD return an ICMP Parameter Problem, Code 2, message to
the sender of the packet containing the Binding Update option. If
a node sending a Binding Update receives such an ICMP error message
in response, it SHOULD record in its Binding Update List that future
Binding Updates SHOULD NOT be sent to this destination.
Likewise, although ALL IPv6 nodes (whether host or router, whether
mobile or stationary) MUST implement the ability to correctly process
received packets containing a Home Address option, all Option Type
values in IPv6 include a specification of the behavior that a node
receiving a packet containing this option performs if it does not
implement receipt of that type of option. For the Home Address
option, the Option Type value specifies that any node receiving
this option that does not recognize the Option Type SHOULD return
an ICMP Parameter Problem, Code 2, message to the sender of the
packet containing the Home Address option. If a mobile node receives
such an ICMP error message from some node indicating that it does
not recognize the mobile node's Home Address option, the mobile
node SHOULD log the error and then discard the ICMP message; this
error message indicates that the node to which the original packet
was addressed (the node returning the ICMP error message) does not
correctly implement this required part of the IPv6 protocol.
10.18. Sending Mobile Prefix Solicitations
When a mobile node has a home address that is about to become
invalid, it sends a Mobile Prefix Solicitation to its home agent
in an attempt to acquire fresh routing prefix information. The
new information also enables the mobile node to participate in
renumbering operations affecting the home network, as described in
section 9.7.
The mobile node SHOULD send a Solicitation to the home agent when Note, however, that the mobile node MAY choose to delete its binding
its home address will become invalid within MaxRtrAdvInterval from the sender of the Binding Refresh Request. In this case, the
seconds, where this value is acquired in a previous Mobile Prefix mobile node instead SHOULD return a Binding Update to the sender, in
Advertisement from the home agent. If no such value is known, the which the Lifetime field is set to zero and the care-of address is
value MAX_PFX_ADV_DELAY seconds is used instead (see section 11). set to the mobile node's home address.
If the mobile node does not have a valid home address available for If the Binding Refresh Request for which the Binding Update is being
use as the IP source address, it MAY use its care-of address (but returned contains a Unique Identifier mobility option, the resulting
there will not be a security association between the Home Agent Home Test Init, Care-of Test Init, and Update messages MUST also
and the care-of address for the corresponding Advertisement to be include a Unique Identifier mobility option. The unique identifier
authenticated). in the Option Data field of the Unique Identifier mobility option
MUST be copied from the unique identifier carried in the Binding
Refresh Request.
This solicitation follows the same retransmission rules specified for 11.6.5. Receiving Binding Error Messages
Router Solicitations [20], except that the initial retransmission
interval is specified to be INITIAL_SOLICIT_TIMER (see section 11).
10.19. Receiving Mobile Prefix Advertisements When a mobile node receives a packet containing a Binding Error
message, it should first check if the mobile node has a Binding
Update List entry for the the source of the Binding Error message.
If the mobile node does not have such entry, it MUST ignore the
message. This is necessary to prevent a waste of resources on e.g.
return routability procedure due to spoofed Binding Error messages.
Section 9.7 describes the operation of a home agent to support boot Otherwise, if the message Status field was 1 (Home Address
time configuration and renumbering a mobile node's home subnet while destination option used without a binding), the mobile node should
the mobile node is away from home. The home agent sends Mobile perform one of the following two actions:
Prefix Advertisement messages to the mobile node while away from
home, giving "important" Prefix Information options that describe
changes in the prefixes in use on the mobile node's home link.
When a mobile node receives a Mobile Prefix Advertisement, it MUST - If the mobile node does have a Binding Update List entry but
validate it according to the following tests: has recent upper layer progress information that indicates
communications with the correspondent node are progressing, it
MAY ignore the message. This can be done in order to limit the
damage that spoofed Binding Error messages can cause to ongoing
communications.
- The Source Address of the IP packet carrying the Mobile Prefix - If the mobile node does have a Binding Update List entry but
Advertisement is the same as the home agent address to which the no upper layer progress information, it MUST remove the entry
mobile node last sent an accepted "home registration" Binding and route further communications through the home agent. It
Update to register its primary care-of address. Otherwise, if MAY also optionally start a return routability procedure (see
no such registrations have been made, it SHOULD be the mobile Section 5.5).
node's stored home agent address, if one exists. Otherwise, if
the mobile node has not yet discovered its home agent's address,
it MUST NOT accept Mobile Prefix Advertisements.
- The packet MUST be protected by IPsec [14, 12, 13] to guard If the message Status field was 2 (received message had an unknown
against malicious prefix advertisements. The IPsec protection value for the MH Type field), the mobile node should perform one of
MUST provide sender authentication, data integrity protection, the following two actions:
and replay protection, covering the advertisement.
Any received Mobile Prefix Advertisement not meeting all of these - If the mobile node is not expecting an acknowledgement or
tests MUST be silently discarded. response from the correspondent node, the mobile node SHOULD
ignore this message.
If a received Mobile Prefix Advertisement is not discarded according - Otherwise, the mobile node SHOULD cease the use of any extensions
to the tests listed above, the mobile node MUST process the Prefix to this specification. If no extensions had been used, the
Information Options as if they arrived in a Router Advertisement mobile node should cease the attempt to use Route Optimization.
on the mobile node's home link [20]. Such processing may result
in the mobile node configuring a new home address, although due
to separation between preferred lifetime and valid lifetime, such
changes should not affect most communication by the mobile node, in
the same way as for nodes that are at home.
If the advertisement contains a Binding Request option, the mobile 11.6.6. Forwarding from a Previous Care-of Address
node SHOULD return a Binding Update, which will be viewed by the
home agent as an acknowledgement of the corresponding Mobile Prefix
Advertisement, which it can cease transmitting.
In addition, if processing of this Advertisement resulted in the When a mobile node connects to a new link and forms a new care-of
mobile node configuring a new home address, and if the method used address, it MAY establish forwarding of packets from a previous
for this new home address configuration would require the mobile node care-of address to this new care-of address. To do so, the mobile
to perform Duplicate Address Detection [35] for the new address if node sends a Binding Update to any home agent on the link on which
the mobile node were located at home, then the mobile node MUST set the previous care-of address is located, indicating this previous
the Duplicate Address Detection (D) bit in this Binding Update to care-of address as the home address for the binding, and giving its
its home agent, to request the home agent to perform this Duplicate new care-of address as the binding's care-of address. Such packet
Address Detection on behalf of the mobile node. forwarding allows packets destined to the mobile node from nodes that
have not yet learned the mobile node's new care-of address, to be
forwarded to the mobile node rather than being lost once the mobile
node is no longer reachable at this previous care-of address.
10.20. Using Multiple Care-of Addresses This Binding Update is sent to a home agent, albeit a temporary
one. Nevertheless, the authentication requirements for Binding
Updates from a mobile node to its home agent apply, as specified in
Section 11.6.1. This means that the mobile node MUST employ IPsec
ESP as specified further below.
As described in Section 10.6, a mobile node MAY use more than one In constructing this Binding Update, the mobile node utilizes the
care-of address at a time. Particularly in the case of many wireless following specific steps:
networks, a mobile node effectively might be reachable through
multiple links at the same time (e.g., with overlapping wireless
cells), on which different on-link subnet prefixes may exist. A
mobile node SHOULD select a primary care-of address from among those
care-of addresses it has formed using any of these subnet prefixes,
based on the movement detection mechanism in use, as described in
Section 10.4. When the mobile node selects a new primary care-of
address, it MUST register it with its home agent by sending it a
Binding Update with the Home Registration (H) and Acknowledge (A)
bits set, as described in Section 10.7.
To assist with smooth handovers, a mobile node SHOULD retain - The Home Address field in the Home Address destination option
its previous primary care-of address as a (non-primary) care-of in the packet carrying the Binding Update MUST be set to the
address, and SHOULD still accept packets at this address, even after previous care-of address for which packet forwarding is being
registering its new primary care-of address with its home agent. established.
This is reasonable, since the mobile node could only receive packets
at its previous primary care-of address if it were indeed still
connected to that link. If the previous primary care-of address was
allocated using stateful Address Autoconfiguration [2], the mobile
node may not wish to release the address immediately upon switching
to a new primary care-of address.
10.21. Routing Multicast Packets - The care-of address for the new binding MUST be set to the new
care-of address to which packets destined to the previous care-of
address are to be forwarded. Normally, this care-of address for
the binding is specified by setting the Source Address of the
packet carrying the Binding Update, to this address. However,
the mobile node MAY instead include an Alternate Care-of Address
mobility option in the Binding Update message, with its Alternate
Care-of Address field set to the care-of address for the binding.
A mobile node that is connected to its home link functions in the - The Home Registration (H) bit MUST also be set in this Binding
same way as any other (stationary) node. Thus, when it is at home, Update, to request this home agent to temporarily act as a home
a mobile node functions identically to other multicast senders and agent for this previous care-of address.
receivers. This section therefore describes the behavior of a mobile
node that is not on its home link.
