idnits 2.17.1 draft-gundavelli-netext-rfc6757bis-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (July 2, 2014) is 3579 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Obsolete informational reference (is this intentional?): RFC 2460 (Obsoleted by RFC 8200) Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 NETEXT WG S. Gundavelli, Ed. 3 Internet-Draft Cisco 4 Obsoletes: 6757 (if approved) J. Korhonen, Ed. 5 Intended status: Standards Track Broadcom 6 Expires: January 3, 2015 M. Grayson 7 K. Leung 8 R. Pazhyannur 9 Cisco 10 July 2, 2014 12 Access Network Identifier (ANI) Option for Proxy Mobile IPv6 13 draft-gundavelli-netext-rfc6757bis-00.txt 15 Abstract 17 The local mobility anchor in a Proxy Mobile IPv6 (PMIPv6) domain is 18 able to provide access-network- and access-operator-specific handling 19 or policing of the mobile node traffic using information about the 20 access network to which the mobile node is attached. This 21 specification defines a mechanism and a related mobility option for 22 carrying the access network identifier and the access operator 23 identification information from the mobile access gateway to the 24 local mobility anchor over Proxy Mobile IPv6. This document 25 obsoletes RFC 6757. 27 Status of This Memo 29 This Internet-Draft is submitted in full conformance with the 30 provisions of BCP 78 and BCP 79. 32 Internet-Drafts are working documents of the Internet Engineering 33 Task Force (IETF). Note that other groups may also distribute 34 working documents as Internet-Drafts. The list of current Internet- 35 Drafts is at http://datatracker.ietf.org/drafts/current/. 37 Internet-Drafts are draft documents valid for a maximum of six months 38 and may be updated, replaced, or obsoleted by other documents at any 39 time. It is inappropriate to use Internet-Drafts as reference 40 material or to cite them other than as "work in progress." 42 This Internet-Draft will expire on January 3, 2015. 44 Copyright Notice 46 Copyright (c) 2014 IETF Trust and the persons identified as the 47 document authors. All rights reserved. 49 This document is subject to BCP 78 and the IETF Trust's Legal 50 Provisions Relating to IETF Documents 51 (http://trustee.ietf.org/license-info) in effect on the date of 52 publication of this document. Please review these documents 53 carefully, as they describe your rights and restrictions with respect 54 to this document. Code Components extracted from this document must 55 include Simplified BSD License text as described in Section 4.e of 56 the Trust Legal Provisions and are provided without warranty as 57 described in the Simplified BSD License. 59 Table of Contents 61 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 62 2. Conventions and Terminology . . . . . . . . . . . . . . . . . 4 63 2.1. Conventions . . . . . . . . . . . . . . . . . . . . . . . 5 64 2.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 5 65 3. Access Network Identifier Option . . . . . . . . . . . . . . . 5 66 3.1. Format of the Access Network Identifier Sub-Option . . . . 6 67 3.1.1. Network-Identifier Sub-Option . . . . . . . . . . . . 6 68 3.1.2. Network-Identifier-Short Sub-Option . . . . . . . . . 8 69 3.1.3. Geo-Location Sub-Option . . . . . . . . . . . . . . . 9 70 3.1.4. Geo-Location-Extended Sub-Option . . . . . . . . . . . 10 71 3.1.5. Operator-Identifier Sub-Option . . . . . . . . . . . . 11 72 4. Protocol Considerations . . . . . . . . . . . . . . . . . . . 12 73 4.1. Mobile Access Gateway Considerations . . . . . . . . . . . 12 74 4.2. Local Mobility Anchor Considerations . . . . . . . . . . . 14 75 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15 76 6. Protocol Configuration Variables . . . . . . . . . . . . . . . 16 77 7. Security Considerations . . . . . . . . . . . . . . . . . . . 18 78 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 19 79 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 19 80 9.1. Normative References . . . . . . . . . . . . . . . . . . . 19 81 9.2. Informative References . . . . . . . . . . . . . . . . . . 19 83 1. Introduction 85 Proxy Mobile IPv6 [RFC5213] can be used for supporting network-based 86 mobility management in various types of network deployments. Network 87 architectures such as service provider Wi-Fi access aggregation or 88 Wireless Local Area Network (WLAN) integrated with mobile packet core 89 are examples where Proxy Mobile IPv6 is a component of the overall 90 architecture. Some of these architectures require the ability of the 91 local mobility anchor (LMA) [RFC5213] to provide differentiated 92 services and policing of traffic to the mobile nodes based on the 93 access network to which they are attached. Policy systems in 94 mobility architectures such as the Policy and Charging Control (PCC) 95 Framework [TS23203] and the Access Network Discovery and Selection 96 Function (ANDSF) [TS23402] in Third Generation Partnership Project 97 (3GPP) systems allow configuration of policy rules with conditions 98 based on the access network information. For example, the service 99 treatment for the mobile node's traffic may be different when it is 100 attached to an access network owned by the home operator than when 101 owned by a roaming partner. The service treatment can also be 102 different based on the configured Service Set Identifiers (SSIDs) in 103 the case of access networks based on IEEE 802.11. Other examples of 104 location services include the operator's ability to display a 105 location-specific web page or apply tariff based on the location. 