< draft-ietf-mobileip-ipv6-20.txt   draft-ietf-mobileip-ipv6-21.txt >
IETF Mobile IP Working Group D. Johnson IETF Mobile IP Working Group D. Johnson
Internet-Draft Rice University Internet-Draft Rice University
Expires: July 21, 2003 C. Perkins Expires: August 27, 2003 C. Perkins
Nokia Research Center Nokia Research Center
J. Arkko J. Arkko
Ericsson Ericsson
January 20, 2003 February 26, 2003
Mobility Support in IPv6 Mobility Support in IPv6
draft-ietf-mobileip-ipv6-20.txt draft-ietf-mobileip-ipv6-21.txt
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026. all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as other groups may also distribute working documents as
Internet-Drafts. Internet-Drafts.
skipping to change at page 1, line 35 skipping to change at page 1, line 35
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at http:// The list of current Internet-Drafts can be accessed at http://
www.ietf.org/ietf/1id-abstracts.txt. www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on July 21, 2003. This Internet-Draft will expire on August 27, 2003.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2003). All Rights Reserved. Copyright (C) The Internet Society (2003). All Rights Reserved.
Abstract Abstract
This document specifies the operation of the IPv6 Internet with This document specifies the operation of the IPv6 Internet with
mobile computers. Each mobile node is always identified by its home mobile computers. Each mobile node is always identified by its home
address, regardless of its current point of attachment to the address, regardless of its current point of attachment to the
skipping to change at page 2, line 14 skipping to change at page 2, line 14
mobile node's home address with its care-of address, and to then send mobile node's home address with its care-of address, and to then send
any packets destined for the mobile node directly to it at this any packets destined for the mobile node directly to it at this
care-of address. To support this operation, Mobile IPv6 defines a care-of address. To support this operation, Mobile IPv6 defines a
new IPv6 protocol and a new destination option. All IPv6 nodes, new IPv6 protocol and a new destination option. All IPv6 nodes,
whether mobile or stationary can communicate with mobile nodes. whether mobile or stationary can communicate with mobile nodes.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . 6 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . 6
2. Comparison with Mobile IP for IPv4 . . . . . . . . . . . . 8 2. Comparison with Mobile IP for IPv4 . . . . . . . . . . . . 8
3. Terminology . . . . . . . . . . . . . . . . . . . . . . . 10 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . 9
3.1 General Terms . . . . . . . . . . . . . . . . . . . 10 3.1 General Terms . . . . . . . . . . . . . . . . . . . 9
3.2 Mobile IPv6 Terms . . . . . . . . . . . . . . . . . 12 3.2 Mobile IPv6 Terms . . . . . . . . . . . . . . . . . 11
4. Overview of Mobile IPv6 . . . . . . . . . . . . . . . . . 16 4. Overview of Mobile IPv6 . . . . . . . . . . . . . . . . . 15
4.1 Basic Operation . . . . . . . . . . . . . . . . . . 16 4.1 Basic Operation . . . . . . . . . . . . . . . . . . 15
4.2 New IPv6 Protocol . . . . . . . . . . . . . . . . . 18 4.2 New IPv6 Protocol . . . . . . . . . . . . . . . . . 17
4.3 New IPv6 Destination Option . . . . . . . . . . . . 19 4.3 New IPv6 Destination Option . . . . . . . . . . . . 18
4.4 New IPv6 ICMP Messages . . . . . . . . . . . . . . . 19 4.4 New IPv6 ICMP Messages . . . . . . . . . . . . . . . 18
4.5 Conceptual Data Structure Terminology . . . . . . . 19 4.5 Conceptual Data Structure Terminology . . . . . . . 18
4.6 Site-Local Addressability . . . . . . . . . . . . . 20 4.6 Site-Local Addressability . . . . . . . . . . . . . 19
5. Overview of Mobile IPv6 Security . . . . . . . . . . . . . 21 5. Overview of Mobile IPv6 Security . . . . . . . . . . . . . 20
5.1 Binding Updates to Home Agents . . . . . . . . . . . 21 5.1 Binding Updates to Home Agents . . . . . . . . . . . 20
5.2 Binding Updates to Correspondent Nodes . . . . . . . 22 5.2 Binding Updates to Correspondent Nodes . . . . . . . 21
5.2.1 Node Keys . . . . . . . . . . . . . . . . . 23 5.2.1 Node Keys . . . . . . . . . . . . . . . . . 22
5.2.2 Nonces . . . . . . . . . . . . . . . . . . . 23 5.2.2 Nonces . . . . . . . . . . . . . . . . . . . 22
5.2.3 Cookies and Tokens . . . . . . . . . . . . . 24 5.2.3 Cookies and Tokens . . . . . . . . . . . . . 23
5.2.4 Cryptographic Functions . . . . . . . . . . 24 5.2.4 Cryptographic Functions . . . . . . . . . . 23
5.2.5 Return Routability Procedure . . . . . . . . 24 5.2.5 Return Routability Procedure . . . . . . . . 23
5.2.6 Authorizing Binding Management Messages . . 28 5.2.6 Authorizing Binding Management Messages . . 27
5.2.7 Updating Node Keys and Nonces . . . . . . . 30 5.2.7 Updating Node Keys and Nonces . . . . . . . 29
5.2.8 Preventing Replay Attacks . . . . . . . . . 32 5.2.8 Preventing Replay Attacks . . . . . . . . . 31
5.3 Dynamic Home Agent Address Discovery . . . . . . . . 32 5.3 Dynamic Home Agent Address Discovery . . . . . . . . 31
5.4 Prefix Discovery . . . . . . . . . . . . . . . . . . 32 5.4 Prefix Discovery . . . . . . . . . . . . . . . . . . 31
5.5 Payload Packets . . . . . . . . . . . . . . . . . . 32 5.5 Payload Packets . . . . . . . . . . . . . . . . . . 31
6. New IPv6 Protocol, Message Types, and Destination Option . 34 6. New IPv6 Protocol, Message Types, and Destination Option . 33
6.1 Mobility Header . . . . . . . . . . . . . . . . . . 34 6.1 Mobility Header . . . . . . . . . . . . . . . . . . 33
6.1.1 Format . . . . . . . . . . . . . . . . . . . 34 6.1.1 Format . . . . . . . . . . . . . . . . . . . 33
6.1.2 Binding Refresh Request Message . . . . . . 36 6.1.2 Binding Refresh Request Message . . . . . . 35
6.1.3 Home Test Init Message . . . . . . . . . . . 37 6.1.3 Home Test Init Message . . . . . . . . . . . 36
6.1.4 Care-of Test Init Message . . . . . . . . . 38 6.1.4 Care-of Test Init Message . . . . . . . . . 37
6.1.5 Home Test Message . . . . . . . . . . . . . 39 6.1.5 Home Test Message . . . . . . . . . . . . . 38
6.1.6 Care-of Test Message . . . . . . . . . . . . 40 6.1.6 Care-of Test Message . . . . . . . . . . . . 39
6.1.7 Binding Update Message . . . . . . . . . . . 41 6.1.7 Binding Update Message . . . . . . . . . . . 40
6.1.8 Binding Acknowledgement Message . . . . . . 43 6.1.8 Binding Acknowledgement Message . . . . . . 42
6.1.9 Binding Error Message . . . . . . . . . . . 46 6.1.9 Binding Error Message . . . . . . . . . . . 45
6.2 Mobility Options . . . . . . . . . . . . . . . . . . 47 6.2 Mobility Options . . . . . . . . . . . . . . . . . . 46
6.2.1 Format . . . . . . . . . . . . . . . . . . . 47 6.2.1 Format . . . . . . . . . . . . . . . . . . . 47
6.2.2 Pad1 . . . . . . . . . . . . . . . . . . . . 48 6.2.2 Pad1 . . . . . . . . . . . . . . . . . . . . 48
6.2.3 PadN . . . . . . . . . . . . . . . . . . . . 49 6.2.3 PadN . . . . . . . . . . . . . . . . . . . . 48
6.2.4 Binding Refresh Advice . . . . . . . . . . . 49 6.2.4 Binding Refresh Advice . . . . . . . . . . . 48
6.2.5 Alternate Care-of Address . . . . . . . . . 49 6.2.5 Alternate Care-of Address . . . . . . . . . 49
6.2.6 Nonce Indices . . . . . . . . . . . . . . . 50 6.2.6 Nonce Indices . . . . . . . . . . . . . . . 49
6.2.7 Binding Authorization Data . . . . . . . . . 50 6.2.7 Binding Authorization Data . . . . . . . . . 50
6.3 Home Address Option . . . . . . . . . . . . . . . . 52 6.3 Home Address Option . . . . . . . . . . . . . . . . 51
6.4 Type 2 Routing Header . . . . . . . . . . . . . . . 53 6.4 Type 2 Routing Header . . . . . . . . . . . . . . . 53
6.4.1 Format . . . . . . . . . . . . . . . . . . . 54 6.4.1 Format . . . . . . . . . . . . . . . . . . . 53
6.5 ICMP Home Agent Address Discovery Request Message . 55 6.5 ICMP Home Agent Address Discovery Request Message . 55
6.6 ICMP Home Agent Address Discovery Reply Message . . 56 6.6 ICMP Home Agent Address Discovery Reply Message . . 56
6.7 ICMP Mobile Prefix Solicitation Message Format . . . 58 6.7 ICMP Mobile Prefix Solicitation Message Format . . . 57
6.8 ICMP Mobile Prefix Advertisement Message Format . . 59 6.8 ICMP Mobile Prefix Advertisement Message Format . . 59
7. Modifications to IPv6 Neighbor Discovery . . . . . . . . . 62 7. Modifications to IPv6 Neighbor Discovery . . . . . . . . . 62
7.1 Modified Router Advertisement Message Format . . . . 62 7.1 Modified Router Advertisement Message Format . . . . 62
7.2 Modified Prefix Information Option Format . . . . . 62 7.2 Modified Prefix Information Option Format . . . . . 62
7.3 New Advertisement Interval Option Format . . . . . . 64 7.3 New Advertisement Interval Option Format . . . . . . 64
7.4 New Home Agent Information Option Format . . . . . . 65 7.4 New Home Agent Information Option Format . . . . . . 65
7.5 Modified Neighbor Solicitation Message Format . . . 66 7.5 Changes to Sending Router Advertisements . . . . . . 66
7.6 Changes to Sending Router Advertisements . . . . . . 68 7.6 Changes to Duplicate Address Detection . . . . . . . 68
7.7 Changes to Duplicate Address Detection . . . . . . . 69 8. Requirements for Types of IPv6 Nodes . . . . . . . . . . . 69
8. Requirements for Types of IPv6 Nodes . . . . . . . . . . . 71 8.1 All IPv6 Nodes . . . . . . . . . . . . . . . . . . . 69
8.1 All IPv6 Nodes . . . . . . . . . . . . . . . . . . . 71 8.2 IPv6 Nodes with Support for Route Optimization . . . 69
8.2 IPv6 Nodes with Support for Route Optimization . . . 71 8.3 All IPv6 Routers . . . . . . . . . . . . . . . . . . 71
8.3 All IPv6 Routers . . . . . . . . . . . . . . . . . . 73 8.4 IPv6 Home Agents . . . . . . . . . . . . . . . . . . 71
8.4 IPv6 Home Agents . . . . . . . . . . . . . . . . . . 73 8.5 IPv6 Mobile Nodes . . . . . . . . . . . . . . . . . 73
8.5 IPv6 Mobile Nodes . . . . . . . . . . . . . . . . . 75 9. Correspondent Node Operation . . . . . . . . . . . . . . . 75
9. Correspondent Node Operation . . . . . . . . . . . . . . . 77 9.1 Conceptual Data Structures . . . . . . . . . . . . . 75
9.1 Conceptual Data Structures . . . . . . . . . . . . . 77 9.2 Processing Mobility Headers . . . . . . . . . . . . 76
9.2 Processing Mobility Headers . . . . . . . . . . . . 78 9.3 Packet Processing . . . . . . . . . . . . . . . . . 76
9.3 Packet Processing . . . . . . . . . . . . . . . . . 78 9.3.1 Receiving Packets with Home Address Option . 76
9.3.1 Receiving Packets with Home Address Option . 78 9.3.2 Sending Packets to a Mobile Node . . . . . . 77
9.3.2 Sending Packets to a Mobile Node . . . . . . 79 9.3.3 Sending Binding Error Messages . . . . . . . 79
9.3.3 Sending Binding Error Messages . . . . . . . 81 9.3.4 Receiving ICMP Error Messages . . . . . . . 79
9.3.4 Receiving ICMP Error Messages . . . . . . . 81 9.4 Return Routability Procedure . . . . . . . . . . . . 80
9.4 Return Routability Procedure . . . . . . . . . . . . 81 9.4.1 Receiving Home Test Init Messages . . . . . 80
9.4.1 Receiving Home Test Init Messages . . . . . 82 9.4.2 Receiving Care-of Test Init Messages . . . . 80
9.4.2 Receiving Care-of Test Init Messages . . . . 82 9.4.3 Sending Home Test Messages . . . . . . . . . 80
9.4.3 Sending Home Test Messages . . . . . . . . . 82 9.4.4 Sending Care-of Test Messages . . . . . . . 81
9.4.4 Sending Care-of Test Messages . . . . . . . 83 9.5 Processing Bindings . . . . . . . . . . . . . . . . 81
9.5 Processing Bindings . . . . . . . . . . . . . . . . 83 9.5.1 Receiving Binding Updates . . . . . . . . . 81
9.5.1 Receiving Binding Updates . . . . . . . . . 83 9.5.2 Requests to Cache a Binding . . . . . . . . 83
9.5.2 Requests to Cache a Binding . . . . . . . . 85 9.5.3 Requests to Delete a Binding . . . . . . . . 84
9.5.3 Requests to Delete a Binding . . . . . . . . 86 9.5.4 Sending Binding Acknowledgements . . . . . . 84
9.5.4 Sending Binding Acknowledgements . . . . . . 86 9.5.5 Sending Binding Refresh Requests . . . . . . 85
9.5.5 Sending Binding Refresh Requests . . . . . . 87 9.6 Cache Replacement Policy . . . . . . . . . . . . . . 86
9.6 Cache Replacement Policy . . . . . . . . . . . . . . 88 10. Home Agent Operation . . . . . . . . . . . . . . . . . . . 88
10. Home Agent Operation . . . . . . . . . . . . . . . . . . . 89 10.1 Conceptual Data Structures . . . . . . . . . . . . . 88
10.1 Conceptual Data Structures . . . . . . . . . . . . . 89 10.2 Processing Mobility Headers . . . . . . . . . . . . 89
10.2 Processing Mobility Headers . . . . . . . . . . . . 90 10.3 Processing Bindings . . . . . . . . . . . . . . . . 89
10.3 Processing Bindings . . . . . . . . . . . . . . . . 90 10.3.1 Primary Care-of Address Registration . . . . 89
10.3.1 Primary Care-of Address Registration . . . . 90
10.3.2 Primary Care-of Address De-Registration . . 93 10.3.2 Primary Care-of Address De-Registration . . 93
10.4 Packet Processing . . . . . . . . . . . . . . . . . 94 10.4 Packet Processing . . . . . . . . . . . . . . . . . 94
10.4.1 Intercepting Packets for a Mobile Node . . . 94 10.4.1 Intercepting Packets for a Mobile Node . . . 94
10.4.2 Tunneling Intercepted Packets . . . . . . . 96 10.4.2 Processing Intercepted Packets . . . . . . . 95
10.4.3 Multicast Membership Control . . . . . . . . 97 10.4.3 Multicast Membership Control . . . . . . . . 97
10.4.4 Stateful Address Autoconfiguration . . . . . 98 10.4.4 Stateful Address Autoconfiguration . . . . . 98
10.4.5 Handling Reverse Tunneled Packets . . . . . 99 10.4.5 Handling Reverse Tunneled Packets . . . . . 98
10.4.6 Protecting Return Routability Packets . . . 99 10.4.6 Protecting Return Routability Packets . . . 99
10.5 Dynamic Home Agent Address Discovery . . . . . . . .100 10.5 Dynamic Home Agent Address Discovery . . . . . . . . 99
10.5.1 Receiving Router Advertisement Messages . . 100 10.5.1 Receiving Router Advertisement Messages . . 100
10.6 Sending Prefix Information to the Mobile Node . . .102 10.6 Sending Prefix Information to the Mobile Node . . .102
10.6.1 Aggregate List of Home Network Prefixes . . 103 10.6.1 Aggregate List of Home Network Prefixes . . 102
10.6.2 Scheduling Prefix Deliveries . . . . . . . . 104 10.6.2 Scheduling Prefix Deliveries . . . . . . . . 103
10.6.3 Sending Advertisements . . . . . . . . . . . 106 10.6.3 Sending Advertisements . . . . . . . . . . . 105
10.6.4 Lifetimes for Changed Prefixes . . . . . . . 107 10.6.4 Lifetimes for Changed Prefixes . . . . . . . 106
11. Mobile Node Operation . . . . . . . . . . . . . . . . . . 108 11. Mobile Node Operation . . . . . . . . . . . . . . . . . . 107
11.1 Conceptual Data Structures . . . . . . . . . . . . .108 11.1 Conceptual Data Structures . . . . . . . . . . . . .107
11.2 Processing Mobility Headers . . . . . . . . . . . .109 11.2 Processing Mobility Headers . . . . . . . . . . . .108
11.3 Packet Processing . . . . . . . . . . . . . . . . .110 11.3 Packet Processing . . . . . . . . . . . . . . . . .108
11.3.1 Sending Packets While Away from Home . . . . 110 11.3.1 Sending Packets While Away from Home . . . . 109
11.3.2 Interaction with Outbound IPsec Processing . 112 11.3.2 Interaction with Outbound IPsec Processing . 111
11.3.3 Receiving Packets While Away from Home . . . 114 11.3.3 Receiving Packets While Away from Home . . . 113
11.3.4 Routing Multicast Packets . . . . . . . . . 115 11.3.4 Routing Multicast Packets . . . . . . . . . 114
11.3.5 Receiving ICMP Error Messages . . . . . . . 117 11.3.5 Receiving ICMP Error Messages . . . . . . . 116
11.3.6 Receiving Binding Error Messages . . . . . . 117 11.3.6 Receiving Binding Error Messages . . . . . . 116
11.4 Home Agent and Prefix Management . . . . . . . . . .118 11.4 Home Agent and Prefix Management . . . . . . . . . .117
11.4.1 Dynamic Home Agent Address Discovery . . . . 118 11.4.1 Dynamic Home Agent Address Discovery . . . . 117
11.4.2 Sending Mobile Prefix Solicitations . . . . 119 11.4.2 Sending Mobile Prefix Solicitations . . . . 118
11.4.3 Receiving Mobile Prefix Advertisements . . . 120 11.4.3 Receiving Mobile Prefix Advertisements . . . 119
11.5 Movement . . . . . . . . . . . . . . . . . . . . . .121 11.5 Movement . . . . . . . . . . . . . . . . . . . . . .120
11.5.1 Movement Detection . . . . . . . . . . . . . 121 11.5.1 Movement Detection . . . . . . . . . . . . . 120
11.5.2 Forming New Care-of Addresses . . . . . . . 123 11.5.2 Forming New Care-of Addresses . . . . . . . 123
11.5.3 Using Multiple Care-of Addresses . . . . . . 124 11.5.3 Using Multiple Care-of Addresses . . . . . . 123
11.5.4 Returning Home . . . . . . . . . . . . . . . 125 11.5.4 Returning Home . . . . . . . . . . . . . . . 124
11.6 Return Routability Procedure . . . . . . . . . . . .127 11.6 Return Routability Procedure . . . . . . . . . . . .126
11.6.1 Sending Test Init Messages . . . . . . . . . 127 11.6.1 Sending Test Init Messages . . . . . . . . . 126
11.6.2 Receiving Test Messages . . . . . . . . . . 128 11.6.2 Receiving Test Messages . . . . . . . . . . 127
11.6.3 Protecting Return Routability Packets . . . 129 11.6.3 Protecting Return Routability Packets . . . 128
11.7 Processing Bindings . . . . . . . . . . . . . . . .129 11.7 Processing Bindings . . . . . . . . . . . . . . . .128
11.7.1 Sending Binding Updates to the Home Agent . 129 11.7.1 Sending Binding Updates to the Home Agent . 128
11.7.2 Correspondent Binding Procedure . . . . . . 132 11.7.2 Correspondent Binding Procedure . . . . . . 131
11.7.3 Receiving Binding Acknowledgements . . . . . 135 11.7.3 Receiving Binding Acknowledgements . . . . . 134
11.7.4 Receiving Binding Refresh Requests . . . . . 137 11.7.4 Receiving Binding Refresh Requests . . . . . 136
11.8 Retransmissions and Rate Limiting . . . . . . . . .137 11.8 Retransmissions and Rate Limiting . . . . . . . . .137
12. Protocol Constants . . . . . . . . . . . . . . . . . . . . 139 12. Protocol Constants . . . . . . . . . . . . . . . . . . . . 139
13. Protocol Configuration Variables . . . . . . . . . . . . . 140 13. Protocol Configuration Variables . . . . . . . . . . . . . 140
14. IANA Considerations . . . . . . . . . . . . . . . . . . . 141 14. IANA Considerations . . . . . . . . . . . . . . . . . . . 141
15. Security Considerations . . . . . . . . . . . . . . . . . 143 15. Security Considerations . . . . . . . . . . . . . . . . . 143
15.1 Threats . . . . . . . . . . . . . . . . . . . . . .143 15.1 Threats . . . . . . . . . . . . . . . . . . . . . .143
15.2 Features . . . . . . . . . . . . . . . . . . . . . .145 15.2 Features . . . . . . . . . . . . . . . . . . . . . .145
15.3 Binding Updates to Home Agent . . . . . . . . . . .146 15.3 Binding Updates to Home Agent . . . . . . . . . . .146
15.4 Binding Updates to Correspondent Nodes . . . . . . .147 15.4 Binding Updates to Correspondent Nodes . . . . . . .147
15.4.1 Overview . . . . . . . . . . . . . . . . . . 147 15.4.1 Overview . . . . . . . . . . . . . . . . . . 147
15.4.2 Achieved Security Properties . . . . . . . . 148 15.4.2 Achieved Security Properties . . . . . . . . 148
15.4.3 Comparison to Regular IPv6 Communications . 149 15.4.3 Comparison to Regular IPv6 Communications . 149
15.4.4 Return Routability Replays . . . . . . . . . 151 15.4.4 Replay Attacks . . . . . . . . . . . . . . . 151
15.4.5 Return Routability Denial-of-Service . . . . 151 15.4.5 Denial-of-Service Attacks . . . . . . . . . 151
15.5 Dynamic Home Agent Address Discovery . . . . . . . .152 15.4.6 Key Lengths . . . . . . . . . . . . . . . . 152
15.6 Prefix Discovery . . . . . . . . . . . . . . . . . .152 15.5 Dynamic Home Agent Address Discovery . . . . . . . .153
15.7 Tunneling via the Home Agent . . . . . . . . . . . .152 15.6 Prefix Discovery . . . . . . . . . . . . . . . . . .153
15.8 Home Address Option . . . . . . . . . . . . . . . .153 15.7 Tunneling via the Home Agent . . . . . . . . . . . .153
15.9 Type 2 Routing Header . . . . . . . . . . . . . . .154 15.8 Home Address Option . . . . . . . . . . . . . . . .154
16. Contributors . . . . . . . . . . . . . . . . . . . . . . . 155 15.9 Type 2 Routing Header . . . . . . . . . . . . . . .155
17. Acknowledgements . . . . . . . . . . . . . . . . . . . . . 156 16. Contributors . . . . . . . . . . . . . . . . . . . . . . . 156
Normative References . . . . . . . . . . . . . . . . . . . 157 17. Acknowledgements . . . . . . . . . . . . . . . . . . . . . 157
Informative References . . . . . . . . . . . . . . . . . . 159 Normative References . . . . . . . . . . . . . . . . . . . 158
Authors' Addresses . . . . . . . . . . . . . . . . . . . . 160 Informative References . . . . . . . . . . . . . . . . . . 160
A. Changes from Previous Version of the Draft . . . . . . . . 161 Authors' Addresses . . . . . . . . . . . . . . . . . . . . 161
A. Changes from Previous Version of the Draft . . . . . . . . 162
B. Future Extensions . . . . . . . . . . . . . . . . . . . . 165 B. Future Extensions . . . . . . . . . . . . . . . . . . . . 165
B.1 Piggybacking . . . . . . . . . . . . . . . . . . . .165 B.1 Piggybacking . . . . . . . . . . . . . . . . . . . .165
B.2 Triangular Routing . . . . . . . . . . . . . . . . .165 B.2 Triangular Routing . . . . . . . . . . . . . . . . .165
B.3 New Authorization Methods . . . . . . . . . . . . .165 B.3 New Authorization Methods . . . . . . . . . . . . .165
B.4 Dynamically Generated Home Addresses . . . . . . . .165 B.4 Dynamically Generated Home Addresses . . . . . . . .165
B.5 Remote Home Address Configuration . . . . . . . . .165 B.5 Remote Home Address Configuration . . . . . . . . .165
Intellectual Property and Copyright Statements . . . . . . 167 B.6 Neighbor Discovery Extensions . . . . . . . . . . .166
Intellectual Property and Copyright Statements . . . . . . 168
1. Introduction 1. Introduction
This document specifies how the IPv6 Internet operates with mobile This document specifies how the IPv6 Internet operates with mobile
computers. Without specific support for mobility in IPv6 [11], computers. Without specific support for mobility in IPv6 [11],
packets destined to a mobile node would not be able to reach it while packets destined to a mobile node would not be able to reach it while
the mobile node is away from its home link. In order to continue the mobile node is away from its home link. In order to continue
communication in spite of its movement, a mobile node could change communication in spite of its movement, a mobile node could change
its IP address each time it moves to a new link, but the mobile node its IP address each time it moves to a new link, but the mobile node
would then not be able to maintain transport and higher-layer would then not be able to maintain transport and higher-layer
skipping to change at page 8, line 9 skipping to change at page 8, line 9
o Service Discovery o Service Discovery
o Distinguishing between packets lost due to bit errors vs. network o Distinguishing between packets lost due to bit errors vs. network
congestion congestion
2. Comparison with Mobile IP for IPv4 2. Comparison with Mobile IP for IPv4
The design of Mobile IP support in IPv6 (Mobile IPv6) benefits both The design of Mobile IP support in IPv6 (Mobile IPv6) benefits both
from the experiences gained from the development of Mobile IP support from the experiences gained from the development of Mobile IP support
in IPv4 (Mobile IPv4) [23, 24, 25], and from the opportunities in IPv4 (Mobile IPv4) [22, 23, 24], and from the opportunities
provided by IPv6. Mobile IPv6 thus shares many features with Mobile provided by IPv6. Mobile IPv6 thus shares many features with Mobile
IPv4, but is integrated into IPv6 and offers many other improvements. IPv4, but is integrated into IPv6 and offers many other improvements.
This section summarizes the major differences between Mobile IPv4 and This section summarizes the major differences between Mobile IPv4 and
Mobile IPv6: Mobile IPv6:
o There is no need to deploy special routers as "foreign agents", as o There is no need to deploy special routers as "foreign agents", as
in Mobile IPv4. Mobile IPv6 operates in any location without any in Mobile IPv4. Mobile IPv6 operates in any location without any
special support required from the local router. special support required from the local router.
o Support for route optimization is a fundamental part of the o Support for route optimization is a fundamental part of the
protocol, rather than a nonstandard set of extensions. protocol, rather than a nonstandard set of extensions.
o Mobile IPv6 route optimization can operate securely even without o Mobile IPv6 route optimization can operate securely even without
pre-arranged security associations. It is expected that route pre-arranged security associations. It is expected that route
optimization can be deployed on a global scale between all mobile optimization can be deployed on a global scale between all mobile
nodes and correspondent nodes. nodes and correspondent nodes.
o Support is also integrated into Mobile IPv6 for allowing route o Support is also integrated into Mobile IPv6 for allowing route
optimization to coexist efficiently with routers that perform optimization to coexist efficiently with routers that perform
"ingress filtering" [27]. "ingress filtering" [26].
o In Mobile IPv6, the mobile node does not have to tunnel multicast
packets to its home agent.
o The movement detection mechanism in Mobile IPv6 provides o The movement detection mechanism in Mobile IPv6 provides
bidirectional confirmation of a mobile node's ability to bidirectional confirmation of a mobile node's ability to
communicate with its default router in its current location. communicate with its default router in its current location.
o Most packets sent to a mobile node while away from home in Mobile o Most packets sent to a mobile node while away from home in Mobile
IPv6 are sent using an IPv6 routing header rather than IP IPv6 are sent using an IPv6 routing header rather than IP
encapsulation, reducing the amount of resulting overhead compared encapsulation, reducing the amount of resulting overhead compared
to Mobile IPv4. to Mobile IPv4.
skipping to change at page 11, line 37 skipping to change at page 10, line 37
security policy database security policy database
A database that specifies what security services are to be offered A database that specifies what security services are to be offered
to IP packets and in what fashion. to IP packets and in what fashion.
destination option destination option
Destination options are carried by the IPv6 Destination Options Destination options are carried by the IPv6 Destination Options
extension header. Destination options include optional extension header. Destination options include optional
information that need be examined only by the IPv6 node given as information that need be examined only by the IPv6 node given as
the destination address in the IPv6 header, not by other the destination address in the IPv6 header, not by routers in
intermediate routing nodes. Mobile IPv6 defines one new between. Mobile IPv6 defines one new destination option, the Home
destination option, the Home Address destination option (see Address destination option (see Section 6.3).
Section 6.3).
routing header routing header
A routing header may be present as an IPv6 header extension, and A routing header may be present as an IPv6 header extension, and
indicates that the payload has to be delivered to a destination indicates that the payload has to be delivered to a destination
IPv6 address in some way that is different from what would be IPv6 address in some way that is different from what would be
carried out by standard Internet routing. In this document, use carried out by standard Internet routing. In this document, use
of the term "routing header" typically refers to use of a type 2 of the term "routing header" typically refers to use of a type 2
routing header, as specified in Section 6.4. routing header, as specified in Section 6.4.
skipping to change at page 16, line 21 skipping to change at page 15, line 21
from home. The "home address" is an IP address assigned to the from home. The "home address" is an IP address assigned to the
mobile node within its home subnet prefix on its home link. While a mobile node within its home subnet prefix on its home link. While a
mobile node is at home, packets addressed to its home address are mobile node is at home, packets addressed to its home address are
routed to the mobile node's home link, using conventional Internet routed to the mobile node's home link, using conventional Internet
routing mechanisms. routing mechanisms.
While a mobile node is attached to some foreign link away from home, While a mobile node is attached to some foreign link away from home,
it is also addressable at one or more care-of addresses. A care-of it is also addressable at one or more care-of addresses. A care-of
address is an IP address associated with a mobile node that has the address is an IP address associated with a mobile node that has the
subnet prefix of a particular foreign link. The mobile node can subnet prefix of a particular foreign link. The mobile node can
acquire its care-of address through conventional IPv6 stateless or acquire its care-of address through conventional IPv6 mechanisms,
stateful auto-configuration mechanisms. As long as the mobile node such as stateless or stateful auto-configuration. As long as the
stays in this location, packets addressed to this care-of address mobile node stays in this location, packets addressed to this care-of
will be routed to the mobile node. The mobile node may also accept address will be routed to the mobile node. The mobile node may also
packets from several care-of addresses, such as when it is moving but accept packets from several care-of addresses, such as when it is
still reachable at the previous link. moving but still reachable at the previous link.
The association between a mobile node's home address and care-of The association between a mobile node's home address and care-of
address is known as a "binding" for the mobile node. While away from address is known as a "binding" for the mobile node. While away from
home, a mobile node registers its primary care-of address with a home, a mobile node registers its primary care-of address with a
router on its home link, requesting this router to function as the router on its home link, requesting this router to function as the
"home agent" for the mobile node. The mobile node performs this "home agent" for the mobile node. The mobile node performs this
binding registration by sending a "Binding Update" message to the binding registration by sending a "Binding Update" message to the
home agent. The home agent replies to the mobile node by returning a home agent. The home agent replies to the mobile node by returning a
"Binding Acknowledgement" message. The operation of the mobile node "Binding Acknowledgement" message. The operation of the mobile node
is specified in Section 11, and the operation of the home agent is is specified in Section 11, and the operation of the home agent is
skipping to change at page 18, line 36 skipping to change at page 17, line 36
A Binding Update is used by a mobile node to notify a A Binding Update is used by a mobile node to notify a
correspondent node or the mobile node's home agent of its current correspondent node or the mobile node's home agent of its current
binding. The Binding Update sent to the mobile node's home agent binding. The Binding Update sent to the mobile node's home agent
to register its primary care-of address is marked as a "home to register its primary care-of address is marked as a "home
registration". registration".
Binding Acknowledgement Binding Acknowledgement
A Binding Acknowledgement is used to acknowledge receipt of a A Binding Acknowledgement is used to acknowledge receipt of a
Binding Update, if an acknowledgement was requested in the Binding Binding Update, if an acknowledgement was requested in the Binding
Update. Update, the binding update was sent to a home agent, or an error
occurred.
Binding Refresh Request Binding Refresh Request
A Binding Refresh Request is used to request a mobile node to A Binding Refresh Request is used to request a mobile node to
re-establish its binding with the correspondent node. This re-establish its binding with the correspondent node. This
message is typically used when the cached binding is in active use message is typically used when the cached binding is in active use
but the binding's lifetime is close to expiration. The but the binding's lifetime is close to expiration. The
correspondent node may use, for instance, recent traffic and open correspondent node may use, for instance, recent traffic and open
transport layer connections as an indication of active use. transport layer connections as an indication of active use.
skipping to change at page 19, line 49 skipping to change at page 18, line 49
home agents and correspondent nodes. The cache contains both home agents and correspondent nodes. The cache contains both
"correspondent registration" entries (see Section 9.1) and "home "correspondent registration" entries (see Section 9.1) and "home
registration" entries (see Section 10.1). registration" entries (see Section 10.1).
Binding Update List Binding Update List
This list is maintained by each mobile node. The list has an item This list is maintained by each mobile node. The list has an item
for every binding that the mobile node has or is trying to for every binding that the mobile node has or is trying to
establish with a specific other node. Both correspondent and home establish with a specific other node. Both correspondent and home
registrations are included in this list. Entries from the list registrations are included in this list. Entries from the list
are deleted as the Lifetime sent in the Binding Update expires. are deleted as the lifetime of the binding expires. See Section
See Section 11.1. 11.1.