In order to receive packets sent to some multicast group, a mobile This home agent will thus tunnel packets for the mobile node (packets
node must join that multicast group. One method by which a mobile destined to its specified previous care-of address) to its new
node MAY join the group is via a (local) multicast router on the care-of address. All of the procedures defined for home agent
foreign link being visited. The mobile node SHOULD use one of its operation MUST be followed by this home agent for this registration.
care-of addresses that shares a subnet prefix with the multicast Note that this home agent does not necessarily know (and need not
router, as the source IPv6 address of its multicast group membership know) the mobile node's (permanent) home address as part of this
control messages. The mobile node MUST insert a Home Address registration.
destination option in such outgoing multicast packets, so that any
multicast applications that depend on the address of the sending node
will correctly use the mobile node's home address for that value.
Alternatively, a mobile node MAY join multicast groups via a The packet carrying the Binding Update MUST be addressed to
bi-directional tunnel to its home agent. The mobile node tunnels its this home agent's global unicast address. Normally, this global
multicast group membership control packets to its home agent, and the unicast address is learned by the mobile node based on the Router
home agent forwards multicast packets down the tunnel to the mobile Advertisements received by the mobile node (Section 7.2) while
node. attached to the link on which this previous care-of address and this
home agent are located; the mobile node obtains this home agent
address from its Home Agents List (Section 4.4). Alternatively,
the mobile node MAY use dynamic home agent address discovery
(Section 10.9) to discover the global unicast address of a home agent
on this previous link, but it SHOULD use an address from its Home
Agents List if available for the prefix it used to form this previous
care-of address.
A mobile node that wishes to send packets to a multicast group As with any packet containing a Binding Update (see Section 6.1.7),
also has two options: (1) send directly on the foreign link being the Binding Update packet to this home agent MUST meet the
visited; or (2) send via a tunnel to its home agent. Because authentication requirements for Binding Updates, defined in
multicast routing in general depends upon the Source Address used in Section 5.4. Each Binding Update MUST be authenticated as coming
the IPv6 header of the multicast packet, a mobile node that tunnels a from the right mobile node. This means that the mobile node and the
multicast packet to its home agent MUST use its home address as the home agent MUST have a security association that employs IPsec ESP
IPv6 Source Address of the inner multicast packet. for protecting the Mobility Header with a non-null authentication
algorithm. The mobile node MUST use a Home Address destination
option in Binding Updates sent to the home agent in order to allow
the IPsec policies to be matched with the right home address. The
home address in the Home Address destination option and the Binding
Update message MUST be equal (and this will be checked by the home
agent), that is, it MUST be the mobile node's previous care-of
address for which forwarding is being established.
10.22. Returning Home 11.6.7. Returning Home
A mobile node detects that it has returned to its home link through A mobile node detects that it has returned to its home link through
the movement detection algorithm in use (Section 10.4), when the the movement detection algorithm in use (Section 11.4.1), when the
mobile node detects that its home subnet prefix is again on-link. mobile node detects that its home subnet prefix is again on-link.
The mobile node SHOULD then send a Binding Update to its home agent, The mobile node SHOULD then send a Binding Update to its home agent,
to instruct its home agent to no longer intercept or tunnel packets to instruct its home agent to no longer intercept or tunnel packets
for it. In this Binding Update, the mobile node MUST set the care-of for it. In this Binding Update, the mobile node MUST set the care-of
address for the binding (the Source Address field in the packet's address for the binding (the Source Address field in the packet's
IPv6 header) to the mobile node's own home address. As with other IPv6 header) to the mobile node's own home address. As with other
Binding Updates sent to register with its home agent, the mobile Binding Updates sent to register with its home agent, the mobile
node MUST set the Acknowledge (A) and Home Registration (H) bits, node MUST set the Acknowledge (A) and Home Registration (H) bits,
and SHOULD retransmit the Binding Update until a matching Binding and SHOULD retransmit the Binding Update until a matching Binding
Acknowledgement is received. Acknowledgement is received.
skipping to change at page 131, line 10 skipping to change at page 139, line 28
specifying the mobile node's link-layer address. The mobile node specifying the mobile node's link-layer address. The mobile node
MUST multicast such a Neighbor Advertisement message for each of its MUST multicast such a Neighbor Advertisement message for each of its
home addresses, as defined by the current on-link prefixes, including home addresses, as defined by the current on-link prefixes, including
its link-local address and site-local address. The Solicited its link-local address and site-local address. The Solicited
Flag (S) in these Advertisements MUST NOT be set, since they were Flag (S) in these Advertisements MUST NOT be set, since they were
not solicited by any Neighbor Solicitation message. The Override not solicited by any Neighbor Solicitation message. The Override
Flag (O) in these Advertisements MUST be set, indicating that the Flag (O) in these Advertisements MUST be set, indicating that the
Advertisements SHOULD override any existing Neighbor Cache entries at Advertisements SHOULD override any existing Neighbor Cache entries at
any node receiving them. any node receiving them.
Since multicasts on the local link (such as Ethernet) are typically Since multicasting on the local link (such as Ethernet) is typically
not guaranteed to be reliable, the mobile node MAY retransmit these not guaranteed to be reliable, the mobile node MAY retransmit these
Neighbor Advertisement messages up to MAX_ADVERT_REXMIT times to Neighbor Advertisement messages up to MAX_ADVERT_REXMIT times to
increase their reliability. It is still possible that some nodes on increase their reliability. It is still possible that some nodes on
the home link will not receive any of these Neighbor Advertisements, the home link will not receive any of these Neighbor Advertisements,
but these nodes will eventually be able to recover through use of but these nodes will eventually be able to recover through use of
Neighbor Unreachability Detection [20]. Neighbor Unreachability Detection [20].
11. Protocol Constants 11.6.8. Retransmitting Binding Updates
The mobile node is responsible for retransmissions in the binding
procedure.
When the mobile node sends a Binding Update message, it has to
determine a value for the initial retransmission timer. If the
mobile node is changing or updating an existing binding at the home
agent, it should use the specified value of INITIAL_BINDACK_TIMEOUT
for this initial retransmission timer. If on the other hand the
mobile node does not have an existing binding at the home agent, it
SHOULD use a value for the initial retransmission timer that is at
least 1.5 times longer than (RetransTimer * DupAddrDetectTransmits).
This value is likely to be substantially longer than the otherwise
specified value of INITIAL_BINDACK_TIMEOUT that would be used by the
mobile node. This longer retransmission interval will allow the the
home agent to complete the DAD procedure which is mandated in this
case, as detailed in Section 11.6.1.
If, after sending a Binding Update in which the care-of address has
changed and the Acknowledge (A) bit is set, a mobile node fails
to receive a valid, matching Binding Acknowledgement within the
selected initial retransmission interval, the mobile node SHOULD
retransmit the Binding Update, until a Binding Acknowledgement is
received. Such a retransmitted Binding Update MUST use a Sequence
Number value greater than that used for the previous transmission of
this Binding Update. The retransmissions by the mobile node MUST
use an exponential back-off process, in which the timeout period
is doubled upon each retransmission until either the node receives
a Binding Acknowledgement or the timeout period reaches the value
MAX_BINDACK_TIMEOUT.
11.6.9. Rate Limiting Binding Updates
A mobile node MUST NOT send Binding Update messages for the
same binding to any individual node more often than once per
MAX_UPDATE_RATE seconds. After sending MAX_FAST_UPDATES consecutive
messages to a particular node with the same care-of address, the
mobile node SHOULD reduce its rate of sending these messages to that
node, to the rate of SLOW_UPDATE_RATE per second. The mobile node
MAY continue to send these messages at this slower rate indefinitely,
in hopes that the node will eventually be able to process a Binding
Update, and begin to route its packets directly to the mobile node at
its new care-of address.
11.7. Receiving ICMP Error Messages
Any node receiving a Mobility header that does not recognize the
protocol SHOULD return an ICMP Parameter Problem, Code 1, message
to the sender of the packet. If a node performing the return
routability procedure or sending a Binding Update receives such an
ICMP error message in response, it SHOULD record in its Binding
Update List that future Binding Updates SHOULD NOT be sent to this
destination.
Correspondent nodes who have participated in the return routability
procedure MUST implement the ability to correctly process received
packets containing a Home Address option. Therefore, correctly
implemented correspondent nodes should always be able to recognize
Home Address options. If a mobile node receives an ICMP Parameter
Problem, Code 2, message from some node indicating the that the Home
Address option, the mobile node SHOULD log the error and then discard
the ICMP message.