107 The Proxy Mobile IPv6 specification [RFC5213] requires the Access 108 Technology Type (ATT) option to be carried from the mobile access 109 gateway (MAG) to the local mobility anchor. This is a mandatory 110 option. However, the Access Technology Type alone is not necessarily 111 sufficient for a suitable policy to be applied at the local mobility 112 anchor. Therefore, there is a need for additional access-network- 113 related information to be available at the local mobility anchor. 114 Learning the identity of the access network operator may not be 115 possible for a local mobility anchor without the support of an 116 additional policy framework that is able to provide required 117 information out of band to the local mobility anchor. Such a policy 118 framework may not be required for all Proxy Mobile IPv6 deployments; 119 hence, an alternative approach for optionally carrying such 120 information is required to ensure that additional information related 121 to the access network is available. 123 This document defines a new mobility option, the Access Network 124 Identifier (ANI) option, and its sub-options for Proxy Mobile IPv6, 125 which can be used by the mobile access gateway to signal the access 126 network information to the local mobility anchor. The specific 127 details on how the local mobility anchor uses the information 128 contained in the Access Network Identifier option are out of scope 129 for this document. This information is intended for use between 130 infrastructure nodes providing mobile management service and is not 131 exposed to outside entities, which ensures the location of the 132 network to which the mobile node is attached, or any other access- 133 network-specific information, is not revealed to other mobile nodes 134 within the PMIPv6 domain or to other nodes outside the PMIPv6 domain. 135 However, the location and access information MAY be exposed to 136 specific parties outside the PMIPv6 domain based on an agreement 137 approved by the subscriber; otherwise, this information MUST NOT be 138 exposed in the absence of such agreements. If the location 139 information is to be exposed outside the PMIPv6 domain, then that 140 MUST be done using a Presence Information Data Format Location Object 141 (PIDF-LO) [RFC5139] carrying the usage rules to which the subscriber 142 has agreed. This mobility option is optional and is not mandatory 143 for the Proxy Mobile IPv6 protocol. However, the Access Technology 144 Type option continues to be a mandatory option and always needs to be 145 carried in the Proxy Mobile IPv6 signaling messages. 147 SSID: IETF-1 148 Geo-Location: 37o49'11"N 122o28'43"W 149 Operator-Identifier: provider1.example.com 150 +--+ 151 |AP|-------. {Access-Specific Policies) 152 +--+ | _-----_ | 153 +-----+ _( )_ +-----+ 154 | MAG |-=====( PMIPv6 )======-| LMA |- 155 +-----+ (_ Tunnel_) +-----+ 156 +--+ | '-----' 157 |AP|-------' 158 +--+ 159 SSID: IETF-2 160 Geo-Location: 59o19'40.21"N 18o 3'18.36"E 161 Operator-Identifier: provider2.example.com 163 Figure 1: Access Networks Attached to MAG 165 Figure 1 illustrates an example Proxy Mobile IPv6 deployment where 166 the mobile access gateway delivers the information elements related 167 to the access network to the local mobility anchor over Proxy Mobile 168 IPv6 signaling messages. In this example, the additional information 169 could comprise the SSID of the used IEEE 802.11 network, the geo- 170 location of the network to which the mobile node is attached, and the 171 identities of the operators running the IEEE 802.11 access network 172 infrastructure. 174 2. Conventions and Terminology 175 2.1. Conventions 177 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 178 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 179 document are to be interpreted as described in RFC 2119 [RFC2119]. 181 2.2. Terminology 183 All the mobility-related terms used in this document are to be 184 interpreted as defined in the Proxy Mobile IPv6 specifications 185 [RFC5213] and [RFC5844]. Additionally, this document uses the 186 following abbreviations: 188 Service Set Identifier 190 Service Set Identifier (SSID) identifies the name of the IEEE 191 802.11 network. SSID differentiates one network from the other. 193 Operator-Identifier 195 The Operator-Identifier is the Structure of Management Information 196 (SMI) Network Management Private Enterprise Code of the IANA- 197 maintained "Private Enterprise Numbers" registry [SMI]. It 198 identifies the operator running the network attached to a specific 199 interface of the mobile access gateway. 201 3. Access Network Identifier Option 203 The Access Network Identifier option is a mobility header option used 204 to exchange information related to the access network between a local 205 mobility anchor and a mobile access gateway. The option can be 206 included in both Proxy Binding Update (PBU) and Proxy Binding 207 Acknowledgement (PBA) messages, and there MUST NOT be more than a 208 single instance of this mobility option in a mobility message. The 209 Access Network Identifier mobility option MUST contain one or more 210 Access Network Identifier sub-options. The Access Network Identifier 211 sub-option is described in Section 3.1. 213 The alignment requirement for this option is 4n [RFC2460]. 