Home Agents List Home Agents List
Home agents need to know which other home agents are on the same Home agents need to know which other home agents are on the same
link. This information is stored in the Home Agents List, as link. This information is stored in the Home Agents List, as
described in more detail in Section 10.1. The list is used for described in more detail in Section 10.1. The list is used for
informing mobile nodes during dynamic home agent address informing mobile nodes during dynamic home agent address
discovery. discovery.
4.6 Site-Local Addressability 4.6 Site-Local Addressability
This specification requires that home and care-of addresses MUST be This specification requires that home and care-of addresses MUST be
unicast routable addresses. Site-local addresses may be usable on unicast routable addresses. Site-local addresses may be usable on
networks that are not connected to the Internet, but this networks that are not connected to the Internet, but this
specification does not define when such usage is safe and when not. specification does not define when such usage is safe and when not.
Mobile nodes may not be aware of which site they are currently on, it Mobile nodes may not be aware of which site they are currently on, it
is hard to prevent accidental attachment to other sites, and is hard to prevent accidental attachment to other sites, and
ambiguity of site-local addresses can cause problems the home and ambiguity of site-local addresses can cause problems if the home and
visited networks use the same addresses. Therefore, site-local visited networks use the same addresses. Therefore, site-local
addresses SHOULD NOT be used as home or care-of addresses. addresses SHOULD NOT be used as home or care-of addresses.
5. Overview of Mobile IPv6 Security 5. Overview of Mobile IPv6 Security
This specification provides a number of security features. These This specification provides a number of security features. These
include the protection of Binding Updates both to home agents and include the protection of Binding Updates both to home agents and
correspondent nodes, the protection of prefix discovery, and the correspondent nodes, the protection of prefix discovery, and the
protection of the mechanisms that Mobile IPv6 uses for transporting protection of the mechanisms that Mobile IPv6 uses for transporting
data packets. data packets.
skipping to change at page 22, line 37 skipping to change at page 21, line 37
5.2 Binding Updates to Correspondent Nodes 5.2 Binding Updates to Correspondent Nodes
The protection of Binding Updates sent to correspondent nodes does The protection of Binding Updates sent to correspondent nodes does
not require the configuration of security associations or the not require the configuration of security associations or the
existence of an authentication infrastructure between the mobile existence of an authentication infrastructure between the mobile
nodes and correspondent nodes. Instead, a method called the return nodes and correspondent nodes. Instead, a method called the return
routability procedure is used to assure that the right mobile node is routability procedure is used to assure that the right mobile node is
sending the message. This method does not protect against attackers sending the message. This method does not protect against attackers
who are on the path between the home network and the correspondent who are on the path between the home network and the correspondent
node. However, attacker in such a location are capable of performing node. However, attackers in such a location are capable of
the same attacks even without Mobile IPv6. The main advantage of the performing the same attacks even without Mobile IPv6. The main
return routability procedure is that it limits the potential advantage of the return routability procedure is that it limits the
attackers to those having an access to one specific path in the potential attackers to those having an access to one specific path in
Internet, and avoids forged Binding Updates from anywhere else in the the Internet, and avoids forged Binding Updates from anywhere else in
Internet. For a more in depth explanation of the security properties the Internet. For a more in depth explanation of the security
of the return routability procedure, see Section 15. properties of the return routability procedure, see Section 15.
The integrity and authenticity of the Binding Updates messages to The integrity and authenticity of the Binding Updates messages to
correspondent nodes are protected by using a keyed-hash algorithm. correspondent nodes is protected by using a keyed-hash algorithm.
The binding management key, Kbm, is used to key the hash algorithm The binding management key, Kbm, is used to key the hash algorithm
for this purpose. Kbm is established using data exchanged during the for this purpose. Kbm is established using data exchanged during the
return routability procedure. The data exchange is accomplished by return routability procedure. The data exchange is accomplished by
use of node keys, nonces, cookies, tokens, and certain cryptographic use of node keys, nonces, cookies, tokens, and certain cryptographic
functions. Section 5.2.5 outlines the basic return routability functions. Section 5.2.5 outlines the basic return routability
procedure. Section 5.2.6 shows how the results of this procedure are procedure. Section 5.2.6 shows how the results of this procedure are
used to authorize a Binding Update to a correspondent node. used to authorize a Binding Update to a correspondent node.
5.2.1 Node Keys 5.2.1 Node Keys
skipping to change at page 24, line 43 skipping to change at page 23, line 43
Home and care-of keygen tokens are produced by the correspondent node Home and care-of keygen tokens are produced by the correspondent node
based on its currently active secret key (Kcn) and nonces, as well as based on its currently active secret key (Kcn) and nonces, as well as
the home or care-of address (respectively). A keygen token is valid the home or care-of address (respectively). A keygen token is valid
as long as both the secret key (Kcn) and the nonce used to create it as long as both the secret key (Kcn) and the nonce used to create it
are valid. are valid.
5.2.4 Cryptographic Functions 5.2.4 Cryptographic Functions
In this specification, the function used to compute hash values is In this specification, the function used to compute hash values is
SHA1 [20]. Message Authentication Codes (MACs) are computed using SHA1 [20]. Message Authentication Codes (MACs) are computed using
HMAC_SHA1 [26, 20]. HMAC_SHA1(K,m) denotes such a MAC computed on HMAC_SHA1 [25, 20]. HMAC_SHA1(K,m) denotes such a MAC computed on
message m with key K. message m with key K.
5.2.5 Return Routability Procedure 5.2.5 Return Routability Procedure
The Return Routability Procedure enables the correspondent node to The Return Routability Procedure enables the correspondent node to
obtain some reasonable assurance that the mobile node is in fact obtain some reasonable assurance that the mobile node is in fact
addressable at its claimed care-of address as well as at its home addressable at its claimed care-of address as well as at its home
address. Only with this assurance is the correspondent node able to address. Only with this assurance is the correspondent node able to
accept Binding Updates from the mobile node which would then instruct accept Binding Updates from the mobile node which would then instruct
the correspondent node to direct that mobile node's data traffic to the correspondent node to direct that mobile node's data traffic to
skipping to change at page 28, line 37 skipping to change at page 27, line 37
When the mobile node has received both the Home and Care-of Test When the mobile node has received both the Home and Care-of Test
messages, the return routability procedure is complete. As a result messages, the return routability procedure is complete. As a result
of the procedure, the mobile node has the data it needs to send a of the procedure, the mobile node has the data it needs to send a
Binding Update to the correspondent node. The mobile node hashes the Binding Update to the correspondent node. The mobile node hashes the
tokens together to form a 20 octet binding key Kbm: tokens together to form a 20 octet binding key Kbm:
Kbm = SHA1 (home keygen token | care-of keygen token) Kbm = SHA1 (home keygen token | care-of keygen token)
A Binding Update may also be used to delete a previously established A Binding Update may also be used to delete a previously established
binding by setting the care-of address equal to the home address binding (Section 6.1.7). In this case, the care-of keygen token is
(Section 6.1.7). In this case, the care-of keygen token is not used. not used. Instead, the binding management key is generated as
Instead, the binding management key is generated as follows: follows:
Kbm = SHA1(home keygen token) Kbm = SHA1(home keygen token)
Note that the correspondent node does not create any state specific Note that the correspondent node does not create any state specific
to the mobile node, until it receives the Binding Update from that to the mobile node, until it receives the Binding Update from that
mobile node. The correspondent node does not maintain the value for mobile node. The correspondent node does not maintain the value for
the binding management key Kbm; it creates Kbm when given the nonce the binding management key Kbm; it creates Kbm when given the nonce
indices and the mobile node's addresses. indices and the mobile node's addresses.
5.2.6 Authorizing Binding Management Messages 5.2.6 Authorizing Binding Management Messages
After the mobile node has created the binding management key (Kbm), After the mobile node has created the binding management key (Kbm),
it can supply a verifiable Binding Update to the correspondent node. it can supply a verifiable Binding Update to the correspondent node.
This section provides an overview of this binding procedure. The This section provides an overview of this binding procedure. The
below figure shows the message flow. The Binding Update creates a below figure shows the message flow.
binding, and the Binding Acknowledgement is optional.
Mobile node Correspondent node Mobile node Correspondent node
| | | |
| Binding Update (BU) | | Binding Update (BU) |
|---------------------------------------------->| |---------------------------------------------->|
| (MAC, seq#, nonce indices, care-of address) | | (MAC, seq#, nonce indices, care-of address) |
| | | |
| | | |
| Binding Acknowledgement (BA) (if sent) | | Binding Acknowledgement (BA) (if sent) |
|<----------------------------------------------| |<----------------------------------------------|
skipping to change at page 29, line 33 skipping to change at page 28, line 32
management key Kbm from the keygen tokens as described in the management key Kbm from the keygen tokens as described in the
previous section. The contents of the Binding Update include the previous section. The contents of the Binding Update include the
following: following:
* Source Address = care-of address * Source Address = care-of address
* Destination Address = correspondent * Destination Address = correspondent
* Parameters: * Parameters:
+ home address (within the Home Address destination option or + home address (within the Home Address destination option if
in the Source Address) different from the Source Address)
+ sequence number (within the Binding Update message header) + sequence number (within the Binding Update message header)
+ home nonce index (within the Nonce Indices option) + home nonce index (within the Nonce Indices option)
+ care-of nonce index (within the Nonce Indices option) + care-of nonce index (within the Nonce Indices option)
+ HMAC_SHA1 (Kbm, (care-of address | CN address | BU)) + HMAC_SHA1 (Kbm, (care-of address | CN address | BU))
The Binding Update contains a Nonce Indices option, indicating to The Binding Update contains a Nonce Indices option, indicating to
the correspondent node which home and care-of nonces to use to the correspondent node which home and care-of nonces to use to
recompute Kbm, the binding management key. The MAC is computed as recompute Kbm, the binding management key. The MAC is computed as
described in Section 6.2.7, using the correspondent node's address described in Section 6.2.7, using the correspondent node's address
as the destination address and the Binding Update message itself as the destination address and the Binding Update message itself
as the Mobility Header Data. Once the correspondent node has as the Mobility Header Data. Once the correspondent node has
verified the MAC, it can create a Binding Cache entry for the verified the MAC, it can create a Binding Cache entry for the
mobile. mobile.
Binding Acknowledgement Binding Acknowledgement
The Binding Update is optionally acknowledged by the correspondent The Binding Update is in some cases acknowledged by the
node. The contents of the message are as follows: correspondent node. The contents of the message are as follows:
* Source Address = correspondent * Source Address = correspondent
* Destination Address = care-of address * Destination Address = care-of address
* Parameters: * Parameters:
+ sequence number (within the Binding Update message header) + sequence number (within the Binding Update message header)
+ HMAC_SHA1 (Kbm, (care-of address | CN address | BA)) + HMAC_SHA1 (Kbm, (care-of address | CN address | BA))
The Binding Acknowledgement contains the same sequence number as The Binding Acknowledgement contains the same sequence number as
the Binding Update. The MAC is computed as described in Section the Binding Update. The MAC is computed as described in Section
6.2.7, using the correspondent node's address as the destination 6.2.7, using the correspondent node's address as the destination
address and the message itself as the Mobility Header Data. address and the message itself as the Mobility Header Data.
Bindings established with correspondent nodes using keys created by Bindings established with correspondent nodes using keys created by
way of the return routability procedure MUST NOT exceed way of the return routability procedure MUST NOT exceed
MAX_RR_BINDING_LIFE seconds (see Section 12). MAX_RR_BINDING_LIFETIME seconds (see Section 12).
The value in the Source Address field in the IPv6 header carrying the The value in the Source Address field in the IPv6 header carrying the
Binding Update is normally also the care-of address which is used in Binding Update is normally also the care-of address which is used in
the binding. However, a different care-of address MAY be specified the binding. However, a different care-of address MAY be specified
by including an Alternate Care-of Address mobility option in the by including an Alternate Care-of Address mobility option in the
Binding Update (see Section 6.2.5). When such a message is sent to Binding Update (see Section 6.2.5). When such a message is sent to
the correspondent node and the return routability procedure is used the correspondent node and the return routability procedure is used
as the authorization method, the Care-of Test Init and Care-of Test as the authorization method, the Care-of Test Init and Care-of Test
messages MUST have been performed for the address in the Alternate messages MUST have been performed for the address in the Alternate
Care-of Address option (not the Source Address). The nonce indices Care-of Address option (not the Source Address). The nonce indices
skipping to change at page 31, line 5 skipping to change at page 30, line 4
Binding Updates may also be sent to delete a previously established Binding Updates may also be sent to delete a previously established
binding. In this case, generation of the binding management key binding. In this case, generation of the binding management key
depends exclusively on the home keygen token and the care-of nonce depends exclusively on the home keygen token and the care-of nonce
index is ignored. index is ignored.
5.2.7 Updating Node Keys and Nonces 5.2.7 Updating Node Keys and Nonces
Correspondent nodes generate nonces at regular intervals. It is Correspondent nodes generate nonces at regular intervals. It is
recommended to keep each nonce (identified by a nonce index) recommended to keep each nonce (identified by a nonce index)
acceptable for at least MAX_TOKEN_LIFE seconds (see Section 12) after acceptable for at least MAX_TOKEN_LIFETIME seconds (see Section 12)
it has been first used in constructing a return routability message after it has been first used in constructing a return routability
response. However, the correspondent node MUST NOT accept nonces message response. However, the correspondent node MUST NOT accept
beyond MAX_NONCE_LIFE seconds (see Section 12) after the first use. nonces beyond MAX_NONCE_LIFETIME seconds (see Section 12) after the
As the difference between these two constants is 30 seconds, a first use. As the difference between these two constants is 30
convenient way to enforce the above lifetimes is to generate a new seconds, a convenient way to enforce the above lifetimes is to
nonce every 30 seconds. The node can then continue to accept tokens generate a new nonce every 30 seconds. The node can then continue to
that have been based on the last 8 (MAX_NONCE_LIFE / 30) nonces. accept tokens that have been based on the last 8 (MAX_NONCE_LIFETIME
This results in tokens being acceptable MAX_TOKEN_LIFE to / 30) nonces. This results in tokens being acceptable
MAX_NONCE_LIFE seconds after they have been sent to the mobile node, MAX_TOKEN_LIFETIME to MAX_NONCE_LIFETIME seconds after they have been
depending on whether the token was sent at the beginning or end of sent to the mobile node, depending on whether the token was sent at
the first 30 second period. Note that the correspondent node may the beginning or end of the first 30 second period. Note that the
also attempt to generate new nonces on demand, or only if the old correspondent node may also attempt to generate new nonces on demand,
nonces have been used. This is possible, as long as the or only if the old nonces have been used. This is possible, as long
correspondent node keeps track of how long a time ago the nonces were as the correspondent node keeps track of how long a time ago the
used for the first time, and does not generate new nonces on every nonces were used for the first time, and does not generate new nonces
return routability request. on every return routability request.
Due to resource limitations, rapid deletion of bindings, or reboots Due to resource limitations, rapid deletion of bindings, or reboots
the correspondent node may not in all cases recognize the nonces that the correspondent node may not in all cases recognize the nonces that
the tokens were based on. If a nonce index is unrecognized, the the tokens were based on. If a nonce index is unrecognized, the
correspondent node replies with an an error code in the Binding correspondent node replies with an an error code in the Binding
Acknowledgement (either 136, 137, or 138 as discussed in Section Acknowledgement (either 136, 137, or 138 as discussed in Section
6.1.8). The mobile node can then retry the return routability 6.1.8). The mobile node can then retry the return routability
procedure. procedure.
An update of Kcn SHOULD be done at the same time as an update of a An update of Kcn SHOULD be done at the same time as an update of a
nonce, so that nonce indices can identify both the nonce and the key. nonce, so that nonce indices can identify both the nonce and the key.
Old Kcn values have to be therefore remembered as long as old nonce Old Kcn values have to be therefore remembered as long as old nonce
values. values.
Given that the tokens are normally expected to be usable for Given that the tokens are normally expected to be usable for
MAX_TOKEN_LIFE seconds, the mobile node MAY use them beyond a single MAX_TOKEN_LIFETIME seconds, the mobile node MAY use them beyond a
run of the return routability procedure until MAX_TOKEN_LIFE expires. single run of the return routability procedure until
After this the mobile node SHOULD NOT use the tokens. A fast moving MAX_TOKEN_LIFETIME expires. After this the mobile node SHOULD NOT
mobile node may reuse a recent home keygen token from a correspondent use the tokens. A fast moving mobile node MAY reuse a recent home
node when moving to a new location, and just acquire a new care-of keygen token from a correspondent node when moving to a new location,
keygen token to show routability in the new location. and just acquire a new care-of keygen token to show routability in
the new location.
While this does not save the number of round-trips due to the While this does not save the number of round-trips due to the
simultaneous processing of home and care-of return routability tests, simultaneous processing of home and care-of return routability tests,
there are fewer messages being exchanged, and a potentially long there are fewer messages being exchanged, and a potentially long
round-trip through the home agent is avoided. Consequently, this round-trip through the home agent is avoided. Consequently, this
optimization is often useful. A mobile node that has multiple home optimization is often useful. A mobile node that has multiple home
addresses, may also use the same care-of keygen token for Binding addresses, MAY also use the same care-of keygen token for Binding
Updates concerning all of these addresses. Updates concerning all of these addresses.
5.2.8 Preventing Replay Attacks 5.2.8 Preventing Replay Attacks
The return routability procedure also protects the participants The return routability procedure also protects the participants
against replayed Binding Updates through the use of the sequence against replayed Binding Updates through the use of the sequence
number and a MAC. Care must be taken when removing bindings at the number and a MAC. Care must be taken when removing bindings at the
correspondent node, however. Correspondent nodes must retain correspondent node, however. Correspondent nodes must retain
bindings and the associated sequence number information at least as bindings and the associated sequence number information at least as
long as the nonces used in the authorization of the binding are still long as the nonces used in the authorization of the binding are still
skipping to change at page 33, line 10 skipping to change at page 32, line 10
This type provides the necessary functionality but does not open This type provides the necessary functionality but does not open
vulnerabilities discussed in Section 15.1. vulnerabilities discussed in Section 15.1.
Tunnels between the mobile node and the home agent are protected by Tunnels between the mobile node and the home agent are protected by
ensuring proper use of source addresses, and optional cryptographic ensuring proper use of source addresses, and optional cryptographic
protection. The mobile node verifies that the outer IP address protection. The mobile node verifies that the outer IP address
corresponds to its home agent. The home agent verifies that the corresponds to its home agent. The home agent verifies that the
outer IP address corresponds to the current location of the mobile outer IP address corresponds to the current location of the mobile
node (Binding Updates sent to the home agents are secure). The home node (Binding Updates sent to the home agents are secure). The home
agent identifies the mobile node through the source address of the agent identifies the mobile node through the source address of the
inner packet.(Typically, this is the home address of the mobile node, inner packet. (Typically, this is the home address of the mobile
but it can also be a link-local address, as discussed in Section node, but it can also be a link-local address, as discussed in
10.4.2. To recognize the latter type of addresses, the home agent Section 10.4.2. To recognize the latter type of addresses, the home
requires that the Link-Local Address Compatibility (L) was set in the agent requires that the Link-Local Address Compatibility (L) was set
Binding Update.) These measures protect the tunnels against in the Binding Update.) These measures protect the tunnels against
vulnerabilities discussed in Section 15.1. vulnerabilities discussed in Section 15.1.
For traffic tunneled via the home agent, additional IPsec ESP For traffic tunneled via the home agent, additional IPsec ESP
encapsulation MAY be supported and used. If multicast group encapsulation MAY be supported and used. If multicast group
membership control protocols or stateful address autoconfiguration membership control protocols or stateful address autoconfiguration
protocols are supported, payload data protection MUST be supported. protocols are supported, payload data protection MUST be supported.
6. New IPv6 Protocol, Message Types, and Destination Option 6. New IPv6 Protocol, Message Types, and Destination Option
6.1 Mobility Header 6.1 Mobility Header
skipping to change at page 34, line 39 skipping to change at page 33, line 39
. . . .
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Payload Proto Payload Proto
8-bit selector. Identifies the type of header immediately 8-bit selector. Identifies the type of header immediately
following the Mobility Header. Uses the same values as the IPv6 following the Mobility Header. Uses the same values as the IPv6
Next Header field [11]. Next Header field [11].
This field is intended to be used by a future specification of This field is intended to be used by a future extension (see
piggybacking binding messages on payload packets (see Appendix Appendix B.1). Implementations conforming to this specification
B.1). Implementations conforming to this specification SHOULD set SHOULD set the payload protocol type to IPPROTO_NONE (59 decimal).
the payload protocol type to IPPROTO_NONE (59 decimal).
Header Len Header Len
8-bit unsigned integer, representing the length of the Mobility 8-bit unsigned integer, representing the length of the Mobility
Header in units of 8 octets, excluding the first 8 octets. Header in units of 8 octets, excluding the first 8 octets.
The length of the Mobility Header MUST be a multiple of 8 octets. The length of the Mobility Header MUST be a multiple of 8 octets.
MH Type MH Type
skipping to change at page 35, line 32 skipping to change at page 34, line 28
consisting of a "pseudo-header" followed by the entire Mobility consisting of a "pseudo-header" followed by the entire Mobility
Header starting with the Payload Proto field. The checksum is the Header starting with the Payload Proto field. The checksum is the
16-bit one's complement of the one's complement sum of this 16-bit one's complement of the one's complement sum of this
string. string.
The pseudo-header contains IPv6 header fields, as specified in The pseudo-header contains IPv6 header fields, as specified in
Section 8.1 of RFC 2460 [11]. The Next Header value used in the Section 8.1 of RFC 2460 [11]. The Next Header value used in the
pseudo-header is TBD <To be assigned by IANA>. The addresses used pseudo-header is TBD <To be assigned by IANA>. The addresses used
in the pseudo-header are the addresses that appear in the Source in the pseudo-header are the addresses that appear in the Source
and Destination Address fields in the IPv6 packet carrying the and Destination Address fields in the IPv6 packet carrying the
Mobility Header. Note that the procedures described in Section Mobility Header. Note that the procedures of calculating upper
11.3.1 apply even for the Mobility Header. If a mobility message layer checksums while away from home described in Section 11.3.1
has a Home Address destination option, then the checksum apply even for the Mobility Header. If a mobility message has a
calculation uses the home address in this option as the value of Home Address destination option, then the checksum calculation
the IPv6 Source Address field. The type 2 routing header is uses the home address in this option as the value of the IPv6
treated as explained in [22]. The Mobility Header is considered Source Address field. The type 2 routing header is treated as
as the upper layer protocol for the purposes of calculating the explained in [11]. The Mobility Header is considered as the upper
pseudo-header. The Upper-Layer Packet Length field in the layer protocol for the purposes of calculating the pseudo-header.
pseudo-header MUST be set to the total length of the Mobility The Upper-Layer Packet Length field in the pseudo-header MUST be
Header. For computing the checksum, the checksum field is set to set to the total length of the Mobility Header. For computing the
zero. checksum, the checksum field is set to zero.
Message Data Message Data
A variable length field containing the data specific to the A variable length field containing the data specific to the
indicated Mobility Header type. indicated Mobility Header type.
Mobile IPv6 also defines a number of "mobility options" for use Mobile IPv6 also defines a number of "mobility options" for use
within these messages; if included, any options MUST appear after the within these messages; if included, any options MUST appear after the
fixed portion of the message data specified in this document. The fixed portion of the message data specified in this document. The
presence of such options will be indicated by the Header Len field presence of such options will be indicated by the Header Len field
skipping to change at page 36, line 47 skipping to change at page 35, line 44
Reserved Reserved
16-bit field reserved for future use. The value MUST be 16-bit field reserved for future use. The value MUST be
initialized to zero by the sender, and MUST be ignored by the initialized to zero by the sender, and MUST be ignored by the
receiver. receiver.
Mobility Options Mobility Options
Variable-length field of such length that the complete Mobility Variable-length field of such length that the complete Mobility
Header is an integer multiple of 8 octets long. Contains zero or Header is an integer multiple of 8 octets long. This field
more TLV-encoded mobility options. The encoding and format of contains zero or more TLV-encoded mobility options. The encoding
defined options are described in Section 6.2. The receiver MUST and format of defined options are described in Section 6.2. The
ignore and skip any options which it does not understand. receiver MUST ignore and skip any options which it does not
understand.
There MAY be additional information, associated with this Binding There MAY be additional information, associated with this Binding
Refresh Request message, that need not be present in all Binding Refresh Request message that need not be present in all Binding
Refresh Request messages sent. Mobility options allow future Refresh Request messages sent. Mobility options allow future
extensions to the format of the Binding Refresh Request message to extensions to the format of the Binding Refresh Request message to
be defined. This specification does not define any options valid be defined. This specification does not define any options valid
for the Binding Refresh Request message. for the Binding Refresh Request message.
If no actual options are present in this message, no padding is If no actual options are present in this message, no padding is
necessary and the Header Len field will be set to 0. necessary and the Header Len field will be set to 0.
6.1.3 Home Test Init Message 6.1.3 Home Test Init Message
skipping to change at page 37, line 51 skipping to change at page 36, line 48
initialized to zero by the sender, and MUST be ignored by the initialized to zero by the sender, and MUST be ignored by the
receiver. receiver.
Home Init Cookie Home Init Cookie
64-bit field which contains a random value, the home init cookie. 64-bit field which contains a random value, the home init cookie.
Mobility Options Mobility Options
Variable-length field of such length that the complete Mobility Variable-length field of such length that the complete Mobility
Header is an integer multiple of 8 octets long. Contains zero or Header is an integer multiple of 8 octets long. This field
more TLV-encoded mobility options. The receiver MUST ignore and contains zero or more TLV-encoded mobility options. The receiver
skip any options which it does not understand. This specification MUST ignore and skip any options which it does not understand.
does not define any options valid for the Home Test Init message. This specification does not define any options valid for the Home
Test Init message.
If no actual options are present in this message, no padding is If no actual options are present in this message, no padding is
necessary and the Header Len field will be set to 1. necessary and the Header Len field will be set to 1.
This message is tunneled through the home agent when the mobile node This message is tunneled through the home agent when the mobile node
is away from home. Such tunneling SHOULD employ IPsec ESP in tunnel is away from home. Such tunneling SHOULD employ IPsec ESP in tunnel
mode between the home agent and the mobile node. This protection is mode between the home agent and the mobile node. This protection is
indicated by the IPsec policy data base. The protection of Home Test indicated by the IPsec security policy database. The protection of
Init messages is unrelated to the requirement to protect regular Home Test Init messages is unrelated to the requirement to protect
payload traffic, which MAY use such tunnels as well. regular payload traffic, which MAY use such tunnels as well.
6.1.4 Care-of Test Init Message 6.1.4 Care-of Test Init Message
A mobile node uses the Care-of Test Init (CoTI) message to initiate A mobile node uses the Care-of Test Init (CoTI) message to initiate
the return routability procedure and request a care-of keygen token the return routability procedure and request a care-of keygen token
from a correspondent node (see Section 11.6.1). The Care-of Test from a correspondent node (see Section 11.6.1). The Care-of Test
Init message uses the MH Type value 2. When this value is indicated Init message uses the MH Type value 2. When this value is indicated
in the MH Type field, the format of the Message Data field in the in the MH Type field, the format of the Message Data field in the
Mobility Header is as follows: Mobility Header is as follows:
skipping to change at page 39, line 8 skipping to change at page 38, line 8
receiver. receiver.
Care-of Init Cookie Care-of Init Cookie
64-bit field which contains a random value, the care-of init 64-bit field which contains a random value, the care-of init
cookie. cookie.
Mobility Options Mobility Options
Variable-length field of such length that the complete Mobility Variable-length field of such length that the complete Mobility
Header is an integer multiple of 8 octets long. Contains zero or Header is an integer multiple of 8 octets long. This field
more TLV-encoded mobility options. The receiver MUST ignore and contains zero or more TLV-encoded mobility options. The receiver
skip any options which it does not understand. This specification MUST ignore and skip any options which it does not understand.
does not define any options valid for the Care-of Test Init This specification does not define any options valid for the
message. Care-of Test Init message.
If no actual options are present in this message, no padding is If no actual options are present in this message, no padding is
necessary and the Header Len field will be set to 1. necessary and the Header Len field will be set to 1.
6.1.5 Home Test Message 6.1.5 Home Test Message
The Home Test (HoT) message is a response to the Home Test Init The Home Test (HoT) message is a response to the Home Test Init
message, and is sent from the correspondent node to the mobile node message, and is sent from the correspondent node to the mobile node
(see Section 5.2.5). The Home Test message uses the MH Type value 3. (see Section 5.2.5). The Home Test message uses the MH Type value 3.
When this value is indicated in the MH Type field, the format of the When this value is indicated in the MH Type field, the format of the
skipping to change at page 40, line 13 skipping to change at page 39, line 13
64-bit field which contains the home init cookie. 64-bit field which contains the home init cookie.
Home Keygen Token Home Keygen Token
This field contains the 64 bit home keygen token used in the This field contains the 64 bit home keygen token used in the
return routability procedure. return routability procedure.
Mobility Options Mobility Options
Variable-length field of such length that the complete Mobility Variable-length field of such length that the complete Mobility
Header is an integer multiple of 8 octets long. Contains zero or Header is an integer multiple of 8 octets long. This field
more TLV-encoded mobility options. The receiver MUST ignore and contains zero or more TLV-encoded mobility options. The receiver
skip any options which it does not understand. This specification MUST ignore and skip any options which it does not understand.
does not define any options valid for the Home Test message. This specification does not define any options valid for the Home
Test message.
If no actual options are present in this message, no padding is If no actual options are present in this message, no padding is
necessary and the Header Len field will be set to 2. necessary and the Header Len field will be set to 2.
6.1.6 Care-of Test Message 6.1.6 Care-of Test Message
The Care-of Test (CoT) message is a response to the Care-of Test Init The Care-of Test (CoT) message is a response to the Care-of Test Init
message, and is sent from the correspondent node to the mobile node message, and is sent from the correspondent node to the mobile node
(see Section 11.6.2). The Care-of Test message uses the MH Type (see Section 11.6.2). The Care-of Test message uses the MH Type
value 4. When this value is indicated in the MH Type field, the value 4. When this value is indicated in the MH Type field, the
skipping to change at page 41, line 17 skipping to change at page 40, line 17
64-bit field which contains the care-of init cookie. 64-bit field which contains the care-of init cookie.
Care-of Keygen Token Care-of Keygen Token
This field contains the 64 bit care-of keygen token used in the This field contains the 64 bit care-of keygen token used in the
return routability procedure. return routability procedure.
Mobility Options Mobility Options
Variable-length field of such length that the complete Mobility Variable-length field of such length that the complete Mobility
Header is an integer multiple of 8 octets long. Contains zero or Header is an integer multiple of 8 octets long. This field
more TLV-encoded mobility options. The receiver MUST ignore and contains zero or more TLV-encoded mobility options. The receiver
skip any options which it does not understand. This specification MUST ignore and skip any options which it does not understand.
does not define any options valid for the Care-of Test message. This specification does not define any options valid for the
Care-of Test message.
If no actual options are present in this message, no padding is If no actual options are present in this message, no padding is
necessary and the Header Len field will be set to 2. necessary and the Header Len field will be set to 2.
6.1.7 Binding Update Message 6.1.7 Binding Update Message
The Binding Update (BU) message is used by a mobile node to notify The Binding Update (BU) message is used by a mobile node to notify
other nodes of a new care-of address for itself. Binding Updates are other nodes of a new care-of address for itself. Binding Updates are
sent as described in Section 11.7.1 and Section 11.7.2. sent as described in Section 11.7.1 and Section 11.7.2.
skipping to change at page 42, line 21 skipping to change at page 41, line 21
address of the mobile node in the binding. address of the mobile node in the binding.
Link-Local Address Compatibility (L) Link-Local Address Compatibility (L)
The Link-Local Address Compatibility (L) bit is set when the home The Link-Local Address Compatibility (L) bit is set when the home
address reported by the mobile node has the same interface address reported by the mobile node has the same interface
identifier as the mobile node's link-local address. identifier as the mobile node's link-local address.
Key Management Mobility Capability (K) Key Management Mobility Capability (K)
If this bit is reset, the protocol used for establishing the IPsec If this bit is cleared, the protocol used for establishing the
security associations between the mobile node and the home agent IPsec security associations between the mobile node and the home
does not survive movements. It may then have to be rerun. (Note agent does not survive movements. It may then have to be rerun.
that the IPsec security associations themselves are expected to (Note that the IPsec security associations themselves are expected
survive movements.) If manual IPsec configuration is used, the bit to survive movements.) If manual IPsec configuration is used, the
MUST be set to 1. bit MUST be set to 1.
This bit is valid only in Binding Updates sent to the home agent. This bit is valid only in Binding Updates sent to the home agent,
Correspondent nodes MUST ignore this bit. and MUST be cleared in other Binding Updates. Correspondent nodes
MUST ignore this bit.
Reserved Reserved
These fields are unused. They MUST be initialized to zero by the These fields are unused. They MUST be initialized to zero by the
sender and MUST be ignored by the receiver. sender and MUST be ignored by the receiver.
Sequence # Sequence #
A 16-bit unsigned integer used by the receiving node to sequence A 16-bit unsigned integer used by the receiving node to sequence
Binding Updates and by the sending node to match a returned Binding Updates and by the sending node to match a returned
Binding Acknowledgement with this Binding Update. Binding Acknowledgement with this Binding Update.
Lifetime Lifetime
16-bit unsigned integer. The number of time units remaining 16-bit unsigned integer. The number of time units remaining
before the binding MUST be considered expired. A value of all one before the binding MUST be considered expired. A value of zero
bits (0xffff) indicates infinity. A value of zero indicates that indicates that the Binding Cache entry for the mobile node MUST be
the Binding Cache entry for the mobile node MUST be deleted. One deleted. (In this case the specified care-of address MUST also be
time unit is 4 seconds. set equal to the home address.) One time unit is 4 seconds.