12. Protocol Constants
HomeRtrAdvInterval 3,600 seconds HomeRtrAdvInterval 3,600 seconds
DHAAD_RETRIES 3 retransmissions DHAAD_RETRIES 3 retransmissions
INITIAL_BINDACK_TIMEOUT 1 second INITIAL_BINDACK_TIMEOUT 1 second
INITIAL_DHAAD_TIMEOUT 2 seconds INITIAL_DHAAD_TIMEOUT 2 seconds
INITIAL_SOLICIT_TIMER 2 seconds INITIAL_SOLICIT_TIMER 2 seconds
MAX_ADVERT_REXMIT 3 transmissions
MAX_BINDACK_TIMEOUT 256 seconds MAX_BINDACK_TIMEOUT 256 seconds
MAX_UPDATE_RATE once per second MAX_COOKIE_LIFE 240 seconds
MAX_FAST_UPDATES 5 transmissions MAX_FAST_UPDATES 5 transmissions
MAX_ADVERT_REXMIT 3 transmissions
MAX_PFX_ADV_DELAY 1,000 seconds MAX_PFX_ADV_DELAY 1,000 seconds
MAX_RR_BINDING_LIFE 300 seconds
MAX_UPDATE_RATE once per second
PREFIX_ADV_RETRIES 3 retransmissions PREFIX_ADV_RETRIES 3 retransmissions
PREFIX_ADV_TIMEOUT 5 seconds PREFIX_ADV_TIMEOUT 5 seconds
SLOW_UPDATE_RATE once per 10 second interval SLOW_UPDATE_RATE once per 10 second interval
12. Future Extensions
12.1. Piggybacking
This document does not specify how to piggyback payload on the
binding related messages. However, it is envision that this can be
specified in a separate document when currently discussed issues such
as the interaction between piggybacking and IPsec are fully resolved
(see also Section 12.3).
The idea is to use the Flag field in the HoTI message so that the MN
can indicate that it supports the receipt of piggybacked messages,
use the Flag field in the HoT message for the CN to indicate that
it can support the receipt of piggybacked messages, and then carry
the piggybacked payload after the MH header by specifying a payload
protocol type other than NO_NXTHDR (59).
Until such a separate specification exists implementations conforming
to this specification MUST set the payload protocol type to NO_NXTHDR
(59 decimal).
12.2. Triangular Routing and Unverified HAOs
Due to the concerns about opening up reflection attacks with the home
address option this specification requires that this option must be
verified against the binding cache i.e. there must be a binding
cache entry for the Home Address and Care-of Address.
Future extensions may be specified that allow the use of unverified
home address options in ways that do not introduce security issues.
12.3. New Authorization Methods beyond RR
While the RR method provides a good level of security, there exists
methods that have even higher level of security. Secondly, as
discussed in Section 14.3, future enhancements of IPv6 security may
cause a need to improve also the security of RR. The question is then
what is the method to securely agree on the use of another method,
while still allowing RR for some hosts during a transition period.
In some cases, a third party can help to make this selection. But
in general infrastructureless methods have little information beyond
the exchanged messages and their contents. For these reasons, this
specification requires a protection mechanism for selecting between
RR and potential other future mechanisms (see Section ??). This
isn't
Using IPsec as the sole method for authorizing Binding Updates
to correspondent nodes is also possible. The protection of the
Mobility Header for this purpose is easy, though one must ensure
that the IPsec SA was created with appropriate authorization to use
the home address referenced in the Binding Update. For instance,
a certificate used by IKE to create the security association might
contain the home address. A future specification may specify how
this is done.
13. IANA Considerations 13. IANA Considerations
This document defines a new IPv6 protocol, the Mobility Header, This document defines a new IPv6 protocol, the Mobility Header,
described in Section 5.1. This protocol must be assigned a protocol described in Section 6.1. This protocol must be assigned a protocol
number. The MH Type field in the Mobility Header is used to indicate number. The MH Type field in the Mobility Header is used to indicate
a particular type of a message. The current message types are a particular type of a message. The current message types are
described in Sections 5.1.2 to 5.1.9, and include the following: described in Sections 6.1.2 through 6.1.9, and include the following:
0 Binding Request 0 Binding Refresh Request
1 HoA Test Init 1 Home Test Init
2 CoA Test Init 2 Care-of Test Init
3 HoA Test 3 Home Test
4 CoA Test 4 Care-of Test
5 Binding Update 5 Binding Update
6 Binding Acknowledgement 6 Binding Acknowledgement
7 Binding Missing 7 Binding Error
Future values of the MH Type can be allocated using standards Future values of the MH Type can be allocated using standards
action [19]. action [19].
Furthermore, each Mobility Header message may contain parameters as Furthermore, each Mobility Header message may contain mobility
described in Section 5.2. The current parameters are defined in options as described in Section 6.2. The current mobility options
Sections 5.2.2 to 5.2.5, and include the following: are defined in Sections 6.2.2 through 6.2.5, and include the
following:
0 Pad1 0 Pad1
1 PadN 1 PadN
2 Unique Identifier 2 Unique Identifier
3 Alternate Care-of Address 3 Alternate Care-of Address
Future values of the Parameter Type can be allocated using standards 4 Nonce Indices
action [19].
This document also defines a new IPv6 destination option, the 5 Authorization Data
Home Address option, described in Section 5.3. This option must
be assigned an Option Type value. This destination option may
also contain sub-options as described in Section 5.5. The current
sub-options are specified in Sections 5.5.1 to 5.5.2, and include the
following:
0 Pad1 sub-option Future values of the Option Type can be allocated using standards
action [19].
1 PadN sub-option This document also defines a new IPv6 destination option, the Home
Address option, described in Section 6.3. This option must be
assigned an Option Type value.
This document also defines a new IPv6 Routing Header type, 2, This document also defines a new IPv6 Type 2 Routing Header,
described in Section 5.4. The value 2 is allocated by IANA when this described in Section 6.4. The value 2 must be allocated by IANA when
specification becomes an RFC. this specification becomes an RFC.
In addition, this document defines four ICMP message types, two used In addition, this document defines four ICMP message types, two used
as part of the dynamic home agent address discovery mechanism and as part of the dynamic home agent address discovery mechanism and
two used in lieu of router solicitations and advertisements when the two used in lieu of router solicitations and advertisements when the
mobile node is away from the home link: mobile node is away from the home link:
- The Home Agent Address Discovery Request message, described in - The Home Agent Address Discovery Request message, described in
Section 5.6; Section 6.5;
- The Home Agent Address Discovery Reply message, described in - The Home Agent Address Discovery Reply message, described in
Section 5.7; Section 6.6;
- The Mobile Prefix Solicitation message, described in Section 5.8; - The Mobile Prefix Solicitation message, described in Section 6.7;
and and
- The Mobile Prefix Advertisement message, described in - The Mobile Prefix Advertisement message, described in
Section 5.9. Section 6.8.
This document also defines two new Neighbor Discovery [20] options, This document also defines two new Neighbor Discovery [20] options,
which must be assigned Option Type values within the option numbering which must be assigned Option Type values within the option numbering
space for Neighbor Discovery messages: space for Neighbor Discovery messages:
- The Advertisement Interval option, described in Section 6.3; and - The Advertisement Interval option, described in Section 7.3; and
- The Home Agent Information option, described in Section 6.4. - The Home Agent Information option, described in Section 7.4.
14. Security Considerations 14. Security Considerations
14.1. Security for the Tunneling to and from the Home Agent 14.1. Security for the Tunneling to and from the Home Agent
The use of IPsec ESP to protects payload packets tunneled to the Binding updates to the home agents are secure. When receiving
mobile node from the home agent and reverse tunneled back to the tunneled traffic the home agent verifies the outer IP address
home agent. While this specification does not mandate the use of corresponds to the current location of the mobile node. This
ESP, it is highly recommended due to unauthenticated tunnels opening prevents attacks where the attacker is controlled by ingress
a flexible reflection device to attackers, even if Mobile IPv6 filtering, as well as attacks where the attacker does not know the
signaling such as Binding Updates are not affected. current care-of address of the mobile node. Attackers who know the
care-of address and are not controlled by ingress filtering could
still send traffic through the home agent. This includes attackers
on the same local link as the mobile node is currently on. But such
attackers could also send spoofed packets without using a tunnel.
It is possible to use IPsec ESP to protect payload packets tunneled
to the mobile node and back. While this specification does not
mandate the use of ESP, its use is recommended to protect the payload
communications against attackers on the path between the home agent
and the current location of the mobile node.
When site local home address are used, reverse tunneling can be used
to send site local traffic from another location. Administrators
should be aware of this when allowing such home addresses. In
particular, the outer IP address check described above is not
sufficient against all attackers and the use of encrypted tunnels is
particularly useful for this kind of home addresses.
14.2. Security for the Binding Updates to the Home Agent 14.2. Security for the Binding Updates to the Home Agent
The use of IPsec ESP to protect Mobility Header messages between the The use of IPsec ESP to protect Mobility Header messages between
mobile node and the home agent protects the integrity of the Binding the mobile node and the home agent protects the integrity of the
Updates and Binding Acknowledgements. If manually keyed IPsec is Binding Updates and Binding Acknowledgements. Sequence numbers with
used, it does not, however, protect against Binding Update replays. the Mobile IPv6 messages ensure correct ordering (see Section 5.4).