215 0 1 2 3 216 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 217 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 218 | Type | Length | 219 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 220 ... ANI Sub-option(s) ... ~ 221 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 222 Figure 2: Access Network Identifier Option 224 Type: MUST be set to the value of 52, indicating that it is a 225 Network-Identifier option. 227 Length: 8-bit unsigned integer indicating the length in octets of 228 the option, excluding the Type and Length fields. 230 3.1. Format of the Access Network Identifier Sub-Option 232 The Access Network Identifier sub-options are used for carrying 233 information elements related to the access network to which the 234 mobile node is attached. These sub-options can be included in the 235 Access Network Identifier option defined in Section 3. The format of 236 this sub-option is as follows: 237 0 1 2 3 238 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 239 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 240 | ANI Type | ANI Length | Option Data ~ 241 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 243 Figure 3: Access Network Identifier Sub-Option 245 ANI Type: 8-bit unsigned integer indicating the type of the Access 246 Network Identifier sub-option. This specification defines the 247 following types: 249 0 - Reserved 251 1 - Network-Identifier sub-option 253 2 - Geo-Location sub-option 255 3 - Operator-Identifier sub-option 257 4 - Network-Identifier-Short sub-option 259 5 - Geo-Location-Extended sub-option 261 ANI Length: 8-bit unsigned integer indicating the number of octets 262 needed to encode the Option Data, excluding the ANI Type and ANI 263 Length fields of the sub-option. 265 3.1.1. Network-Identifier Sub-Option 267 The Network-Identifier is a mobility sub-option carried in the Access 268 Network Identifier option defined in Section 3. This sub-option 269 carries the name of the access network (e.g., an SSID in the case of 270 an IEEE 802.11 Access Network or a Public Land-based Mobile Network 271 (PLMN) Identifier [TS23003] in the case of 3GPP access) to which the 272 mobile node is attached. There MUST be no more than a single 273 instance of this specific sub-option in any Access Network Identifier 274 option. The format of this option is defined below. 276 0 1 2 3 277 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 278 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 279 | ANI Type=1 | ANI Length |E| Reserved | Net-Name Len | 280 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 281 | Network Name (e.g., SSID or PLMNID) ~ 282 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 283 | AP-Name Len | Access-Point Name ~ 284 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 286 Figure 4: Network-Identifier Sub-Option 288 ANI Type: MUST be set to the value of (1), indicating that it is a 289 Network-Identifier sub-option 291 ANI Length: Total length of this sub-option in octets, excluding the 292 ANI Type and ANI Length fields. The value can be in the range of 293 5 to 32 octets. 295 E: 1-bit flag indicating whether the Network Name is encoded in 296 UTF-8. If this flag is set to one (1), then the Network Name is 297 encoded using UTF-8 [RFC3629]. If the flag is set to zero (0), 298 this indicates that the encoding is undefined and is determined by 299 out-of-band mechanisms. Implementations SHOULD use UTF-8 300 encoding. 302 Reserved: MUST be set to zero when sending and ignored when 303 received. 305 Net-Name Length: 8-bit field for representing the length of the 306 Network Name in octets. This field MUST NOT be set to zero. 308 Network Name: The name of the access network to which the mobile 309 node is attached. The type of the Network Name is dependent on 310 the access technology to which the mobile node is attached. If it 311 is 802.11 access, the Network Name MUST be the SSID of the 312 network. If the access network is 3GPP access, the Network Name 313 is the PLMN Identifier of the network. If the access network is 314 3GPP2 access, the Network Name is the Access Network Identifier 315 [ANI]. 317 When encoding the PLMN Identifier, both the Mobile Network Code 318 (MNC) [TS23003] and Mobile Country Code (MCC) [TS23003] MUST be 3 319 digits. If the MNC in use only has 2 digits, then it MUST be 320 preceded with a '0'. Encoding MUST be UTF-8. 322 AP-Name Len: 8-bit field for representing the length of the Access- 323 Point Name in octets. If the Access-Point Name is not included, 324 then this length MUST be set to a value of zero. 326 Access-Point Name: The name of the access point (physical device 327 name) to which the mobile node is attached. This is the 328 identifier that uniquely identifies the access point. While 329 Network Name (e.g., SSID) identifies the operator's access 330 network, Access-Point Name identifies a specific network device in 331 the network to which the mobile node is attached. In some 332 deployments, the Access-Point Name can be set to the Media Access 333 Control (MAC) address of the device or some unique identifier that 334 can be used by the policy systems in the operator network to 335 unambiguously identify the device. The string is carried in UTF-8 336 representation. 