Mobility Options Mobility Options
Variable-length field of such length that the complete Mobility Variable-length field of such length that the complete Mobility
Header is an integer multiple of 8 octets long. Contains one or Header is an integer multiple of 8 octets long. This field
more TLV-encoded mobility options. The encoding and format of contains zero or more TLV-encoded mobility options. The encoding
defined options are described in Section 6.2. The receiver MUST and format of defined options are described in Section 6.2. The
ignore and skip any options which it does not understand. receiver MUST ignore and skip any options which it does not
understand.
The following options are valid in a Binding Update: The following options are valid in a Binding Update:
* Binding Authorization Data option * Binding Authorization Data option
* Nonce Indices option. * Nonce Indices option.
* Alternate Care-of Address option * Alternate Care-of Address option
If no options are present in this message, 4 bytes of padding is If no options are present in this message, 4 bytes of padding is
necessary and the Header Len field will be set to 1. necessary and the Header Len field will be set to 1.
The care-of address MUST be a unicast routable address. Binding The care-of address is specified either by the Source Address field
Updates for a care-of address which is not a unicast routable address in the IPv6 header or by the Alternate Care-of Address option, if
MUST be silently discarded. present. The care-of address MUST be a unicast routable address.
IPv6 Source Adress MUST be a topologically correct source address.
Binding Updates for a care-of address which is not a unicast routable
address MUST be silently discarded.
The deletion of a binding can be indicated by setting the Lifetime The deletion of a binding can be indicated by setting the Lifetime
field to 0 or by setting the care-of address equal to the home field to 0 and by setting the care-of address equal to the home
address. In either case, generation of the binding management key address. In deletion, the generation of the binding management key
depends exclusively on the home keygen token (Section 5.2.5). depends exclusively on the home keygen token, as explained in Section
5.2.5. (Note that while the senders are required to set both the
Lifetime field to 0 and the care-of address equal to the home
address, Section 9.5.1 rules for receivers are more liberal, and
interprete either condition as a deletion.)
Correspondent nodes SHOULD NOT expire the Binding Cache entry before Correspondent nodes SHOULD NOT expire the Binding Cache entry before
the lifetime expires, if any application hosted by the correspondent the lifetime expires, if any application hosted by the correspondent
node is still likely to require communication with the mobile node. node is still likely to require communication with the mobile node.
A Binding Cache entry that is deallocated prematurely might cause A Binding Cache entry that is deallocated prematurely might cause
subsequent packets to be dropped from the mobile node, if they subsequent packets to be dropped from the mobile node, if they
contain the Home Address destination option. This situation is contain the Home Address destination option. This situation is
recoverable, since an Binding Error message is sent to the mobile recoverable, since an Binding Error message is sent to the mobile
node (see Section 6.1.9); however, it causes unnecessary delay in the node (see Section 6.1.9); however, it causes unnecessary delay in the
communications. communications.
skipping to change at page 44, line 19 skipping to change at page 43, line 26
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
. . . .
. Mobility options . . Mobility options .
. . . .
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Key Management Mobility Capability (K) Key Management Mobility Capability (K)
If this bit is reset, the protocol used by the home agent for If this bit is cleared, the protocol used by the home agent for
establishing the IPsec security associations between the mobile establishing the IPsec security associations between the mobile
node and the home agent does not survive movements. It may then node and the home agent does not survive movements. It may then
have to be rerun. (Note that the IPsec security associations have to be rerun. (Note that the IPsec security associations
themselves are expected to survive movements.) themselves are expected to survive movements.)
Correspondent nodes MUST set the K bit to 0. Correspondent nodes MUST set the K bit to 0.
Reserved Reserved
These fields are unused. They MUST be initialized to zero by the These fields are unused. They MUST be initialized to zero by the
skipping to change at page 44, line 42 skipping to change at page 44, line 4
Status Status
8-bit unsigned integer indicating the disposition of the Binding 8-bit unsigned integer indicating the disposition of the Binding
Update. Values of the Status field less than 128 indicate that Update. Values of the Status field less than 128 indicate that
the Binding Update was accepted by the receiving node. Values the Binding Update was accepted by the receiving node. Values
greater than or equal to 128 indicate that the Binding Update was greater than or equal to 128 indicate that the Binding Update was
rejected by the receiving node. The following Status values are rejected by the receiving node. The following Status values are
currently defined: currently defined:
0 Binding Update accepted 0 Binding Update accepted
1 Accepted but prefix discovery necessary
128 Reason unspecified 128 Reason unspecified
129 Administratively prohibited 129 Administratively prohibited
130 Insufficient resources 130 Insufficient resources
131 Home registration not supported 131 Home registration not supported
132 Not home subnet 132 Not home subnet
133 Not home agent for this mobile node 133 Not home agent for this mobile node
134 Duplicate Address Detection failed 134 Duplicate Address Detection failed
135 Sequence number out of window 135 Sequence number out of window
136 Expired home nonce index 136 Expired home nonce index
skipping to change at page 45, line 32 skipping to change at page 44, line 42
The Sequence Number in the Binding Acknowledgement is copied from The Sequence Number in the Binding Acknowledgement is copied from
the Sequence Number field in the Binding Update. It is used by the Sequence Number field in the Binding Update. It is used by
the mobile node in matching this Binding Acknowledgement with an the mobile node in matching this Binding Acknowledgement with an
outstanding Binding Update. outstanding Binding Update.
Lifetime Lifetime
The granted lifetime, in time units of 4 seconds, for which this The granted lifetime, in time units of 4 seconds, for which this
node SHOULD retain the entry for this mobile node in its Binding node SHOULD retain the entry for this mobile node in its Binding
Cache. A value of all one bits (0xffff) indicates infinity. Cache.
The value of this field is undefined if the Status field indicates The value of this field is undefined if the Status field indicates
that the Binding Update was rejected. that the Binding Update was rejected.
Mobility Options Mobility Options
Variable-length field of such length that the complete Mobility Variable-length field of such length that the complete Mobility
Header is an integer multiple of 8 octets long. Contains one or Header is an integer multiple of 8 octets long. This field
more TLV-encoded mobility options. The encoding and format of contains zero or more TLV-encoded mobility options. The encoding
defined options are described in Section 6.2. The receiver MUST and format of defined options are described in Section 6.2. The
ignore and skip any options which it does not understand. receiver MUST ignore and skip any options which it does not
understand.
There MAY be additional information, associated with this Binding There MAY be additional information, associated with this Binding
Acknowledgement, that need not be present in all Binding Acknowledgement that need not be present in all Binding
Acknowledgements sent. Mobility options allow future extensions Acknowledgements sent. Mobility options allow future extensions
to the format of the Binding Acknowledgement to be defined. The to the format of the Binding Acknowledgement to be defined. The
following options are valid for the Binding Acknowledgement: following options are valid for the Binding Acknowledgement:
* Binding Authorization Data option * Binding Authorization Data option
* Binding Refresh Advice option * Binding Refresh Advice option
If no options are present in this message, 4 bytes of padding is If no options are present in this message, 4 bytes of padding is
necessary and the Header Len field will be set to 1. necessary and the Header Len field will be set to 1.
skipping to change at page 47, line 16 skipping to change at page 46, line 30
Home Address Home Address
The home address that was contained in the Home Address The home address that was contained in the Home Address
destination option. The mobile node uses this information to destination option. The mobile node uses this information to
determine which binding does not exist, in cases where the mobile determine which binding does not exist, in cases where the mobile
node has several home addresses. node has several home addresses.
Mobility Options Mobility Options
Variable-length field of such length that the complete Mobility Variable-length field of such length that the complete Mobility
Header is an integer multiple of 8 octets long. Contains zero or Header is an integer multiple of 8 octets long. This field
more TLV-encoded mobility options. The receiver MUST ignore and contains zero or more TLV-encoded mobility options. The receiver
skip any options which it does not understand. MUST ignore and skip any options which it does not understand.
There MAY be additional information, associated with this Binding There MAY be additional information, associated with this Binding
Error message, that need not be present in all Binding Error Error message that need not be present in all Binding Error
messages sent. Mobility options allow future extensions to the messages sent. Mobility options allow future extensions to the
format of the format of the Binding Error message to be defined. format of the format of the Binding Error message to be defined.
The encoding and format of defined options are described in The encoding and format of defined options are described in
Section 6.2. This specification does not define any options valid Section 6.2. This specification does not define any options valid
for the Binding Error message. for the Binding Error message.
If no actual options are present in this message, no padding is If no actual options are present in this message, no padding is
necessary and the Header Len field will be set to 2. necessary and the Header Len field will be set to 2.
6.2 Mobility Options 6.2 Mobility Options
Mobility messages can include one or more mobility options. This Mobility messages can include zero or more mobility options. This
allows optional fields that may not be needed in every use of a allows optional fields that may not be needed in every use of a
particular Mobility Header, as well as future extensions to the particular Mobility Header, as well as future extensions to the
format of the messages. Such options are included in the Message format of the messages. Such options are included in the Message
Data field of the message itself, after the fixed portion of the Data field of the message itself, after the fixed portion of the
message data specified in the message subsections of Section 6.1. message data specified in the message subsections of Section 6.1.
The presence of such options will be indicated by the Header Len of The presence of such options will be indicated by the Header Len of
the Mobility Header. If included, the Binding Authorization Data the Mobility Header. If included, the Binding Authorization Data
option (Section 6.2.7) MUST be the last option and MUST NOT have option (Section 6.2.7) MUST be the last option and MUST NOT have
trailing padding. Otherwise, options can be placed in any order. trailing padding. Otherwise, options can be placed in any order.
skipping to change at page 48, line 35 skipping to change at page 47, line 46
Option Data Option Data
A variable length field that contains data specific to the option. A variable length field that contains data specific to the option.
The following subsections specify the Option types which are The following subsections specify the Option types which are
currently defined for use in the Mobility Header. currently defined for use in the Mobility Header.
Implementations MUST silently ignore any mobility options that they Implementations MUST silently ignore any mobility options that they
do not understand. do not understand.
Mobility options may have alignment requirements. Following the
convention in IPv6, these options are aligned in a packet so that
multi-octet values within the Option Data field of each option fall
on natural boundaries (i.e., fields of width n octets are placed at
an integer multiple of n octets from the start of the header, for n =
1, 2, 4, or 8) [11].
6.2.2 Pad1 6.2.2 Pad1
The Pad1 option does not have any alignment requirements. Its format The Pad1 option does not have any alignment requirements. Its format
is as follows: is as follows:
0 0
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
| Type = 0 | | Type = 0 |
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
skipping to change at page 50, line 19 skipping to change at page 49, line 33
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
+ + + +
| | | |
+ Alternate Care-of Address + + Alternate Care-of Address +
| | | |
+ + + +
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The Alternate Care-of Address option is valid only in Binding Update. Normally, a Binding Update specifies the desired care-of address in
The Alternate Care-of Address field contains an address to use as the the Source Address field of the IPv6 header. However, this is not
possible in some cases, such as when the mobile node wishes to
indicate a care-of address which it can not use as a topologically
correct source address (Section 6.1.7 and Section 11.7.2) or when the
used security mechanism does not protect the IPv6 header (Section
11.7.1).
The Alternate Care-of Address option is provided for these
situations. This option is valid only in Binding Update. The
Alternate Care-of Address field contains an address to use as the
care-of address for the binding, rather than using the Source Address care-of address for the binding, rather than using the Source Address
of the packet as the care-of address. of the packet as the care-of address.
6.2.6 Nonce Indices 6.2.6 Nonce Indices
The Nonce Indices option has an alignment requirement of 2n. Its The Nonce Indices option has an alignment requirement of 2n. Its
format is as follows: format is as follows:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
skipping to change at page 50, line 52 skipping to change at page 50, line 28
The Home Nonce Index field tells the correspondent node which nonce The Home Nonce Index field tells the correspondent node which nonce
value to use when producing the home keygen token. value to use when producing the home keygen token.
The Care-of Nonce Index field is ignored in requests to delete a The Care-of Nonce Index field is ignored in requests to delete a
binding. Otherwise, it tells the correspondent node which nonce binding. Otherwise, it tells the correspondent node which nonce
value to use when producing the care-of keygen token. value to use when producing the care-of keygen token.
6.2.7 Binding Authorization Data 6.2.7 Binding Authorization Data
The Binding Authorization Data option does not have any alignment The Binding Authorization Data option does not have alignment
requirements. Its format is as follows: requirements as such. However, since this option must be the last
mobility option, an implicit alignment requirement is 8n + 2. The
format of this option is as follows:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type = 5 | Option Length | | Type = 5 | Option Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
+ + + +
| Authenticator | | Authenticator |
+ + + +
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The Binding Authorization Data option is valid in the Binding Update The Binding Authorization Data option is valid in the Binding Update
and Binding Acknowledgment. and Binding Acknowledgement.
The Option Length field contains the length of the authenticator in The Option Length field contains the length of the authenticator in
octets. octets.
The Authenticator field contains a cryptographic value which can be The Authenticator field contains a cryptographic value which can be
used to determine that the message in question comes from the right used to determine that the message in question comes from the right
authority. Rules for calculating this value depend on the used authority. Rules for calculating this value depend on the used
authorization procedure. authorization procedure.
For the return routability procedure, this option can appear in the For the return routability procedure, this option can appear in the
skipping to change at page 51, line 50 skipping to change at page 51, line 28
field in the Mobility Header was zero. The Checksum in the field in the Mobility Header was zero. The Checksum in the
transmitted packet is still calculated in the usual manner, with the transmitted packet is still calculated in the usual manner, with the
calculated Authenticator being a part of the packet protected by the calculated Authenticator being a part of the packet protected by the
Checksum. Kbm is the binding management key, which is typically Checksum. Kbm is the binding management key, which is typically
created using nonces provided by the correspondent node (see Section created using nonces provided by the correspondent node (see Section
9.4). 9.4).
The first 96 bits from the MAC result are used as the Authenticator The first 96 bits from the MAC result are used as the Authenticator
field. Note that, if the message is sent to a destination which is field. Note that, if the message is sent to a destination which is
itself mobile, the "final dest" address may not be the address found itself mobile, the "final dest" address may not be the address found
in the Destination Address field of the IPv6 header; instead the in the Destination Address field of the IPv6 header; instead the home
address of the true destination (e.g., its home address) should be address from the Home Address destination option should be used.
used.
6.3 Home Address Option 6.3 Home Address Option
The Home Address option is carried by the Destination Option The Home Address option is carried by the Destination Option
extension header (Next Header value = 60). It is used in a packet extension header (Next Header value = 60). It is used in a packet
sent by a mobile node while away from home, to inform the recipient sent by a mobile node while away from home, to inform the recipient
of the mobile node's home address. of the mobile node's home address.
The Home Address option is encoded in type-length-value (TLV) format The Home Address option is encoded in type-length-value (TLV) format
as follows: as follows:
skipping to change at page 52, line 45 skipping to change at page 52, line 34
8-bit unsigned integer. Length of the option, in octets, 8-bit unsigned integer. Length of the option, in octets,
excluding the Option Type and Option Length fields. This field excluding the Option Type and Option Length fields. This field
MUST be set to 16. MUST be set to 16.
Home Address Home Address
The home address of the mobile node sending the packet. This The home address of the mobile node sending the packet. This
address MUST be a unicast routable address. address MUST be a unicast routable address.
IPv6 requires that options appearing in a Hop-by-Hop Options header The alignment requirement [11] for the Home Address option is 8n+6.
or Destination Options header be aligned in a packet so that
multi-octet values within the Option Data field of each option fall
on natural boundaries (i.e., fields of width n octets are placed at
an integer multiple of n octets from the start of the header, for n =
1, 2, 4, or 8) [11]. The alignment requirement [11] for the Home
Address option is 8n+6.
The three highest-order bits of the Option Type field are encoded to The three highest-order bits of the Option Type field are encoded to
indicate specific processing of the option [11]; for the Home Address indicate specific processing of the option [11]; for the Home Address
option, these three bits are set to 110. This indicates the option, these three bits are set to 110. This indicates the
following processing requirements: following processing requirements:
o Any IPv6 node that does not recognize the Option Type must discard o Any IPv6 node that does not recognize the Option Type must discard
the packet. the packet.
o If the packet's Destination Address was not a multicast address, o If the packet's Destination Address was not a multicast address,
skipping to change at page 55, line 11 skipping to change at page 54, line 40
Routing Type Routing Type
2 (8-bit unsigned integer). 2 (8-bit unsigned integer).
Segments Left Segments Left
1 (8-bit unsigned integer). 1 (8-bit unsigned integer).
Reserved Reserved
32-bit reserved field. Initialized to zero for transmission, and 32-bit reserved field. The value MUST be initialized to zero by
ignored on reception. the sender, and MUST be ignored by the receiver.
Home Address Home Address
The Home Address of the destination Mobile Node. The Home Address of the destination Mobile Node.
For a type 2 routing header, the Hdr Ext Len MUST be 2. The Segments For a type 2 routing header, the Hdr Ext Len MUST be 2. The Segments
Left value describes the number of route segments remaining; i.e., Left value describes the number of route segments remaining; i.e.,
number of explicitly listed intermediate nodes still to be visited number of explicitly listed intermediate nodes still to be visited
before reaching the final destination. Segments Left MUST be 1. The before reaching the final destination. Segments Left MUST be 1. The
ordering rules for extension headers in an IPv6 packet are described ordering rules for extension headers in an IPv6 packet are described
in Section 4.1 of RFC 2460 [11]. The type 2 routing header defined in Section 4.1 of RFC 2460 [11]. The type 2 routing header defined
for Mobile IPv6 follows the same ordering as other routing headers. for Mobile IPv6 follows the same ordering as other routing headers.
If both a type 0 and a type 2 routing header are present, the type 2 If both a type 0 and a type 2 routing header are present, the type 2
routing header should follow the other routing header. A packet routing header should follow the other routing header. A packet
containing such nested encapsulation should be created as if the containing such nested encapsulation should be created as if the
inner (type 2) routing header was constructed first and then treated inner (type 2) routing header was constructed first and then treated
as an original packet by the outer (type 2) routing header as an original packet by the outer (type 0) routing header
construction process. construction process.
In addition, the general procedures defined by IPv6 for routing In addition, the general procedures defined by IPv6 for routing
headers suggest that a received routing header MAY be automatically headers suggest that a received routing header MAY be automatically
"reversed" to construct a routing header for use in any response "reversed" to construct a routing header for use in any response
packets sent by upper-layer protocols, if the received packet is packets sent by upper-layer protocols, if the received packet is
authenticated [6]. This MUST NOT be done automatically for type 2 authenticated [6]. This MUST NOT be done automatically for type 2
routing headers. routing headers.
6.5 ICMP Home Agent Address Discovery Request Message 6.5 ICMP Home Agent Address Discovery Request Message
The ICMP Home Agent Address Discovery Request message is used by a The ICMP Home Agent Address Discovery Request message is used by a
mobile node to initiate the dynamic home agent address discovery mobile node to initiate the dynamic home agent address discovery
mechanism, as described in Section 11.4.1. The mobile node sends the mechanism, as described in Section 11.4.1. The mobile node sends the
Home Agent Address Discovery Request message to the Mobile IPv6 Home Agent Address Discovery Request message to the Mobile IPv6
Home-Agents anycast address [16] for its own home subnet prefix. Home-Agents anycast address [16] for its own home subnet prefix.
(Note that the currently defined anycast addresses may not work with
all prefix lengths other than those defined in RFC 2373 [3, 33].)
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum | | Type | Code | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identifier | Reserved | | Identifier | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type Type
skipping to change at page 58, line 46 skipping to change at page 58, line 22
Set to an initial hop limit value, similarly to any other unicast Set to an initial hop limit value, similarly to any other unicast
packet sent by the mobile node. packet sent by the mobile node.
Destination Option: Destination Option:
A Home Address destination option MUST be included. A Home Address destination option MUST be included.
ESP header: ESP header:
IPsec headers SHOULD be supported and used as described in Section IPsec headers MUST be supported and SHOULD be used as described in
5.4. Section 5.4.
ICMP Fields: ICMP Fields:
Type Type
152 <To Be Assigned by IANA> 152 <To Be Assigned by IANA>
Code Code
0 0
skipping to change at page 60, line 24 skipping to change at page 59, line 45
For unsolicited messages, the mobile node's care-of address SHOULD For unsolicited messages, the mobile node's care-of address SHOULD
be used. Note that unsolicited messages can only be sent if the be used. Note that unsolicited messages can only be sent if the
mobile node is currently registered with the home agent. mobile node is currently registered with the home agent.
Routing header: Routing header:
A type 2 routing header MUST be included. A type 2 routing header MUST be included.
ESP header: ESP header:
IPsec headers SHOULD be supported and used as described in Section IPsec headers MUST be supported and SHOULD be used as described in
5.4. Section 5.4.
ICMP Fields: ICMP Fields:
Type Type
153 <To Be Assigned by IANA> 153 <To Be Assigned by IANA>
Code Code
0 0
skipping to change at page 61, line 46 skipping to change at page 61, line 18
nodes MUST silently ignore any options they do not recognize and nodes MUST silently ignore any options they do not recognize and
continue processing the message. continue processing the message.
If the Advertisement is sent in response to a Mobile Prefix If the Advertisement is sent in response to a Mobile Prefix
Solicitation, the home agent MUST copy the Identifier value from that Solicitation, the home agent MUST copy the Identifier value from that
message into the Identifier field of the Advertisement. message into the Identifier field of the Advertisement.
The home agent MUST NOT send more than one Mobile Prefix The home agent MUST NOT send more than one Mobile Prefix
Advertisement message per second to any mobile node. Advertisement message per second to any mobile node.
The M and O bits MUST be reset if the Home Agent DHCPv6 support is The M and O bits MUST be cleared if the Home Agent DHCPv6 support is
not provided. If such support is provided then they are set in not provided. If such support is provided then they are set in
concert with the home network's administrative settings. concert with the home network's administrative settings.
7. Modifications to IPv6 Neighbor Discovery 7. Modifications to IPv6 Neighbor Discovery
7.1 Modified Router Advertisement Message Format 7.1 Modified Router Advertisement Message Format
Mobile IPv6 modifies the format of the Router Advertisement message Mobile IPv6 modifies the format of the Router Advertisement message
[12] by the addition of a single flag bit to indicate that the router [12] by the addition of a single flag bit to indicate that the router
sending the Advertisement message is serving as a home agent on this sending the Advertisement message is serving as a home agent on this
skipping to change at page 63, line 36 skipping to change at page 63, line 36
+ + + +
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
This format represents the following changes over that originally This format represents the following changes over that originally
specified for Neighbor Discovery [12]: specified for Neighbor Discovery [12]:
Router Address (R) Router Address (R)
1-bit router address flag. When set, indicates that the Prefix 1-bit router address flag. When set, indicates that the Prefix
field, in addition to advertising the indicated prefix, contains a field contains a complete IP address assigned to the sending
complete IP address assigned to the sending router. This router router. The indicated prefix is the first Prefix Length bits of
IP address has the same scope and conforms to the same lifetime the Prefix field. The router IP address has the same scope and
values as the advertised prefix. This use of the Prefix field is conforms to the same lifetime values as the advertised prefix.
compatible with its use in advertising the prefix itself, since This use of the Prefix field is compatible with its use in
Prefix Advertisement uses only the leading number Prefix bits advertising the prefix itself, since Prefix Advertisement uses
specified by the Prefix Length field. Interpretation of this flag only the leading bits. Interpretation of this flag bit is thus
bit is thus independent of the processing required for the On-Link independent of the processing required for the On-Link (L) and
(L) and Autonomous Address-Configuration (A) flag bits. Autonomous Address-Configuration (A) flag bits.
Reserved1 Reserved1
Reduced from a 6-bit field to a 5-bit field to account for the Reduced from a 6-bit field to a 5-bit field to account for the
addition of the above bit. addition of the above bit.
In a Router Advertisement, a home agent MUST, and all other routers In a Router Advertisement, a home agent MUST, and all other routers
MAY, include at least one Prefix Information option with the Router MAY, include at least one Prefix Information option with the Router
Address (R) bit set. Neighbor Discovery specifies that, if including Address (R) bit set. Neighbor Discovery specifies that, if including
all options in a Router Advertisement causes the size of the all options in a Router Advertisement causes the size of the
skipping to change at page 66, line 48 skipping to change at page 66, line 48
from all Advertisements. from all Advertisements.
This option MUST be silently ignored for other Neighbor Discovery This option MUST be silently ignored for other Neighbor Discovery
messages. messages.
If both the Home Agent Preference and Home Agent Lifetime are set to If both the Home Agent Preference and Home Agent Lifetime are set to
their default values specified above, this option SHOULD NOT be their default values specified above, this option SHOULD NOT be
included in the Router Advertisement messages sent by this home included in the Router Advertisement messages sent by this home
agent. agent.
7.5 Modified Neighbor Solicitation Message Format 7.5 Changes to Sending Router Advertisements
Mobile nodes may need to send Neighbor Solicitations to their home
agent when the home agent still has a binding for them. As the home
agent defends the mobile node's addresses on the home link, the
mobile node can not use its own addresses until it it successfully
deletes the binding. However, in order to do this it must send a
Binding Update to the home agent, and possibly find its link-layer
address.
The modified Neighbor Solicitation message allows this to be done
with the IP Source Address set to the unspecified address and the
ICMP Code field set to 1. The modified format MUST NOT be used
except for the purpose of discovering the link-layer address of a
home agent when the mobile node is returning home (Section 11.5.4).
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ +
| |
+ Target Address +
| |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Options ...
+-+-+-+-+-+-+-+-+-+-+-+-
This format represents the following changes over that originally
specified for Neighbor Discovery [12]:
IP Fields:
Source Address
The unspecified address.
ICMP Fields:
Code
1
Upon receiving a Neighbor Solicitation message from the unspecified
address with the Code field set to 1, home agents MUST process this
message as described in Section 7.2.3 of RFC 2461 [12]. Such
messages MUST NOT be considered as a sign that the sending node is
performing Duplicate Address Detection [13].
7.6 Changes to Sending Router Advertisements
The Neighbor Discovery protocol specification [12] limits routers to The Neighbor Discovery protocol specification [12] limits routers to
a minimum interval of 3 seconds between sending unsolicited multicast a minimum interval of 3 seconds between sending unsolicited multicast
Router Advertisement messages from any given network interface Router Advertisement messages from any given network interface
(limited by MinRtrAdvInterval and MaxRtrAdvInterval), stating that: (limited by MinRtrAdvInterval and MaxRtrAdvInterval), stating that:
"Routers generate Router Advertisements frequently enough that "Routers generate Router Advertisements frequently enough that
hosts will learn of their presence within a few minutes, but not hosts will learn of their presence within a few minutes, but not
frequently enough to rely on an absence of advertisements to frequently enough to rely on an absence of advertisements to
detect router failure; a separate Neighbor Unreachability detect router failure; a separate Neighbor Unreachability
skipping to change at page 69, line 37 skipping to change at page 68, line 30
The MinRtrAdvInterval and MaxRtrAdvInterval in such a case can be set The MinRtrAdvInterval and MaxRtrAdvInterval in such a case can be set
to some high values. to some high values.
When sending unsolicited multicast Router Advertisements more When sending unsolicited multicast Router Advertisements more
frequently than the limit specified in RFC 2461 [12], the sending frequently than the limit specified in RFC 2461 [12], the sending
router need not include all options in each of these Advertisements, router need not include all options in each of these Advertisements,
but it SHOULD include at least one Prefix Information option with the but it SHOULD include at least one Prefix Information option with the
Router Address (R) bit set (Section 7.2) in each. Router Address (R) bit set (Section 7.2) in each.
Home agents MUST include the Source Link-Layer Address option in all Home agents MUST include the Source Link-Layer Address option in all
Router Advertisements they send. Router Advertisements they send. This simplifies the process of
returning home, as discussed in Section 11.5.4.
7.7 Changes to Duplicate Address Detection 7.6 Changes to Duplicate Address Detection
Upon failing Duplicate Address Detection, [13] requires IPv6 nodes to Upon failing Duplicate Address Detection, [13] requires IPv6 nodes to
stop using the address and wait for reconfiguration. In addition, if stop using the address and wait for reconfiguration. In addition, if
the failed address was a link-local address formed from an interface the failed address was a link-local address formed from an interface
identifier, the interface should be disabled. identifier, the interface should be disabled.
Mobile nodes that wish to avoid this situation MAY use temporary Mobile nodes that wish to avoid this situation MAY use temporary
link-local addresses as follows. The mobile node SHOULD generate a link-local addresses as follows. The mobile node SHOULD generate a
random interface identifier and use it for assigning itself a random interface identifier and use it for assigning itself a
link-local address. In order to do this, the mobile node applies to link-local address. In order to do this, the mobile node applies to
skipping to change at page 71, line 37 skipping to change at page 69, line 37
Other specifications are expected to define the extent of IPv6. Other specifications are expected to define the extent of IPv6.
8.1 All IPv6 Nodes 8.1 All IPv6 Nodes
Any IPv6 node may at any time be a correspondent node of a mobile Any IPv6 node may at any time be a correspondent node of a mobile
node, either sending a packet to a mobile node or receiving a packet node, either sending a packet to a mobile node or receiving a packet
from a mobile node. There are no Mobile IPv6 specific MUST from a mobile node. There are no Mobile IPv6 specific MUST
requirements for such nodes, and basic IPv6 techniques are requirements for such nodes, and basic IPv6 techniques are
sufficient. If a mobile node attempts to set up route optimization sufficient. If a mobile node attempts to set up route optimization
with a node with only basic IPv6 support, an ICMP error will signal with a node with only basic IPv6 support, an ICMP error will signal
that the node does not support such optimizations, and communications that the node does not support such optimizations (Section 11.3.5),
will flow through the home agent. and communications will flow through the home agent .
8.2 IPv6 Nodes with Support for Route Optimization 8.2 IPv6 Nodes with Support for Route Optimization
Nodes that implement route optimization are a subset of all IPv6 Nodes that implement route optimization are a subset of all IPv6
nodes on the Internet. The ability of a correspondent node to nodes on the Internet. The ability of a correspondent node to
participate in route optimization is essential for the efficient participate in route optimization is essential for the efficient
operation of the IPv6 Internet, for the following reasons: operation of the IPv6 Internet, for the following reasons:
o Avoidance of congestion in the home network, and enabling the use o Avoidance of congestion in the home network, and enabling the use
of lower-performance home agent equipment even for supporting of lower-performance home agent equipment even for supporting
thousands of mobile nodes. thousands of mobile nodes.
o Reduced network load across the entire Internet, as mobile devices o Reduced network load across the entire Internet, as mobile devices
begin to predominate. At the time this is being written, laptop begin to predominate.
computers already outsell desktops and wireless telephones far
outsell laptops.
o Reduction of jitter and latency for the communications. o Reduction of jitter and latency for the communications.
o Greater likelihood of success for QoS signaling as tunneling is o Greater likelihood of success for QoS signaling as tunneling is
avoided and, again, fewer sources of congestion. avoided and, again, fewer sources of congestion.
o Improved robustness against network partitions, congestion, and o Improved robustness against network partitions, congestion, and
other problems, since fewer routing path segments are traversed. other problems, since fewer routing path segments are traversed.
These effects combine to enable much better performance and These effects combine to enable much better performance and
robustness for communications between mobile nodes and IPv6 robustness for communications between mobile nodes and IPv6
correspondent nodes. correspondent nodes. Route optimization introduces a small amount of
additional state for the peers, some additional messaging, and upto
1.5 roundtrip delays before it can be turned on. However, it is
believed that the benefits far outweight the costs in most cases.
Section 11.3.1 discusses how mobile nodes may avoid route
optimization for some of the remaining cases, such as very short-term
communications.
The following requirements apply to all correspondent nodes that The following requirements apply to all correspondent nodes that
support route optimization: support route optimization:
o The node MUST be able validate a Home Address option using an o The node MUST be able validate a Home Address option using an
existing Binding Cache entry, as described in Section 9.3.1. existing Binding Cache entry, as described in Section 9.3.1.
o The node MUST be able to insert a type 2 routing header into o The node MUST be able to insert a type 2 routing header into
packets to be sent to a mobile node, as described in Section packets to be sent to a mobile node, as described in Section
9.3.2. 9.3.2.
skipping to change at page 73, line 18 skipping to change at page 71, line 21
enabled or disabled. The default SHOULD be enabled. enabled or disabled. The default SHOULD be enabled.
8.3 All IPv6 Routers 8.3 All IPv6 Routers
All IPv6 routers, even those not serving as a home agent for Mobile All IPv6 routers, even those not serving as a home agent for Mobile
IPv6, have an effect on how well mobile nodes can communicate: IPv6, have an effect on how well mobile nodes can communicate:
o Every IPv6 router SHOULD be able to send an Advertisement Interval o Every IPv6 router SHOULD be able to send an Advertisement Interval
option (Section 7.3) in each of its Router Advertisements [12], to option (Section 7.3) in each of its Router Advertisements [12], to
aid movement detection by mobile nodes (as in Section 11.5.1). aid movement detection by mobile nodes (as in Section 11.5.1).
The use of this option in Router Advertisements MUST be The use of this option in Router Advertisements SHOULD be
configurable. configurable.
o Every IPv6 router SHOULD be able to support sending unsolicited o Every IPv6 router SHOULD be able to support sending unsolicited
multicast Router Advertisements at the faster rate described in multicast Router Advertisements at the faster rate described in
Section 7.6. The use of this faster rate MUST be configurable. Section 7.5. If the router supports a faster rate, the used rate
MUST be configurable.
o Each router SHOULD include at least one prefix with the Router o Each router SHOULD include at least one prefix with the Router
Address (R) bit set and with its full IP address in its Router Address (R) bit set and with its full IP address in its Router
Advertisements (as described in Section 7.2). Advertisements (as described in Section 7.2).
o Filtering routers SHOULD support different rules for type 0 and o Routers supporting filtering packets with routing headers SHOULD
type 2 routing headers (see Section 6.4) so that filtering of support different rules for type 0 and type 2 routing headers (see
source routed packets (type 0) will not necessarily limit Mobile Section 6.4) so that filtering of source routed packets (type 0)
IPv6 traffic which is delivered via type 2 routing headers. will not necessarily limit Mobile IPv6 traffic which is delivered
via type 2 routing headers.