Replay protection is provided by the application layer sequence However, if a home agent reboots and loses its state regarding the
number described in Section 4.5.4. sequence numbers, replay attacks become possible. If the home agent
is vulnerable to this, the use of a key management mechanism together
with IPsec can be used to prevent replay attacks.
14.3. Security for the Binding Updates to the Correspondent Nodes 14.3. Security for the Binding Updates to the Correspondent Nodes
The introduction of home address and care-of-address based return The use of home address and care-of-address based return routability
routability (RR) tests prevent any off-path attacks beyond those that tests prevents any off-path attacks beyond those that are already
are already possible in basic IPv6 [23]. possible in basic IPv6 [23].
Protection against attackers on the home agent link and the Protection against attackers on the home agent link and the
correspondent node link, as well as on the path between, are correspondent node link, as well as on the path between, are
roughly similar to the situation in existing IPv6 as well. However, roughly similar to the situation in existing IPv6 as well. However,
one difference is that in basic IPv6 an on-path attacker must be one difference is that in basic IPv6 an on-path attacker must be
constantly present on the link or the path (in order to perform e.g. constantly present on the link or the path (e.g., in order to perform
a man-in-the-middle attack), whereas with Mobile IPv6 an attacker can a man-in-the-middle attack), whereas with Mobile IPv6 an attacker
leave an existing binding behind, even after it is no longer on the can leave an existing binding behind, even after it is no longer on
link or on the path [23]. For this reason, this specification limits the link or on the path [23]. For this reason, this specification
the validity of RR authorized bindings to a maximum of five minutes limits the validity of bindings authorized by return routability to
after the last RR check has been performed. a maximum of MAX_COOKIE_LIFE + MAX_RR_BINDING_LIFE seconds after the
last routability check has been performed.
In practice the easiest attacks on the path between the Home Agent The path between the home agent and a correspondent node is typically
and a correspondent node is when multi-access links exist at either easiest to attack on the links at either end, in particular if these
node; a correspondent node on a public access wireless LAN would be links are publicly accessible wireless LANs. Attacks against the
a good example. There are attacks that can be launched on routers routers or switches on the path are typically harder to accomplish.
or switches on the path as well but those seem to be harder in many Thus, the weakest points are typically on the links at either end,
cases. Thus, the weakest places are typically in layer 2 security as and their mechanisms for layer 2 security or IPv6 Neighbour and
well in IPv6 Neighbour and Router discovery on multi-access links. Router Discovery. If these were secured using some new technology in
If these were secured using some new technology in the future, this the future, this could make the key establishment mechanism specified
would make Mobile IPv6 an easier route for attackers to use. For in this document to be an easier route for attackers to use. For
this reason, this specification requires a protection mechanism for this reason, this specification should have a protection mechanism
selecting between RR and potential other future mechanisms (see for selecting between return routability and potential other future
Section ??). mechanisms.
14.4. Security for the Home Address Option 14.4. Security for the Home Address Destination Option
The use of the Home Address option allows packets sent by a mobile The use of the Home Address destination option allows packets sent by
node to pass normally through routers implementing ingress filtering a mobile node to pass normally through routers implementing ingress
[7]. Since the care-of address used in the Source Address field of filtering [7]. Since the care-of address used in the Source Address
the packet's IPv6 header is topologically correct for the sending field of the packet's IPv6 header is topologically correct for the
location of the mobile node, ingress filtering can trace the sending location of the mobile node, ingress filtering can trace the
location of the mobile node in the same way as can be done with any location of the mobile node in the same way as can be done with any
sender when ingress filtering is in use. As this location does not sender when ingress filtering is in use. As this location does not
survive in the answers sent by the correspondent node, this document survive in replies sent by the correspondent node, this document
restricts the use of the Home Address Option to those situations restricts the use of the Home Address option to those situations
where a binding has been established, and the home address has agreed where a binding has been established with the participation of the
to the participation in the binding. This prevents reflection node at the home address. This prevents reflection attacks through
attacks through the use of the Home Address Option. the use of the Home Address option.
No special authentication of the Home Address option is required No special authentication of the Home Address option is required
beyond the above, except that if the IPv6 header of a packet is beyond the above, except that if the IPv6 header of a packet is
covered by authentication, then that authentication MUST also cover covered by authentication, then that authentication MUST also cover
the Home Address option; this coverage is achieved automatically by the Home Address option; this coverage is achieved automatically by
the definition of the Option Type code for the Home Address option the definition of the Option Type code for the Home Address option
(Section 5.3), since it indicates that the option is included in the (Section 6.3), since it indicates that the option is included in the
authentication computation. Thus, even when authentication is used authentication computation. Thus, even when authentication is used
in the IPv6 header, the security of the Source Address field in the in the IPv6 header, the security of the Source Address field in the
IPv6 header is not compromised by the presence of a Home Address IPv6 header is not compromised by the presence of a Home Address
option. Without authentication of the packet, then any field in the option. Without authentication of the packet, then any field in the
IPv6 header, including the Source Address field, and any other parts IPv6 header, including the Source Address field, and any other parts
of the packet, including the Home Address option, can be forged or of the packet, including the Home Address option, can be forged or
modified in transit. In this case, the contents of the Home Address modified in transit. In this case, the contents of the Home Address
option is no more suspect than any other part of the packet. option is no more suspect than any other part of the packet.
A node receiving a packet that includes a Home Address option MAY
implement the processing of this option by physically exchanging the
Home Address option field with the source IPv6 address in the IPv6
header.
14.5. Firewall considerations 14.5. Firewall considerations
The definition of Routing Header 2 in Section 5.4 and the associated The definition of Routing Header 2 in Section 6.4 and the associated
processing rules have been chosen so that the header can not be used processing rules have been chosen so that the header can not be used
for what is traditionally viewed as source routing. In particular, for what is traditionally viewed as source routing. In particular,
the IPv6 destination and the Home Address in the routing header will the IPv6 destination and the Home Address in the routing header will
always have to be assigned to the same node otherwise the packet will always have to be assigned to the same node otherwise the packet will
be dropped. be dropped.
This means that the typical security concerns for source routing This means that the typical security concerns for source routing
including the automatic reversal of unauthenticated source routes including the automatic reversal of unauthenticated source routes
(which is an issue for IPv4 but not for IPv6 source routing) and the (which is an issue for IPv4 but not for IPv6 source routing) and the
ability to use source routing to "jump" between nodes inside as well ability to use source routing to "jump" between nodes inside, as well
as outside a firewall, are not at play. as outside a firewall, are not at play.
In essence the semantics of the type 2 routing header is the same as In essence the semantics of the type 2 routing header is the same as
a special form of IP-in-IP tunneling where the inner and outer source a special form of IP-in-IP tunneling where the inner and outer source
addresses are the same. addresses are the same.
This implies that device which implement filtering of packets should This implies that a device which implements filtering of packets
be able to distinguish routing header type 2 from other routing should be able to distinguish between a Type 2 Routing header and
headers, as required in section 7.1. This is necessary in order to other Routing headers, as required in section 8.2. This is necessary
allow Mobile IPv6 traffic while still having the option to filter out in order to allow Mobile IPv6 traffic while still having the option
other use of routing headers. to filter out other uses of Routing headers.
Acknowledgements Acknowledgements
We would like to thank the members of the Mobile IP and IPng Working We would like to thank the members of the Mobile IP and IPng Working
Groups for their comments and suggestions on this work. We would Groups for their comments and suggestions on this work. We would
particularly like to thank (in alphabetical order) Fred Baker particularly like to thank (in alphabetical order) Fred Baker
(Cisco), Josh Broch (Carnegie Mellon University), Robert Chalmers (Cisco), Josh Broch (Carnegie Mellon University), Robert Chalmers
(University of California at Santa Barbara), Noel Chiappa (MIT), (University of California, Santa Barbara), Noel Chiappa (MIT),
Vijay Devarapalli (Nokia Research Center), Rich Draves (Microsoft Vijay Devarapalli (Nokia Research Center), Rich Draves (Microsoft
Research), Francis Dupont (ENST Bretagne), Thomas Eklund (Xelerated), Research), Francis Dupont (ENST Bretagne), Thomas Eklund (Xelerated),
Jun-Ichiro Itojun Hagino (IIJ Research Laboratory), Krishna Kumar Jun-Ichiro Itojun Hagino (IIJ Research Laboratory), Krishna Kumar
(IBM Research), T.J. Kniveton (Nokia Research), Jiwoong Lee (KTF), (IBM Research), T.J. Kniveton (Nokia Research), Jiwoong Lee (KTF),
Aime Lerouzic (Bull S.A.), Thomas Narten (IBM), Erik Nordmark (Sun Aime Lerouzic (Bull S.A.), Thomas Narten (IBM), Erik Nordmark (Sun
Microsystems), Simon Nybroe (Ericsson Telebit), David Oran (Cisco), Microsystems), Simon Nybroe (Ericsson Telebit), David Oran (Cisco),
Lars Henrik Petander (HUT), Basavaraj Patil (Nokia), Ken Powell Lars Henrik Petander (HUT), Basavaraj Patil (Nokia), Ken Powell
(Compaq), Phil Roberts (Motorola), Patrice Romand (Bull S.A.), (Compaq), Phil Roberts (Motorola), Patrice Romand (Bull S.A.),
Jeff Schiller (MIT) Tom Soderlund (Nokia Research), Hesham Soliman Jeff Schiller (MIT) Tom Soderlund (Nokia Research), Hesham Soliman
(Ericsson), Jim Solomon (RedBack Networks), Tapio Suihko (Technical (Ericsson), Jim Solomon (RedBack Networks), Tapio Suihko (Technical
skipping to change at page 137, line 35 skipping to change at page 146, line 41
of this document. Their suggestions have helped to improve both the of this document. Their suggestions have helped to improve both the
design and presentation of the protocol. design and presentation of the protocol.