338 3.1.2. Network-Identifier-Short Sub-Option 340 The Network-Identifier-short is a mobility sub-option carried in the 341 Access Network Identifier option defined in Section 3. This sub- 342 option is a short form of the Network-Identifier sub-option without 343 the Network Name. There MUST be no more than a single instance of 344 this specific sub-option in any Access Network Identifier option. 345 The Network-Identifier and the Network-Identifier-Short sub-options 346 are mutually exclusive. The format of this option is defined below. 348 0 1 2 3 349 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 350 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 351 | ANI Type=4 | ANI Length | Reserved | AP-Name Len | 352 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 353 | AP-Name Len | Access-Point Name ~ 354 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 356 Figure 5: Network-Identifier-Short Sub-Option 358 ANI Type: MUST be set to the value of (4), indicating that it is a 359 Network-Identifier-Short sub-option 361 ANI Length: Total length of this sub-option in octets, excluding the 362 ANI Type and ANI Length fields. The value can be in the range of 363 5 to 32 octets. 365 Reserved: MUST be set to zero when sending and ignored when 366 received. 368 AP-Name Len: 8-bit field for representing the length of the Access- 369 Point Name in octets. If the Access-Point Name is not included, 370 then this length MUST be set to a value of zero. 372 Access-Point Name: The name of the access point (physical device 373 name) to which the mobile node is attached. This is the 374 identifier that uniquely identifies the access point. While 375 Network Name (e.g., SSID) identifies the operator's access 376 network, Access-Point Name identifies a specific network device in 377 the network to which the mobile node is attached. In some 378 deployments, the Access-Point Name can be set to the Media Access 379 Control (MAC) address of the device or some unique identifier that 380 can be used by the policy systems in the operator network to 381 unambiguously identify the device. The string is carried in UTF-8 382 representation. 384 3.1.3. Geo-Location Sub-Option 386 The Geo-Location is a mobility sub-option carried in the Access 387 Network Identifier option defined in Section 3. This sub-option 388 carries the geo-location of the network to which the mobile node is 389 attached, as known to the mobile access gateway. There MUST be no 390 more than a single instance of this specific sub-option in any Access 391 Network Identifier option. The format of this option is defined 392 below and encodes the coordinates of an ellipsoid point. The format 393 is based on the coordinate reference system specified in the World 394 Geodetic System 1984 [WGS84]. 396 0 1 2 3 397 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 398 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 399 | ANI Type=2 | ANI Length=6 | Latitude Degrees 400 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 401 | Longitude Degrees | 402 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 404 Figure 6: Geo-Location ANI Sub-Option 406 ANI Type: MUST be set to the value of (2), indicating that it is the 407 Geo-Location sub-option 409 ANI Length: Total length of this sub-option in octets, excluding the 410 ANI Type and ANI Length fields. It MUST be set to a value of (6). 412 Latitude Degrees: A 24-bit latitude degree value encoded as a two's 413 complement, fixed point number with 9 whole bits. Positive 414 degrees correspond to the Northern Hemisphere and negative degrees 415 correspond to the Southern Hemisphere. The value ranges from -90 416 to +90 degrees. 418 Longitude Degrees: A 24-bit longitude degree value encoded as a 419 two's complement, fixed point number with 9 whole bits. The value 420 ranges from -180 to +180 degrees. 422 3.1.4. Geo-Location-Extended Sub-Option 424 The Geo-Location-Extended is a mobility sub-option carried in the 425 Access Network Identifier option defined in Section 3. This sub- 426 option carries the geo-location of the network to which the mobile 427 node is attached, as known to the mobile access gateway. The geo- 428 location as represented in this sub-option includes latitude, 429 longitude and Altitude parameters. There MUST be no more than a 430 single instance of this specific sub-option in any Access Network 431 Identifier option. The format of this option is defined below and 432 encodes the coordinates of an ellipsoid point. Note that the Geo- 433 Location and Geo-Location-Extended sub-options are mutually 434 exclusive. The format is based on the coordinate reference system 435 specified in the World Geodetic System 1984 [WGS84]. 437 0 1 2 3 438 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 439 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 440 | ANI Type=5 | ANI Length=8 | Latitude Degrees 441 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 442 | Longitude Degrees | 443 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 444 |D| Altitude | 445 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 447 Figure 7: Geo-Location-Extended ANI Sub-Option 449 ANI Type: MUST be set to the value of (5), indicating that it is the 450 Geo-Location-Extended sub-option 452 ANI Length: Total length of this sub-option in octets, excluding the 453 ANI Type and ANI Length fields. It MUST be set to a value of (8). 