8.4 IPv6 Home Agents 8.4 IPv6 Home Agents
In order for a mobile node to operate correctly while away from home, In order for a mobile node to operate correctly while away from home,
at least one IPv6 router on the mobile node's home link must function at least one IPv6 router on the mobile node's home link must function
as a home agent for the mobile node. The following additional as a home agent for the mobile node. The following additional
requirements apply to all IPv6 routers that serve as a home agent: requirements apply to all IPv6 routers that serve as a home agent:
o Every home agent MUST be able to maintain an entry in its Binding o Every home agent MUST be able to maintain an entry in its Binding
Cache for each mobile node for which it is serving as the home Cache for each mobile node for which it is serving as the home
skipping to change at page 74, line 40 skipping to change at page 72, line 45
10.5). 10.5).
o Every home agent SHOULD support a configuration mechanism to allow o Every home agent SHOULD support a configuration mechanism to allow
a system administrator to manually set the value to be sent by a system administrator to manually set the value to be sent by
this home agent in the Home Agent Preference field of the Home this home agent in the Home Agent Preference field of the Home
Agent Information Option in Router Advertisements that it sends Agent Information Option in Router Advertisements that it sends
(Section 7.4). (Section 7.4).
o Every home agent SHOULD support sending ICMP Mobile Prefix o Every home agent SHOULD support sending ICMP Mobile Prefix
Advertisements (Section 6.8), and SHOULD respond to Mobile Prefix Advertisements (Section 6.8), and SHOULD respond to Mobile Prefix
Solicitations (Section 6.7). This behavior MUST be configurable, Solicitations (Section 6.7). If supported, this behavior MUST be
so that home agents can be configured to avoid sending such Prefix configurable, so that home agents can be configured to avoid
Advertisements according to the needs of the network sending such Prefix Advertisements according to the needs of the
administration in the home domain. network administration in the home domain.
o Every home agent MUST support IPsec ESP for protection of packets o Every home agent MUST support IPsec ESP for protection of packets
belonging to the return routability procedure (Section 10.4.6). belonging to the return routability procedure (Section 10.4.6).
o Every home agent SHOULD support the multicast group membership o Every home agent SHOULD support the multicast group membership
control protocols as described in Section 10.4.3. If this support control protocols as described in Section 10.4.3. If this support
is provided, the home agent MUST be capable of using it to is provided, the home agent MUST be capable of using it to
determine which multicast data packets to forward via the tunnel determine which multicast data packets to forward via the tunnel
to the mobile node. to the mobile node.
o Home agents MAY support stateful address autoconfiguration for o Home agents MAY support stateful address autoconfiguration for
mobile nodes as described in Section 10.4.4. mobile nodes as described in Section 10.4.4.
o Every home agent MUST support the extended Neighbor Solicitation
message format described in Section 7.5.
8.5 IPv6 Mobile Nodes 8.5 IPv6 Mobile Nodes
Finally, the following requirements apply to all IPv6 nodes capable Finally, the following requirements apply to all IPv6 nodes capable
of functioning as mobile nodes: of functioning as mobile nodes:
o The node MUST maintain a Binding Update List (Section 11.1). o The node MUST maintain a Binding Update List (Section 11.1).
o The node MUST support sending packets containing a Home Address o The node MUST support sending packets containing a Home Address
option (Section 11.3.1), and follow the required IPsec interaction option (Section 11.3.1), and follow the required IPsec interaction
(Section 11.3.2). (Section 11.3.2).
o The node MUST be able to perform IPv6 encapsulation and o The node MUST be able to perform IPv6 encapsulation and
decapsulation [15]. decapsulation [15].
o The node MUST be able to process type 2 routing header as defined o The node MUST be able to process type 2 routing header as defined
in Section 6.4 and Section 11.3.3. in Section 6.4 and Section 11.3.3.
o The node MUST support receiving a Binding Error message (Section o The node MUST support receiving a Binding Error message (Section
11.3.6). 11.3.6).
o The node SHOULD support receiving ICMP errors (Section 11.3.5). o The node MUST support receiving ICMP errors (Section 11.3.5).
o The node MUST support movement detection, care-of address o The node MUST support movement detection, care-of address
formation, and returning home (Section 11.5). formation, and returning home (Section 11.5).
o The node MUST be able to process Mobility Headers as described in o The node MUST be able to process Mobility Headers as described in
Section 11.2. Section 11.2.
o The node MUST support the return routability procedure (Section o The node MUST support the return routability procedure (Section
11.6). 11.6).
skipping to change at page 76, line 19 skipping to change at page 74, line 22
o The node MUST allow route optimization to be administratively o The node MUST allow route optimization to be administratively
enabled or disabled. The default SHOULD be enabled. enabled or disabled. The default SHOULD be enabled.
o The node MAY support the multicast address listener part of a o The node MAY support the multicast address listener part of a
multicast group membership protocol as described in Section multicast group membership protocol as described in Section
11.3.4. If this support is provided, the mobile node MUST be able 11.3.4. If this support is provided, the mobile node MUST be able
to receive tunneled multicast packets from the home agent. to receive tunneled multicast packets from the home agent.
o The node MAY support stateful address autoconfiguration mechanisms o The node MAY support stateful address autoconfiguration mechanisms
such as DHCPv6 [29] on the interface represented by the tunnel to such as DHCPv6 [28] on the interface represented by the tunnel to
the home agent. the home agent.
9. Correspondent Node Operation 9. Correspondent Node Operation
9.1 Conceptual Data Structures 9.1 Conceptual Data Structures
IPv6 nodes with route optimization support maintain a Binding Cache IPv6 nodes with route optimization support maintain a Binding Cache
of bindings for other nodes. A separate Binding Cache SHOULD be of bindings for other nodes. A separate Binding Cache SHOULD be
maintained by each IPv6 node for each of its IPv6 addresses. The maintained by each IPv6 node for each of its unicast routable
Binding Cache MAY be implemented in any manner consistent with the addresses. The Binding Cache MAY be implemented in any manner
external behavior described in this document, for example by being consistent with the external behavior described in this document, for
combined with the node's Destination Cache as maintained by Neighbor example by being combined with the node's Destination Cache as
Discovery [12]. When sending a packet, the Binding Cache is searched maintained by Neighbor Discovery [12]. When sending a packet, the
before the Neighbor Discovery conceptual Destination Cache [12]. Binding Cache is searched before the Neighbor Discovery conceptual
That is, any Binding Cache entry for this destination SHOULD take Destination Cache [12]. That is, any Binding Cache entry for this
precedence over any Destination Cache entry for the same destination. destination SHOULD take precedence over any Destination Cache entry
for the same destination.
Each Binding Cache entry conceptually contains the following fields: Each Binding Cache entry conceptually contains the following fields:
o The home address of the mobile node for which this is the Binding o The home address of the mobile node for which this is the Binding
Cache entry. This field is used as the key for searching the Cache entry. This field is used as the key for searching the
Binding Cache for the destination address of a packet being sent. Binding Cache for the destination address of a packet being sent.
If the destination address of the packet matches the home address If the destination address of the packet matches the home address
in the Binding Cache entry, this entry SHOULD be used in routing in the Binding Cache entry, this entry SHOULD be used in routing
that packet. that packet.
skipping to change at page 77, line 43 skipping to change at page 75, line 44
address. This is described in Section 9.3.2 for packets address. This is described in Section 9.3.2 for packets
originated by this node. originated by this node.
o A lifetime value, indicating the remaining lifetime for this o A lifetime value, indicating the remaining lifetime for this
Binding Cache entry. The lifetime value is initialized from the Binding Cache entry. The lifetime value is initialized from the
Lifetime field in the Binding Update that created or last modified Lifetime field in the Binding Update that created or last modified
this Binding Cache entry. Once the lifetime of this entry this Binding Cache entry. Once the lifetime of this entry
expires, the entry MUST be deleted from the Binding Cache. expires, the entry MUST be deleted from the Binding Cache.
o A flag indicating whether or not this Binding Cache entry is a o A flag indicating whether or not this Binding Cache entry is a
home registration entry. home registration entry (applicable only on nodes which support
home agent functionality).
o The maximum value of the Sequence Number field received in o The maximum value of the Sequence Number field received in
previous Binding Updates for this mobile node home address. The previous Binding Updates for this mobile node home address. The
Sequence Number field is 16 bits long. Sequence Number values Sequence Number field is 16 bits long. Sequence Number values
MUST be compared modulo 2**16 as explained in Section 9.5.1. MUST be compared modulo 2**16 as explained in Section 9.5.1.
o Usage information for this Binding Cache entry. This is needed to o Usage information for this Binding Cache entry. This is needed to
implement the cache replacement policy in use in the Binding implement the cache replacement policy in use in the Binding
Cache. Recent use of a cache entry also serves as an indication Cache. Recent use of a cache entry also serves as an indication
that a Binding Refresh Request should be sent when the lifetime of that a Binding Refresh Request should be sent when the lifetime of
skipping to change at page 78, line 19 skipping to change at page 76, line 21
but SHOULD NOT be unnecessarily deleted. The Binding Cache for any but SHOULD NOT be unnecessarily deleted. The Binding Cache for any
one of a node's IPv6 addresses may contain at most one entry for each one of a node's IPv6 addresses may contain at most one entry for each
mobile node home address. The contents of a node's Binding Cache mobile node home address. The contents of a node's Binding Cache
MUST NOT be changed in response to a Home Address option in a MUST NOT be changed in response to a Home Address option in a
received packet. received packet.
9.2 Processing Mobility Headers 9.2 Processing Mobility Headers
Mobility Header processing MUST observe the following rules: Mobility Header processing MUST observe the following rules:
o The checksum must be verified as per Section 6.1. Otherwise, the
node MUST silently discard the message.
o The MH Type field MUST have a known value (Section 6.1.1). o The MH Type field MUST have a known value (Section 6.1.1).
Otherwise, the node MUST discard the message and issue a Binding Otherwise, the node MUST discard the message and issue a Binding
Error message as described in Section 9.3.3, with Status field set Error message as described in Section 9.3.3, with Status field set
to 2 (unrecognized MH Type value). to 2 (unrecognized MH Type value).
o The Payload Proto field MUST be IPPROTO_NONE (59 decimal). o The Payload Proto field MUST be IPPROTO_NONE (59 decimal).
Otherwise, the node MUST discard the message and SHOULD send ICMP Otherwise, the node MUST discard the message and SHOULD send ICMP
Parameter Problem [14], Code 0, to the Source Address of the Parameter Problem [14], Code 0, to the Source Address of the
packet. packet.
o The checksum must be verified as per Section 6.1. Otherwise, the
node MUST silently discard the message.
o The Header Len field in the Mobility Header MUST NOT be less than o The Header Len field in the Mobility Header MUST NOT be less than
the length specified for this particular type of message in the length specified for this particular type of message in
Section 6.1. Otherwise, the node MUST discard the message and Section 6.1. Otherwise, the node MUST discard the message and
SHOULD send ICMP Parameter Problem [14], Code 0, to the Source SHOULD send ICMP Parameter Problem [14], Code 0, to the Source
Address of the packet. Address of the packet.
Subsequent checks depend on the particular Mobility Header. Subsequent checks depend on the particular Mobility Header.
9.3 Packet Processing 9.3 Packet Processing
skipping to change at page 79, line 11 skipping to change at page 77, line 14
Mobile nodes are expected to include a Home Address destination Mobile nodes are expected to include a Home Address destination
option in a packet they believe the correspondent node has a Binding option in a packet they believe the correspondent node has a Binding
Cache entry for the home address of a mobile node. Packets Cache entry for the home address of a mobile node. Packets
containing a Home Address option MUST be dropped if there is no containing a Home Address option MUST be dropped if there is no
corresponding Binding Cache entry. A corresponding Binding Cache corresponding Binding Cache entry. A corresponding Binding Cache
entry MUST have the same home address as appears in the Home Address entry MUST have the same home address as appears in the Home Address
destination option, and the currently registered care-of address MUST destination option, and the currently registered care-of address MUST
be equal to the source address of the packet. These tests MUST NOT be equal to the source address of the packet. These tests MUST NOT
be done for packets that contain a Home Address option and a Binding be done for packets that contain a Home Address option and a Binding
Update, or for IPsec AH or ESP packets. Update.
If the packet is dropped due the above tests, the correspondent node If the packet is dropped due the above tests, the correspondent node
SHOULD send the Binding Error message as described in Section 9.3.3. MUST send the Binding Error message as described in Section 9.3.3.
The Status field in this message should be set to 1 (unknown binding The Status field in this message should be set to 1 (unknown binding
for Home Address destination option). for Home Address destination option).
The correspondent node MUST process the option in a manner consistent The correspondent node MUST process the option in a manner consistent
with exchanging the Home Address field from the Home Address option with exchanging the Home Address field from the Home Address option
into the IPv6 header and replacing the original value of the Source into the IPv6 header and replacing the original value of the Source
Address field there. After all IPv6 options have been processed, it Address field there. After all IPv6 options have been processed, it
MUST be possible for upper layers to process the packet without the MUST be possible for upper layers to process the packet without the
knowledge that it came originally from a care-of address or that a knowledge that it came originally from a care-of address or that a
Home Address option was used. Home Address option was used.
skipping to change at page 80, line 9 skipping to change at page 78, line 11
Before sending any packet, the sending node SHOULD examine its Before sending any packet, the sending node SHOULD examine its
Binding Cache for an entry for the destination address to which the Binding Cache for an entry for the destination address to which the
packet is being sent. If the sending node has a Binding Cache entry packet is being sent. If the sending node has a Binding Cache entry
for this address, the sending node SHOULD use a type 2 routing header for this address, the sending node SHOULD use a type 2 routing header
to route the packet to this mobile node (the destination node) by way to route the packet to this mobile node (the destination node) by way
of its care-of address. When calculating authentication data in a of its care-of address. When calculating authentication data in a
packet that contains a type 2 routing header, the correspondent node packet that contains a type 2 routing header, the correspondent node
MUST calculate the authentication data as if the following were true: MUST calculate the authentication data as if the following were true:
The routing header contains the care-of address, the destination IPv6 The routing header contains the care-of address, the destination IPv6
address field of the IPv6 header contains the home address, and the address field of the IPv6 header contains the home address, and the
Segments Left field is zero. The IPsec Security Policy Database look Segments Left field is zero. The IPsec Security Policy Database
MUST based on the mobile node's home address. lookup MUST based on the mobile node's home address.
For instance, assuming there are no additional routing headers in For instance, assuming there are no additional routing headers in
this packet beyond those needed by Mobile IPv6, the correspondent this packet beyond those needed by Mobile IPv6, the correspondent
node could set the fields in the packet's IPv6 header and routing node could set the fields in the packet's IPv6 header and routing
header as follows: header as follows:
o The Destination Address in the packet's IPv6 header is set to the o The Destination Address in the packet's IPv6 header is set to the
mobile node's home address (the original destination address to mobile node's home address (the original destination address to
which the packet was being sent). which the packet was being sent).
skipping to change at page 81, line 22 skipping to change at page 79, line 24
A Binding Error message is sent to the address that appeared in the A Binding Error message is sent to the address that appeared in the
IPv6 Source Address field of the offending packet. If the Source IPv6 Source Address field of the offending packet. If the Source
Address field does not contain a unicast address, the Binding Error Address field does not contain a unicast address, the Binding Error
message MUST NOT be sent. message MUST NOT be sent.
The Home Address field in the Binding Error message MUST be copied The Home Address field in the Binding Error message MUST be copied
from the Home Address field in the Home Address destination option of from the Home Address field in the Home Address destination option of
the offending packet, or set to the unspecified address if no such the offending packet, or set to the unspecified address if no such
option appeared in the packet. option appeared in the packet.
Binding Error messages are subject to rate limiting in the same Binding Error messages SHOULD be subject to rate limiting in the same
manner as is done for ICMPv6 messages [14]. manner as is done for ICMPv6 messages [14].
9.3.4 Receiving ICMP Error Messages 9.3.4 Receiving ICMP Error Messages
When the correspondent node has a Binding Cache entry for a mobile When the correspondent node has a Binding Cache entry for a mobile
node, all traffic destined to the mobile node goes directly to the node, all traffic destined to the mobile node goes directly to the
current care-of address of the mobile node using a routing header. current care-of address of the mobile node using a routing header.
Any ICMP error message caused by packets on their way to the care-of Any ICMP error message caused by packets on their way to the care-of
address will be returned in the normal manner to the correspondent address will be returned in the normal manner to the correspondent
node. node.
skipping to change at page 82, line 49 skipping to change at page 80, line 52
described in Section 9.4.1. described in Section 9.4.1.
Section 9.4.4 specifies further processing. Section 9.4.4 specifies further processing.
9.4.3 Sending Home Test Messages 9.4.3 Sending Home Test Messages
The correspondent node creates a home keygen token and uses the The correspondent node creates a home keygen token and uses the
current nonce index as the Home Nonce Index. It then creates a Home current nonce index as the Home Nonce Index. It then creates a Home
Test message (Section 6.1.5) and sends it to the mobile node at the Test message (Section 6.1.5) and sends it to the mobile node at the
latter's home address. Note that the Home Test message is always latter's home address. Note that the Home Test message is always
sent to the home address of the mobile node, even when there is an sent to the home address of the mobile node without route
existing binding for the mobile node. optimization, even when there is an existing binding for the mobile
node.
9.4.4 Sending Care-of Test Messages 9.4.4 Sending Care-of Test Messages
The correspondent node creates a care-of nonce and uses the current The correspondent node creates a care-of nonce and uses the current
nonce index as the Care-of Nonce Index. It then creates a Care-of nonce index as the Care-of Nonce Index. It then creates a Care-of
Test message (Section 6.1.6) and sends it to the mobile node at the Test message (Section 6.1.6) and sends it to the mobile node at the
latter's care-of address. latter's care-of address.
9.5 Processing Bindings 9.5 Processing Bindings
skipping to change at page 84, line 16 skipping to change at page 82, line 18
Care-of Nonce Index values in this option MUST be recent enough to Care-of Nonce Index values in this option MUST be recent enough to
be recognized by the correspondent node. (Care-of Nonce Index be recognized by the correspondent node. (Care-of Nonce Index
values are not inspected for requests to delete a binding.) values are not inspected for requests to delete a binding.)
o The correspondent node MUST re-generate the home keygen token and o The correspondent node MUST re-generate the home keygen token and
the care-of keygen token from the information contained in the the care-of keygen token from the information contained in the
packet. It then generates the binding management key Kbm and uses packet. It then generates the binding management key Kbm and uses
it to verify the authenticator field in the Binding Update as it to verify the authenticator field in the Binding Update as
specified in Section 6.1.7. specified in Section 6.1.7.
o The Home Registration (H) bit MUST NOT be set.
When using Kbm for validating the Binding Update, the following are When using Kbm for validating the Binding Update, the following are
required: required:
o The Binding Authorization Data mobility option MUST be present, o The Binding Authorization Data mobility option MUST be present,
and its contents MUST satisfy rules presented in Section 5.2.6. and its contents MUST satisfy rules presented in Section 5.2.6.
Note that a care-of address different from the Source Address MAY Note that a care-of address different from the Source Address MAY
have been specified by including an Alternate Care-of Address have been specified by including an Alternate Care-of Address
mobility option in the Binding Update. When such a message is mobility option in the Binding Update. When such a message is
received and the return routability procedure is used as an received and the return routability procedure is used as an
authorization method, the correspondent node MUST verify the authorization method, the correspondent node MUST verify the
skipping to change at page 87, line 6 skipping to change at page 85, line 11
Binding Update as follows: Binding Update as follows:
o If the Binding Update was discarded as described in Section 9.2 or o If the Binding Update was discarded as described in Section 9.2 or
Section 9.5.1, a Binding Acknowledgement MUST NOT be sent. Section 9.5.1, a Binding Acknowledgement MUST NOT be sent.
Otherwise the treatment depends on the below rules. Otherwise the treatment depends on the below rules.
o If the Acknowledge (A) bit set is set in the Binding Update, a o If the Acknowledge (A) bit set is set in the Binding Update, a
Binding Acknowledgement MUST be sent. Otherwise, the treatment Binding Acknowledgement MUST be sent. Otherwise, the treatment
depends on the below rule. depends on the below rule.
o If the node rejects the Binding Update, a Binding Acknowledgement o If the node rejects the Binding Update due to an expired nonce
MUST be sent. If the node accepts the Binding Update, the Binding index, sequence number being out of window (Section 9.5.1), or
Acknowledgement SHOULD NOT be sent. insufficiency of resources (Section 9.5.2), a Binding
Acknowledgement MUST be sent. If the node accepts the Binding
Update, the Binding Acknowledgement SHOULD NOT be sent.
If the node accepts the Binding Update and creates or updates an If the node accepts the Binding Update and creates or updates an
entry for this binding, the Status field in the Binding entry for this binding, the Status field in the Binding
Acknowledgement MUST be set to a value less than 128. Otherwise, the Acknowledgement MUST be set to a value less than 128. Otherwise, the
Status field MUST be set to a value greater than or equal to 128. Status field MUST be set to a value greater than or equal to 128.
Values for the Status field are described in Section 6.1.8 and in the Values for the Status field are described in Section 6.1.8 and in the
IANA registry of assigned numbers [19]. IANA registry of assigned numbers [19].
If the Status field in the Binding Acknowledgement contains the value If the Status field in the Binding Acknowledgement contains the value
136 (expired home nonce index), 137 (expired care-of nonce index), or 136 (expired home nonce index), 137 (expired care-of nonce index), or
skipping to change at page 90, line 46 skipping to change at page 89, line 46
the following sequence of tests: the following sequence of tests:
o If the node implements only correspondent node functionality, or o If the node implements only correspondent node functionality, or
has not been configured to act as a home agent, then the node MUST has not been configured to act as a home agent, then the node MUST
reject the Binding Update. The node MUST then also return a reject the Binding Update. The node MUST then also return a
Binding Acknowledgement to the mobile node, in which the Status Binding Acknowledgement to the mobile node, in which the Status
field is set to 131 (home registration not supported). field is set to 131 (home registration not supported).
o Else, if the home address for the binding (the Home Address field o Else, if the home address for the binding (the Home Address field
in the packet's Home Address option) is not an on-link IPv6 in the packet's Home Address option) is not an on-link IPv6
address with respect to the home agent's current Prefix List, then address with respect to the home agent's current Prefix List or if
the home agent MUST reject the Binding Update and SHOULD return a the corresponding prefix was not advertised with the Home Agent
Binding Acknowledgement to the mobile node, in which the Status (H) bit set, then the home agent MUST reject the Binding Update
field is set to 132 (not home subnet). and SHOULD return a Binding Acknowledgement to the mobile node, in
which the Status field is set to 132 (not home subnet).
o Else, if the home agent chooses to reject the Binding Update for o Else, if the home agent chooses to reject the Binding Update for
any other reason (e.g., insufficient resources to serve another any other reason (e.g., insufficient resources to serve another
mobile node as a home agent), then the home agent SHOULD return a mobile node as a home agent), then the home agent SHOULD return a
Binding Acknowledgement to the mobile node, in which the Status Binding Acknowledgement to the mobile node, in which the Status
field is set to an appropriate value to indicate the reason for field is set to an appropriate value to indicate the reason for
the rejection. the rejection.
o A Home Address destination option MUST be present in the message. o A Home Address destination option MUST be present in the message.
It MUST be validated as described in Section 9.3.1 with the
following additional rule. The Binding Cache entry existence test
MUST NOT be done for IPsec packets when the Home Address option
contains an address for which the receiving node could act as a
home agent.
If home agent accepts the Binding Update, it MUST then create a new If home agent accepts the Binding Update, it MUST then create a new
entry in its Binding Cache for this mobile node, or update its entry in its Binding Cache for this mobile node, or update its
existing Binding Cache entry, if such an entry already exists. The existing Binding Cache entry, if such an entry already exists. The
Home Address field as received in the Home Address option provides Home Address field as received in the Home Address option provides
the home address of the mobile node. the home address of the mobile node.
The home agent MUST mark this Binding Cache entry as a home The home agent MUST mark this Binding Cache entry as a home
registration to indicate that the node is serving as a home agent for registration to indicate that the node is serving as a home agent for
this binding. Binding Cache entries marked as a home registration this binding. Binding Cache entries marked as a home registration
skipping to change at page 91, line 45 skipping to change at page 90, line 52
sends a successful Binding Acknowledgement to the mobile node, the sends a successful Binding Acknowledgement to the mobile node, the
home agent assures to the mobile node that its address(es) will home agent assures to the mobile node that its address(es) will
continue to be kept unique by the home agent at least as long as the continue to be kept unique by the home agent at least as long as the
lifetime granted for the bindings is not over. lifetime granted for the bindings is not over.
The specific addresses which are to be tested before accepting the The specific addresses which are to be tested before accepting the
Binding Update, and later to be defended by performing Duplicate Binding Update, and later to be defended by performing Duplicate
Address Detection, depend on the setting of the Link-Local Address Address Detection, depend on the setting of the Link-Local Address
Compatibility (L) bit, as follows: Compatibility (L) bit, as follows:
o L=0: Defend the given address. o L=0: Defend only the given address. Do not derive a link-local
address.
o L=1: Defend both the given non link-local unicast (home) address o L=1: Defend both the given non link-local unicast (home) address
and the derived link-local. and the derived link-local. The link-local address is derived by
replacing the subnet prefix in the mobile node's home address with
the link-local prefix.
The lifetime of the Binding Cache entry depends on a number of The lifetime of the Binding Cache entry depends on a number of
factors: factors:
o The lifetime for the Binding Cache entry MUST NOT be greater than o The lifetime for the Binding Cache entry MUST NOT be greater than
the Lifetime value specified in the Binding Update. the Lifetime value specified in the Binding Update.
o The lifetime for the Binding Cache entry MUST NOT be greater than o The lifetime for the Binding Cache entry MUST NOT be greater than
the remaining valid lifetime for the subnet prefix in the mobile the remaining valid lifetime for the subnet prefix in the mobile
node's home address specified with the Binding Update. The node's home address specified with the Binding Update. The
remaining valid lifetime for this prefix is determined by the home remaining valid lifetime for this prefix is determined by the home
agent based on its own Prefix List entry for this prefix [12]. agent based on its own Prefix List entry for this prefix [12].
The home agent MUST remove a binding when the valid lifetime of The remaining preferred lifetime SHOULD NOT have any impact on the
the prefix associated with it expires. lifetime for the binding cache entry. The home agent MUST remove
a binding when the valid lifetime of the prefix associated with it
expires.
o The home agent MAY further decrease the specified lifetime for the o The home agent MAY further decrease the specified lifetime for the
binding, for example based on a local policy. The resulting binding, for example based on a local policy. The resulting
lifetime is stored by the home agent in the Binding Cache entry, lifetime is stored by the home agent in the Binding Cache entry,
and this Binding Cache entry MUST be deleted by the home agent and this Binding Cache entry MUST be deleted by the home agent
after the expiration of this lifetime. after the expiration of this lifetime.
Regardless of the setting of the Acknowledge (A) bit in the Binding Regardless of the setting of the Acknowledge (A) bit in the Binding
Update, the home agent MUST return a Binding Acknowledgement to the Update, the home agent MUST return a Binding Acknowledgement to the
mobile node, constructed as follows: mobile node, constructed as follows:
o The Status field MUST be set to a value 0, indicating success. o The Status field MUST be set to a value indicating success. The
value 1 (accepted but prefix discovery necessary) MUST be used if
the subnet prefix of the specified home address is deprecated,
becomes deprecated during the lifetime of the binding, or becomes
invalid at the end of the lifetime. The value 0 MUST be used
otherwise. For the purposes of comparing the binding and prefix
lifetimes, the prefix lifetimes are first converted into units of
four seconds by ignoring the two least significant bits.
o The Key Management Mobility Capability (K) bit is set if the o The Key Management Mobility Capability (K) bit is set if the
following conditions are all fulfilled, and reset otherwise: following conditions are all fulfilled, and cleared otherwise:
* The Key Management Mobility Capability (K) bit was set in the * The Key Management Mobility Capability (K) bit was set in the
Binding Update. Binding Update.
* The IPsec security associations between the mobile node and the * The IPsec security associations between the mobile node and the
home agent have been established dynamically. home agent have been established dynamically.
* The home agent has the capability to update its endpoint in the * The home agent has the capability to update its endpoint in the
used key management protocol to the new care-of address every used key management protocol to the new care-of address every
time it moves time it moves
skipping to change at page 93, line 28 skipping to change at page 92, line 46
Cache entry for the mobile node, as described above. Cache entry for the mobile node, as described above.
o If the home agent stores the Binding Cache entry in nonvolatile o If the home agent stores the Binding Cache entry in nonvolatile
storage, then the Binding Refresh Advice mobility option MUST be storage, then the Binding Refresh Advice mobility option MUST be
omitted. Otherwise, the home agent MAY include this option to omitted. Otherwise, the home agent MAY include this option to
suggest that the mobile node refreshes its binding sooner than the suggest that the mobile node refreshes its binding sooner than the
actual lifetime of the binding ends. actual lifetime of the binding ends.
If the Binding Refresh Advice mobility option is present, the If the Binding Refresh Advice mobility option is present, the
Refresh Interval field in the option MUST be set to a value less Refresh Interval field in the option MUST be set to a value less
than the Lifetime value being returned in the Binding Update. than the Lifetime value being returned in the Binding
This indicates that the mobile node SHOULD attempt to refresh its Acknowledgement. This indicates that the mobile node SHOULD
home registration at the indicated shorter interval. The home attempt to refresh its home registration at the indicated shorter
agent MUST still retain the registration for the Lifetime period, interval. The home agent MUST still retain the registration for
even if the mobile node does not refresh its registration within the Lifetime period, even if the mobile node does not refresh its
the Refresh period. registration within the Refresh period.
The rules for selecting the Destination IP address (and possibly The rules for selecting the Destination IP address (and possibly
routing header construction) for the Binding Acknowledgement to the routing header construction) for the Binding Acknowledgement to the
mobile node are the same as in Section 9.5.4. mobile node are the same as in Section 9.5.4.
In addition, the home agent MUST follow the procedure defined in In addition, the home agent MUST follow the procedure defined in
Section 10.4.1 to intercept packets on the mobile node's home link Section 10.4.1 to intercept packets on the mobile node's home link
addressed to the mobile node, while the home agent is serving as the addressed to the mobile node, while the home agent is serving as the
home agent for this mobile node. The home agent MUST also be home agent for this mobile node. The home agent MUST also be
prepared to accept reverse tunneled packets from the new care-of prepared to accept reverse tunneled packets from the new care-of
address of the mobile node, as described in Section 10.4.5. Finally, address of the mobile node, as described in Section 10.4.5. Finally,
the home agent MUST also propagate new home network prefixes, as the home agent MUST also propagate new home network prefixes, as
described in Section 10.6. described in Section 10.6.
10.3.2 Primary Care-of Address De-Registration 10.3.2 Primary Care-of Address De-Registration
A binding may need to be de-registered when the mobile node returns
home, or when the mobile node knows that it will soon not have any
care-of addresses in the visited network.
A Binding Update is validated and authorized in the manner described A Binding Update is validated and authorized in the manner described
in the previous section. This section describes the processing of a in the previous section. This section describes the processing of a
valid Binding Update that requests the receiving node to no longer valid Binding Update that requests the receiving node to no longer
serve as its home agent, de-registering its primary care-of address. serve as its home agent, de-registering its primary care-of address.
To begin processing the Binding Update, the home agent MUST perform To begin processing the Binding Update, the home agent MUST perform
the following test: the following test:
o If the receiving node has no entry marked as a home registration o If the receiving node has no entry marked as a home registration
in its Binding Cache for this mobile node, then this node MUST in its Binding Cache for this mobile node, then this node MUST
skipping to change at page 94, line 22 skipping to change at page 93, line 45
Acknowledgement to the mobile node, in which the Status field is Acknowledgement to the mobile node, in which the Status field is
set to 133 (not home agent for this mobile node). set to 133 (not home agent for this mobile node).
If the home agent does not reject the Binding Update as described If the home agent does not reject the Binding Update as described
above, then it MUST delete any existing entry in its Binding Cache above, then it MUST delete any existing entry in its Binding Cache
for this mobile node. Then, the home agent MUST return a Binding for this mobile node. Then, the home agent MUST return a Binding
Acknowledgement to the mobile node, constructed as follows: Acknowledgement to the mobile node, constructed as follows:
o The Status field MUST be set to a value 0, indicating success. o The Status field MUST be set to a value 0, indicating success.
o The Key Management Mobility Capability (K) bit is set or reset, o The Key Management Mobility Capability (K) bit is set or cleared,
and actions based on its value are performed as described in the and actions based on its value are performed as described in the
previous section. The mobile node's home address is used as its previous section. The mobile node's home address is used as its
new care-of address. new care-of address for the purposes of moving the key management
connection to a new endpoint.
o The Sequence Number field MUST be copied from the Sequence Number o The Sequence Number field MUST be copied from the Sequence Number
given in the Binding Update. given in the Binding Update.
o The Lifetime field MUST be set to zero. o The Lifetime field MUST be set to zero.
o The Binding Refresh Advice mobility option MUST be omitted. o The Binding Refresh Advice mobility option MUST be omitted.
In addition, the home agent MUST stop intercepting packets on the In addition, the home agent MUST stop intercepting packets on the
mobile node's home link that are addressed to the mobile node mobile node's home link that are addressed to the mobile node
skipping to change at page 95, line 5 skipping to change at page 94, line 28
home agent MUST send it to the mobile node's link layer address home agent MUST send it to the mobile node's link layer address
(retrieved either from the Binding Update or through Neighbor (retrieved either from the Binding Update or through Neighbor
Solicitation). Solicitation).
10.4 Packet Processing 10.4 Packet Processing
10.4.1 Intercepting Packets for a Mobile Node 10.4.1 Intercepting Packets for a Mobile Node
While a node is serving as the home agent for mobile node it MUST While a node is serving as the home agent for mobile node it MUST
attempt to intercept packets on the mobile node's home link that are attempt to intercept packets on the mobile node's home link that are
addressed to the mobile node, and MUST tunnel each intercepted packet addressed to the mobile node.
to the mobile node using IPv6 encapsulation [15].
In order to do this, when a node begins serving as the home agent it In order to do this, when a node begins serving as the home agent it
MUST multicast onto the home link a Neighbor Advertisement message MUST multicast onto the home link a Neighbor Advertisement message
[12] on behalf of the mobile node. For the home address specified in [12] on behalf of the mobile node. For the home address specified in
the Binding Update, the home agent sends a Neighbor Advertisement the Binding Update, the home agent sends a Neighbor Advertisement
message [12] to the all-nodes multicast address on the home link, to message [12] to the all-nodes multicast address on the home link, to
advertise the home agent's own link-layer address for this IP address advertise the home agent's own link-layer address for this IP address
on behalf of the mobile node. on behalf of the mobile node. If the Link-Layer Address
Compatibility (L) flag has been specified in the Binding Update, the
home agent MUST do the same for the link-local address of the mobile
node.