We would also like to thank the participants in the Mobile IPv6 We would also like to thank the participants in the Mobile IPv6
testing event held at Nancy, France, September 15-17, 1999, for testing event held at Nancy, France, September 15-17, 1999, for
their valuable feedback as a result of interoperability testing their valuable feedback as a result of interoperability testing
of four Mobile IPv6 implementations coming from four different of four Mobile IPv6 implementations coming from four different
organizations: Bull (AIX), Ericsson Telebit (FreeBSD), NEC organizations: Bull (AIX), Ericsson Telebit (FreeBSD), NEC
(FreeBSD), and INRIA (FreeBSD). Further, we would like to thank the (FreeBSD), and INRIA (FreeBSD). Further, we would like to thank the
feedback from the implementors who participated in the Mobile IPv6 feedback from the implementors who participated in the Mobile IPv6
interoperability testing at Connectathon 2000 in San Jose, interoperability testing at Connectathons 2000, 2001, and 2002
California, March 6-9, 2000. Similarly, we would like to thank the in San Jose, California. Similarly, we would like to thank the
participants at the ETSI interoperability testing at ETSI, in Sophia participants at the ETSI interoperability testing at ETSI, in Sophia
Antipolis, France, during October 2-6, 2000, including teams from Antipolis, France, during October 2-6, 2000, including teams from
Compaq, Ericsson, INRIA, Nokia, and Technical University of Helsinki. Compaq, Ericsson, INRIA, Nokia, and Technical University of Helsinki.
Lastly, we must express our appreciation for the significant Lastly, we must express our appreciation for the significant
contributions made by the Mobile IPv6 Security Design Team, including contributions made by members of the Mobile IPv6 Security Design
(in alphabetical order) Jari Arkko, Gabriel Montenegro, Erik Team, including (in alphabetical order) Gabriel Montenegro, Erik
Nordmark, and Pekka Nikander, who have contributed volumes of text to Nordmark, and Pekka Nikander, who have contributed volumes of text to
this specification. this specification.
References References
[1] Tuomas Aura and Jari Arkko. MIPv6 BU Attacks and Defenses. [1] Tuomas Aura and Jari Arkko. MIPv6 BU Attacks and Defenses.
Internet Draft draft-aura-mipv6-bu-attacks-01.txt (Work In Internet Draft draft-aura-mipv6-bu-attacks-01.txt (Work In
Progress), IETF, February 2002. Progress), IETF, February 2002.
[2] Jim Bound and Charles Perkins. Dynamic Host Configuration [2] J. Bound, C. Perkins, M. Carney, and R. Droms. Dynamic Host
Protocol for IPv6 (DHCPv6), February 1999. Work in progress. Configuration Protocol for IPv6 (DHCPv6) (work in progress).
Internet Draft, Internet Engineering Task Force, January 2001.
[3] S. Bradner. Key words for use in RFCs to Indicate Requirement [3] S. Bradner. Key words for use in RFCs to Indicate Requirement
Levels. Request for Comments (Best Current Practice) 2119, Levels. Request for Comments (Best Current Practice) 2119,
Internet Engineering Task Force, March 1997. Internet Engineering Task Force, March 1997.
[4] A. Conta and S. Deering. Generic Packet Tunneling in IPv6 [4] A. Conta and S. Deering. Generic Packet Tunneling in IPv6
Specification. Request for Comments (Proposed Standard) 2473, Specification. Request for Comments (Proposed Standard) 2473,
Internet Engineering Task Force, December 1998. Internet Engineering Task Force, December 1998.
[5] A. Conta and S. Deering. Internet Control Message Protocol [5] A. Conta and S. Deering. Internet Control Message Protocol
skipping to change at page 140, line 9 skipping to change at page 149, line 9
October 1996. October 1996.
[25] C. Perkins. IP Mobility Support. Request for Comments [25] C. Perkins. IP Mobility Support. Request for Comments
(Proposed Standard) 2002, Internet Engineering Task Force, (Proposed Standard) 2002, Internet Engineering Task Force,
October 1996. October 1996.
[26] C. Perkins. Minimal Encapsulation within IP. Request for [26] C. Perkins. Minimal Encapsulation within IP. Request for
Comments (Proposed Standard) 2004, Internet Engineering Task Comments (Proposed Standard) 2004, Internet Engineering Task
Force, October 1996. Force, October 1996.
[27] Charles Perkins and David B. Johnson. Route Optimization in [27] C. Perkins and D. Johnson. Route Optimization in Mobile IP
Mobile IP, February 1999. Work in progress. (work in progress). Internet Draft, Internet Engineering Task
Force.
draft-ietf-mobileip-optim-11.txt, September 2001.
[28] D. Piper. The Internet IP Security Domain of Interpretation for [28] D. Piper. The Internet IP Security Domain of Interpretation for
ISAKMP. Request for Comments (Proposed Standard) 2407, Internet ISAKMP. Request for Comments (Proposed Standard) 2407, Internet
Engineering Task Force, November 1998. Engineering Task Force, November 1998.
[29] D. C. Plummer. Ethernet Address Resolution Protocol: Or [29] D. C. Plummer. Ethernet Address Resolution Protocol: Or
converting network protocol addresses to 48.bit Ethernet address converting network protocol addresses to 48.bit Ethernet address
for transmission on Ethernet hardware. Request for Comments for transmission on Ethernet hardware. Request for Comments
(Standard) 826, Internet Engineering Task Force, November 1982. (Standard) 826, Internet Engineering Task Force, November 1982.
[30] J. Postel. User Datagram Protocol. Request for Comments [30] J. Reynolds and J. Postel. Assigned Numbers. Request for
(Standard) 768, Internet Engineering Task Force, August 1980.
[31] J. Postel. Transmission Control Protocol. Request for Comments
(Standard) 793, Internet Engineering Task Force, September 1981.
[32] J. Reynolds and J. Postel. Assigned Numbers. Request for
Comments (Standard) 1700, Internet Engineering Task Force, Comments (Standard) 1700, Internet Engineering Task Force,
October 1994. October 1994.
[33] Michael Roe, Greg O'Shea, Tuomas Aura, and Jari Arkko. [31] Michael Roe, Greg O'Shea, Tuomas Aura, and Jari Arkko.
Authentication of Mobile IPv6 Binding Updates and Authentication of Mobile IPv6 Binding Updates and
Acknowledgments. Internet Draft draft-roe-mobileip-updateauth-02.txt Acknowledgments. Internet Draft draft-roe-mobileip-updateauth-02.txt
(Work In Progress), IETF, February 2002. (Work In Progress), IETF, February 2002.
[34] Pekka Savola. Security of IPv6 Routing Header and Home Address [32] Pekka Savola. Security of IPv6 Routing Header and Home Address
Options. Internet Draft draft-savola-ipv6-rh-ha-security-01.txt Options. Internet Draft draft-savola-ipv6-rh-ha-security-01.txt
(Work In Progress), IETF, November 2001. (Work In Progress), IETF, November 2001.
[35] S. Thomson and T. Narten. IPv6 Stateless Address [33] S. Thomson and T. Narten. IPv6 Stateless Address
Autoconfiguration. Request for Comments (Draft Standard) 2462, Autoconfiguration. Request for Comments (Draft Standard) 2462,
Internet Engineering Task Force, December 1998. Internet Engineering Task Force, December 1998.
A. Changes from Previous Version of the Draft A. State Machine for the Correspondent Binding Procedure
Home agents and correspondent nodes are stateless until a binding is
actually established.
The mobile node, however, is responsible for initiating the
correspondent binding procedure, keeping track of its state, handle
retransmissions and failures, and completing the procedure.
Section 11.6.2 defines the normative rules that the mobile node
must follow when performing the correspondent procedure. This
appendix specifies an additional, non-normative, state-machine that
illustrates the behaviour of the mobile node.