455 Latitude Degrees: A 24-bit latitude degree value encoded as a two's 456 complement, fixed point number with 9 whole bits. Positive 457 degrees correspond to the Northern Hemisphere and negative degrees 458 correspond to the Southern Hemisphere. The value ranges from -90 459 to +90 degrees. 461 Longitude Degrees: A 24-bit longitude degree value encoded as a 462 two's complement, fixed point number with 9 whole bits. The value 463 ranges from -180 to +180 degrees. 465 D flag: Direction of the altitude. When D=0 the altitude expresses 466 height, when D=1 the altitude expresses depth. 468 Altitude: Altitude is encoded in increments of 1 meter using a 15 469 bit binary coded number (N), where the number N and the range of 470 altitudes A (in metres) is described as N <= A < N+1. If the 471 N=32767 (i.e. 2^15-1) the range includes all greater values of A 472 from the previous equation. 474 3.1.5. Operator-Identifier Sub-Option 476 The Operator-Identifier is a mobility sub-option carried in the 477 Access Network Identifier option defined in Section 3. This sub- 478 option carries the Operator-Identifier of the access network to which 479 the mobile node is attached. There MUST be no more than a single 480 instance of this specific sub-option in any Access Network Identifier 481 option. The format of this option is defined below. 483 0 1 2 3 484 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 485 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 486 | ANI Type=3 | ANI Length | Op-ID Type | 487 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 488 Operator-Identifier ~ 489 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 491 Figure 8: Operator-Identifier Sub-Option 493 ANI Type: It MUST be set to the value of (3), indicating that it is 494 the Operator-Identifier sub-option 496 ANI Length: Total length of this sub-option in octets, excluding the 497 ANI Type and ANI Length fields. 499 Operator-Identifier (Op-ID) Type: 8-bit unsigned integer indicating 500 the type of the Operator-Identifier. Currently, the following 501 types are defined: 503 0 - Reserved. 505 1 - Operator-Identifier as a variable-length Private Enterprise 506 Number (PEN) [SMI] encoded in a network-byte order. The 507 maximum PEN value depends on the ANI Length and is calculated 508 using the formula: maximum PEN = 2^((ANI_length-1)*8)-1. For 509 example, the ANI Length of 4 allows for encoding PENs from 0 510 to 2^24-1, i.e., from 0 to 16777215, and uses 3 octets of 511 Operator-Identifier space. 513 2 - Realm of the operator. Realm names are required to be unique 514 and are piggybacked on the administration of the DNS 515 namespace. Realms meet the syntactic requirements of the 516 "Preferred Name Syntax" defined in Section 2.3.1 of 517 [RFC1035]. They are encoded as US-ASCII. 3GPP specifications 518 also define realm names that can be used to convey PLMN 519 Identifiers [TS23003]. 521 Operator-Identifier: Up to 253 octets of the Operator-Identifier. 522 The encoding of the identifier depends on the used Operator- 523 Identifier Type. For Operator-Identifiers defined in this 524 specification, the Operator-Identifier MUST NOT be empty. 526 4. Protocol Considerations 528 The following considerations apply to the local mobility anchor and 529 the mobile access gateway. 531 4.1. Mobile Access Gateway Considerations 533 o The conceptual Binding Update List entry data structure maintained 534 by the mobile access gateway, described in Section 6.1 of 535 [RFC5213], MUST be extended to store the access-network-related 536 information elements associated with the current session. 537 Specifically, the following parameters MUST be defined: 539 Network-Identifier or Network-Identifier-Short 541 Operator-Identifier 543 Geo-Location or Geo-Location-Extended 545 o If the mobile access gateway is configured to support the Access 546 Network Information option, it SHOULD include this option with the 547 specific sub-options in all Proxy Binding Update messages 548 (including Proxy Binding Updates for lifetime extension and for 549 deregistration) that it sends to the local mobility anchor. The 550 Access Network Information option MUST be constructed as specified 551 in Section 3. It SHOULD include the ANI sub-option(s) that the 552 mobile access gateway is configured to carry in the Proxy Mobile 553 IPv6 messages. 555 o The access network information elements, such as Network- 556 Identifier, Geo-Location, and Operator-Identifier, typically are 557 statically configured on the mobile access gateway on a per- 558 interface basis (for example, access point (AP-1) is attached 559 through interface-1, and the SSID is X, Geo-Location is Y). In 560 some deployments, this information can also be dynamically 561 obtained, such as through DHCP Option (82), which is the DHCP 562 Relay Agent Information option [RFC3046]. When the mobile node 563 sends a DHCP Request, the access points typically add the SSID 564 information to the Option 82 of the DHCP request, and when the 565 mobile access gateway receives this request, it can parse the 566 Option 82 of the DHCP request and obtain the SSID name. The 567 mobility access gateway can also obtain this information from the 568 DHCPv6 GeoLoc Option [RFC6225]. The specific details on how the 569 mobile access gateway obtains these information elements are 570 access technology and deployment specific and are outside the 571 scope of this document. It is possible those information elements 572 are configured on the MAG on a per-interface basis or dynamically 573 obtained through some out-of-band means, such as based on the 574 Control and Provisioning of Wireless Access Points (CAPWAP) 575 protocol. 