All fields in each such Neighbor Advertisement message SHOULD be set All fields in each such Neighbor Advertisement message SHOULD be set
in the same way they would be set by the mobile node itself if in the same way they would be set by the mobile node itself if
sending this Neighbor Advertisement [12] while at home, with the sending this Neighbor Advertisement [12] while at home, with the
following exceptions: following exceptions:
o The Target Address in the Neighbor Advertisement MUST be set to o The Target Address in the Neighbor Advertisement MUST be set to
the specific IP address for the mobile node. the specific IP address for the mobile node.
o The Advertisement MUST include a Target Link-layer Address option o The Advertisement MUST include a Target Link-layer Address option
skipping to change at page 95, line 36 skipping to change at page 95, line 12
o The Router (R) bit in the Advertisement MUST be set to zero. o The Router (R) bit in the Advertisement MUST be set to zero.
o The Solicited Flag (S) in the Advertisement MUST NOT be set, since o The Solicited Flag (S) in the Advertisement MUST NOT be set, since
it was not solicited by any Neighbor Solicitation. it was not solicited by any Neighbor Solicitation.
o The Override Flag (O) in the Advertisement MUST be set, indicating o The Override Flag (O) in the Advertisement MUST be set, indicating
that the Advertisement SHOULD override any existing Neighbor Cache that the Advertisement SHOULD override any existing Neighbor Cache
entry at any node receiving it. entry at any node receiving it.
o The Source Address in the IPv6 header MUST be set to the home
agent's IP address on the interface used to send the
advertisement.
Any node on the home link receiving one of the Neighbor Advertisement Any node on the home link receiving one of the Neighbor Advertisement
messages described above will thus update its Neighbor Cache to messages described above will thus update its Neighbor Cache to
associate the mobile node's address with the home agent's link layer associate the mobile node's address with the home agent's link layer
address, causing it to transmit any future packets normally destined address, causing it to transmit any future packets normally destined
to the mobile node to the mobile node's home agent. Since to the mobile node to the mobile node's home agent. Since
multicasting on the local link (such as Ethernet) is typically not multicasting on the local link (such as Ethernet) is typically not
guaranteed to be reliable, the home agent MAY retransmit this guaranteed to be reliable, the home agent MAY retransmit this
Neighbor Advertisement message up to MAX_NEIGHBOR_ADVERTISEMENT (see Neighbor Advertisement message up to MAX_NEIGHBOR_ADVERTISEMENT (see
[12]) times to increase its reliability. It is still possible that [12]) times to increase its reliability. It is still possible that
some nodes on the home link will not receive any of these Neighbor some nodes on the home link will not receive any of these Neighbor
Advertisements, but these nodes will eventually be able to detect the Advertisements, but these nodes will eventually be able to detect the
link-layer address change for the mobile node's home address, through link-layer address change for the mobile node's address, through use
use of Neighbor Unreachability Detection [12]. of Neighbor Unreachability Detection [12].
While a node is serving as a home agent for some mobile node, the While a node is serving as a home agent for some mobile node, the
home agent uses IPv6 Neighbor Discovery [12] to intercept unicast home agent uses IPv6 Neighbor Discovery [12] to intercept unicast
packets on the home link addressed to the mobile node's home address. packets on the home link addressed to the mobile node. In order to
In order to intercept packets in this way, the home agent MUST act as intercept packets in this way, the home agent MUST act as a proxy for
a proxy for this mobile node, and reply to any received Neighbor this mobile node, and reply to any received Neighbor Solicitations
Solicitations for it. When a home agent receives a Neighbor for it. When a home agent receives a Neighbor Solicitation, it MUST
Solicitation, it MUST check if the Target Address specified in the check if the Target Address specified in the message matches the
message matches the home address of any mobile node for which it has address of any mobile node for which it has a Binding Cache entry
a Binding Cache entry marked as a home registration. marked as a home registration.
If such an entry exists in the home agent's Binding Cache, the home If such an entry exists in the home agent's Binding Cache, the home
agent MUST reply to the Neighbor Solicitation with a Neighbor agent MUST reply to the Neighbor Solicitation with a Neighbor
Advertisement, giving the home agent's own link-layer address as the Advertisement, giving the home agent's own link-layer address as the
link-layer address for the specified Target Address. In addition, link-layer address for the specified Target Address. In addition,
the Router (R) bit in the Advertisement MUST be set to zero. Acting the Router (R) bit in the Advertisement MUST be set to zero. Acting
as a proxy in this way allows other nodes on the mobile node's home as a proxy in this way allows other nodes on the mobile node's home
link to resolve the mobile node's IPv6 home address, and allows the link to resolve the mobile node's address, and allows the home agent
home agent to defend these addresses on the home link for Duplicate to defend these addresses on the home link for Duplicate Address
Address Detection [12]. Detection [12].
10.4.2 Tunneling Intercepted Packets 10.4.2 Processing Intercepted Packets
For any packet sent to a mobile node from the mobile node's home For any packet sent to a mobile node from the mobile node's home
agent (for which the home agent is the original sender of the agent (for which the home agent is the original sender of the
packet), the home agent is operating as a correspondent node of the packet), the home agent is operating as a correspondent node of the
mobile node for this packet and the procedures described in Section mobile node for this packet and the procedures described in Section
9.3.2 apply. The home agent then uses a routing header to route the 9.3.2 apply. The home agent then uses a routing header to route the
packet to the mobile node by way of the primary care-of address in packet to the mobile node by way of the primary care-of address in
the home agent's Binding Cache. the home agent's Binding Cache.
While the mobile node is away from home, the home agent intercepts While the mobile node is away from home, the home agent intercepts
skipping to change at page 96, line 51 skipping to change at page 96, line 30
address. When received by the mobile node, normal processing of the address. When received by the mobile node, normal processing of the
tunnel header [15] will result in decapsulation and processing of the tunnel header [15] will result in decapsulation and processing of the
original packet by the mobile node. original packet by the mobile node.
However, packets addressed to the mobile node's link-local address However, packets addressed to the mobile node's link-local address
MUST NOT be tunneled to the mobile node. Instead, such a packet MUST MUST NOT be tunneled to the mobile node. Instead, such a packet MUST
be discarded, and the home agent SHOULD return an ICMP Destination be discarded, and the home agent SHOULD return an ICMP Destination
Unreachable, Code 3, message to the packet's Source Address (unless Unreachable, Code 3, message to the packet's Source Address (unless
this Source Address is a multicast address). Packets addressed to this Source Address is a multicast address). Packets addressed to
the mobile node's site-local address SHOULD NOT be tunneled to the the mobile node's site-local address SHOULD NOT be tunneled to the
mobile node by default, but this behavior MUST be configurable to mobile node by default.
enable it; currently, the exact definition and semantics of a "site"
and a site-local address are incompletely defined in IPv6, and this
default behavior might change at some point in the future.
Interception and tunneling of the following multicast addressed Interception and tunneling of the following multicast addressed
packets on the home network are only done if the home agent supports packets on the home network are only done if the home agent supports
multicast group membership control messages from the mobile node as multicast group membership control messages from the mobile node as
described in the next section. Tunneling of multicast packets to a described in the next section. Tunneling of multicast packets to a
mobile node follows similar limitations to those defined above for mobile node follows similar limitations to those defined above for
unicast packets addressed to the mobile node's link-local and unicast packets addressed to the mobile node's link-local and
site-local addresses. Multicast packets addressed to a multicast site-local addresses. Multicast packets addressed to a multicast
address with link-local scope [3], to which the mobile node is address with link-local scope [3], to which the mobile node is
subscribed, MUST NOT be tunneled to the mobile node; such packets subscribed, MUST NOT be tunneled to the mobile node; such packets
SHOULD be silently discarded (after delivering to other local SHOULD be silently discarded (after delivering to other local
multicast recipients). Multicast packets addressed to a multicast multicast recipients). Multicast packets addressed to a multicast
address with scope larger than link-local but smaller than global address with scope larger than link-local but smaller than global
(e.g., site-local and organization-local [3]), to which the mobile (e.g., site-local and organization-local [3]), to which the mobile
node is subscribed, SHOULD NOT be tunneled to the mobile node by node is subscribed, SHOULD NOT be tunneled to the mobile node.
default. This behavior MUST be configurable to allow it to be Multicast packets addressed with a global scope to which the mobile
enabled. Note that this default behavior might change at some point node has successfully subscribed MUST be tunneled to the mobile node.
in the future as the definition of these scopes become more
completely defined in IPv6. Multicast packets addressed with a
global scope to which the mobile node has successfully subscribed
MUST be tunneled to the mobile node.
Before tunneling a packet to the mobile node, the home agent MUST Before tunneling a packet to the mobile node, the home agent MUST
perform any IPsec processing as indicated by the security policy data perform any IPsec processing as indicated by the security policy data
base. base.
10.4.3 Multicast Membership Control 10.4.3 Multicast Membership Control
This section is a prerequisite for the multicast data packet This section is a prerequisite for the multicast data packet
forwarding described in the previous section. If this support is not forwarding described in the previous section. If this support is not
provided, multicast group membership control messages are silently provided, multicast group membership control messages are silently
ignored. ignored.
In order to tunnel forward multicast data packets from the home In order to forward multicast data packets from the home network to
network to all the proper mobile nodes the home agent SHOULD be all the proper mobile nodes the home agent SHOULD be capable of
capable of receiving tunneled multicast group membership control receiving tunneled multicast group membership control information
information from the mobile node in order to determine which groups from the mobile node in order to determine which groups the mobile
the mobile node has subscribed to. These multicast group membership node has subscribed to. These multicast group membership messages
messages are Listener Report messages specified MLD [17] or in other are Listener Report messages specified MLD [17] or in other protocols
protocols such as [35]. such as [35].
The messages are issued by the mobile node but sent through the The messages are issued by the mobile node but sent through the
reverse tunnel to the home agent. These messages are issued whenever reverse tunnel to the home agent. These messages are issued whenever
the mobile node decides to enable reception of packets for a the mobile node decides to enable reception of packets for a
multicast group or in response to an MLD Query from the home agent. multicast group or in response to an MLD Query from the home agent.
The mobile node will also issue multicast group control messages to The mobile node will also issue multicast group control messages to
disable reception of multicast packets when it is no longer disable reception of multicast packets when it is no longer
interested in receiving multicasts for a particular group. interested in receiving multicasts for a particular group.
To obtain the mobile node's current multicast group membership the To obtain the mobile node's current multicast group membership the
home agent must periodically transmit MLD Query messages through the home agent must periodically transmit MLD Query messages through the
tunnel to the mobile node. These MLD periodic transmissions will tunnel to the mobile node. These MLD periodic transmissions will
ensure the home agent has an accurate record of the groups in which ensure the home agent has an accurate record of the groups in which
the mobile node is interested despite packet losses of the mobile the mobile node is interested despite packet losses of the mobile
node's MLD group membership messages. node's MLD group membership messages.
All MLD packets are sent directly between the mobile node and the All MLD packets are sent directly between the mobile node and the
home agent. Since these packets all contain a link-local source home agent. Since all these packets are destined to a link-scope
address, are destined to a link-scope multicast address, and have a multicast address and have a hop limit of 1, there is no direct
hop limit of 1 there is no direct forwarding of such packets between forwarding of such packets between the home network and the mobile
the home network and the mobile node. The MLD packets between the node. The MLD packets between the mobile node and the home agent are
mobile node and the home agent are encapsulated within the same encapsulated within the same tunnel header used for other packet
tunnel header used for other packet flows between the mobile node and flows between the mobile node and home agent.
home agent.
Note that at this time, even though a link-local source is used on Note that at this time, even though a link-local source is used on
MLD packets, no functionality depends on these addresses being MLD packets, no functionality depends on these addresses being
unique, nor do they elicit direct responses. All MLD messages are unique, nor do they elicit direct responses. All MLD messages are
sent to multicast destinations. To avoid ambiguity on the home agent sent to multicast destinations. To avoid ambiguity on the home agent
due to mobile nodes which may choose identical link-local source due to mobile nodes which may choose identical link-local source
addresses for their MLD function it is necessary for the home agent addresses for their MLD function it is necessary for the home agent
to identify which mobile node was actually the issuer of a particular to identify which mobile node was actually the issuer of a particular
MLD message. This may be accomplished by noting which tunnel such an MLD message. This may be accomplished by noting which tunnel such an
MLD arrived by, which IPsec SA was used, or by other distinguishing MLD arrived by, which IPsec SA was used, or by other distinguishing
skipping to change at page 98, line 47 skipping to change at page 98, line 16
section and the multicast forwarding in Section 10.4.2 are to be section and the multicast forwarding in Section 10.4.2 are to be
achieved. At the time of this writing it was thought that a full achieved. At the time of this writing it was thought that a full
IPv6 multicast router function would be necessary on the home agent, IPv6 multicast router function would be necessary on the home agent,
but it may be possible to achieve the same effects through a "proxy but it may be possible to achieve the same effects through a "proxy
MLD" application coupled with kernel multicast forwarding. This may MLD" application coupled with kernel multicast forwarding. This may
be the subject of future specifications. be the subject of future specifications.
10.4.4 Stateful Address Autoconfiguration 10.4.4 Stateful Address Autoconfiguration
This section describes how home agents support the use of stateful This section describes how home agents support the use of stateful
address autoconfiguration mechanisms such as DHCPv6 [29] from the address autoconfiguration mechanisms such as DHCPv6 [28] from the
mobile nodes. If this support is not provided, then the M and O bits mobile nodes. If this support is not provided, then the M and O bits
must remain reset on the Mobile Prefix Advertisement Messages. Any must remain cleared on the Mobile Prefix Advertisement Messages. Any
mobile node which issues autoconfiguration queries for servers mobile node which issues autoconfiguration queries for servers
without this support will not receive a response. without this support will not receive a response.
If DHCPv6 is used, packets are sent with link-local source addresses If DHCPv6 is used, packets are sent with link-local source addresses
either to a link-scope multicast address or a link-local address. either to a link-scope multicast address or a link-local address.
Mobile nodes desiring to locate a DHCPv6 service may reverse tunnel Mobile nodes desiring to locate a DHCPv6 service may reverse tunnel
standard DHCPv6 packets to the home agent. Since these link-scope standard DHCPv6 packets to the home agent. Since these link-scope
packets can not be forwarded onto the home network it is necessary packets can not be forwarded onto the home network it is necessary
for the home agent to either implement a DHCPv6 relay agent or a for the home agent to either implement a DHCPv6 relay agent or a
DHCPv6 server function itself. The arriving tunnel or IPsec SA of DHCPv6 server function itself. The arriving tunnel or IPsec SA of
skipping to change at page 99, line 25 skipping to change at page 98, line 42
must be tunneled within the same tunnel header used for other packet must be tunneled within the same tunnel header used for other packet
flows. flows.
10.4.5 Handling Reverse Tunneled Packets 10.4.5 Handling Reverse Tunneled Packets
Unless a binding has been established between the mobile node and a Unless a binding has been established between the mobile node and a
correspondent node, traffic from the mobile node to the correspondent correspondent node, traffic from the mobile node to the correspondent
node goes through a reverse tunnel. Home agents MUST support reverse node goes through a reverse tunnel. Home agents MUST support reverse
tunneling as follows: tunneling as follows:
o The tunneled traffic arrives to the home agent using IPv6 o The tunneled traffic arrives to the home agent's address using
encapsulation [15]. IPv6 encapsulation [15].
o The tunnel entry point is the primary care-of address as
registered with the home agent and the tunnel exit point is the
home agent.
o When a home agent decapsulates a tunneled packet from the mobile o When a home agent decapsulates a tunneled packet from the mobile
node, the home agent MUST verify that the Source Address in the node, the home agent MUST verify that the Source Address in the
tunnel IP header is the mobile node's primary care-of address. tunnel IP header is the mobile node's primary care-of address.
Otherwise any node in the Internet could send traffic through the Otherwise any node in the Internet could send traffic through the
home agent and escape ingress filtering limitations. home agent and escape ingress filtering limitations.
Reverse tunneled packets MAY be discarded unless accompanied by a Reverse tunneled packets MAY be discarded unless accompanied by a
valid ESP header, depending on the security policies used by the home valid ESP header, depending on the security policies used by the home
agent. The support for authenticated reverse tunneling allows the agent. The support for authenticated reverse tunneling allows the
skipping to change at page 100, line 9 skipping to change at page 99, line 22
that the confidentiality of the Home Test Init and Home Test messages that the confidentiality of the Home Test Init and Home Test messages
is protected as they are tunneled between the home agent to the is protected as they are tunneled between the home agent to the
mobile node. Therefore, the home agent MUST support tunnel mode mobile node. Therefore, the home agent MUST support tunnel mode
IPsec ESP for the protection of packets belonging to the return IPsec ESP for the protection of packets belonging to the return
routability procedure. Support for a non-null encryption transform routability procedure. Support for a non-null encryption transform
and authentication algorithm MUST be available. It isn't necessary and authentication algorithm MUST be available. It isn't necessary
to distinguish between different kinds of packets within the return to distinguish between different kinds of packets within the return
routability procedure. routability procedure.
Security associations are needed to provide this protection. When Security associations are needed to provide this protection. When
the care-of address for the mobile node changes, special treatment is the care-of address for the mobile node changes as a result of an
needed for the next packets sent using these security associations. accepted Binding Update, special treatment is needed for the next
The home agent MUST set the new care-of address as the destination packets sent using these security associations. The home agent MUST
address of these packets, as if the destination gateway address in set the new care-of address as the destination address of these
the security association had changed [21]. packets, as if the destination gateway address in the security
association had changed [21].
The above protection SHOULD be used with all mobile nodes. The use The above protection SHOULD be used with all mobile nodes. The use
is controlled by configuration of the IPsec security policy database is controlled by configuration of the IPsec security policy database
both at the mobile node and at the home agent. both at the mobile node and at the home agent.
As described earlier, the Binding Update and Binding Acknowledgement As described earlier, the Binding Update and Binding Acknowledgement
messages require protection between the home agent and the mobile messages require protection between the home agent and the mobile
node. The Mobility Header protocol carries both these messages as node. The Mobility Header protocol carries both these messages as
well as the return routability messages. From the point of view of well as the return routability messages. From the point of view of
the security policy database these messages are indistinguishable. the security policy database these messages are indistinguishable.
skipping to change at page 105, line 5 skipping to change at page 104, line 18
MAY: MAY:
o The valid or preferred lifetime or the state of the flags changes o The valid or preferred lifetime or the state of the flags changes
for a prefix which is not used in any Binding Cache entry for this for a prefix which is not used in any Binding Cache entry for this
mobile node. mobile node.
The home agent uses the following algorithm to determine when to send The home agent uses the following algorithm to determine when to send
prefix information to the mobile node. prefix information to the mobile node.
o If the mobile node has not received the prefix information within
the last HomeRtrAdvInterval (see Section 12) seconds, then
transmit the prefix information. This MAY be done according to a
periodically scheduled transmission.
o If a mobile node sends a solicitation, answer right away. o If a mobile node sends a solicitation, answer right away.
o If no Mobile Prefix Advertisement has been sent to the mobile node
in the last MaxMobPfxAdvInterval (see Section 13) seconds, then
ensure that a transmission is scheduled. The actual transmission
time is randomized as described below.
o If a prefix in the aggregate list that matches the mobile node's o If a prefix in the aggregate list that matches the mobile node's
home registration is added, or if its information changes in any home registration is added, or if its information changes in any
way that does not cause the mobile node's address to go way that does not deprecate the mobile node's address, ensure that
deprecated, ensure that a transmission is scheduled (as described a transmission is scheduled. The actual transmission time is
below), and calculate RAND_ADV_DELAY in order to randomize the randomized as described below.
time at which the transmission is scheduled.
o If a home registration expires, cancel any scheduled o If a home registration expires, cancel any scheduled
advertisements to the mobile node. advertisements to the mobile node.
The aggregate list is sent in its entirety in all cases. The aggregate list is sent in its entirety in all cases.
If the home agent already has scheduled the transmission of a Mobile If the home agent already has scheduled the transmission of a Mobile
Prefix Advertisement to the mobile node, the home agent replaces the Prefix Advertisement to the mobile node, the home agent replaces the
advertisement with a new one, to be sent at the scheduled time. advertisement with a new one, to be sent at the scheduled time.
skipping to change at page 106, line 43 skipping to change at page 106, line 6
o If the advertisement was solicited, it MUST be destined to the o If the advertisement was solicited, it MUST be destined to the
source address of the solicitation. If it was triggered by prefix source address of the solicitation. If it was triggered by prefix
changes or renumbering, the advertisement's destination will be changes or renumbering, the advertisement's destination will be
the mobile node's home address in the binding which triggered the the mobile node's home address in the binding which triggered the
rule. rule.
o A type 2 routing header MUST be included with the mobile node's o A type 2 routing header MUST be included with the mobile node's
home address. home address.
o IPsec headers SHOULD be supported and used. o IPsec headers MUST be supported and SHOULD be used.
o The home agent MUST send the packet as it would any other unicast o The home agent MUST send the packet as it would any other unicast
IPv6 packet that it originates. IPv6 packet that it originates.
o Set the Managed Address Configuration (M) flag if the o Set the Managed Address Configuration (M) flag if the
corresponding flag has been set in any of the Router corresponding flag has been set in any of the Router
Advertisements from which the prefix information has been learned Advertisements from which the prefix information has been learned
(including the ones sent by this home agent). (including the ones sent by this home agent).
o Set the Other Stateful Configuration (O) flag if the corresponding o Set the Other Stateful Configuration (O) flag if the corresponding
skipping to change at page 108, line 12 skipping to change at page 107, line 12
home address. This limit on the binding lifetime serves to prohibit home address. This limit on the binding lifetime serves to prohibit
use of a mobile node's home address after it becomes invalid. use of a mobile node's home address after it becomes invalid.
11. Mobile Node Operation 11. Mobile Node Operation
11.1 Conceptual Data Structures 11.1 Conceptual Data Structures
Each mobile node MUST maintain a Binding Update List. Each mobile node MUST maintain a Binding Update List.
The Binding Update List records information for each Binding Update The Binding Update List records information for each Binding Update
sent by this mobile node, for which the Lifetime sent in that Binding sent by this mobile node, for which the lifetime of the binding not
Update has not yet expired. The Binding Update List includes all yet expired. The Binding Update List includes all bindings sent by
bindings sent by the mobile node either to its home agent or the mobile node either to its home agent or correspondent nodes. It
correspondent nodes. It also contains Binding Updates which are also contains Binding Updates which are waiting for the completion of
waiting for the completion of the return routability procedure before the return routability procedure before they can be sent. However,
they can be sent. However, for multiple Binding Updates sent to the for multiple Binding Updates sent to the same destination address,
same destination address, the Binding Update List contains only the the Binding Update List contains only the most recent Binding Update
most recent Binding Update (i.e., with the greatest Sequence Number (i.e., with the greatest Sequence Number value) sent to that
value) sent to that destination. The Binding Update List MAY be destination. The Binding Update List MAY be implemented in any
implemented in any manner consistent with the external behavior manner consistent with the external behavior described in this
described in this document. document.
Each Binding Update List entry conceptually contains the following Each Binding Update List entry conceptually contains the following
fields: fields:
o The IP address of the node to which a Binding Update was sent. If o The IP address of the node to which a Binding Update was sent.
the Binding Update was successfully received by that node (e.g.,
not lost by the network), a Binding Cache entry may have been
created or updated based on this Binding Update. The Binding
Cache entry may still exist, if that node has not deleted the
entry before its expiration for some reason.
o The home address for which that Binding Update was sent. o The home address for which that Binding Update was sent.
o The care-of address sent in that Binding Update. This value is o The care-of address sent in that Binding Update. This value is
necessary for the mobile node to determine if it has sent a necessary for the mobile node to determine if it has sent a
Binding Update giving its new care-of address to this destination Binding Update giving its new care-of address to this destination
after changing its care-of address. after changing its care-of address.
o The initial value of the Lifetime field sent in that Binding o The initial value of the Lifetime field sent in that Binding
Update. Update.
skipping to change at page 109, line 9 skipping to change at page 108, line 5
o The maximum value of the Sequence Number field sent in previous o The maximum value of the Sequence Number field sent in previous
Binding Updates to this destination. The Sequence Number field is Binding Updates to this destination. The Sequence Number field is
16 bits long, and all comparisons between Sequence Number values 16 bits long, and all comparisons between Sequence Number values
MUST be performed modulo 2**16 (see Section 9.5.1). MUST be performed modulo 2**16 (see Section 9.5.1).
o The time at which a Binding Update was last sent to this o The time at which a Binding Update was last sent to this
destination, as needed to implement the rate limiting restriction destination, as needed to implement the rate limiting restriction
for sending Binding Updates. for sending Binding Updates.
o The state of any retransmissions needed for this Binding Update, o The state of any retransmissions needed for this Binding Update.
if the Acknowledge (A) bit was set in this Binding Update. This This state includes the time remaining until the next
state includes the time remaining until the next retransmission retransmission attempt for the Binding Update, and the current
attempt for the Binding Update, and the current state of the state of the exponential back-off mechanism for retransmissions.
exponential back-off mechanism for retransmissions.
o A flag specifying whether or not future Binding Updates should be o A flag specifying whether or not future Binding Updates should be
sent to this destination. The mobile node sets this flag in the sent to this destination. The mobile node sets this flag in the
Binding Update List entry when it receives an ICMP Parameter Binding Update List entry when it receives an ICMP Parameter
Problem, Code 1, error message in response to a return routability Problem, Code 1, error message in response to a return routability
message or Binding Update sent to that destination, as described message or Binding Update sent to that destination, as described
in Section 11.3.5. in Section 11.3.5.
The Binding Update list also conceptually contains the following data The Binding Update list also conceptually contains the following data
related to running the return routability procedure. This data is related to running the return routability procedure. This data is
skipping to change at page 109, line 35 skipping to change at page 108, line 30
o The time at which a Home Test Init or Care-of Test Init message o The time at which a Home Test Init or Care-of Test Init message
was last sent to this destination, as needed to implement the rate was last sent to this destination, as needed to implement the rate
limiting restriction for the return routability procedure. limiting restriction for the return routability procedure.
o The state of any retransmissions needed for this return o The state of any retransmissions needed for this return
routability procedure. This state includes the time remaining routability procedure. This state includes the time remaining
until the next retransmission attempt and the current state of the until the next retransmission attempt and the current state of the
exponential back-off mechanism for retransmissions. exponential back-off mechanism for retransmissions.
o Cookie values used the Home Test Init and Care-of Test Init o Cookie values used in the Home Test Init and Care-of Test Init
messages. messages.
o Home and care-of keygen tokens received from the correspondent o Home and care-of keygen tokens received from the correspondent
node. node.
o Home and care-of nonce indices received from the correspondent o Home and care-of nonce indices received from the correspondent
node. node.
o The time at which each of the tokens and nonces was received from o The time at which each of the tokens and nonces was received from
this correspondent node, as needed to implement reuse while this correspondent node, as needed to implement reuse while
skipping to change at page 110, line 6 skipping to change at page 109, line 4
o The time at which each of the tokens and nonces was received from o The time at which each of the tokens and nonces was received from
this correspondent node, as needed to implement reuse while this correspondent node, as needed to implement reuse while
moving. moving.
11.2 Processing Mobility Headers 11.2 Processing Mobility Headers
All IPv6 mobile nodes MUST observe the rules described in Section 9.2 All IPv6 mobile nodes MUST observe the rules described in Section 9.2
when processing Mobility Headers. when processing Mobility Headers.
11.3 Packet Processing 11.3 Packet Processing
11.3.1 Sending Packets While Away from Home 11.3.1 Sending Packets While Away from Home
While a mobile node is away from home, it continues to use its home While a mobile node is away from home, it continues to use its home
address, as well as also using one or more care-of addresses. When address, as well as also using one or more care-of addresses. When
sending a packet while away from home, a mobile node MAY choose among sending a packet while away from home, a mobile node MAY choose among
these in selecting the address that it will use as the source of the these in selecting the address that it will use as the source of the
packet, as follows: packet, as follows:
o Protocols layered over IP will generally treat the mobile node's o Protocols layered over IP will generally treat the mobile node's
home address as its IP address for most packets. For packets sent home address as its IP address for most packets. For packets sent
that are part of transport-level connections established while the that are part of transport-level connections established while the
mobile node was at home, the mobile node MUST use its home mobile node was at home, the mobile node MUST use its home
address. Likewise, for packets sent that are part of address. Likewise, for packets sent that are part of
transport-level connections that the mobile node may still be transport-level connections that the mobile node may still be
using after moving to a new location, the mobile node SHOULD use using after moving to a new location, the mobile node SHOULD use
its home address in this way. If a binding exists, the mobile its home address in this way. If a binding exists, the mobile
node SHOULD send the packets directly to the correspondent node. node SHOULD send the packets directly to the correspondent node.
Otherwise, if a binding does not exist, the mobile node MUST use Otherwise, if a binding does not exist, the mobile node MUST use
reverse tunneling. Detailed operation for both of these cases is reverse tunneling. Detailed operation for both of these cases is
described later in this section and also discussed in [30]. described later in this section and also discussed in [29].
o The mobile node MAY choose to directly use one of its care-of o The mobile node MAY choose to directly use one of its care-of
addresses as the source of the packet, not requiring the use of a addresses as the source of the packet, not requiring the use of a
Home Address option in the packet. This is particularly useful Home Address option in the packet. This is particularly useful
for short-term communication that may easily be retried if it for short-term communication that may easily be retried if it
fails. Using the mobile node's care-of address as the source for fails. Using the mobile node's care-of address as the source for
such queries will generally have a lower overhead than using the such queries will generally have a lower overhead than using the
mobile node's home address, since no extra options need be used in mobile node's home address, since no extra options need be used in
either the query or its reply. Such packets can be routed either the query or its reply. Such packets can be routed
normally, directly between their source and destination without normally, directly between their source and destination without
relying on Mobile IPv6. If application running on the mobile node relying on Mobile IPv6. If application running on the mobile node
has no particular knowledge that the communication being sent fits has no particular knowledge that the communication being sent fits
within this general type of communication, however, the mobile within this general type of communication, however, the mobile
node SHOULD NOT use its care-of address as the source of the node should not use its care-of address as the source of the
packet in this way. packet in this way.
The choice of the most efficient communications method is The choice of the most efficient communications method is
application specific, and outside the scope of this specification. application specific, and outside the scope of this specification.
The APIs necessary for controlling the choice are also out of The APIs necessary for controlling the choice are also out of
scope. The mobile node may send packets to the correspondent node scope.
that includes the home address destination option directly to the
correspondent node only if the mobile node is aware that the
correspondent node already has a Binding Cache entry for the
mobile node's home address. Section 9.3.1 specifies the rules for
Home Address Destination Option Processing at a correspondent
node. The mobile node needs to ensure that there exists a Binding
Cache entry for its home address so that the correspondent node
can process the packet.
o While not at its home link, the mobile node MUST NOT use the home o While not at its home link, the mobile node MUST NOT use the home
address destination option when communicating with link-local or address destination option when communicating with link-local or
site-local peers, if the scope of the home address is larger than site-local peers, if the scope of the home address is larger than
the scope of the peer's address. the scope of the peer's address.
For packets sent by a mobile node while it is at home, no special For packets sent by a mobile node while it is at home, no special
Mobile IPv6 processing is required. Likewise, if the mobile node Mobile IPv6 processing is required. Likewise, if the mobile node
uses any address other than any of its home addresses as the source uses any address other than any of its home addresses as the source
of a packet sent while away from home no special Mobile IPv6 of a packet sent while away from home no special Mobile IPv6
processing is required. In either case, the packet is simply processing is required. In either case, the packet is simply
addressed and transmitted in the same way as any normal IPv6 packet. addressed and transmitted in the same way as any normal IPv6 packet.
For packets sent by the mobile node sent while away from home using For packets sent by the mobile node sent while away from home using
the mobile node's home address as the source, special Mobile IPv6 the mobile node's home address as the source, special Mobile IPv6
processing of the packet is required. This can be done in the processing of the packet is required. This can be done in the
following two ways: following two ways:
Direct Delivery Route Optimization
This manner of delivering packets does not require going through This manner of delivering packets does not require going through
the home network, and typically will enable faster and more the home network, and typically will enable faster and more
reliable transmission. A mobile node SHOULD arrange to supply the reliable transmission.
home address in a Home Address option, and allowing the IPv6
header's Source Address field to be set to one of the mobile The mobile node may send packets to the correspondent node in this
node's care-of addresses; the correspondent node will then use the manner only if the mobile node is aware that the correspondent
address supplied in the Home Address option to serve the function node already has a Binding Cache entry for the mobile node's home
address. Section 9.3.1 specifies the rules for Home Address
Destination Option Processing at a correspondent node. The mobile
node needs to ensure that there exists a Binding Cache entry for
its home address so that the correspondent node can process the
packet. A mobile node SHOULD arrange to supply the home address
in a Home Address option, and allowing the IPv6 header's Source
Address field to be set to one of the mobile node's care-of
addresses; the correspondent node will then use the address
supplied in the Home Address option to serve the function
traditionally done by the Source IP address in the IPv6 header. traditionally done by the Source IP address in the IPv6 header.
The mobile node's home address is then supplied to higher protocol The mobile node's home address is then supplied to higher protocol
layers and applications. layers and applications. Specifically:
Specifically:
* Construct the packet using the mobile node's home address as * Construct the packet using the mobile node's home address as
the packet's Source Address, in the same way as if the mobile the packet's Source Address, in the same way as if the mobile
node were at home. This includes the calculation of upper node were at home. This includes the calculation of upper
layer checksums using the home address as the value of the layer checksums using the home address as the value of the
source. source.
* Insert a Home Address option into the packet, with the Home * Insert a Home Address option into the packet, with the Home
Address field copied from the original value of the Source Address field copied from the original value of the Source
Address field in the packet. Address field in the packet.
* Change the Source Address field in the packet's IPv6 header to * Change the Source Address field in the packet's IPv6 header to
one of the mobile node's care-of addresses. This will one of the mobile node's care-of addresses. This will
typically be the mobile node's current primary care-of address, typically be the mobile node's current primary care-of address,
but MUST be an address assigned to the interface on the link but MUST be an address assigned to the interface on the link
being used. being used.
