| < draft-smyslov-ipsecme-ikev2-r-mobike-04.txt | draft-smyslov-ipsecme-ikev2-r-mobike-05.txt > | |||
|---|---|---|---|---|
| Network Working Group V. Smyslov | Network Working Group V. Smyslov | |||
| Internet-Draft ELVIS-PLUS | Internet-Draft ELVIS-PLUS | |||
| Updates: 4555 (if approved) May 31, 2019 | Updates: 4555 (if approved) November 27, 2019 | |||
| Intended status: Standards Track | Intended status: Standards Track | |||
| Expires: December 2, 2019 | Expires: May 30, 2020 | |||
| Responder Initiated IP Addresses Update in MOBIKE | Responder Initiated IP Addresses Update in MOBIKE | |||
| draft-smyslov-ipsecme-ikev2-r-mobike-04 | draft-smyslov-ipsecme-ikev2-r-mobike-05 | |||
| Abstract | Abstract | |||
| IKEv2 Mobility and Multihoming Protocol (MOBIKE), defined in | IKEv2 Mobility and Multihoming Protocol (MOBIKE), defined in | |||
| [RFC4555] allows peers to update their IP addresses without re- | [RFC4555] allows peers to update their IP addresses without re- | |||
| establishing IKE and IPsec Security Associations (SAs). In the | establishing IKE and IPsec Security Associations (SAs). In the | |||
| MOBIKE protocol it is the Initiator of the IKE SA, who is responsible | MOBIKE protocol it is the Initiator of the IKE SA, who is responsible | |||
| for selecting new SA addresses and for initiating the IP addresses | for selecting new SA addresses and for initiating the IP addresses | |||
| update procedure. This document presents an extension to the MOBIKE | update procedure. This document presents an extension to the MOBIKE | |||
| protocol that allows the Responder to initiate IP address update. | protocol that allows the Responder to initiate IP address update. | |||
| The document updates [RFC4555]. | The document updates [RFC4555]. | |||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on December 2, 2019. | This Internet-Draft will expire on May 30, 2020. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2019 IETF Trust and the persons identified as the | Copyright (c) 2019 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| skipping to change at page 4, line 4 ¶ | skipping to change at page 4, line 5 ¶ | |||
| The MOBIKE protocol is designed in such a way, that it is the IKE SA | The MOBIKE protocol is designed in such a way, that it is the IKE SA | |||
| Initiator, who is responsible for performing the actions concerned | Initiator, who is responsible for performing the actions concerned | |||
| with the selecting of a working IP addresses pair and for initiating | with the selecting of a working IP addresses pair and for initiating | |||
| an IP addresses update exchange. Usually the Initiator selects an IP | an IP addresses update exchange. Usually the Initiator selects an IP | |||
| addresses pair by periodically probing different pairs and choosing | addresses pair by periodically probing different pairs and choosing | |||
| the working one. If several pairs work then the choice between them | the working one. If several pairs work then the choice between them | |||
| is arbitrary. The Responder cannot influence the process of | is arbitrary. The Responder cannot influence the process of | |||
| selecting and cannot ask the client to immediately switch to a | selecting and cannot ask the client to immediately switch to a | |||
| particular gateway's address. As a result the process of selection a | particular gateway's address. As a result the process of selection a | |||
| new pair takes substantial time and may ends up with a suboptimal | new pair takes substantial time and may ends up with a suboptimal | |||
| path. Moreover, in case the Responder isn't multihomed (and thus | path. | |||
| doesn't provide the Initiator with a list of additional IP | ||||
| addresses), the change of its IP address cannot be handled by the | ||||
| MOBIKE. | ||||
| Obviously, this limitation comes from the fact that there might be | Obviously, this limitation comes from the fact that there might be | |||
| middleboxes on the path like Network Address Translators (NAT) or | middleboxes on the path like Network Address Translators (NAT) or | |||
| firewalls, that might disallow IP packets to come from VPN gateway to | firewalls, that might disallow IP packets to come from VPN gateway to | |||
| the client unless the client first contacts the VPN gateway. For | the client unless the client first contacts the VPN gateway. For | |||
| example, the client might reside behind a dynamic NAT that creates a | example, the client might reside behind a dynamic NAT that creates a | |||
| mapping when IP packet first come from the client to the gateway. If | mapping when IP packet first come from the client to the gateway. If | |||
| the gateway tries to send an IP packet to the client from different | the gateway tries to send an IP packet to the client from different | |||
| IP address, the packet would be dropped since the NAT box has no | IP address, the packet would be dropped since the NAT box has no | |||
| corresponding mapping. | corresponding mapping. | |||
| skipping to change at page 8, line 18 ¶ | skipping to change at page 8, line 18 ¶ | |||
| Message Types - Status Types" registry: | Message Types - Status Types" registry: | |||
| <TBA> SWITCH_TO_IP_ADDRESS | <TBA> SWITCH_TO_IP_ADDRESS | |||
| 8. References | 8. References | |||
| 8.1. Normative References | 8.1. Normative References | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
| DOI 10.17487/RFC2119, March 1997, <https://www.rfc- | DOI 10.17487/RFC2119, March 1997, | |||
| editor.org/info/rfc2119>. | <https://www.rfc-editor.org/info/rfc2119>. | |||
| [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | |||
| 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | |||
| May 2017, <https://www.rfc-editor.org/info/rfc8174>. | May 2017, <https://www.rfc-editor.org/info/rfc8174>. | |||
| [RFC4555] Eronen, P., "IKEv2 Mobility and Multihoming Protocol | [RFC4555] Eronen, P., "IKEv2 Mobility and Multihoming Protocol | |||
| (MOBIKE)", RFC 4555, DOI 10.17487/RFC4555, June 2006, | (MOBIKE)", RFC 4555, DOI 10.17487/RFC4555, June 2006, | |||
| <https://www.rfc-editor.org/info/rfc4555>. | <https://www.rfc-editor.org/info/rfc4555>. | |||
| [RFC6311] Singh, R., Ed., Kalyani, G., Nir, Y., Sheffer, Y., and D. | [RFC6311] Singh, R., Ed., Kalyani, G., Nir, Y., Sheffer, Y., and D. | |||
| End of changes. 8 change blocks. | ||||
| 12 lines changed or deleted | 9 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||