577 o If the protocol configuration variable 578 EnableANISubOptNetworkIdentifier (Section 6) is set to a value of 579 (1), the mobile access gateway SHOULD include the Network- 580 Identifier sub-option in the Access Network Identifier option 581 carried in the Proxy Binding Update. However, if the mobile 582 access gateway is unable to obtain the Network-Identifier, then it 583 MUST NOT include this sub-option. For including the Network- 584 Identifier sub-option, the mobile access gateway needs to be aware 585 of the Network Name of the access network (e.g., SSID in the case 586 of a WLAN access network) to which the mobile node is attached. 587 This sub-option also includes the Access-Point Name for carrying 588 the name of the access point to which the mobile node is attached. 589 The Access-Point Name is specially important for applying location 590 services, given that the Network Name (e.g., SSID) may not provide 591 the needed uniqueness for identifying a location. When included, 592 this sub-option MUST be constructed as described in Section 3.1.1 594 o If the protocol configuration variable EnableANISubOptGeoLocation 595 (Section 6) is set to a value of (1), the mobile access gateway 596 SHOULD include the Geo-Location sub-option in the Access Network 597 Identifier option carried in the Proxy Binding Update. However, 598 if the mobile access gateway is unable to obtain the Geo-location, 599 then it MUST NOT include this sub-option. For including the Geo- 600 Location sub-option, the mobile access gateway needs to be aware 601 of the GPS coordinates of the network to which the mobile node is 602 attached. When included, this sub-option MUST be constructed as 603 described in Section 3.1.3. 605 o If the protocol configuration variable 606 EnableANISubOptGeoLocationExtended (Section 6) is set to a value 607 of (1), the mobile access gateway SHOULD include the Geo- 608 LocationExtended sub-option in the Access Network Identifier 609 option carried in the Proxy Binding Update. However, if the 610 mobile access gateway is unable to obtain the Geo-location, then 611 it MUST NOT include this sub-option. For including the Geo- 612 LocationExtended sub-option, the mobile access gateway needs to be 613 aware of the GPS coordinates (latitide, longitude, altitude) of 614 the network to which the mobile node is attached. When included, 615 this sub-option MUST be constructed as described in Section 3.1.4. 617 o If the protocol configuration variable 618 EnableANISubOptOperatorIdentifier (Section 6) is set to a value of 619 (1), the mobile access gateway SHOULD include the Operator- 620 Identifier sub-option in the Access Network Identifier option 621 carried in the Proxy Binding Update. For including the Operator- 622 Identifier sub-option, the mobile access gateway needs to be aware 623 of the operator identity of that access network. The access 624 network operator SHOULD obtain an identifier from the "Private 625 Enterprise Number" registry, in order for the mobile access 626 gateway to carry the Operator-Identifier. If a given access 627 network operator has not obtained an identifier from the "Private 628 Enterprise Number" registry or if the mobile access gateway is 629 unable to learn the operator identity for any other administrative 630 reasons, then it MUST NOT include this sub-option. When included, 631 this sub-option MUST be constructed as described in Section 3.1.5. 633 If the mobile access gateway had any of the Access Network 634 Information mobility options included the Proxy Binding Update sent 635 to a local mobility anchor, then the Proxy Binding Acknowledgement 636 received from the local mobility anchor SHOULD contain the Access 637 Network Information mobility option with the specific sub-options. 638 If the mobile access gateway receives a Proxy Binding Acknowledgement 639 with a successful Status Value but without an Access Network 640 Information mobility option, then the mobile access gateway SHOULD 641 log the event and, based on its local policy, MAY proceed to 642 terminate the mobility session. In this case, the mobile access 643 gateway knows the local mobility anchor does not understand the 644 Access Network Information mobility option and therefore MAY consider 645 it as a misconfiguration of the Proxy Mobile IPv6 domain. 647 4.2. Local Mobility Anchor Considerations 649 o The conceptual Binding Cache entry data structure maintained by 650 the local mobility anchor, described in Section 5.1 of [RFC5213], 651 MUST be extended to store the access-network-related information 652 elements associated with the current session. Specifically, the 653 following parameters MUST be defined: 655 Network-Identifier 657 Geo-Location or Geo-Location-Extended 659 Operator-Identifier 661 o On receiving a Proxy Binding Update message [RFC5213] from a 662 mobile access gateway with the Access Network Information option, 663 the local mobility anchor must process the option and update the 664 corresponding fields in the Binding Cache entry. If the option is 665 not understood by that LMA implementation, it will skip the 666 option. 