By using the care-of address as the Source Address in the IPv6 By using the care-of address as the Source Address in the IPv6
header, with the mobile node's home address instead in the Home header, with the mobile node's home address instead in the Home
Address option, the packet will be able to safely pass through any Address option, the packet will be able to safely pass through any
router implementing ingress filtering [27]. router implementing ingress filtering [26].
Reverse Tunneling Reverse Tunneling
This is the mechanism which tunnels the packets via the home This is the mechanism which tunnels the packets via the home
agent. It isn't as efficient as the above mechanism, but is agent. It isn't as efficient as the above mechanism, but is
needed if there is no binding yet with the correspondent node. needed if there is no binding yet with the correspondent node.
This mechanism is used for packets that have the mobile node's
home address as the Source Address in the IPv6 header, or with
multicast control protocol packets as described in Section 11.3.4.
Specifically: Specifically:
* The packet is sent to the home agent using IPv6 encapsulation * The packet is sent to the home agent using IPv6 encapsulation
[15]. [15].
* The Source Address in the tunnel packet is the primary care-of * The Source Address in the tunnel packet is the primary care-of
address as registered with the home agent. address as registered with the home agent.
* The Destination Address in the tunnel packet is the home * The Destination Address in the tunnel packet is the home
agent's address. agent's address.
Then, the home agent will pass the encapsulated packet to the
correspondent node.
11.3.2 Interaction with Outbound IPsec Processing 11.3.2 Interaction with Outbound IPsec Processing
This section sketches the interaction between outbound Mobile IPv6 This section sketches the interaction between outbound Mobile IPv6
processing and outbound IP Security (IPsec) processing for packets processing and outbound IP Security (IPsec) processing for packets
sent by a mobile node while away from home. Any specific sent by a mobile node while away from home. Any specific
implementation MAY use algorithms and data structures other than implementation MAY use algorithms and data structures other than
those suggested here, but its processing MUST be consistent with the those suggested here, but its processing MUST be consistent with the
effect of the operation described here and with the relevant IPsec effect of the operation described here and with the relevant IPsec
specifications. In the steps described below, it is assumed that specifications. In the steps described below, it is assumed that
IPsec is being used in transport mode [4] and that the mobile node is IPsec is being used in transport mode [4] and that the mobile node is
skipping to change at page 113, line 28 skipping to change at page 112, line 29
in the packet's IP header with a care-of address suitable for the in the packet's IP header with a care-of address suitable for the
link on which the packet is being sent, as described in Section link on which the packet is being sent, as described in Section
11.3.1. The Destination Options header in which the Home Address 11.3.1. The Destination Options header in which the Home Address
destination option is inserted MUST appear in the packet after the destination option is inserted MUST appear in the packet after the
routing header, if present, and before the IPsec (AH [5] or ESP routing header, if present, and before the IPsec (AH [5] or ESP
[6]) header, so that the Home Address destination option is [6]) header, so that the Home Address destination option is
processed by the destination node before the IPsec header is processed by the destination node before the IPsec header is
processed. Finally, once the packet is fully assembled, the processed. Finally, once the packet is fully assembled, the
necessary IPsec authentication (and encryption, if required) necessary IPsec authentication (and encryption, if required)
processing is performed on the packet, initializing the processing is performed on the packet, initializing the
Authentication Data in the IPsec header. The AH authentication Authentication Data in the IPsec header. RFC 2402 treatment of
destination options is extended as follows. The AH authentication
data MUST be calculated as if the following were true: data MUST be calculated as if the following were true:
* the IPv6 source address in the IPv6 header contains the mobile * the IPv6 source address in the IPv6 header contains the mobile
node's home address, node's home address,
* the Home Address field of the Home Address destination option * the Home Address field of the Home Address destination option
(Section 6.3) contains the new care-of address. (Section 6.3) contains the new care-of address.
o This allows, but does not require, the receiver of the packet o This allows, but does not require, the receiver of the packet
containing a Home Address destination option to exchange the two containing a Home Address destination option to exchange the two
fields of the incoming packet, simplifying processing for all fields of the incoming packet to reach the above situation,
subsequent packet headers. However, such an exchange is not simplifying processing for all subsequent packet headers.
required, as long as the result of the authentication calculation However, such an exchange is not required, as long as the result
remains the same. of the authentication calculation remains the same.
When an automated key management protocol is used to create new When an automated key management protocol is used to create new
security associations for a peer, it is important to ensure that the security associations for a peer, it is important to ensure that the
peer can send the key management protocol packets to the mobile node. peer can send the key management protocol packets to the mobile node.
This may not be possible if the peer is the home agent of the mobile This may not be possible if the peer is the home agent of the mobile
node, and the purpose of the security associations would be to send a node, and the purpose of the security associations would be to send a
Binding Update to the home agent. Packets addressed to the home Binding Update to the home agent. Packets addressed to the home
address of the mobile node cannot be used before the Binding Update address of the mobile node cannot be used before the Binding Update
has been processed. For the default case of using IKE [9] as the has been processed. For the default case of using IKE [9] as the
automated key management protocol, such problems can be avoided by automated key management protocol, such problems can be avoided by
skipping to change at page 114, line 27 skipping to change at page 113, line 30
The Key Management Mobility Capability (K) bit in Binding Updates and The Key Management Mobility Capability (K) bit in Binding Updates and
Acknowledgements can be used avoid the need to rerun IKE upon Acknowledgements can be used avoid the need to rerun IKE upon
movements. movements.
11.3.3 Receiving Packets While Away from Home 11.3.3 Receiving Packets While Away from Home
While away from home, a mobile node will receive packets addressed to While away from home, a mobile node will receive packets addressed to
its home address, by one of three methods: its home address, by one of three methods:
o Packets sent by a correspondent node that does not have a Binding o Packets sent by a correspondent node that does not have a Binding
Cache entry for the mobile node, will be tunneled to the mobile Cache entry for the mobile node, will be sent to the home address,
node via its home agent. captured by the home agent and tunneled to the mobile node
o Packets sent by a correspondent node that has a Binding Cache o Packets sent by a correspondent node that has a Binding Cache
entry for the mobile node that contains the mobile node's current entry for the mobile node that contains the mobile node's current
care-of address, will be sent by the correspondent node using a care-of address, will be sent by the correspondent node using a
type 2 routing header. The packet will be addressed to the mobile type 2 routing header. The packet will be addressed to the mobile
node's care-of address, with the final hop in the routing header node's care-of address, with the final hop in the routing header
directing the packet to the mobile node's home address; the directing the packet to the mobile node's home address; the
processing of this last hop of the routing header is entirely processing of this last hop of the routing header is entirely
internal to the mobile node, since the care-of address and home internal to the mobile node, since the care-of address and home
address are both addresses within the mobile node. address are both addresses within the mobile node.
For packets received by the first of these methods, the mobile node For packets received by the first of these methods, the mobile node
MUST check that the IPv6 source address of the tunneled packet is the MUST check that the IPv6 source address of the tunneled packet is the
IP address of its home agent. In this method the mobile node SHOULD IP address of its home agent. In this method the mobile node may
also send a Binding Update to the original sender of the packet, as also send a Binding Update to the original sender of the packet, as
described in Section 11.7.2, subject to the rate limiting defined in described in Section 11.7.2, subject to the rate limiting defined in
Section 11.8. The mobile node MUST also process the received packet Section 11.8. The mobile node MUST also process the received packet
in the manner defined for IPv6 encapsulation [15], which will result in the manner defined for IPv6 encapsulation [15], which will result
in the encapsulated (inner) packet being processed normally by in the encapsulated (inner) packet being processed normally by
upper-layer protocols within the mobile node, as if it had been upper-layer protocols within the mobile node, as if it had been
addressed (only) to the mobile node's home address. addressed (only) to the mobile node's home address.
For packets received by the second method, the following rules will For packets received by the second method, the following rules will
result in the packet being processed normally by upper-layer result in the packet being processed normally by upper-layer
skipping to change at page 115, line 29 skipping to change at page 114, line 32
value may become 0 after the routing header has been processed, value may become 0 after the routing header has been processed,
but before the rest of the packet is processed.) but before the rest of the packet is processed.)
o The Home Address field in the routing header is one of the node's o The Home Address field in the routing header is one of the node's
home addresses, if the segments left field was 1. Thus, in home addresses, if the segments left field was 1. Thus, in
particular the address field is required to be a unicast routable particular the address field is required to be a unicast routable
address. address.
Once the above checks have been performed, the node swaps the IPv6 Once the above checks have been performed, the node swaps the IPv6
destination field with the Home Address field in the routing header, destination field with the Home Address field in the routing header,
decrements segments left, and resubmits the packet to IP for decrements segments left by one from the value it had on the wire,
processing the next header. Conceptually this follows the same model and resubmits the packet to IP for processing the next header.
as in RFC 2460. However, in the case of type 2 routing header this Conceptually this follows the same model as in RFC 2460. However, in
can be simplified since it is known that the packet will not be the case of type 2 routing header this can be simplified since it is
forwarded to a different node. known that the packet will not be forwarded to a different node.
The definition of AH requires the sender to calculate the AH The definition of AH requires the sender to calculate the AH
integrity check value of a routing header in a way as it appears in integrity check value of a routing header in a way as it appears in
the receiver after it has processed the header. Since IPsec headers the receiver after it has processed the header. Since IPsec headers
follow the routing header, any IPsec processing will operate on the follow the routing header, any IPsec processing will operate on the
packet with the home address in the IP destination field and segments packet with the home address in the IP destination field and segments
left being zero. Thus, the AH calculations at the sender and left being zero. Thus, the AH calculations at the sender and
receiver will have an identical view of the packet. receiver will have an identical view of the packet.
11.3.4 Routing Multicast Packets 11.3.4 Routing Multicast Packets
A mobile node that is connected to its home link functions in the A mobile node that is connected to its home link functions in the
same way as any other (stationary) node. Thus, when it is at home, a same way as any other (stationary) node. Thus, when it is at home, a
mobile node functions identically to other multicast senders and mobile node functions identically to other multicast senders and
receivers. This section therefore describes the behavior of a mobile receivers. This section therefore describes the behavior of a mobile
node that is not on its home link. node that is not on its home link.
In order to receive packets sent to some multicast group, a mobile In order to receive packets sent to some multicast group, a mobile
node must join that multicast group. One method by which a mobile node must join that multicast group. One method by which a mobile
node MAY join the group is via a (local) multicast router on the node MAY join the group is via a (local) multicast router on the
foreign link being visited. In this case, the mobile node MUST NOT foreign link being visited. In this case, the mobile node MUST use
use its home address or the Home Address destination option when its care-of address and MUST NOT use the Home Address destination
sending MLD packets [17] option when sending MLD packets [17].
Alternatively, a mobile node MAY join multicast groups via a Alternatively, a mobile node MAY join multicast groups via a
bi-directional tunnel to its home agent. The mobile node tunnels its bi-directional tunnel to its home agent. The mobile node tunnels its
multicast group membership control packets (such as those defined in multicast group membership control packets (such as those defined in
[17] or in [35]) to its home agent, and the home agent forwards [17] or in [35]) to its home agent, and the home agent forwards
multicast packets down the tunnel to the mobile node. A mobile node multicast packets down the tunnel to the mobile node. A mobile node
MUST NOT tunnel multicast group membership control packets until (1) MUST NOT tunnel multicast group membership control packets until (1)
the mobile node has a binding in place at the home agent, and (2) the the mobile node has a binding in place at the home agent, and (2) the
latter sends at least one such multicast group membership control latter sends at least one such multicast group membership control
packet via the tunnel. Once this condition is true, the mobile node packet via the tunnel. Once this condition is true, the mobile node
skipping to change at page 117, line 25 skipping to change at page 116, line 28
the mobile node and is therefore bandwidth inefficient compared to the mobile node and is therefore bandwidth inefficient compared to
the native multicast forwarding in the foreign multicast system. the native multicast forwarding in the foreign multicast system.
11.3.5 Receiving ICMP Error Messages 11.3.5 Receiving ICMP Error Messages
Any node that doesn't recognize the Mobility header will return an Any node that doesn't recognize the Mobility header will return an
ICMP Parameter Problem, Code 1, message to the sender of the packet. ICMP Parameter Problem, Code 1, message to the sender of the packet.
If the mobile node receives such an ICMP error message in response to If the mobile node receives such an ICMP error message in response to
a return routability procedure or Binding Update, it SHOULD record in a return routability procedure or Binding Update, it SHOULD record in
its Binding Update List that future Binding Updates SHOULD NOT be its Binding Update List that future Binding Updates SHOULD NOT be
sent to this destination. New Binding Update List entries MUST NOT sent to this destination.
be created as a result of receiving ICMP messages.
New Binding Update List entries MUST NOT be created as a result of
receiving ICMP error messages.
Correspondent nodes that have participated in the return routability Correspondent nodes that have participated in the return routability
procedure MUST implement the ability to correctly process received procedure MUST implement the ability to correctly process received
packets containing a Home Address destination option. Therefore, packets containing a Home Address destination option. Therefore,
correctly implemented correspondent nodes should always be able to correctly implemented correspondent nodes should always be able to
recognize Home Address options. If a mobile node receives an ICMP recognize Home Address options. If a mobile node receives an ICMP
Parameter Problem, Code 2, message from some node indicating that it Parameter Problem, Code 2, message from some node indicating that it
does not support the Home Address option, the mobile node SHOULD log does not support the Home Address option, the mobile node SHOULD log
the error and then discard the ICMP message. the error and then discard the ICMP message.
skipping to change at page 118, line 43 skipping to change at page 117, line 48
the mobile node has been away from home, such that the router that the mobile node has been away from home, such that the router that
was operating as the mobile node's home agent has been replaced by a was operating as the mobile node's home agent has been replaced by a
different router serving this role. different router serving this role.
In this case, the mobile node MAY attempt to discover the address of In this case, the mobile node MAY attempt to discover the address of
a suitable home agent on its home link. To do so, the mobile node a suitable home agent on its home link. To do so, the mobile node
sends an ICMP Home Agent Address Discovery Request message to the sends an ICMP Home Agent Address Discovery Request message to the
Mobile IPv6 Home-Agents anycast address [16] for its home subnet Mobile IPv6 Home-Agents anycast address [16] for its home subnet
prefix. As described in Section 10.5, the home agent on its home prefix. As described in Section 10.5, the home agent on its home
link that receives this Request message will return an ICMP Home link that receives this Request message will return an ICMP Home
Agent Address Discovery Reply message, giving the global unicast IP Agent Address Discovery Reply message. This message gives the
addresses for the home agents operating on the home link addresses for the home agents operating on the home link.
The mobile node, upon receiving this Home Agent Address Discovery The mobile node, upon receiving this Home Agent Address Discovery
Reply message, MAY then send its home registration Binding Update to Reply message, MAY then send its home registration Binding Update to
any of the unicast IP addresses listed in the Home Agent Addresses any of the unicast IP addresses listed in the Home Agent Addresses
field in the Reply. For example, the mobile node MAY attempt its field in the Reply. For example, the mobile node MAY attempt its
home registration to each of these addresses, in turn, until its home registration to each of these addresses, in turn, until its
registration is accepted. The mobile node sends a Binding Update to registration is accepted. The mobile node sends a Binding Update to
an address and waits for the matching Binding Acknowledgement, moving an address and waits for the matching Binding Acknowledgement, moving
on to the next address if there is no response. The mobile node on to the next address if there is no response. The mobile node
MUST, however, wait at least InitialBindackTimeoutFirstReg seconds MUST, however, wait at least InitialBindackTimeoutFirstReg seconds
(see Section 13) before sending a Binding Update to the next home (see Section 13) before sending a Binding Update to the next home
agent. In trying each of the returned home agent addresses, the agent. In trying each of the returned home agent addresses, the
mobile node SHOULD try each in the order listed in the Home Agent mobile node SHOULD try each in the order listed in the Home Agent
Addresses field in the received Home Agent Address Discovery Reply Addresses field in the received Home Agent Address Discovery Reply
message. message.
If the mobile node has a current registration with some home agent on If the mobile node has a current registration with some home agent
its home link (the Lifetime for that registration has not yet (the Lifetime for that registration has not yet expired), then the
expired), then the mobile node MUST attempt any new registration mobile node MUST attempt any new registration first with that home
first with that home agent. If that registration attempt fails agent. If that registration attempt fails (e.g., times out or is
(e.g., times out or is rejected), the mobile node SHOULD then rejected), the mobile node SHOULD then reattempt this registration
reattempt this registration with another home agent on its home link. with another home agent. If the mobile node knows of no other
If the mobile node knows of no other suitable home agent, then it MAY suitable home agent, then it MAY attempt the dynamic home agent
attempt the dynamic home agent address discovery mechanism described address discovery mechanism described above.
above.
If, after a mobile node transmits a Home Agent Address Discovery If, after a mobile node transmits a Home Agent Address Discovery
Request message to the Home Agents Anycast address, it does not Request message to the Home Agents Anycast address, it does not
receive a corresponding Home Agent Address Discovery Reply message receive a corresponding Home Agent Address Discovery Reply message
within INITIAL_DHAAD_TIMEOUT (see Section 12) seconds, the mobile within INITIAL_DHAAD_TIMEOUT (see Section 12) seconds, the mobile
node MAY retransmit the same Request message to the same anycast node MAY retransmit the same Request message to the same anycast
address. This retransmission MAY be repeated up to a maximum of address. This retransmission MAY be repeated up to a maximum of
DHAAD_RETRIES (see Section 12) attempts. Each retransmission MUST be DHAAD_RETRIES (see Section 12) attempts. Each retransmission MUST be
delayed by twice the time interval of the previous retransmission. delayed by twice the time interval of the previous retransmission.
11.4.2 Sending Mobile Prefix Solicitations 11.4.2 Sending Mobile Prefix Solicitations
When a mobile node has a home address that is about to become When a mobile node has a home address that is about to become
invalid, it sends a Mobile Prefix Solicitation to its home agent in invalid, it SHOULD send a Mobile Prefix Solicitation to its home
an attempt to acquire fresh routing prefix information. The new agent in an attempt to acquire fresh routing prefix information. The
information also enables the mobile node to participate in new information also enables the mobile node to participate in
renumbering operations affecting the home network, as described in renumbering operations affecting the home network, as described in
Section 10.6. Section 10.6.
The mobile node MUST use the Home Address destination option to carry The mobile node MUST use the Home Address destination option to carry
its home address and SHOULD use IPsec to protect the solicitation. its home address. The mobile node MUST support and SHOULD use IPsec
The mobile node MUST set the Identifier field in the ICMP header to a to protect the solicitation. The mobile node MUST set the Identifier
random value. field in the ICMP header to a random value.
The mobile node SHOULD send a Solicitation to the home agent when its
home address will become invalid within MaxRtrAdvInterval seconds,
where this value is acquired in a previous Mobile Prefix
Advertisement from the home agent. If no such value is known, the
value MAX_PFX_ADV_DELAY seconds is used instead (see Section 12).
As described in Section 11.7.2, Binding Updates sent by the mobile As described in Section 11.7.2, Binding Updates sent by the mobile
node to other nodes MUST use a lifetime no greater than the remaining node to other nodes MUST use a lifetime no greater than the remaining
lifetime of its home registration of its primary care-of address. lifetime of its home registration of its primary care-of address.
The mobile node SHOULD further limit the lifetimes that it sends on The mobile node SHOULD further limit the lifetimes that it sends on
any Binding Updates to be within the remaining valid lifetime (see any Binding Updates to be within the remaining valid lifetime (see
Section 10.6.2) for the prefix in its home address. Section 10.6.2) for the prefix in its home address.
When the lifetime for a changed prefix decreases, and the change When the lifetime for a changed prefix decreases, and the change
would cause cached bindings at correspondent nodes in the Binding would cause cached bindings at correspondent nodes in the Binding
skipping to change at page 121, line 19 skipping to change at page 120, line 19
Mobile Prefix Solicitation. Mobile Prefix Solicitation.
For an accepted Mobile Prefix Advertisement, the mobile node MUST For an accepted Mobile Prefix Advertisement, the mobile node MUST
process Managed Address Configuration (M), Other Stateful process Managed Address Configuration (M), Other Stateful
Configuration (O), and the Prefix Information Options as if they Configuration (O), and the Prefix Information Options as if they
arrived in a Router Advertisement [12] on the mobile node's home arrived in a Router Advertisement [12] on the mobile node's home
link. (This specification does not, however, describe how to acquire link. (This specification does not, however, describe how to acquire
home addresses through stateful protocols.) Such processing may home addresses through stateful protocols.) Such processing may
result in the mobile node configuring a new home address, although result in the mobile node configuring a new home address, although
due to separation between preferred lifetime and valid lifetime, such due to separation between preferred lifetime and valid lifetime, such
changes should not affect most communication by the mobile node, in changes should not affect most communications by the mobile node, in
the same way as for nodes that are at home. the same way as for nodes that are at home.
This specification assumes that any security associations and
security policy entries that may be needed for new prefixes have been
pre-configured in the mobile node. Note that while dynamic key
management avoids the need to create new security associations, it is
still necessary to add policy entries to protect the communications
involving the home address(es). Mechanisms for automatic set-up of
these entries are outside the scope of this specification.
11.5 Movement 11.5 Movement
11.5.1 Movement Detection 11.5.1 Movement Detection
The primary movement detection mechanism for Mobile IPv6 defined in The primary movement detection mechanism for Mobile IPv6 defined in
this section uses the facilities of IPv6 Neighbor Discovery, this section uses the facilities of IPv6 Neighbor Discovery,
including Router Discovery and Neighbor Unreachability Detection. including Router Discovery and Neighbor Unreachability Detection.
The mobile node SHOULD supplement this mechanism with other The mobile node SHOULD supplement this mechanism with other
information whenever it is available to the mobile node (e.g., from information whenever it is available to the mobile node (e.g., from
lower protocol layers). The description here is based on the lower protocol layers). The description here is based on the
skipping to change at page 122, line 44 skipping to change at page 122, line 4
determining the number of Advertisements from its current default determining the number of Advertisements from its current default
router it is willing to tolerate losing before deciding to switch to router it is willing to tolerate losing before deciding to switch to
a different router from which it may currently be correctly receiving a different router from which it may currently be correctly receiving
Advertisements. Advertisements.
On some types of network interfaces, the mobile node MAY also On some types of network interfaces, the mobile node MAY also
supplement this monitoring of Router Advertisements, by setting its supplement this monitoring of Router Advertisements, by setting its
network interface into "promiscuous" receive mode, so that it is able network interface into "promiscuous" receive mode, so that it is able
to receive all packets on the link, including those not addressed to to receive all packets on the link, including those not addressed to
it at the link layer (i.e., disabling link-level address filtering). it at the link layer (i.e., disabling link-level address filtering).
The mobile node will then be able to detect any packets sent by the The mobile node will then be able to detect any packets sent by the
router, in order to detect reachability from the router. This use of router, in order to detect reachability from the router. This use of
promiscuous mode may be useful on very low bandwidth (e.g., wireless) promiscuous mode may be useful on very low bandwidth (e.g., wireless)
links, but its use MUST be configurable on the mobile node since it links. If this mode is supported, its use MUST be configurable,
is likely to consume additional energy resources. since it is likely to consume additional energy resources.
If the above means do not provide indication that the mobile node is If the above means do not provide indication that the mobile node is
still reachable from its current default router (for instance, the still reachable from its current default router (for instance, the
mobile node receives no packets from the router for a period of mobile node receives no packets from the router for a period of
time), then the mobile node SHOULD attempt to actively probe the time), then the mobile node SHOULD attempt to actively probe the
router with Neighbor Solicitations, even if it is not otherwise router with Neighbor Solicitations, even if it is not otherwise
actively sending packets to the router. If it receives a solicited actively sending packets to the router. If it receives a solicited
Neighbor Advertisement in response from the router, then the mobile Neighbor Advertisement in response from the router, then the mobile
node can deduce that it is still reachable. It is expected that the node can deduce that it is still reachable. It is expected that the
mobile node will in most cases be able to determine its reachability mobile node will in most cases be able to determine its reachability
skipping to change at page 123, line 29 skipping to change at page 122, line 38
mobile node to a new link, such that the mobile node would need to mobile node to a new link, such that the mobile node would need to
switch to a new default router and primary care-of address. For switch to a new default router and primary care-of address. For
example, movement of a mobile node from one cell to another in many example, movement of a mobile node from one cell to another in many
wireless LANs can be made transparent to the IP level through use of wireless LANs can be made transparent to the IP level through use of
a link-layer "roaming" protocol, as long as the different wireless a link-layer "roaming" protocol, as long as the different wireless
LAN cells all operate as part of the same IP link with the same LAN cells all operate as part of the same IP link with the same
subnet prefix. Upon lower-layer indication of link-layer mobility, subnet prefix. Upon lower-layer indication of link-layer mobility,
the mobile node SHOULD send Router Solicitations to determine if the mobile node SHOULD send Router Solicitations to determine if
additional on-link subnet prefixes are available on its new link. additional on-link subnet prefixes are available on its new link.
The mobile node SHOULD also mark its link-local address as tentative, The mobile node SHOULD also mark its link-local address as tentative,
and follow standard Duplicate Address Detection procedures[13]. and follow standard Duplicate Address Detection procedures [13].
Such lower-layer information might also be useful to a mobile node in Such lower-layer information might also be useful to a mobile node in
deciding to switch its primary care-of address to one of the other deciding to switch its primary care-of address to one of the other
care-of addresses it has formed from the on-link subnet prefixes care-of addresses it has formed from the on-link subnet prefixes
currently available through different routers from which the mobile currently available through different routers from which the mobile
node is reachable. For example, a mobile node MAY use signal node is reachable. For example, a mobile node MAY use signal
strength or signal quality information (with suitable hysteresis) for strength or signal quality information (with suitable hysteresis) for
its link with the available routers to decide when to switch to a new its link with the available routers to decide when to switch to a new
primary care-of address using that router rather than its current primary care-of address using that router rather than its current
default router (and current primary care-of address). Even though default router (and current primary care-of address). Even though
skipping to change at page 124, line 21 skipping to change at page 123, line 29
care-of address for any or all of the prefixes on its current link. care-of address for any or all of the prefixes on its current link.
Furthermore, since a wireless network interface may actually allow a Furthermore, since a wireless network interface may actually allow a
mobile node to be reachable on more than one link at a time (i.e., mobile node to be reachable on more than one link at a time (i.e.,
within wireless transmitter range of routers on more than one within wireless transmitter range of routers on more than one
separate link), a mobile node MAY have care-of addresses on more than separate link), a mobile node MAY have care-of addresses on more than
one link at a time. The use of more than one care-of address at a one link at a time. The use of more than one care-of address at a
time is described in Section 11.5.3. time is described in Section 11.5.3.
As described in Section 4, in order to form a new care-of address, a As described in Section 4, in order to form a new care-of address, a
mobile node MAY use either stateless [13] or stateful (e.g., DHCPv6 mobile node MAY use either stateless [13] or stateful (e.g., DHCPv6
[29]) Address Autoconfiguration. If a mobile node needs to send [28]) Address Autoconfiguration. If a mobile node needs to use a
packets as part of the method of address autoconfiguration, it MUST source address (other than the unspecified address) in packets sent
use an IPv6 link-local address rather than its own IPv6 home address as a part of address autoconfiguration, it MUST use an IPv6
as the Source Address in the IPv6 header of each such link-local address rather than its own IPv6 home address.
autoconfiguration packet.
RFC 2462 [13] specifies that in normal processing for Duplicate RFC 2462 [13] specifies that in normal processing for Duplicate
Address Detection, the node SHOULD delay sending the initial Neighbor Address Detection, the node SHOULD delay sending the initial Neighbor
Solicitation message by a random delay between 0 and Solicitation message by a random delay between 0 and
MAX_RTR_SOLICITATION_DELAY. Since delaying DAD can result in MAX_RTR_SOLICITATION_DELAY. Since delaying DAD can result in
significant delays in configuring a new care of address when the significant delays in configuring a new care-of address when the
Mobile Node moves to a new link, the Mobile Node preferably SHOULD Mobile Node moves to a new link, the Mobile Node preferably SHOULD
NOT delay DAD when configuring a new care of address. The Mobile NOT delay DAD when configuring a new care-of address. The Mobile
Node SHOULD delay according to the mechanisms specified in RFC 2462 Node SHOULD delay according to the mechanisms specified in RFC 2462
if the Mobile IP stack cannot distinguish between the normal process unless the implementation has a behavior that desynchronizes the
of moving to a new link and reinitializing the interface, or if the steps that happen before the DAD in the case that multiple nodes
link layer does not include adequate local collision and congestion experience handover at the same time. Such desynchronizing behaviors
control mechanisms. might be due to random delays in the L2 protocols or device drivers,
or due to the movement detection mechanism that is used.
11.5.3 Using Multiple Care-of Addresses 11.5.3 Using Multiple Care-of Addresses
As described in Section 11.5.2, a mobile node MAY use more than one As described in Section 11.5.2, a mobile node MAY use more than one
care-of address at a time. Particularly in the case of many wireless care-of address at a time. Particularly in the case of many wireless
networks, a mobile node effectively might be reachable through networks, a mobile node effectively might be reachable through
multiple links at the same time (e.g., with overlapping wireless multiple links at the same time (e.g., with overlapping wireless
cells), on which different on-link subnet prefixes may exist. The cells), on which different on-link subnet prefixes may exist. The
mobile node MUST ensure that its primary care-of address always has a mobile node MUST ensure that its primary care-of address always has a
prefix that is considered on-link by its current default router, prefix that is considered on-link by its current default router,
skipping to change at page 125, line 15 skipping to change at page 124, line 22
Registration (H) and Acknowledge (A) bits set its home agent, as Registration (H) and Acknowledge (A) bits set its home agent, as
described on Section 11.7.1. described on Section 11.7.1.
To assist with smooth handovers, a mobile node SHOULD retain its To assist with smooth handovers, a mobile node SHOULD retain its
previous primary care-of address as a (non-primary) care-of address, previous primary care-of address as a (non-primary) care-of address,
and SHOULD still accept packets at this address, even after and SHOULD still accept packets at this address, even after
registering its new primary care-of address with its home agent. registering its new primary care-of address with its home agent.
This is reasonable, since the mobile node could only receive packets This is reasonable, since the mobile node could only receive packets
at its previous primary care-of address if it were indeed still at its previous primary care-of address if it were indeed still
connected to that link. If the previous primary care-of address was connected to that link. If the previous primary care-of address was
allocated using stateful Address Autoconfiguration [29], the mobile allocated using stateful Address Autoconfiguration [28], the mobile
node may not wish to release the address immediately upon switching node may not wish to release the address immediately upon switching
to a new primary care-of address. to a new primary care-of address.
Whenever a mobile node determines that it is no longer reachable Whenever a mobile node determines that it is no longer reachable
through a given link, it SHOULD invalidate all care-of addresses through a given link, it SHOULD invalidate all care-of addresses
associated with address prefixes that it discovered from routers on associated with address prefixes that it discovered from routers on
the unreachable link which are not in the current set of address the unreachable link which are not in the current set of address
prefixes advertised by the (possibly new) current default router. prefixes advertised by the (possibly new) current default router.
11.5.4 Returning Home 11.5.4 Returning Home
skipping to change at page 125, line 42 skipping to change at page 124, line 49
for it. In this home registration, the mobile node MUST set the for it. In this home registration, the mobile node MUST set the
Acknowledge (A) and Home Registration (H) bits, set the Lifetime Acknowledge (A) and Home Registration (H) bits, set the Lifetime
field to zero, and set the care-of address for the binding to the field to zero, and set the care-of address for the binding to the
mobile node's own home address. The mobile node MUST use its home mobile node's own home address. The mobile node MUST use its home
address as the source address in the Binding Update. address as the source address in the Binding Update.
When sending this Binding Update to its home agent, the mobile node When sending this Binding Update to its home agent, the mobile node
must be careful in how it uses Neighbor Solicitation [12] (if needed) must be careful in how it uses Neighbor Solicitation [12] (if needed)
to learn the home agent's link-layer address, since the home agent to learn the home agent's link-layer address, since the home agent
will be currently configured to intercept packets to the mobile will be currently configured to intercept packets to the mobile
node's home address for Duplicate Address Detection (DAD). In node's home address using Duplicate Address Detection (DAD). In
particular, the mobile node is unable to use its home address as the particular, the mobile node is unable to use its home address as the
Source Address in the Neighbor Solicitation until the home agent Source Address in the Neighbor Solicitation until the home agent
stops defending the home address. stops defending the home address.
Neighbor Solicitation by the mobile node for the home agent's address Neighbor Solicitation by the mobile node for the home agent's address
will normally not be necessary, since the mobile node has already will normally not be necessary, since the mobile node has already
learned the home agent's link-layer address from a Source Link-Layer learned the home agent's link-layer address from a Source Link-Layer
Address option in a Router Advertisement. However, if there are Address option in a Router Advertisement. However, if there are
multiple home agents it may still be necessary to send a multiple home agents it may still be necessary to send a
solicitation. In this special case of the mobile node returning solicitation. In this special case of the mobile node returning
home, the mobile node MUST multicast the packet, and in addition set home, the mobile node MUST multicast the packet, and in addition set
the Source Address of this Neighbor Solicitation to the unspecified the Source Address of this Neighbor Solicitation to the unspecified
address (0:0:0:0:0:0:0:0). The target of the Neighbor Solicitation address (0:0:0:0:0:0:0:0). The target of the Neighbor Solicitation
MUST be set to the home agent's IPv6 address, which is known to the MUST be set to the mobile node's home address. The destination IP
mobile node. The destination IP address MUST be set to the address MUST be set to the Solicited-Node multicast address [3]. The
Solicited-Node multicast address [3]. The ICMP Code field MUST be home agent will send a multicast Neighbor Advertisement back to the
set to 1 in order to distinguish this solicitation from a similar mobile node with the Solicited flag (S) set to zero. In any case,
packet that would only be used for DAD, as described in Section 7.5. the mobile node SHOULD record the information from the Source
The home agent will send a multicast Neighbor Advertisement back to
the mobile node with the Solicited flag (S) set to zero. In any
case, the mobile node SHOULD record the information from the Source
Link-Layer Address option or from the advertisement, and set the Link-Layer Address option or from the advertisement, and set the
state of the Neighbor Cache entry for the home agent to REACHABLE. state of the Neighbor Cache entry for the home agent to REACHABLE.