The mobile node will keep the following states in its Binding List:
- Idle: This is an abstract state that refers to the situation
that the correspondent node in question does not appear in
the Binding List. In this state, all RR and binding related
messaging is silently ignored.
- WaitHC: In this state, the mobile node has sent the Home Test
Init and CoT Init messages, and is waiting for the Home Test and
CoT messages to come back. It will also be necessary to keep
state of retransmissions for both.
- WaitH: In this state, the mobile node has a recent Care-of Cookie
and is only waiting for the Home Test message to arrive.
- WaitC: In this state, the mobile node has a recent Home Cookie
and is only waiting for the CoT message to arrive.
- WaitA: In this state, the mobile node has sent a Binding Update,
and is only waiting for the Binding Acknowledgement message to
arrive.
- WaitD: In this state, the mobile node has sent a de-registration
Binding Update, and is only waiting for the Binding
Acknowledgement message to arrive.
- WaitDH: In this state, the mobile node intends to send a
de-registration Binding Update later but is first waiting for a
home cookie before this can be done. Note that if the mobile
node is at home, it can use a home cookie also as care-of cookie.
- Bound: In this state, the mobile node has established a binding
with the correspondent node.
The following events are possible:
- Route Optimization desired. This is a decision taken by
the mobile node based on observing traffic to and from the
correspondent node.
- Route Optimization not needed. This is another decision taken by
the mobile node, perhaps due to running out of resources or lack
of sufficient traffic to justify route optimization with this
particular correspondent node. Another reason for not needing
Route Optimization any more is that the mobile node has returned
home.
- Movement.
- Valid BRR received. A valid Binding Refresh Request message has
been received.
- Valid HoT received. A valid Home Test message has been received.
- Valid CoT received. A valid Care-of Test message has been
received.
- Valid BA received. A valid Binding Acknowledgement message has
been received.
- Valid BE received. A valid Binding Error message has been
received.
- ICMP Parameter Problem Code 1 received. This can happen if the
peer does not support this specification.
- Invalid BRR received.
- Invalid HoT received.
- Invalid CoT received.
- Invalid BA received.
- Invalid BE received.
- Retransmission needed. A timer is set to expire when a
retransmission of a packet needs to be made.
- Retransmission failed. A timer is set to expire when all
retransmissions have failed.
The following additional conditions are also used:
- Acknowledgements are required. This is a local configuration on
the mobile node side, and indicates whether acknowledgements are
required to binding updates.
- Home cookie too old. A cookie is too old if it has been received
MIN_COOKIE_LIFE or over seconds ago.
- Care-of cookie too old.
- Reason to believe forward progress is being made. Upper layer
protocols such as TCP may provide hints to the IP layer regarding
the successfullness of the recent communications.
- Tests of the Status values received in a BE or BA message.
- Binding lifetime left. The remaining lifetime field of a Binding
Update List entry tells whether the binding currently registered
at the correspondent node still has some lifetime left, even if
we are trying to create a new one. This has relevance when an
attempt at re-binding is aborted for some reason.
The state machine for the mobile node is as follows:
State Event Action New State
--------------------------------------------------------------
Idle Route Optimization desired Send HoTI, WaitHC
Send CoTI,
Start retrans-
mission and
failure timers
Idle Valid HoT received (None) Idle
Idle Valid CoT received (None) Idle
Idle Valid BA received (None) Idle
Idle Valid BRR received (None) Idle
Idle ICMP Parameter Problem Code 1 (None) Idle
received
Idle Valid BE received and (None) Idle
status = 1
Idle Valid BE received and (None) Idle
status = 2
Idle Movement (None) Idle
State Event Action New State
--------------------------------------------------------------
WaitHC Valid HoT received Store cookie WaitC
and nonce
index
WaitHC Valid CoT received Store cookie WaitH
and nonce
index
WaitHC Valid BA received (None) WaitHC
WaitHC Valid BRR received (None) WaitHC
WaitHC Retransmission needed Send HoTI, WaitHC
Send CoTI,
Start timer
TRetr
WaitHC Valid BE received and (None) WaitHC
status = 1
WaitHC Valid BE received and Stop timers Idle
status = 2
WaitHC Movement Send CoTI, WaitHC
Restart
retransmission
and failure
timers
WaitHC Route Optimization not needed (None) WaitHC
WaitHC ICMP Parameter Problem Code 1 Stop timers Idle
received
State Event Action New State
--------------------------------------------------------------
WaitH Valid HoT received and Store cookie WaitA
acknowledgements required and nonce
index,
Send BU,
Start retrans-
mission timer
WaitH Valid HoT received and Store cookie Bound
acknowledgements not required and nonce
index,
Send BU,
Stop timers
WaitH Valid CoT received (None) WaitH
WaitH Valid BA received (None) WaitH
WaitH Valid BRR received (None) WaitH
WaitH Retransmission needed Send HoTI, WaitH
Start retrans-
mission timer
WaitH Valid BE received and (None) WaitH
status = 1
WaitH Valid BE received and Stop timers Idle
status = 2
WaitH Movement Send CoTI, WaitH
Restart
retransmission
and failure
timers
WaitH Route Optimization not needed (None) WaitH
WaitH ICMP Parameter Problem Code 1 (None) WaitH
received
State Event Action New State
--------------------------------------------------------------
WaitC Valid CoT received and Store cookie WaitA
acknowledgements required and nonce
index,
Send BU,
Start retrans-
mission timers
WaitC Valid CoT received Store cookie Bound
and acknowledgements not and nonce
required index,
Send BU,
Stop timers
WaitC Valid HoT received (None) WaitC
WaitC Valid BA received (None) WaitC
WaitC Valid BRR received (None) WaitC
WaitC Valid BE received and (None) WaitC
status = 1
WaitC Valid BE received and Stop timers Idle
status = 2
WaitC Retransmission needed Send CoTI, WaitC
Start retrans-
mission timer
WaitC Movement Send CoTI, WaitC
Restart
retransmission
and failure
timers
WaitC Route Optimization not needed (None) WaitC
WaitC ICMP Parameter Problem Code 1 (None) WaitC
received
State Event Action New State
--------------------------------------------------------------
WaitA Valid BA received and Stop timers Bound
status < 128
WaitA Valid BA received and Set sequence#, WaitA
status = 141 Send BU,
Restart
retransmission
and failure
timers
WaitA Valid BA received and Send HoTI, WaitHC
status = 144 or 145 Send CoTI,
Restart
retransmission
and failure
timers
WaitA Valid BA received and Stop timers Idle
status anything else
WaitA Valid HoT received (None) WaitA
WaitA Valid CoT received (None) WaitA
WaitA Valid BRR received (None) WaitA
WaitA Retransmission needed Send BU, WaitA
Start retrans-
mission timer
WaitA Valid BE received and (None) WaitA
status = 1
WaitA Valid BE received and Stop timers Idle
status = 2
WaitA Movement Send CoTI, WaitC
Restart
retransmission
and failure
timers
WaitA Route Optimization not needed (None) WaitA
WaitA ICMP Parameter Problem Code 1 (None) WaitA
received
State Event Action New State
--------------------------------------------------------------
WaitD Valid BA received and Stop timers Idle
status < 128
WaitD Valid BA received and Set sequence#, WaitD
status = 141 Send BU,
Restart
retransmission
and failure
timers
WaitD Valid BA received and Send HoTI, WaitDH
status = 144 or 145 Restart
retransmission
and failure
timers
WaitD Valid BA received and Stop timers Idle
status anything else
WaitD Valid HoT received (None) WaitD
WaitD Valid CoT received (None) WaitD
WaitD Valid BRR received (None) WaitD
WaitD Retransmission needed Send BU, WaitD
Start retrans-
mission timer
WaitD Valid BE received Stop timers Idle
WaitD Movement (None) WaitD
WaitD Route Optimization Desired Send HoTI, WaitHC
Send CoTI,
Restart
retransmission
and failure
timers
WaitD ICMP Parameter Problem Code 1 (None) WaitD
received
State Event Action New State
--------------------------------------------------------------
WaitDH Valid HoT received and Send BU, WaitD
acknowledgements required Restart
retransmission
and failure
timers
WaitDH Valid HoT received and Send BU, Idle
acknowledgements not Stop timers
required
WaitDH Valid CoT received (None) WaitDH
WaitDH Valid BA received (None) WaitDH
WaitDH Valid BRR received (None) WaitDH
WaitDH Retransmission needed Send HoTI, WaitDH
Start retrans-
mission timer
WaitDH Valid BE received Stop timers Idle
WaitDH Movement (none) WaitDH
WaitDH Route Optimization Desired Send HoTI, WaitHC
Send CoTI,
Restart
retransmission
and failure
timers
WaitDH ICMP Parameter Problem Code 1 (None) WaitDH
received
State Event Action New State
--------------------------------------------------------------
Bound Valid BRR received Send HoTI, WaitHC
Send CoTI,
Start retrans-
mission timers
Bound Valid HoT received (None) Bound
Bound Valid CoT received (None) Bound
Bound Valid BA received (None) Bound
Bound Route Optimization not Send BU Idle
needed and home cookie not
too old and acknowledgements
not required
Bound Route Optimization not Send BU, WaitD
needed and home cookie not Start retrans-
too old and acknowledgements mission and
required failure timers
Bound Route Optimization not Send HoTI, WaitDH
needed and home cookie too Start retrans-
old mission and
failure timers
Bound ICMP Parameter Problem Code 1 (None) Bound
received
Bound Movement and home cookie Send CoTI, WaitC
not too old Start retrans-
mission and
failure timers
Bound Movement and home cookie Send HoTI, WaitHC
too old Send CoTI,
Start retrans-
mission and
failure timers
Bound Valid BE received and (None) Bound
status = 1 and reason to
believe forward progress
is being made
Bound Valid BE received and Send HoTI, WaitHC
status = 1 and no reason to Send CoTI,
believe forward progress Start retrans-
is being made mission and
failure timers
Bound Valid BE received and (None) Bound
status = 2
Bound ICMP Parameter Problem Code 1 (None) Bound
received
State Event Action New State
--------------------------------------------------------------
(Any) Retransmission failed Stop retrans- Idle
mission timer
(Any) Invalid BRR received (No change)
(Any) Invalid HoT received (No change)
(Any) Invalid CoT received (No change)
(Any) Invalid BA received (No change)
(Any) Invalid BE received (No change)
(Any) Invalid MH Type received Send BE with (No change)
status 2
B. Changes from Previous Version of the Draft
This appendix briefly lists some of the major changes in this This appendix briefly lists some of the major changes in this
draft relative to the previous version of this same draft, draft relative to the previous version of this same draft,
draft-ietf-mobileip-ipv6-15.txt: draft-ietf-mobileip-ipv6-15.txt:
A.1. Changes from Draft Version ...-15 B.1. Changes from Draft Version 16
- The "rest" of the document has been updated to correspond to the
new packet formats and messages.