668 o If the local mobility anchor understands the Access Network 669 Identifier mobility option received in a Proxy Binding Update and 670 also supports the sub-option(s), then the local mobility anchor 671 MUST echo the Access Network Identifier mobility option with the 672 specific sub-option(s) that it accepted back to the mobile access 673 gateway in a Proxy Binding Acknowledgement. The Access Network 674 Identifier sub-options defined in this specification MUST NOT be 675 altered by the local mobility anchor. 677 o If the received Proxy Binding Update message does not include the 678 Access Network Information option, then the mobility session 679 associated with that Proxy Binding Update MUST be updated to 680 remove any access network information elements. 682 o The local mobility anchor MAY choose to use the Access Network 683 Information sub-options for applying any access-operator-specific 684 handling or policing of the mobile node traffic. The specific 685 details on how these sub-options are used is outside the scope of 686 this document. 688 5. IANA Considerations 690 o This specification defines a new mobility sub-option, Network- 691 Identifier-Short sub-option. This sub-option can be included in 692 the Access Network Identifier option Section 3. The format of 693 this mobility sub-option is described in Section 3.1.2. The 694 following type value for this mobility option needs to be 695 allocated from the Access Network Information (ANI) Sub-Option 696 Type Values registry at 697 . 699 +=========================================================+ 700 | 4 | Network-Identifier-Short sub-option | 701 +---+-----------------------------------------------------+ 703 o This specification defines a new mobility sub-option, Geo- 704 Location-Extended sub-option. This sub-option can be included in 705 the Access Network Identifier option Section 3. The format of 706 this mobility sub-option is described in Section 3.1.4. The 707 following type value for this mobility option needs to be 708 allocated from the Access Network Information (ANI) Sub-Option 709 Type Values registry at 710 . 712 +=========================================================+ 713 | 5 | Geo-Location-Extended sub-option | 714 +=========================================================+ 716 6. Protocol Configuration Variables 718 This specification defines the following configuration variables that 719 control the use of sub-options related to the Access Network 720 Information in Proxy Mobile IPv6 signaling messages. The mobility 721 entities, local mobility anchor, and mobile access gateway MUST allow 722 these variables to be configured by the system management. The 723 configured values for these protocol variables MUST survive server 724 reboots and service restarts. 726 EnableANISubOptNetworkIdentifier 728 This flag indicates the operational state of the Network- 729 Identifier sub-option support. This configuration variable is 730 available at both the mobile access gateway and the local mobility 731 anchor. The default value for this flag is set to (0), indicating 732 that support for the Network-Identifier sub-option is disabled. 734 When this flag on the mobile access gateway is set to a value of 735 (1), the mobile access gateway SHOULD include this sub-option in 736 the Proxy Binding Update messages that it sends to the local 737 mobility anchor; otherwise, it SHOULD NOT include the sub-option. 738 There can be situations where the mobile access gateway is unable 739 to obtain the Network-Identifier and may not be able to construct 740 this sub-option. 742 Similarly, when this flag on the local mobility anchor is set to a 743 value of (1), the local mobility anchor SHOULD enable support for 744 this sub-option; otherwise, it SHOULD ignore this sub-option. 746 EnableANISubOptGeoLocation 748 This flag indicates the operational state of the Geo-Location sub- 749 option support. This configuration variable is available at both 750 the mobile access gateway and the local mobility anchor. The 751 default value for this flag is set to (0), indicating that support 752 for the Geo-Location sub-option is disabled. 754 When this flag on the mobile access gateway is set to a value of 755 (1), the mobile access gateway SHOULD include this sub-option in 756 the Proxy Binding Update messages that it sends to the local 757 mobility anchor; otherwise, it SHOULD NOT include the sub-option. 758 There can be situations where the mobile access gateway is unable 759 to obtain the geo-location information and may not be able to 760 construct this sub-option. 762 Similarly, when this flag on the local mobility anchor is set to a 763 value of (1), the local mobility anchor SHOULD enable support for 764 this sub-option; otherwise, it SHOULD ignore this sub-option. 766 The flags, EnableANISubOptGeoLocation and 767 EnableANISubOptGeoLocationExtended are mutually exclusive. If 768 either one of the flags is set to a value of (1), the other flag 769 is set to a value of (0). 771 EnableANISubOptGeoLocationExtended 773 This flag indicates the operational state of the Geo- 774 LocationExtended sub-option support. This configuration variable 775 is available at both the mobile access gateway and the local 776 mobility anchor. The default value for this flag is set to (0), 777 indicating that support for the Geo-LocationExtended sub-option is 778 disabled. 780 When this flag on the mobile access gateway is set to a value of 781 (1), the mobile access gateway SHOULD include this sub-option in 782 the Proxy Binding Update messages that it sends to the local 783 mobility anchor; otherwise, it SHOULD NOT include the sub-option. 