The mobile node then sends its Binding Update using the home agent's The mobile node then sends its Binding Update to the home agent's
link-layer address, instructing its home agent to no longer serve as link-layer address, instructing its home agent to no longer serve as
a home agent for it. By processing this Binding Update, the home a home agent for it. By processing this Binding Update, the home
agent will cease defending the mobile node's home address for agent will cease defending the mobile node's home address for
Duplicate Address Detection and will no longer respond to Neighbor Duplicate Address Detection and will no longer respond to Neighbor
Solicitations for the mobile node's home address. The mobile node is Solicitations for the mobile node's home address. The mobile node is
then the only node on the link receiving packets at the mobile node's then the only node on the link receiving packets at the mobile node's
home address. In addition, when returning home prior to the home address. In addition, when returning home prior to the
expiration of a current binding for its home address, and configuring expiration of a current binding for its home address, and configuring
its home address on its network interface on its home link, the its home address on its network interface on its home link, the
mobile node MUST NOT perform Duplicate Address Detection on its own mobile node MUST NOT perform Duplicate Address Detection on its own
skipping to change at page 127, line 27 skipping to change at page 126, line 31
This section defines the rules that the mobile node must follow when This section defines the rules that the mobile node must follow when
performing the return routability procedure. Section 11.7.2 performing the return routability procedure. Section 11.7.2
describes the rules when the return routability procedure needs to be describes the rules when the return routability procedure needs to be
initiated. initiated.
11.6.1 Sending Test Init Messages 11.6.1 Sending Test Init Messages
A mobile node that initiates a return routability procedure MUST send A mobile node that initiates a return routability procedure MUST send
(in parallel) a Home Test Init message and a Care-of Test Init (in parallel) a Home Test Init message and a Care-of Test Init
messages. However, if the mobile node has recently received one or messages. However, if the mobile node has recently received (see
both home or care-of keygen tokens, and associated nonce indices for Section 5.2.7) one or both home or care-of keygen tokens, and
the desired addresses, it MAY reuse them. Therefore, the return associated nonce indices for the desired addresses, it MAY reuse
routability procedure may in some cases be completed with only one them. Therefore, the return routability procedure may in some cases
message pair. It may even be completed without any messages at all, be completed with only one message pair. It may even be completed
if the mobile node has a recent home keygen token and and has without any messages at all, if the mobile node has a recent home
previously visited the same care-of address so that it also has a keygen token and and has previously visited the same care-of address
recent care-of keygen token. If the mobile node intends to send a so that it also has a recent care-of keygen token. If the mobile
Binding Update with the Lifetime set to zero or the care-of address node intends to send a Binding Update with the Lifetime set to zero
equal to its home address - such as when returning home - sending a and the care-of address equal to its home address - such as when
Home Test Init message is sufficient. In this case, generation of returning home - sending a Home Test Init message is sufficient. In
the binding management key depends exclusively on the home keygen this case, generation of the binding management key depends
token (Section 5.2.5). exclusively on the home keygen token (Section 5.2.5).
A Home Test Init message MUST be created as described in Section A Home Test Init message MUST be created as described in Section
6.1.3. A Care-of Test Init message MUST be created as described in 6.1.3. A Care-of Test Init message MUST be created as described in
Section 6.1.4. When sending a Home Test Init or Care-of Test Init Section 6.1.4. When sending a Home Test Init or Care-of Test Init
message the mobile node MUST record in its Binding Update List the message the mobile node MUST record in its Binding Update List the
following fields from the messages: following fields from the messages:
o The IP address of the node to which the message was sent. o The IP address of the node to which the message was sent.
o The home address of the mobile node. This value will appear in o The home address of the mobile node. This value will appear in
skipping to change at page 129, line 50 skipping to change at page 129, line 4
after sending a Binding Update to the home agent to register this new after sending a Binding Update to the home agent to register this new
address. address.
11.7 Processing Bindings 11.7 Processing Bindings
11.7.1 Sending Binding Updates to the Home Agent 11.7.1 Sending Binding Updates to the Home Agent
After deciding to change its primary care-of address as described in After deciding to change its primary care-of address as described in
Section 11.5.1 and Section 11.5.2, a mobile node MUST register this Section 11.5.1 and Section 11.5.2, a mobile node MUST register this
care-of address with its home agent in order to make this its primary care-of address with its home agent in order to make this its primary
care-of address. Also, if the mobile node wants the services of the care-of address.
home agent beyond the current registration period, the mobile node
MUST send a new Binding Update to it well before the expiration of
this period, even if it is not changing its primary care-of address.
In both of these situations, the mobile node sends a packet to its Also, if the mobile node wants the services of the home agent beyond
home agent containing a Binding Update, with the packet constructed the current registration period, the mobile node should send a new
as follows: Binding Update to it well before the expiration of this period, even
if it is not changing its primary care-of address. However, if the
home agent returned a Binding Acknowledgement for the current
registration with Status field set to 1 (accepted but prefix
discovery necessary), the mobile node should not try to register
again before it has learned the validity of its home prefixes through
prefix discovery. This is typically necessary every time this Status
value is received, because information learned through prefix
discovery on an earlier registration may have changed.
To register a care-of address or to extend the lifetime of an
existing registration, the mobile node sends a packet to its home
agent containing a Binding Update, with the packet constructed as
follows:
o The Home Registration (H) bit MUST be set in the Binding Update. o The Home Registration (H) bit MUST be set in the Binding Update.
o The Acknowledge (A) bit MUST be set in the Binding Update. o The Acknowledge (A) bit MUST be set in the Binding Update.
o The packet MUST contain a Home Address destination option, giving o The packet MUST contain a Home Address destination option, giving
the mobile node's home address for the binding. the mobile node's home address for the binding.
o The care-of address for the binding MUST be used as the Source o The care-of address for the binding MUST be used as the Source
Address in the packet's IPv6 header, unless an Alternate Care-of Address in the packet's IPv6 header, unless an Alternate Care-of
Address mobility option is included in the Binding Update. This Address mobility option is included in the Binding Update. This
option SHOULD be included in all home registrations, as the ESP option MUST be included in all home registrations, as the ESP
protocol will not be able to protect care-of addresses in the IPv6 protocol will not be able to protect care-of addresses in the IPv6
header. (Mobile IPv6 implementations that know they are using header. (Mobile IPv6 implementations that know they are using
IPsec AH to protect a particular message might avoid this option. IPsec AH to protect a particular message might avoid this option.
For brevity the usage of AH is not discussed in this document.) For brevity the usage of AH is not discussed in this document.)
o If the mobile node's link-local address has the same interface o If the mobile node's link-local address has the same interface
identifier as the home address for which it is supplying a new identifier as the home address for which it is supplying a new
care-of address, then the mobile node SHOULD set the Link-Local care-of address, then the mobile node SHOULD set the Link-Local
Address Compatibility (L) bit. Address Compatibility (L) bit.
skipping to change at page 130, line 45 skipping to change at page 130, line 10
o If the IPsec security associations between the mobile node and the o If the IPsec security associations between the mobile node and the
home agent have been established dynamically, and the mobile node home agent have been established dynamically, and the mobile node
has the capability to update its endpoint in the used key has the capability to update its endpoint in the used key
management protocol to the new care-of address every time it management protocol to the new care-of address every time it
moves, the mobile node SHOULD set the Key Management Mobility moves, the mobile node SHOULD set the Key Management Mobility
Capability (K) bit in the Binding Update. Otherwise, the mobile Capability (K) bit in the Binding Update. Otherwise, the mobile
node MUST clear the bit. node MUST clear the bit.
o The value specified in the Lifetime field SHOULD be less than or o The value specified in the Lifetime field SHOULD be less than or
equal to the remaining lifetime of the home address and the equal to the remaining valid lifetime of the home address and the
care-of address specified for the binding. care-of address specified for the binding.
Mobile nodes that use dynamic home agent address discovery should Mobile nodes that use dynamic home agent address discovery should
be careful with long lifetimes. If the mobile node loses the be careful with long lifetimes. If the mobile node loses the
knowledge of its binding with a specific home agent, registering a knowledge of its binding with a specific home agent, registering a
new binding with another home agent may be impossible as the new binding with another home agent may be impossible as the
previous home agent is still defending the existing binding. previous home agent is still defending the existing binding.
Therefore, mobile nodes that use home agent address discovery Therefore, mobile nodes that use home agent address discovery
SHOULD ensure information about their bindings is not lost, SHOULD ensure information about their bindings is not lost,
de-register before losing this information, or use small de-register before losing this information, or use small
skipping to change at page 133, line 26 skipping to change at page 132, line 38
to any of the mobile node's care-of addresses. to any of the mobile node's care-of addresses.
o The Destination Address in the original (inner) IPv6 header is o The Destination Address in the original (inner) IPv6 header is
equal to one of the mobile node's home addresses. equal to one of the mobile node's home addresses.
o The Source Address in the tunnel (outer) IPv6 header differs from o The Source Address in the tunnel (outer) IPv6 header differs from
the Source Address in the original (inner) IPv6 header. the Source Address in the original (inner) IPv6 header.
o The packet does not contain a Care-of Test Init message. o The packet does not contain a Care-of Test Init message.
The destination address to which the procedure should be initiated to If a mobile node has multiple home addresses, it becomes important to
in response to receiving a packet meeting all of the above tests is select the right home address to use in the correspondent binding
the Source Address in the original (inner) IPv6 header of the packet. procedure. The used home address MUST be the Destination Address of
If a Home Address destination option is present in the packet (inner the original (inner) packet.
IPv6 header), the source address MUST be the home address in the home
address option. The home address used in the procedure should be the The peer address used in the procedure MUST be determined as follows:
Destination Address of the original (inner) packet.
o If a Home Address destination option is present in the original
(inner) packet, the address from this option is used.
o Otherwise, the Source Address in the original (inner) IPv6 header
of the packet is used.
Note that the validity of the original packet is checked before
attempting to initiate a correspondent binding procedure. For
instance, if a Home Address destination option appeared in the
original packet, then rules in Section 9.3.1 are followed.
A mobile node MAY also choose to keep its location private from A mobile node MAY also choose to keep its location private from
certain correspondent nodes, and thus need not initiate the certain correspondent nodes, and thus need not initiate the
correspondent binding procedure. correspondent binding procedure.
Upon successfully completing the return routability procedure, and Upon successfully completing the return routability procedure, and
after receiving a successful Binding Acknowledgement from the Home after receiving a successful Binding Acknowledgement from the Home
Agent, a Binding Update can be sent to the correspondent node. Agent, a Binding Update MAY be sent to the correspondent node.
In any Binding Update sent by a mobile node, the care-of address In any Binding Update sent by a mobile node, the care-of address
(either the Source Address in the packet's IPv6 header or the Care-of (either the Source Address in the packet's IPv6 header or the Care-of
Address in the Alternate Care-of Address mobility option of the Address in the Alternate Care-of Address mobility option of the
Binding Update) MUST be set to one of the care-of addresses currently Binding Update) MUST be set to one of the care-of addresses currently
in use by the mobile node or to the mobile node's home address. A in use by the mobile node or to the mobile node's home address. A
mobile node MAY set the care-of address differently for sending mobile node MAY set the care-of address differently for sending
Binding Updates to different correspondent nodes. Binding Updates to different correspondent nodes.
A mobile node MAY also send a Binding Update to such a correspondent A mobile node MAY also send a Binding Update to such a correspondent
skipping to change at page 134, line 14 skipping to change at page 133, line 36
node from its Binding Cache, as described in Section 6.1.7. Even in node from its Binding Cache, as described in Section 6.1.7. Even in
this case a successful completion of the return routability procedure this case a successful completion of the return routability procedure
is required first. is required first.
If set to one of the mobile node's current care-of addresses, the If set to one of the mobile node's current care-of addresses, the
Binding Update requests the correspondent node to create or update an Binding Update requests the correspondent node to create or update an
entry for the mobile node in the correspondent node's Binding Cache entry for the mobile node in the correspondent node's Binding Cache
in order to record this care-of address for use in sending future in order to record this care-of address for use in sending future
packets to the mobile node. In this case, the value specified in the packets to the mobile node. In this case, the value specified in the
Lifetime field sent in the Binding Update SHOULD be less than or Lifetime field sent in the Binding Update SHOULD be less than or
equal to the remaining lifetime of the home address and the care-of equal to the remaining lifetime of the home registration and the
address specified for the binding. The care-of address given in the care-of address specified for the binding. The care-of address given
Binding Update MAY differ from the mobile node's primary care-of in the Binding Update MAY differ from the mobile node's primary
address. care-of address.
If the care-of address is set to the mobile node's home address or If the Binding Update is sent to request the correspondent node to
the Lifetime field set to zero, the Binding Update requests the delete any existing Binding Cache entry that it has for the mobile
correspondent node to delete any existing Binding Cache entry that it node, the care-of address is set to the mobile node's home address
has for the mobile node. In this case, generation of the binding and the Lifetime field set to zero. In this case, generation of the
management key depends exclusively on the home keygen token (Section binding management key depends exclusively on the home keygen token
5.2.5). The care-of nonce index SHOULD be set to zero in this case. (Section 5.2.5). The care-of nonce index SHOULD be set to zero in
In keeping with the Binding Update creation rules below, the care-of this case. In keeping with the Binding Update creation rules below,
address MUST be set to the home address if the mobile node is at the care-of address MUST be set to the home address if the mobile
home, or to the current care-of address if it is away from home. node is at home, or to the current care-of address if it is away from
home.
If the mobile node wants to ensure that its new care-of address has If the mobile node wants to ensure that its new care-of address has
been entered into a correspondent node's Binding Cache, the mobile been entered into a correspondent node's Binding Cache, the mobile
node MAY request an acknowledgement by setting the Acknowledge (A) node MAY request an acknowledgement by setting the Acknowledge (A)
bit in the Binding Update. In this case, however, the mobile node bit in the Binding Update. In this case, however, the mobile node
SHOULD NOT continue to retransmit the Binding Update once the SHOULD NOT continue to retransmit the Binding Update once the
retransmission timeout period has reached MAX_BINDACK_TIMEOUT. retransmission timeout period has reached MAX_BINDACK_TIMEOUT.
The mobile node SHOULD create a Binding Update as follows: A Binding Update is created as follows:
o The Source Address of the IPv6 header MUST contain the current o The Source Address of the IPv6 header MUST contain the current
care-of address of the mobile node. care-of address of the mobile node.
o The Destination Address of the IPv6 header MUST contain the o The Destination Address of the IPv6 header MUST contain the
address of the correspondent node. address of the correspondent node.
o The Mobility Header is constructed according to rules in Section o The Mobility Header is constructed according to rules in Section
6.1.7 and Section 5.2.6, including the Binding Authorization Data 6.1.7 and Section 5.2.6, including the Binding Authorization Data
(calculated as defined in Section 6.2.7) and possibly the Nonce (calculated as defined in Section 6.2.7) and possibly the Nonce
Indices mobility options. Indices mobility options.
o The home address of the mobile node MUST be added to the packet in o The home address of the mobile node MUST be added to the packet in
a Home Address destination option, unless the Source Address is a Home Address destination option, unless the Source Address is
the home address. the home address.
Each Binding Update MUST a Sequence Number greater than the Sequence Each Binding Update MUST have a Sequence Number greater than the
Number value sent in the previous Binding Update to the same Sequence Number value sent in the previous Binding Update to the same
destination address (if any). The sequence numbers are compared destination address (if any). The sequence numbers are compared
modulo 2**16, as described in Section 9.5.1. There is no modulo 2**16, as described in Section 9.5.1. There is no
requirement, however, that the Sequence Number value strictly requirement, however, that the Sequence Number value strictly
increase by 1 with each new Binding Update sent or received, as long increase by 1 with each new Binding Update sent or received, as long
as the value stays within the window. The last Sequence Number value as the value stays within the window. The last Sequence Number value
sent to a destination in a Binding Update is stored by the mobile sent to a destination in a Binding Update is stored by the mobile
node in its Binding Update List entry for that destination. If the node in its Binding Update List entry for that destination. If the
sending mobile node has no Binding Update List entry, the Sequence sending mobile node has no Binding Update List entry, the Sequence
Number SHOULD start at a random value. The mobile node MUST NOT use Number SHOULD start at a random value. The mobile node MUST NOT use
the same Sequence Number in two different Binding Updates to the same the same Sequence Number in two different Binding Updates to the same
skipping to change at page 136, line 32 skipping to change at page 136, line 9
step is to correctly manage the mobile node's view of the step is to correctly manage the mobile node's view of the
binding's remaining lifetime (as maintained in the corresponding binding's remaining lifetime (as maintained in the corresponding
Binding Update List entry) so that it correctly counts down from Binding Update List entry) so that it correctly counts down from
the Lifetime value given in the Binding Acknowledgement, but with the Lifetime value given in the Binding Acknowledgement, but with
the timer countdown beginning at the time that the Binding Update the timer countdown beginning at the time that the Binding Update
was sent. Mobile nodes SHOULD send a new Binding Update well was sent. Mobile nodes SHOULD send a new Binding Update well
before the expiration of this period in order to extend the before the expiration of this period in order to extend the
lifetime. This helps to avoid disruptions in communications, lifetime. This helps to avoid disruptions in communications,
which might otherwise be caused by network delays or clock drift. which might otherwise be caused by network delays or clock drift.
o Additionally, if the Status field value is 1 (Accepted but prefix
discovery necessary), the mobile node SHOULD send a Mobile Prefix
Solitation message to update its information about the available
prefixes.
o If the Status field indicates that the Binding Update was rejected o If the Status field indicates that the Binding Update was rejected
(the Status field is greater than or equal to 128), then the (the Status field is greater than or equal to 128), then the
mobile node SHOULD record in its Binding Update List that future mobile node SHOULD record in its Binding Update List that future
Binding Updates SHOULD NOT be sent to this destination. Binding Updates SHOULD NOT be sent to this destination.
Optionally, the mobile node MAY then take steps to correct the Optionally, the mobile node MAY then take steps to correct the
cause of the error and retransmit the Binding Update (with a new cause of the error and retransmit the Binding Update (with a new
Sequence Number value), subject to the rate limiting restriction Sequence Number value), subject to the rate limiting restriction
specified in Section 11.8. specified in Section 11.8.
skipping to change at page 137, line 18 skipping to change at page 136, line 47
If this bit is set, the mobile node SHOULD move its own endpoint in If this bit is set, the mobile node SHOULD move its own endpoint in
the key management protocol connections to the home agent, if any. the key management protocol connections to the home agent, if any.
The mobile node's new endpoint should be the new care-of address. The mobile node's new endpoint should be the new care-of address.
For an IKE phase 1 connection, this means packets sent to this For an IKE phase 1 connection, this means packets sent to this
address with the original ISAKMP cookies are accepted. address with the original ISAKMP cookies are accepted.
11.7.4 Receiving Binding Refresh Requests 11.7.4 Receiving Binding Refresh Requests
When a mobile node receives a packet containing a Binding Refresh When a mobile node receives a packet containing a Binding Refresh
Request message and there already exists a Binding Update List entry Request message, the mobile node has a Binding Update List entry for
for the source of the Binding Refresh Request, it SHOULD start a the source of the Binding Refresh Request, and the mobile node wants
return routability procedure. The mobile node MAY also choose to to retain its binding cache entry at the correspondent node, then the
ignore the Binding Refresh Request. Also, the mobile node can at any mobile node should start a return routability procedure. If the
time delete its binding from a correspondent node. mobile node wants to have its binding cache entry removed it can
either ignore the Binding Refresh Request and wait for the binding to
time out, or it can at any time delete its binding from a
correspondent node with an explicit binding update with zero lifetime
and the care-of address set to the home address. If the mobile node
does not know if it needs the binding cache entry, it can make the
decision in an implementation dependent manner, such as based on
available resources.
Note that the mobile node SHOULD NOT respond to Binding Refresh Note that the mobile node should be careful to not respond to Binding
Requests from previously unknown correspondent nodes due to Refresh Requests for addresses not in the Binding Update List to
Denial-of-Service concerns. avoid being subjected to a denial of service attack.
If the return routability procedure completes successfully, a Binding If the return routability procedure completes successfully, a Binding
Update message SHOULD be sent as described in Section 11.7.2. The Update message SHOULD be sent as described in Section 11.7.2. The
Lifetime field in this Binding Update SHOULD be set to a new Lifetime field in this Binding Update SHOULD be set to a new
lifetime, extending any current lifetime remaining from a previous lifetime, extending any current lifetime remaining from a previous
Binding Update sent to this node (as indicated in any existing Binding Update sent to this node (as indicated in any existing
Binding Update List entry for this node), and lifetime SHOULD again Binding Update List entry for this node), and lifetime SHOULD again
be less than or equal to the remaining lifetime of the home be less than or equal to the remaining lifetime of the home
registration and the care-of address specified for the binding. When registration and the care-of address specified for the binding. When
sending this Binding Update, the mobile node MUST update its Binding sending this Binding Update, the mobile node MUST update its Binding
skipping to change at page 139, line 12 skipping to change at page 139, line 12
Update. Retransmitted Home Test Init and Care-of Test Init messages Update. Retransmitted Home Test Init and Care-of Test Init messages
MUST use new cookie values. MUST use new cookie values.
12. Protocol Constants 12. Protocol Constants
DHAAD_RETRIES 4 retransmissions DHAAD_RETRIES 4 retransmissions
INITIAL_BINDACK_TIMEOUT 1 second INITIAL_BINDACK_TIMEOUT 1 second
INITIAL_DHAAD_TIMEOUT 3 seconds INITIAL_DHAAD_TIMEOUT 3 seconds
INITIAL_SOLICIT_TIMER 3 seconds INITIAL_SOLICIT_TIMER 3 seconds
MAX_BINDACK_TIMEOUT 32 seconds MAX_BINDACK_TIMEOUT 32 seconds
MAX_NONCE_LIFE 240 seconds MAX_NONCE_LIFETIME 240 seconds
MAX_TOKEN_LIFE 210 seconds MAX_TOKEN_LIFETIME 210 seconds
MAX_RR_BINDING_LIFE 420 seconds MAX_RR_BINDING_LIFETIME 420 seconds
MAX_UPDATE_RATE 3 times MAX_UPDATE_RATE 3 times
PREFIX_ADV_RETRIES 3 retransmissions PREFIX_ADV_RETRIES 3 retransmissions
PREFIX_ADV_TIMEOUT 3 seconds PREFIX_ADV_TIMEOUT 3 seconds
13. Protocol Configuration Variables 13. Protocol Configuration Variables
HomeRtrAdvInterval Default: 3,600 seconds
MaxMobPfxAdvInterval Default: 86,400 seconds MaxMobPfxAdvInterval Default: 86,400 seconds
MinDelayBetweenRAs Default: 3 seconds, MinDelayBetweenRAs Default: 3 seconds,
Min: 0.03 seconds Min: 0.03 seconds
MinMobPfxAdvInterval Default: 600 seconds MinMobPfxAdvInterval Default: 600 seconds
InitialBindackTimeoutFirstReg Default: 1.5 seconds InitialBindackTimeoutFirstReg Default: 1.5 seconds
Home agents MUST allow the first four variables to be configured by Home agents MUST allow the first three variables to be configured by
system management, and mobile nodes MUST allow the last variable to system management, and mobile nodes MUST allow the last variable to
be configured by system management. be configured by system management.
The default value for InitialBindackTimeoutFirstReg has been The default value for InitialBindackTimeoutFirstReg has been
calculated as 1.5 times the default value of RetransTimer [12] times calculated as 1.5 times the default value of RetransTimer [12] times
the default value of DupAddrDetectTransmits [13]. the default value of DupAddrDetectTransmits [13].
The value MinDelayBetweenRAs overrides the value of the protocol The value MinDelayBetweenRAs overrides the value of the protocol
constant MIN_DELAY_BETWEEN_RAS, as specified in RFC 2461 [12]. This constant MIN_DELAY_BETWEEN_RAS, as specified in RFC 2461 [12]. This
variable SHOULD be set to MinRtrAdvInterval, if MinRtrAdvInterval is variable SHOULD be set to MinRtrAdvInterval, if MinRtrAdvInterval is
skipping to change at page 143, line 51 skipping to change at page 143, line 51
correspondent node might be a site that will send a high-bandwidth correspondent node might be a site that will send a high-bandwidth
stream of video to anyone who asks for it. Note that the use of stream of video to anyone who asks for it. Note that the use of
flow-control protocols such as TCP does not necessarily defend flow-control protocols such as TCP does not necessarily defend
against this type of attack, because the attacker can fake the against this type of attack, because the attacker can fake the
acknowledgements. Even keeping TCP initial sequence numbers acknowledgements. Even keeping TCP initial sequence numbers
secret doesn't help, because the attacker can receive the first secret doesn't help, because the attacker can receive the first
few segments (including the ISN) at its own address, and only then few segments (including the ISN) at its own address, and only then
redirect the stream to the victim's address. These types of redirect the stream to the victim's address. These types of
attacks may also be directed to networks instead of nodes. attacks may also be directed to networks instead of nodes.
Further variations of this threat are described elsewhere Further variations of this threat are described elsewhere
[28, 33]. An attacker might also attempt to disrupt a mobile [27, 32]. An attacker might also attempt to disrupt a mobile
node's communications by replaying a Binding Update that the node node's communications by replaying a Binding Update that the node
had sent earlier. If the old Binding Update was accepted, packets had sent earlier. If the old Binding Update was accepted, packets
destined for the mobile node would be sent to its old location and destined for the mobile node would be sent to its old location and
not its current location. In conclusion, there are not its current location. In conclusion, there are
Denial-of-Service, Man-in-the-Middle, Confidentiality, and Denial-of-Service, Man-in-the-Middle, Confidentiality, and
Impersonation threats against the parties involved in sending Impersonation threats against the parties involved in sending
legitimate Binding Updates, and Denial-of-Service threats against legitimate Binding Updates, and Denial-of-Service threats against
any other party. any other party.
o Threats associated with payload packets: Payload packets exchanged o Threats associated with payload packets: Payload packets exchanged
skipping to change at page 144, line 25 skipping to change at page 144, line 25
destination option, a new routing header type (type 2), and uses destination option, a new routing header type (type 2), and uses
tunneling headers in the payload packets. The protocol must tunneling headers in the payload packets. The protocol must
protect against potential new threats involving the use of these protect against potential new threats involving the use of these
mechanisms. mechanisms.
Third parties become exposed to a reflection threat via the Home Third parties become exposed to a reflection threat via the Home
Address destination option, unless appropriate security Address destination option, unless appropriate security
precautions are followed. The Home Address destination option precautions are followed. The Home Address destination option
could be used to direct response traffic toward a node whose IP could be used to direct response traffic toward a node whose IP
address appears in the option. In this case, ingress filtering address appears in the option. In this case, ingress filtering
would not catch the forged "return address" [34, 31]. A similar would not catch the forged "return address" [34, 30]. A similar
threat exists with the tunnels between the mobile node and the threat exists with the tunnels between the mobile node and the
home agent. An attacker might forge tunnel packets between the home agent. An attacker might forge tunnel packets between the
mobile node and the home agent, making it appear that the traffic mobile node and the home agent, making it appear that the traffic
is coming from the mobile node when it is not. Note that an is coming from the mobile node when it is not. Note that an
attacker who is able to forge tunnel packets would typically be attacker who is able to forge tunnel packets would typically be
able forge also packets that appear to come directly from the able forge also packets that appear to come directly from the
mobile node. This is not a new threat as such. However, it may mobile node. This is not a new threat as such. However, it may
make it easier for attackers to escape detection by avoiding make it easier for attackers to escape detection by avoiding
ingress filtering and packet tracing mechanisms. Furthermore, ingress filtering and packet tracing mechanisms. Furthermore,
spoofed tunnel packets might be used to gain access to the home spoofed tunnel packets might be used to gain access to the home
skipping to change at page 148, line 28 skipping to change at page 148, line 28
link where no link-layer confidentiality is available. link where no link-layer confidentiality is available.
The resulting level of security is in theory the same even without The resulting level of security is in theory the same even without
this additional protection: the return routability tokens are this additional protection: the return routability tokens are
still exposed only to one path within the whole Internet. still exposed only to one path within the whole Internet.
However, the mobile nodes are often found on an insecure link, However, the mobile nodes are often found on an insecure link,
such as a public access Wireless LAN. Thus this addition makes a such as a public access Wireless LAN. Thus this addition makes a
practical difference in many cases. practical difference in many cases.
For further information about the design rationale of the return For further information about the design rationale of the return
routability procedure, see [28, 33, 32, 31]. The used mechanisms routability procedure, see [27, 32, 31, 30]. The used mechanisms
have been adopted from these documents. have been adopted from these documents.
15.4.2 Achieved Security Properties 15.4.2 Achieved Security Properties
The return routability procedure protects Binding Updates against all The return routability procedure protects Binding Updates against all
attackers who are unable to monitor the path between the home agent attackers who are unable to monitor the path between the home agent
and the correspondent node. The procedure does not defend against and the correspondent node. The procedure does not defend against
attackers who can monitor this path. Note that such attackers are in attackers who can monitor this path. Note that such attackers are in
any case able to mount an active attack against the mobile node when any case able to mount an active attack against the mobile node when
it is at its home location. The possibility of such attacks is not it is at its home location. The possibility of such attacks is not
an impediment to the deployment of Mobile IPv6, because these attacks an impediment to the deployment of Mobile IPv6, because these attacks
are possible regardless of whether Mobile IPv6 is in use. are possible regardless of whether Mobile IPv6 is in use.
This procedure also protects against Denial-of-Service attacks in This procedure also protects against Denial-of-Service attacks in
which the attacker pretends to be a mobile, but uses the victim's which the attacker pretends to be a mobile, but uses the victim's
address as the care of address. This would cause the correspondent address as the care-of address. This would cause the correspondent
node to send the victim some unexpected traffic. The procedure node to send the victim some unexpected traffic. The procedure
defends against these attacks by requiring at least passive presence defends against these attacks by requiring at least passive presence
of the attacker at the care-of address or on the path from the of the attacker at the care-of address or on the path from the
correspondent to the care of address. Normally, this will be the correspondent to the care-of address. Normally, this will be the
mobile node. mobile node.
The Binding Acknowledgement is not authenticated in other ways than
including the right sequence number in the reply.
15.4.3 Comparison to Regular IPv6 Communications 15.4.3 Comparison to Regular IPv6 Communications
This section discusses the protection offered by the return This section discusses the protection offered by the return
routability method by comparing it to the security of regular IPv6 routability method by comparing it to the security of regular IPv6
communications. We will divide vulnerabilities in three classes: (1) communications. We will divide vulnerabilities in three classes: (1)
those related to attackers on the local network of the mobile node, those related to attackers on the local network of the mobile node,
home agent, or the correspondent node, (2) those related to attackers home agent, or the correspondent node, (2) those related to attackers
on the path between the home network and the correspondent node, and on the path between the home network and the correspondent node, and
(3) off-path attackers, i.e. the rest of the Internet. (3) off-path attackers, i.e. the rest of the Internet.
skipping to change at page 150, line 7 skipping to change at page 150, line 5
known. This makes this attack feasible mainly in the context of known. This makes this attack feasible mainly in the context of
well-known interface IDs, such as those already appearing in the well-known interface IDs, such as those already appearing in the
traffic on the link or registered in the DNS. traffic on the link or registered in the DNS.
On-path attackers can exploit similar vulnerabilities as in regular On-path attackers can exploit similar vulnerabilities as in regular
IPv6. There are some minor differences, however. Masquerade, IPv6. There are some minor differences, however. Masquerade,
Man-in-the-Middle, and Denial-of-Service attacks can be launched with Man-in-the-Middle, and Denial-of-Service attacks can be launched with
just the interception of a few packets, whereas in regular IPv6 it is just the interception of a few packets, whereas in regular IPv6 it is
necessary to intercept every packet. The effect of the attacks is necessary to intercept every packet. The effect of the attacks is
the same regardless of the method, however. In any case, the most the same regardless of the method, however. In any case, the most
difficult task attacker faces in these attacks is getting to the difficult task attacker faces in these attacks is getting on the
right path. right path.
The vulnerabilities for off-path attackers are the same as in regular The vulnerabilities for off-path attackers are the same as in regular
IPv6. Those nodes that are not on the path between the home agent IPv6. Those nodes that are not on the path between the home agent
and the correspondent node will not be able to receive the probe and the correspondent node will not be able to receive the home
messages. address probe messages.
In conclusion, we can state the following main results from this In conclusion, we can state the following main results from this
comparison: comparison:
o Return routability procedure prevents any off-path attacks beyond o Return routability procedure prevents any off-path attacks beyond
those that are already possible in regular IPv6. This is the most those that are already possible in regular IPv6. This is the most
important result, and prevents attackers from the Internet from important result, and prevents attackers from the Internet from
exploiting any vulnerabilities. exploiting any vulnerabilities.
o Vulnerabilities to attackers on the home agent link, the o Vulnerabilities to attackers on the home agent link, the
correspondent node link, and the path between them are roughly the correspondent node link, and the path between them are roughly the
same as in regular IPv6. same as in regular IPv6.
o However, one difference is that in basic IPv6 an on-path attacker o However, one difference is that in basic IPv6 an on-path attacker
must be constantly present on the link or the path, whereas with must be constantly present on the link or the path, whereas with
Mobile IPv6 an attacker can leave a binding behind after moving Mobile IPv6 an attacker can leave a binding behind after moving
away. away.
For this reason, this specification limits the creation of For this reason, this specification limits the creation of
bindings to at most MAX_TOKEN_LIFE seconds after the last bindings to at most MAX_TOKEN_LIFETIME seconds after the last
routability check has been performed, and limits the duration of a routability check has been performed, and limits the duration of a
binding to at most MAX_RR_BINDING_LIFE seconds. With these binding to at most MAX_RR_BINDING_LIFETIME seconds. With these
limitation, attackers cannot take practical advantages of this limitation, attackers cannot take practical advantages of this
vulnerability. This limited vulnerability can also be compared to vulnerability. This limited vulnerability can also be compared to
similar vulnerabilities in IPv6 Neighbor Discovery, with Neighbor similar vulnerabilities in IPv6 Neighbor Discovery, with Neighbor
Cache entries having a limited lifetime. Cache entries having a limited lifetime.
o There are some other minor differences, such as an effect to the o There are some other minor differences, such as an effect to the
Denial-of-Service vulnerabilities. These can be considered to be Denial-of-Service vulnerabilities. These can be considered to be
insignificant. insignificant.
o The path between the home agent and a correspondent node is o The path between the home agent and a correspondent node is
typically easiest to attack on the links at either end, in typically easiest to attack on the links at either end, in
particular if these links are publicly accessible wireless LANs. particular if these links are publicly accessible wireless LANs.