- Correspondent node operation has been updated to include the new
security mechanisms.
- Procedures for reverse tunneling have been described for both
home agents and mobile nodes, and these requirements have been
take in account in Section 8.
- Terminology has been aligned throughout the document. Parameters
are now mobility options. Binding Request is Binding Refresh
Request. Capitalization of the terms has been aligned throughout
the document.
- Overview section is now shorter, security issues are discussed
elsewhere and data structures are fully described later.
- Parts of the mobile node requirements under Section 10.9 were
moved to Section 11.3.3.
- A mechanism for Binding Acknowledgement authorization has been
clarified.
- Alignment rules, minimum lengths, and packet formats of Mobility
Header message have been updated.
- Discussion on the use of Type 0 Routing header in addition to
Type 2 Routing header has been removed from the correspondent
node operation section, and we now rely only on the ordering
requirements specified by the Routing Header Type 2 description.
- Type 2 Routing header rules have been rewritten to allow for
Segments Left to be 0. Explanation on how AH works with Routing
header has been clarified. Much of the text has been moved
to the Mobile Node Operation and Correspondent Node Operation
sections.
- The concept of "persistent" ICMP messages is no longer referred
to by a MUST keyword in Section 9.7.
- References to the "Router (R)" bit have been changed to "Router
Address (R)" bit.
- The Home Agent Information option now has to appear on all Prefix
Advertisements, or on none of them.
- Sub-options have been removed.
- The Dynamic Home Agent Address Discovery procedures have been
updated to not use piggybacking. Binding Refresh Requests
are still sent during these procedures in certain cases,
however. the Unique Identifier mobility option has been used
to synchronize BRR and BU instead of the sequence number. The
scheduling of the prefix deliveries has been changed to send new
information even when the current binding is close to expiring.
- Section 11.7 now uses ICMP Parameter Problem Code 1 instead of 2.
- Sections 11.3.4 and 10.9 now agree that IPsec need not be used
for the first advertisement.
- The rules regarding addresses for receiving and sending multicast
traffic and control messages have been clarified for mobile
nodes.
- The Binding Missing message has been renamed to Binding Error.
- Eliminated the use of symbols in the description of the return
routability procedure.
- Wrote a new description of the return routability procedure.
B.2. Changes from Draft Version 15
- A binding update authorization mechanism suitable for use - A binding update authorization mechanism suitable for use
between previously unknown peers in the global Internet has been between previously unknown peers in the global Internet has been
incorporated to the specification. As a result, Sections 4.5, incorporated to the specification. As a result, Sections 5, 6.1,
5.1, 14 and others have been substantially revised. 14 and others have been substantially revised.
- A new IPv6 protocol has replaced IPv6 Destination Options for - A new IPv6 protocol has replaced IPv6 Destination Options for
some of the MIPv6 signaling. This was done in order to enable some of the MIPv6 signaling. This was done in order to enable
the use of standard IPsec for the protection of binding updates the use of standard IPsec for the protection of binding updates
between the mobile node and the home agent, the protection of between the mobile node and the home agent, the protection
RR packets as they are forwarded to the mobile node from the of return routability packets as they are forwarded to the
home agent, and possibly in the future the protection of binding mobile node from the home agent, and possibly in the future the
updates themselves to the correspondent nodes. This has resulted protection of binding updates themselves to the correspondent
in substantial modifications in Section 5. nodes. This has resulted in substantial modifications in
Section 6.
- The use of the Home Address Option has been restricted to the - The use of the Home Address destination option has been
situation where a binding already exists. This has been done restricted to the situation where a binding already exists. This
in order to limit distributed Denial-of-Service attacks through has been done in order to limit distributed Denial-of-Service
reflections attacks that employ the Home Address Option. attacks through reflections attacks that employ the Home Address
Option.
- A new Binding Missing message has been added to signal the - A new Binding Missing message has been added to signal the mobile
mobile node that it has used the Home Address Option when the node that it has used the Home Address destination option when
correspondent node has no existing binding to the node. the correspondent node has no existing binding to the node.
- The Authentication Data suboption has been made a part of - The Authorization Data mobility option has been made a part of
the Binding Update and Acknowledgement messages, and is now the Binding Update and Acknowledgement messages, and is now
calculated in the specific manner required by the authorization calculated in the specific manner required by the authorization
mechanism (RR). mechanism (return routability).
- Sequence number length for Binding Update messages has been - Sequence number length for Binding Update messages has been
increased to 32 bits to protect home registrations against replay increased to 32 bits to protect home registrations against replay
attacks. attacks.
- Mobile IPv6 uses now Routing Header type 2 instead of the - Mobile IPv6 uses now Routing Header type 2 instead of the
general type 0, in order to limit potential dangers that general type 0, in order to limit potential dangers that
general capabilities offers type 0 and to ensure that firewall general capabilities offers type 0 and to ensure that firewall
administrators want to allow the type of Routing Header that administrators want to allow the type of Routing Header that
Mobile IPv6 uses through. Mobile IPv6 uses through.
- Requirements for all IPv6 routers have also been updated in order - Requirements for all IPv6 routers have also been updated in order
to describe the considerations relating to the new Routing Header to describe the considerations relating to the new Routing Header
type. type.
- Processing rules for mobile nodes, correspondent nodes, and to - Processing rules for mobile nodes, correspondent nodes, and to
some extent home agents have been substantially modified in order some extent home agents have been substantially modified in order
to explain the new authorization scheme. to explain the new authorization scheme.
- Piggybacking is no longer possible due to the use of a new IPv6 - Piggybacking is no longer possible due to the use of a new IPv6
protocol and not a Destination Option. (However, a separate protocol and not a destination option. (However, a separate
extension to this specification will allow piggybacking and takes extension to this specification will allow piggybacking and takes
in account the necessary IPsec policy considerations to avoid in account the necessary IPsec policy considerations to avoid
problems.) problems.)
- The security considerations in Section 14 have been revised to - The security considerations in Section 14 have been revised to
describe the threats that this specification protects against as describe the threats that this specification protects against as
well as any residual threats. well as any residual threats.
A.2. Changes from Previous Versions of the Draft B.3. Changes from Earlier Versions of the Draft
- Strengthened mandates for mobile nodes so that now a mobile node - Strengthened mandates for mobile nodes so that now a mobile node
MUST support decapsulation and processing for routing headers MUST support decapsulation and processing for routing headers
(section 10.3). (section 11.2.3).
- Enabled ESP to be a valid way to secure reverse tunneled packets - Enabled ESP to be a valid way to secure reverse tunneled packets
(section 9.5). (section 10.6).
- Removed mandate that mobile node select a default router, - Removed mandate that mobile node select a default router, and
and instead described it as typical behavior (section 10.4). instead described it as typical behavior (section 11.4.1).
Also made it clear that picking a new default router does not Also made it clear that picking a new default router does not
automatically mean picking a new primary care-of address. automatically mean picking a new primary care-of address.
- Modified mandated behavior from Home Agent upon reception of a - Modified mandated behavior from Home Agent upon reception of a
`D' bit in a Binding Update. The home agent only has to make `D' bit in a Binding Update. The home agent only has to make
sure that DAD has been run, and that no other node on the home sure that DAD has been run, and that no other node on the home
network could be using the mobile node's link-local address. network could be using the mobile node's link-local address.
- Added provisional ICMP numbers for the new message types, which - Added provisional ICMP numbers for the new message types, which
may be reassigned by IANA, but which will be useful for testing may be reassigned by IANA, but which will be useful for testing
skipping to change at page 143, line 52 skipping to change at page 164, line 16
in order to reserve more flag bits for the future. in order to reserve more flag bits for the future.
- Changed the Sequence Number of the Binding Update and Binding - Changed the Sequence Number of the Binding Update and Binding
Acknowledgement to be 8-bit only. Acknowledgement to be 8-bit only.
- Inserted specification that, after returning home and sending a - Inserted specification that, after returning home and sending a
Neighbor Solicitation to the home agent, a mobile node should Neighbor Solicitation to the home agent, a mobile node should
accept any Neighbor Advertisement from the home agent as an accept any Neighbor Advertisement from the home agent as an
indication that the home agent is REACHABLE. indication that the home agent is REACHABLE.
- Inserted new terminology for Binding Key and Binding Security - Inserted new terminology for binding key and binding security
Association (BSA) in anticipation of eliminating the use of AH association in anticipation of eliminating the use of AH
- Eliminated use of AH for authenticating Binding Update, and for - Eliminated use of AH for authenticating Binding Update, and for
authenticating Binding Acknowledgement authenticating Binding Acknowledgement
- Specified that all correspondent nodes MUST implement a base - Specified that all correspondent nodes MUST implement a base
protocol for establishing a Binding Key; this has become the protocol for establishing a Binding Key; this has become the
Return Routability protocol in this document. return routability procedure in this document.
- Added the following protocol constants: - Added the following protocol constants:
INITIAL_SOLICIT_TIMER: INITIAL_SOLICIT_TIMER: XXX
- Created new ICMP messages for Mobile Prefix Solicitations and - Created new ICMP messages for Mobile Prefix Solicitations and
Advertisements (see sections 5.8 and 5.9). Advertisements (see sections 6.7 and 6.8).
- Changed Network Renumbering (Section 9.7) to encompass mobile - Changed Network Renumbering (Section 10.9.1) to encompass mobile
node configuration issues, remove unspecified address usage, node configuration issues, remove unspecified address usage,
simplify rules for prefix maintenance and sending, and use new simplify rules for prefix maintenance and sending, and use new
ICMP message types noted above. ICMP message types noted above.
- Added a paragraph to Returning Home (section 10.22) to describe - Added a paragraph to Returning Home (section 11.6.7) to describe
how the Home Agent discovers the mobile node's link-layer address how the Home Agent discovers the mobile node's link-layer address
- Reworded parts of appendix B as needed. - Reworded parts of Appendix C as needed.
- Added the Mobile Router Prefix Length Sub-Option (section 5.5), - Added the Mobile Router Prefix Length Sub-Option along with text
along with text describing what a Mobile Router should do with describing what a Mobile Router should do with it.
it.
B. Remote Home Address Configuration C. Remote Home Address Configuration
The method for initializing a mobile node's home addresses on The method for initializing a mobile node's home addresses on
power-up or after an extended period of being disconnected from power-up or after an extended period of being disconnected from
the network is beyond the scope of this specification. Whatever the network is beyond the scope of this specification. Whatever
procedure is used should result in the mobile node having the same procedure is used should result in the mobile node having the same
stateless or stateful (e.g., DHCPv6) home address autoconfiguration stateless or stateful (e.g., DHCPv6) home address autoconfiguration
information it would have if it were attached to the home network. information it would have if it were attached to the home network.
Due to the possibility that the home network could be renumbered Due to the possibility that the home network could be renumbered
while the mobile node is disconnected, a robust mobile node would not while the mobile node is disconnected, a robust mobile node would not
rely solely on storing these addresses locally. rely solely on storing these addresses locally.
skipping to change at page 145, line 28 skipping to change at page 165, line 40
8. Create a security association between the mobile node's home 8. Create a security association between the mobile node's home
address and the home agent. address and the home agent.
9. Send a binding update(s) to the home agent to register the mobile 9. Send a binding update(s) to the home agent to register the mobile
node's home addresses. node's home addresses.
10. Receive binding acknowledgement(s) then begin normal 10. Receive binding acknowledgement(s) then begin normal
communications. communications.
D. Future Extensions
D.1. Piggybacking
This document does not specify how to piggyback payload packets on
the binding related messages. However, it is envisioned that this
can be specified in a separate document when currently discussed
issues such as the interaction between piggybacking and IPsec are
fully resolved (see also Section D.3).
The idea is to use the Flag field in the HoTI message so that the
mobile node can indicate that it supports the receipt of piggybacked
messages, use the Flag field in the HoT message for the correspondent
node to indicate that it can support the receipt of piggybacked
messages, and then carry the piggybacked payload after the MH header
by specifying a payload protocol type other than NO_NXTHDR (59).
Until such a separate specification exists implementations conforming
to this specification MUST set the payload protocol type to NO_NXTHDR
(59 decimal).
D.2. Triangular Routing and Unverified Home Addresses
Due to the concerns about opening reflection attacks with the Home
Address destination option, this specification requires that this
option must be verified against the binding cache, i.e., there must
be a binding cache entry for the Home Address and Care-of Address.
Future extensions may be specified that allow the use of unverified
Home Address destination options in ways that do not introduce
security issues.
D.3. New Authorization Methods beyond Return Routability
While the return routability procedure provides a good level
of security, there exists methods that have even higher levels
of security. Secondly, as discussed in Section 14.3, future
enhancements of IPv6 security may cause a need to improve also the
security of the return routability procedure. The question is then
what is the method to securely agree on the use of another method,
while still allowing return routability procedure for some hosts
during a transition period. In some cases, a third party can help to
make this selection. But in general infrastructureless methods have
little information beyond the exchanged messages and their contents.
For these reasons, the final version of this specification requires
a protection mechanism for selecting between the return routability
procedure and potential other future mechanisms (see Section 14.3)
but this isn't ready yet.
Using IPsec as the sole method for authorizing Binding Updates
to correspondent nodes is also possible. The protection of the
Mobility Header for this purpose is easy, though one must ensure
that the IPsec SA was created with appropriate authorization to use
the home address referenced in the Binding Update. For instance,
a certificate used by IKE to create the security association might
contain the home address. A future specification may specify how
this is done.
Chairs' Addresses Chairs' Addresses
The Working Group can be contacted via its current chairs: The Working Group can be contacted via its current chairs:
Basavaraj Patil Phil Roberts Basavaraj Patil Phil Roberts
Nokia Corporation Megisto Corp. Nokia Corporation Megisto Corp.
6000 Connection Drive Suite 120 6000 Connection Drive Suite 120
M/S M8-540 20251 Century Blvd M/S M8-540 20251 Century Blvd
Irving, TX 75039 Germantown MD 20874 Irving, TX 75039 Germantown MD 20874
USA USA USA USA
Phone: +1 972-894-6709 Phone: +1 847-202-9314 Phone: +1 972-894-6709 Phone: +1 847-202-9314
Fax : +1 972-894-5349 Email: PRoberts@MEGISTO.com Fax : +1 972-894-5349 Email: PRoberts@MEGISTO.com
EMail: Raj.Patil@nokia.com EMail: Raj.Patil@nokia.com
Authors' Addresses Authors' Addresses
QuestionsDaboutathisvdocumenticandalsoBbe.directedJtoothehauthors:nson Questions about this document can also be directed to the authors:
Rice University Charles Perkins David B. Johnson Charles Perkins
Department of Computer Science, Nokia Rice University Nokia Research Center
MS 132 313 Fairchild Drive Dept. of Computer Science, MS 132
6100 Main Street Mountain View, CA 94043 6100 Main Street 313 Fairchild Drive
Houston, TX 77005-1892 USA Houston, TX 77005-1892 Mountain View, CA 94043
USA Phone: +1 650 625-2986 USA USA
Phone: +1 713 348-3063 Fax: +1 650 625-2502 Phone: +1 713 348-3063 Phone: +1 650 625-2986
Fax: +1 713 348-5930 E-mail: charliep@iprg.nokia.com Fax: +1 713 348-5930 Fax: +1 650 625-2502
E-mail: dbj@cs.rice.edu E-mail: dbj@cs.rice.edu E-mail: charliep@iprg.nokia.com
Jari Arkko
Ericsson
Jorvas 02420
Finland
Phone: +358 40 5079256
E-mail: jari.arkko@ericsson.com
 End of changes. 759 change blocks. 
3366 lines changed or deleted 4554 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/