Attacks against the routers or switches on the path are typically Attacks against the routers or switches on the path are typically
harder to accomplish. The security on layer 2 of the links plays harder to accomplish. The security on layer 2 of the links plays
then a major role in the resulting overall network security. then a major role in the resulting overall network security.
Similarly, security of IPv6 Neighbor and Router Discovery on these Similarly, security of IPv6 Neighbor and Router Discovery on these
links has a large impact. If these were secured using some new links has a large impact. If these were secured using some new
technology in the future, this could change the situation technology in the future, this could change the situation
regarding the easiest point of attack. regarding the easiest point of attack.
For a more in-depth discussion of these issues, see [31]. For a more in-depth discussion of these issues, see [30].
15.4.4 Return Routability Replays 15.4.4 Replay Attacks
The return routability procedure also protects the participants The return routability procedure also protects the participants
against replayed Binding Updates. The attacker is unable replay the against replayed Binding Updates. The attacker is unable replay the
same message due to the sequence number which is a part of the same message due to the sequence number which is a part of the
Binding Update. It is also unable to modify the Binding Update since Binding Update. It is also unable to modify the Binding Update since
the MAC would not verify after such modification. the MAC verification would fail after such a modification.
Care must be taken when removing bindings at the correspondent node, Care must be taken when removing bindings at the correspondent node,
however. If a binding is removed while the nonce used in its however. If a binding is removed while the nonce used in its
creation is still valid, an attacker could replay the old Binding creation is still valid, an attacker could replay the old Binding
Update. Rules outlined in Section 5.2.8 ensure that this cannot Update. Rules outlined in Section 5.2.8 ensure that this cannot
happen. happen.
15.4.5 Return Routability Denial-of-Service 15.4.5 Denial-of-Service Attacks
The return routability procedure has protection against resource The return routability procedure has protection against resource
exhaustion Denial-of-Service attacks. The correspondent nodes do not exhaustion Denial-of-Service attacks. The correspondent nodes do not
retain any state about individual mobile nodes until an authentic retain any state about individual mobile nodes until an authentic
Binding Update arrives. This is achieved through the construct of Binding Update arrives. This is achieved through the construct of
keygen tokens from the nonces and node keys that are not specific to keygen tokens from the nonces and node keys that are not specific to
individual mobile nodes. The keygen tokens can be reconstructed by individual mobile nodes. The keygen tokens can be reconstructed by
the correspondent node, based on the home and care-of address the correspondent node, based on the home and care-of address
information that arrives with the Binding Update. This means that information that arrives with the Binding Update. This means that
the correspondent nodes are safe against memory exhaustion attacks the correspondent nodes are safe against memory exhaustion attacks
except where on-path attackers are concerned. Due to the use of except where on-path attackers are concerned. Due to the use of
symmetric cryptography, the correspondent nodes are relatively safe symmetric cryptography, the correspondent nodes are relatively safe
against CPU resource exhaustion attacks as well. against CPU resource exhaustion attacks as well.
Nevertheless, as [28] describes, there are situations in which it is Nevertheless, as [27] describes, there are situations in which it is
impossible for the mobile and correspondent nodes to determine if impossible for the mobile and correspondent nodes to determine if
they actually need a binding or whether they just have been fooled they actually need a binding or whether they just have been fooled
into believing so by an attacker. Therefore, it is necessary to into believing so by an attacker. Therefore, it is necessary to
consider situations where such attacks are being made. consider situations where such attacks are being made.
Even if route optimization is a very important optimization, it is Even if route optimization is a very important optimization, it is
still only an optimization. A mobile node can communicate with a still only an optimization. A mobile node can communicate with a
correspondent node even if the correspondent refuses to accept any correspondent node even if the correspondent refuses to accept any
Binding Updates. However, performance will suffer because packets Binding Updates. However, performance will suffer because packets
from the correspondent node to the mobile node will be routed via the from the correspondent node to the mobile node will be routed via the
skipping to change at page 152, line 23 skipping to change at page 152, line 21
if there is a need to establish a binding with a specific peer. For if there is a need to establish a binding with a specific peer. For
example, TCP knows if the node has a queue of data that it is trying example, TCP knows if the node has a queue of data that it is trying
to send to a peer. An implementation of this specification is not to send to a peer. An implementation of this specification is not
required to make use of information from higher protocol layers, but required to make use of information from higher protocol layers, but
some implementations are likely to be able to manage resources more some implementations are likely to be able to manage resources more
effectively by making use of such information. effectively by making use of such information.
We also require that all implementations be capable of We also require that all implementations be capable of
administratively disabling route optimization. administratively disabling route optimization.
15.4.6 Key Lengths
While the return routability procedure is in progress, 64 bit cookies
are used to protect spoofed responses. This is believed to be
sufficient, given that to blindly spoof a response a very large
number of messages would have to be sent before success would be
probable.
The tokens used in the return routability procedure provide together
128 bits of information. This information is used internally as an
input to a hash function to produce a 160 bit quantity suitable for
producing the keyed hash in the Binding Update using the HMAC_SHA1
algorithm. The final keyed hash length is 96 bits. The limiting
factors in this case are the input token lengths and the final keyed
hash length. The internal hash function application does not reduce
the entropy.
The 96 bit final keyed hash is of typical size and believed to be
secure. The 128 bit input from the tokens is broken in two pieces,
the home keygen token and the care-of keygen token. An attacker can
try to guess the right cookie value, but again this would require a
large number of messages, in the average 2**63 messages for one or
2**127 for two. Furthermore, given that the cookies are valid only
for a short period of time, the attack has to keep a high constant
message rate to achieve a lasting effect. This does not appear
practical.
When the mobile node is returning home, it is allowed to use just the
home keygen token of 64 bits. This is less than 128 bits, but
attacking it blindly would still require a large number of messages
to be sent. If the attacker is on the path and capable of seeing the
Binding Update, it could conceivably break the keyed hash with brute
force. However, in this case the attacker has to be on path, which
appears to offer easier ways for denial-of-service than preventing
route optimization.
15.5 Dynamic Home Agent Address Discovery 15.5 Dynamic Home Agent Address Discovery
The dynamic home agent address discovery function could be used to The dynamic home agent address discovery function could be used to
learn the addresses of home agents in the home network. Attackers learn the addresses of home agents in the home network.
will not be able to learn much from this information, however, and
mobile nodes cannot be tricked into using wrong home agents as all The ability to learn addresses of nodes may be useful to attackers,
other communication with the home agents is secure. because brute-force scanning of the address space is not practical
with IPv6. Thus, they could benefit from any means which make
mapping the networks easier. For example, if a security threat
targeted at routers or even home agents is discovered, having a
simple ICMP mechanism to find out possible targets easily may prove
to be an additional (though minor) security risk.
Apart from discovering the address(es) of home agents, attackers will
not be able to learn much from this information, however, and mobile
nodes cannot be tricked into using wrong home agents as all other
communication with the home agents is secure.
15.6 Prefix Discovery 15.6 Prefix Discovery
The prefix discovery function may leak interesting information about The prefix discovery function may leak interesting information about
network topology and prefix lifetimes to eavesdroppers, and for this network topology and prefix lifetimes to eavesdroppers, and for this
reason requests for this information have to be authenticated. reason requests for this information have to be authenticated.
Responses and unsolicited prefix information needs to be Responses and unsolicited prefix information needs to be
authenticated to prevent the mobile nodes from being tricked into authenticated to prevent the mobile nodes from being tricked into
believing false information about the prefixes, and possibly believing false information about the prefixes, and possibly
preventing communications with the existing addresses. Optionally, preventing communications with the existing addresses. Optionally,
skipping to change at page 153, line 28 skipping to change at page 154, line 24
to send site local traffic from another location. Administrators to send site local traffic from another location. Administrators
should be aware of this when allowing such home addresses. In should be aware of this when allowing such home addresses. In
particular, the outer IP address check described above is not particular, the outer IP address check described above is not
sufficient against all attackers. The use of encrypted tunnels is sufficient against all attackers. The use of encrypted tunnels is
particularly useful for this kind of home addresses. particularly useful for this kind of home addresses.
15.8 Home Address Option 15.8 Home Address Option
When the mobile node sends packets directly to the correspondent When the mobile node sends packets directly to the correspondent
node, the Source Address field of the packet's IPv6 header is the node, the Source Address field of the packet's IPv6 header is the
care-of address. Ingress filtering [27] works therefore in the usual care-of address. Ingress filtering [26] works therefore in the usual
manner even for mobile nodes, as the Source Address is topologically manner even for mobile nodes, as the Source Address is topologically
correct. The Home Address option is used to inform the correspondent correct. The Home Address option is used to inform the correspondent
node of the mobile node's home address. node of the mobile node's home address.
However, the care-of address in the Source Address field does not However, the care-of address in the Source Address field does not
survive in replies sent by the correspondent node unless it has a survive in replies sent by the correspondent node unless it has a
binding for this mobile node. Also, not all attacker tracing binding for this mobile node. Also, not all attacker tracing
mechanisms work when packets are being reflected through mechanisms work when packets are being reflected through
correspondent nodes using the Home Address option. For these correspondent nodes using the Home Address option. For these
reasons, this specification restricts the use of the Home Address reasons, this specification restricts the use of the Home Address
skipping to change at page 155, line 7 skipping to change at page 156, line 7
addresses are the same. addresses are the same.
This implies that a device which implements filtering of packets This implies that a device which implements filtering of packets
should be able to distinguish between a type 2 routing header and should be able to distinguish between a type 2 routing header and
other routing headers, as required in Section 8.3. This is necessary other routing headers, as required in Section 8.3. This is necessary
in order to allow Mobile IPv6 traffic while still having the option in order to allow Mobile IPv6 traffic while still having the option
to filter out other uses of routing headers. to filter out other uses of routing headers.
16. Contributors 16. Contributors
Tuomas Aura, Mike Roe, Greg O'Shea (Microsoft Research, Cambdridge), Tuomas Aura, Mike Roe, Greg O'Shea, Pekka Nikander, Erik Nordmark,
Pekka Nikander (Ericsson), Erik Nordmark (Sun Microsystems), and and Michael Thomas worked on the return routability protocols which
Michael Thomas (Cisco) worked on the return routability protocols eventually led to the procedures used in this protocol. The
which eventually led to the procedures used in this protocol. The procedures described in [32] were adopted in the protocol.
procedures described in [33] were adopted in the protocol.
Significant contributions were made by members of the Mobile IPv6 Significant contributions were made by members of the Mobile IPv6
Security Design Team, including (in alphabetical order) Gabriel Security Design Team, including (in alphabetical order) Gabriel
Montenegro, Erik Nordmark (Sun Microsystems) and Pekka Nikander Montenegro, Erik Nordmark and Pekka Nikander, who have contributed
(Ericsson), who have contributed volumes of text to this volumes of text to this specification.
specification.
17. Acknowledgements 17. Acknowledgements
We would like to thank the members of the Mobile IP and IPng Working We would like to thank the members of the Mobile IP and IPng Working
Groups for their comments and suggestions on this work. We would Groups for their comments and suggestions on this work. We would
particularly like to thank (in alphabetical order) Fred Baker particularly like to thank (in alphabetical order) Fred Baker, Josh
(Cisco), Josh Broch (Carnegie Mellon University), Samita Chakrabarti Broch, Samita Chakrabarti, Robert Chalmers, Noel Chiappa, Greg Daley,
(Sun Microsystems), Robert Chalmers (University of California, Santa Vijay Devarapalli, Rich Draves, Francis Dupont, Thomas Eklund,
Barbara), Noel Chiappa (MIT), Greg Daley (Monash University), Vijay Jun-Ichiro Itojun Hagino, Brian Haley, Marc Hasson, John Ioannidis,
Devarapalli (Nokia Research Center), Rich Draves (Microsoft James Kempf, Rajeev Koodli, Krishna Kumar, T.J. Kniveton, Joe Lau,
Research), Francis Dupont (ENST Bretagne), Thomas Eklund (Xelerated), Jiwoong Lee, Aime Le Rouzic, Vesa-Matti Mantyla, Kevin Miles, Glenn
Jun-Ichiro Itojun Hagino (IIJ Research Laboratory), Brian Haley Morrow, Thomas Narten, Karen Nielsen, Simon Nybroe, David Oran, Brett
(Compaq), Marc Hasson (Mentat), John Ioannidis (AT & T Labs Pentland, Lars Henrik Petander, Basavaraj Patil, Mohan Parthasarathy,
Research), James Kempf (DoCoMo), Rajeev Koodli (Nokia), Krishna Kumar Alexandru Petrescu, Mattias Petterson, Ken Powell, Phil Roberts, Ed
(IBM Research), T.J. Kniveton (Nokia Research), Joe Lau (HP), Remmell, Patrice Romand, Jeff Schiller, Pekka Savola, Arvind
Jiwoong Lee (KTF), Aime Le Rouzic (Bull S.A.), Vesa-Matti Mantyla Sevalkar, Keiichi Shima, Tom Soderlund, Hesham Soliman, Jim Solomon,
(Ericsson), Kevin Miles (Cisco), Glenn Morrow (Nortel Networks), Tapio Suihko, Dave Thaler, Benny Van Houdt, Jon-Olov Vatn, Carl E.
Thomas Narten (IBM), Karen Nielsen (Ericsson Telebit), Simon Nybroe Williams, Vladislav Yasevich, Alper Yegin, and Xinhua Zhao, for their
(Ericsson Telebit), David Oran (Cisco), Brett Pentland (Monash detailed reviews of earlier versions of this document. Their
University), Lars Henrik Petander (HUT), Basavaraj Patil (Nokia), suggestions have helped to improve both the design and presentation
Mohan Parthasarathy (Tahoe Networks), Alexandru Petrescu (Motorola), of the protocol.
Mattias Petterson (Ericsson), Ken Powell (HP), Phil Roberts
(Megisto), Patrice Romand (Bull S.A.), Jeff Schiller (MIT), Pekka
Savola (Netcore), Arvind Sevalkar (Intinfotech), Keiichi Shima (IIJ
Research Laboratory), Tom Soderlund (Nokia Research), Hesham Soliman
(Ericsson), Jim Solomon (RedBack Networks), Tapio Suihko (Technical
Research Center of Finland), Dave Thaler (Microsoft), Benny Van Houdt
(University of Antwerp), Jon-Olov Vatn (KTH), Carl E. Williams (MCSR
Laboratories), Vladislav Yasevich (HP), Alper Yegin (DoCoMo), and
Xinhua Zhao (Stanford University) for their detailed reviews of
earlier versions of this document. Their suggestions have helped to
improve both the design and presentation of the protocol.
We would also like to thank the participants in the Mobile IPv6 We would also like to thank the participants in the Mobile IPv6
testing event held at Nancy, France, September 15-17, 1999, for their testing event held at Nancy, France, September 15-17, 1999, for their
valuable feedback as a result of interoperability testing of four valuable feedback as a result of interoperability testing of four
Mobile IPv6 implementations coming from four different organizations: Mobile IPv6 implementations. Further, we would like to thank the
Bull, Ericsson Research and Ericsson Telebit, NEC, and INRIA. feedback from the implementors who participated in the Mobile IPv6
Further, we would like to thank the feedback from the implementors interoperability testing at Connectathons 2000, 2001, and 2002 in San
who participated in the Mobile IPv6 interoperability testing at Jose, California. Similarly, we would like to thank the participants
Connectathons 2000, 2001, and 2002 in San Jose, California. at the ETSI interoperability testing at ETSI, in Sophia Antipolis,
Similarly, we would like to thank the participants at the ETSI France, during October 2-6, 2000.
interoperability testing at ETSI, in Sophia Antipolis, France, during
October 2-6, 2000, including teams from Compaq, Ericsson, INRIA,
Nokia, and Technical University of Helsinki.
Normative References Normative References
[1] Eastlake, D., Crocker, S. and J. Schiller, "Randomness [1] Eastlake, D., Crocker, S. and J. Schiller, "Randomness
Recommendations for Security", RFC 1750, December 1994. Recommendations for Security", RFC 1750, December 1994.
[2] Bradner, S., "Key words for use in RFCs to Indicate Requirement [2] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, March 1997. Levels", BCP 14, RFC 2119, March 1997.
[3] Hinden, R. and S. Deering, "IP Version 6 Addressing [3] Hinden, R. and S. Deering, "IP Version 6 Addressing
skipping to change at page 158, line 24 skipping to change at page 159, line 24
[19] Reynolds, J., "Assigned Numbers: RFC 1700 is Replaced by an [19] Reynolds, J., "Assigned Numbers: RFC 1700 is Replaced by an
On-line Database", RFC 3232, January 2002. On-line Database", RFC 3232, January 2002.
[20] National Institute of Standards and Technology, "Secure Hash [20] National Institute of Standards and Technology, "Secure Hash
Standard", FIPS PUB 180-1, April 1995, <http:// Standard", FIPS PUB 180-1, April 1995, <http://
www.itl.nist.gov/fipspubs/fip180-1.htm>. www.itl.nist.gov/fipspubs/fip180-1.htm>.
[21] Arkko, J., Devarapalli, V. and F. Dupont, "Using IPsec to [21] Arkko, J., Devarapalli, V. and F. Dupont, "Using IPsec to
Protect Mobile IPv6 Signaling betweenMobile Nodes and Home Protect Mobile IPv6 Signaling betweenMobile Nodes and Home
Agents", draft-ietf-mobileip-mipv6-ha-ipsec-02 (work in Agents", draft-ietf-mobileip-mipv6-ha-ipsec-03 (work in
progress), January 2003. progress), February 2003.
Informative References Informative References
[22] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6) [22] Perkins, C., "IP Mobility Support", RFC 2002, October 1996.
Specification", RFC 1883, December 1995.
[23] Perkins, C., "IP Mobility Support", RFC 2002, October 1996.
[24] Perkins, C., "IP Encapsulation within IP", RFC 2003, October [23] Perkins, C., "IP Encapsulation within IP", RFC 2003, October
1996. 1996.
[25] Perkins, C., "Minimal Encapsulation within IP", RFC 2004, [24] Perkins, C., "Minimal Encapsulation within IP", RFC 2004,
October 1996. October 1996.
[26] Krawczyk, H., Bellare, M. and R. Canetti, "HMAC: Keyed-Hashing [25] Krawczyk, H., Bellare, M. and R. Canetti, "HMAC: Keyed-Hashing
for Message Authentication", RFC 2104, February 1997. for Message Authentication", RFC 2104, February 1997.
[27] Ferguson, P. and D. Senie, "Network Ingress Filtering: [26] Ferguson, P. and D. Senie, "Network Ingress Filtering:
Defeating Denial of Service Attacks which employ IP Source Defeating Denial of Service Attacks which employ IP Source
Address Spoofing", RFC 2267, January 1998. Address Spoofing", RFC 2267, January 1998.
[28] Aura, T. and J. Arkko, "MIPv6 BU Attacks and Defenses", [27] Aura, T. and J. Arkko, "MIPv6 BU Attacks and Defenses",
draft-aura-mipv6-bu-attacks-01 (work in progress), March 2002. draft-aura-mipv6-bu-attacks-01 (work in progress), March 2002.
[29] Droms, R., "Dynamic Host Configuration Protocol for IPv6 [28] Droms, R., "Dynamic Host Configuration Protocol for IPv6
(DHCPv6)", draft-ietf-dhc-dhcpv6-28 (work in progress), (DHCPv6)", draft-ietf-dhc-dhcpv6-28 (work in progress),
November 2002. November 2002.
[30] Draves, R., "Default Address Selection for IPv6", [29] Draves, R., "Default Address Selection for IPv6",
draft-ietf-ipv6-default-addr-select-09 (work in progress), draft-ietf-ipv6-default-addr-select-09 (work in progress),
August 2002. August 2002.
[31] Nikander, P., Nordmark, E., Montenegro, G. and J. Arkko, [30] Nikander, P., Nordmark, E., Montenegro, G. and J. Arkko,
"Mobile IPv6 Security Design Rationale", "Mobile IPv6 Security Design Rationale",
draft-nikander-mipv6-design-rationale-00.txt (work in draft-nikander-mipv6-design-rationale-00.txt (work in
progress), February 2003. progress), February 2003.
[32] Nordmark, E., "Securing MIPv6 BUs using return routability [31] Nordmark, E., "Securing MIPv6 BUs using return routability
(BU3WAY)", draft-nordmark-mobileip-bu3way-00 (work in (BU3WAY)", draft-nordmark-mobileip-bu3way-00 (work in
progress), November 2001. progress), November 2001.
[33] Roe, M., Aura, T., O'Shea, G. and J. Arkko, "Authentication of [32] Roe, M., Aura, T., O'Shea, G. and J. Arkko, "Authentication of
Mobile IPv6 Binding Updates and Acknowledgments", Mobile IPv6 Binding Updates and Acknowledgments",
draft-roe-mobileip-updateauth-02 (work in progress), March draft-roe-mobileip-updateauth-02 (work in progress), March
2002. 2002.
[33] Savola, P., "Use of /127 Prefix Length Between Routers
Considered Harmful", draft-savola-ipv6-127-prefixlen-04 (work
in progress), June 2002.
[34] Savola, P., "Security of IPv6 Routing Header and Home Address [34] Savola, P., "Security of IPv6 Routing Header and Home Address
Options", draft-savola-ipv6-rh-ha-security-03 (work in Options", draft-savola-ipv6-rh-ha-security-03 (work in
progress), December 2002. progress), December 2002.
[35] Vida, R. and L. Costa, "Multicast Listener Discovery Version 2 [35] Vida, R. and L. Costa, "Multicast Listener Discovery Version 2
(MLDv2) for IPv6", draft-vida-mld-v2-06 (work in progress), (MLDv2) for IPv6", draft-vida-mld-v2-06 (work in progress),
December 2002. December 2002.
Authors' Addresses Authors' Addresses
skipping to change at page 161, line 9 skipping to change at page 162, line 9
Ericsson Ericsson
Jorvas 02420 Jorvas 02420
Finland Finland
EMail: jari.arkko@ericsson.com EMail: jari.arkko@ericsson.com
Appendix A. Changes from Previous Version of the Draft Appendix A. Changes from Previous Version of the Draft
This appendix briefly lists some of the major changes in this draft This appendix briefly lists some of the major changes in this draft
relative to the previous version of this same draft, relative to the previous version of this same draft,
draft-ietf-mobileip-ipv6-19.txt: draft-ietf-mobileip-ipv6-20.txt:
o The validation of a Home Address destination option in the
presence of a Binding Update and IPsec encapsulation has been
specified (tracked issue 216).
o The requirements for the IKE phase 2 authorization check have been
made explicit (tracked issue 216).
o Additional rules have been provided on how to determine to which
address route optimization may be attempted when a tunnel packet
has been received (tracked issue 215).
o The Mobility Options field in several Mobility Header messages now
correctly allows zero options, where no mandatory options exist
and no mandatory padding is needed (tracked issue 214).
o The Binding Authorization Data mobility option no longer has an
alignment requirement (tracked issue 213).
o The rules regarding simultaneous presence of Routing header type 0
and type 2 have been clarified (tracked issue 211).
o The Single Address Only (S) bit has been removed (tracked issues
202 and 184). Consequently, the Link-local Address
Compatibility~(L) bit has moved.
o Rules regarding the sending Router Solicitations upon lower-layer
movement indications have been clarified (tracked issue 210).
o MAX_BINDACK_TIMEOUT has been set to 32 instead of 256 (tracked
issue 210).
o Binding Refresh Request processing when a Binding List entry o The lifetime of a binding on a correspondent is now limited to the
exists is now a SHOULD instead of a MAY (tracked issue 210). lifetime of the home registration, not the lifetime of the home
address (tracked issue 261).
o The Advertisement Interval and Link-Layer Address options are no o This specification no longer requires site-local forwarding to be
longer included in Mobile Prefix Advertisement messages (tracked configurable (tracked issue 258).
issue 207).
o Rules for preventing interface identifier collisions have been o Infinite binding lifetimes have been removed (tracked issue 256).
added to Section 5.1 (tracked issue 202).
o The Binding Refresh Advice mobility option has been reassigned to o This specification now disallows the use of the Binding
get code 2 (tracked issue 200). Authorization Data option in a home registration, and requires
Binding Updates the home agent with such options to be dropped
(tracked issue 255).
o A variation of the Neighbor Solication message format has been o The verification of Home Address Options without an existing
introduced for the purpose of address resolution when the mobile Binding Cache entry has been clarified. IPsec is now sufficient
node returns home (tracked issue 198). for this verification only in the case of the home agent and a
home address which the home agent is willing to serve (tracked
issue 253).
o The use of the Link Layer Address option has been made mandatory o Appendix B.6 now describes some potential Neighbor Discovery
in Router Advertisements from home agents (tracked issue 198). enhancements that may be relevant for Mobile IPv6 in the future
(tracked issue 252).
o Appendix B.5 has been updated to correspond to the current o The Home Address Option rule has been clarified in Section 11.7.2.
requirements on usage of the Home Address destination option in This rule deals with starting route optimization when a tunneled
prefix discovery (tracked issue 197). packet has been received (tracked issue 251).
o Binding Update Rate limitation has been changed to accommodate for o Binding Cache entries can now be created from non-error ICMP
fast handovers (tracked issue 196). messages. This allows Mobile IPv6 to be tested with ping, which
uses ICMP echo messages (tracked issue 250).
o More details have been provided on how IKE processing takes place o The support for protecting prefix discovery with IPsec has been
(tracked issue 195). made mandatory, but use is still a SHOULD (tracked issue 249).
o The Key Management Movement Capability (K) bit has been added to o It is now required that L=0 registrations do not allow the home
the Binding Update and Acknowledgement messages (tracked issue agent to derive any other address from the home address (tracked
194). issue 248).
o More details have been provided on how IKE end-points change o Prefix fetching interval constants have now been defined (tracked
during movements (tracked issue 194). issue 245).
o Home Address destination option format has been corrected (tracked o It is now required that mobile nodes must set both lifetime to
issue 191). zero and care-of address to the home address when de-registering
(tracked issue 244).
o Sending Binding Error messages is now mandatory when there is no o Requirements for security association and policy configuration for
binding cache entry, modulo rate limitation (tracked issue 190). new home addresses received through prefix discovery have been
specified (tracked issue 243).
o The results of the security review have been adopted (tracked o New Status code 1 has been added to Binding Acknowledgement
issue 189). The modifications include editorial changes, better (tracked issue 243).
justification for return routability, and specifying only the use
of ESP for protecting signaling.
o The conditions under which nonces can be invalidated have been o Mobile nodes are now required to initiate prefix discovery upon
clarified (tracked issue 186). receiving Status code 1 in a Binding Acknowledgement (tracked
issue 243).
o The use of the care-of nonce index has been clarified (tracked o The set of addresses for which the home agent intercepts packets
issue 185). has been clarified (tracked issue 241).
o The Mobile Prefix Solicitation retransmission policy has been o Both pros and cons of route optimization have been discussed in
changed to exponential back-off (tracked issue 183). Section 8.2 (tracked issue 241).
o The document no longer explicitly mentions the possibility of o Checksum validation is now the first check performed for Mobility
using configured care-of addresses (tracked issue 182). Header messages (tracked issue 241).
o The retransmission rules are no longer based on o Section 6.1 now correctly indicates that for some Mobility Header
DupAddrDetectTransmits on the home link (tracked issue 181). messages the number of options is zero or more, not one or more
(tracked issue 241).
o Several details in prefix distribution and dynamic home agent o The security implications of dynamic home agent address discovery
address discovery have been changed. This includes the lifetime have been updated (tracked issue 239).
behavior for S=0 registrations, and the removal of some
optimizations from dynamic home agent address discovery replies
(tracked issues 165 and 179).
o It is now mandatory to stop sending Binding Refresh Requests upon o The specification no longer uses RFC 2119 keywords for describing
receiving a Binding Update (tracked issue 178). when route optimization should be started, continued, or stopped
(tracked issue 237).
o The treatment of Mobility Header format problems has been o The requirements for configuration mechanisms for various Mobile
clarified, and a requirement to send ICMP Parameter Problem IPv6 parts have been changed (tracked issue 236).
messages has been added (tracked issue 177).
o The problems in using long binding lifetimes with dynamic home o A warning has been included about the use of Dynamic Home Agent
agent address discovery are now documented (tracked issue 172). Address Discovery with extremely long prefix lengths (tracked
issue 235).
o The new text for movements and care-of address formation is strict o The usage of the Alternate Care-of Address option has been
about the selection of appropriate care-of address to go with the clarified in Section 6.2.5 (tracked issue 234).
current default router (tracked issue 170).
o Home agents are now free to get the link-layer address of the o The security considerations section now contains an analysis of
mobile node returning home either from the Binding Update or from the sufficiency of the length of the various cryptographic
a Neighbor Solicitation (tracked issue 169. entities (tracked issue 233).
o The requirements for source address in MLD have changed (tracked o The Home Agent (H) bit is now required to be set in some
issue 167). advertisement of a prefix before home addresses based on this
prefix can be registered (tracked issues 231 and 246).
o Rules regarding the source address of dynamic home agent address o The conditions for delaying Duplicate Address Detection have been
discovery packets have been relaxed to allow the usage of this rewritten (tracked issue 230).
function from the home network (tracked issue 166).
o The order of sequence number and authentication verification has o Text relating to keygen token handling in de-registrations has
been specified (tracked issue 164). been clarified (tracked issue 229).
o The specification now requires running MLD between the home agent o IPsec protocol and mode requirements have now been stated as
and the mobile node, even over the tunnel when the mobile node is minimal requirements and no longer prevent the use of other
away from home (tracked issue 163). protocols (AH) and modes (tracked issue 228).
o The use of site-local addresses has been restricted (tracked issue o Processing rules for Binding Refresh Requests have been rewritten
162). (tracked issue 227).
o DHCP-related flags from Router Advertisements are now carried even o Binding Error processing is now a MUST requirement (tracked issues
if Mobile Prefix Advertisements (tracked issue 161). 190 and 225).
o The Duplicate Address Detection (D) bit has been removed, and the o The source address in proxy Neighbor Advertisements sent by the
home agents are now responsible for tracking when DAD is required home agent has now been specified (tracked issue 223).
and when it is not (tracked issue 159). At the same time the
Link-Local Address Compatibility (L) bit has been moved.
o The rules regarding the exact start time for route optimization o RFC 2119 keywords are now used for describing the reuse of tokens
have been relaxed (tracked issue 158). in the return routability procedure (tracked issue 221).
o Mobile IPv6 specific actions upon address collisions have been o The alignment of the Binding Authorization Data option has changed
removed (tracked issue 157). (tracked issue 220).
o Conflicts with Neighbor Discovery RFCs have been removed. In o An editorial correction in the processing order of type 0 and type
particular, Duplicate Address Detection is required and must be 2 routing headers has changed the semantics (tracked issue 217).
run in the standard way (tracked issue 156).
o Most of the changes to Neighbor Discovery protocol constants and o When returning home, the mobile node no longer targets the home
parameters have been removed (tracked issue 154). agent's address in a Neighbor Solicitation that tries to find the
link-layer address of the home agent. Instead, it target's the
mobile node's own address which the home agent is defending
(tracked issue 218).
o A large number of editorial modifications have been performed. o A number of editorial modifications have been performed (tracked
Some of these modifications have been tracked as issues 155, 199, issues 234, 241, 242, 249, 261, 262, 264, and 266).
201, 203, 204, 208, and 212.
Appendix B. Future Extensions Appendix B. Future Extensions
B.1 Piggybacking B.1 Piggybacking
This document does not specify how to piggyback payload packets on This document does not specify how to piggyback payload packets on
the binding related messages. However, it is envisioned that this the binding related messages. However, it is envisioned that this
can be specified in a separate document when currently discussed can be specified in a separate document when currently discussed
issues such as the interaction between piggybacking and IPsec are issues such as the interaction between piggybacking and IPsec are
fully resolved (see also Appendix B.3). The return routability fully resolved (see also Appendix B.3). The return routability
skipping to change at page 167, line 5 skipping to change at page 166, line 39
6. Perform a home registration to the selected home agent. 6. Perform a home registration to the selected home agent.
7. Perform prefix discovery. 7. Perform prefix discovery.
8. Make a decision if further home addresses need to be configured. 8. Make a decision if further home addresses need to be configured.
This procedure is restricted to those situations where the home This procedure is restricted to those situations where the home
prefix is 64 bits and the mobile node knows its own interface prefix is 64 bits and the mobile node knows its own interface
identifier of also 64 bits. identifier of also 64 bits.
B.6 Neighbor Discovery Extensions
Future specifications may improve the efficiency of Neighbor
Discovery tasks, which could be helpful for fast movements. One
factor which is currently being looked at is the delays caused by the
Duplicate Address Detection mechanism. Currently, Duplicate Address
Detection needs to be performed for every new care-of address as the
mobile node moves, and for the mobile node's link-local address on
every new link. In particular, the need and the tradeoffs of
re-performing Duplicate Address Detection for the link-local address
every time when the mobile node moves on to new links will need to be
examined. Improvements in this area are, however, generally
applicable and progressed independently from Mobile IPv6
specification.
Future functional improvements may also be relevant for Mobile IPv6
and other applications. For instance, mechanisms that would allow
recovery from a Duplicate Address Detection collision would be useful
for link-local, care-of, and home addresses.
Intellectual Property Statement Intellectual Property Statement
The IETF takes no position regarding the validity or scope of any The IETF takes no position regarding the validity or scope of any
intellectual property or other rights that might be claimed to intellectual property or other rights that might be claimed to
pertain to the implementation or use of the technology described in pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights this document or the extent to which any license under such rights
might or might not be available; neither does it represent that it might or might not be available; neither does it represent that it
has made any effort to identify any such rights. Information on the has made any effort to identify any such rights. Information on the
IETF's procedures with respect to rights in standards-track and IETF's procedures with respect to rights in standards-track and
standards-related documentation can be found in BCP-11. Copies of standards-related documentation can be found in BCP-11. Copies of
 End of changes. 258 change blocks. 
863 lines changed or deleted 914 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/