784 There can be situations where the mobile access gateway is unable 785 to obtain the geo-location information and may not be able to 786 construct this sub-option. 788 Similarly, when this flag on the local mobility anchor is set to a 789 value of (1), the local mobility anchor SHOULD enable support for 790 this sub-option; otherwise, it SHOULD ignore this sub-option. 792 The flags, EnableANISubOptGeoLocationExtended and 793 EnableANISubOptGeoLocation are mutually exclusive. If either one 794 of the flags is set to a value of (1), the other flag is set to a 795 value of (0). 797 EnableANISubOptOperatorIdentifier 799 This flag indicates the operational state of the Operator- 800 Identifier sub-option support. This configuration variable is 801 available at both the mobile access gateway and the local mobility 802 anchor. The default value for this flag is set to (0), indicating 803 that support for the Operator-Identifier sub-option is disabled. 805 When this flag on the mobile access gateway is set to a value of 806 (1), the mobile access gateway SHOULD include this sub-option in 807 the Proxy Binding Update messages that it sends to the local 808 mobility anchor; otherwise, it SHOULD NOT include the sub-option. 809 There can be situations where the mobile access gateway is unable 810 to obtain the Operator-Identifier information and may not be able 811 to construct this sub-option. 813 Similarly, when this flag on the local mobility anchor is set to a 814 value of (1), the local mobility anchor SHOULD enable support for 815 this sub-option; otherwise, it SHOULD ignore this sub-option. 817 7. Security Considerations 819 The Access Network Information option defined in this specification 820 is for use in Proxy Binding Update and Proxy Binding Acknowledgement 821 messages. This option is carried like any other mobility header 822 option as specified in [RFC6275] and does not require any special 823 security considerations. 825 The Geo-Location sub-option carried in the Access Network Information 826 option exposes the geo-location of the network to which the mobile 827 node is attached. This information is considered to be very 828 sensitive, so care must be taken to secure the Proxy Mobile IPv6 829 signaling messages when carrying this sub-option. The base Proxy 830 Mobile IPv6 specification [RFC5213] specifies the use of IPsec for 831 securing the signaling messages, and those mechanisms can be enabled 832 for protecting this information. Operators can potentially apply 833 IPsec Encapsulating Security Payload (ESP) with confidentiality and 834 integrity protection for protecting the location information. 836 Access-network-specific information elements that the mobile access 837 gateway sends may have been dynamically learned over DHCP or using 838 other protocols. If proper security mechanisms are not in place, the 839 exchanged information may be potentially compromised with the mobile 840 access gateway sending incorrect access network parameters to the 841 local mobility anchor. This situation may potentially result in 842 incorrect service policy enforcement at the local mobility anchor and 843 impact to other services that depend on this access network 844 information. This threat can be mitigated by ensuring the 845 communication path between the mobile access gateway and the access 846 points is properly secured by the use of IPsec, Transport Layer 847 Security (TLS), or other security protocols. 849 8. Acknowledgements 851 The authors would like to thank Basavaraj Patil, Carlos Bernardos, 852 Gerardo Gieratta, Eric Voit, Hidetoshi Yokota, Ryuji Wakikawa, 853 Sangram Kishore, William Wan, Stefano Faccin, and Brian Haberman for 854 all the discussions related to this topic. The authors would also 855 like to acknowledge the IESG reviews from Benoit Claise, Stephen 856 Farrell, Pete Resnick, Robert Spark, Martin Thomson, and Ralph Droms. 858 9. References 860 9.1. Normative References 862 [RFC1035] Mockapetris, P., "Domain names - implementation and 863 specification", STD 13, RFC 1035, November 1987. 865 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 866 Requirement Levels", BCP 14, RFC 2119, March 1997. 868 [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO 869 10646", STD 63, RFC 3629, November 2003. 871 [RFC5139] Thomson, M. and J. Winterbottom, "Revised Civic Location 872 Format for Presence Information Data Format Location 873 Object (PIDF-LO)", RFC 5139, February 2008. 875 [RFC5213] Gundavelli, S., Leung, K., Devarapalli, V., Chowdhury, K., 876 and B. Patil, "Proxy Mobile IPv6", RFC 5213, August 2008. 878 [RFC5844] Wakikawa, R. and S. Gundavelli, "IPv4 Support for Proxy 879 Mobile IPv6", RFC 5844, May 2010. 881 [RFC6275] Perkins, C., Johnson, D., and J. Arkko, "Mobility Support 882 in IPv6", RFC 6275, July 2011. 884 9.2. Informative References 886 [ANI] 3GPP2 TSG-A, "Interoperability Specification (IOS) for 887 High Rate Packet Data (HRPD) Radio Access Network 888 Interfaces with Session Control in the Access Network", 889 A.S0008-A v3.0, October 2008. 891 [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 892 (IPv6) Specification", RFC 2460, December 1998. 894 [RFC3046] Patrick, M., "DHCP Relay Agent Information Option", 895 RFC 3046, January 2001. 897 [RFC6225] Polk, J., Linsner, M., Thomson, M., and B. Aboba, "Dynamic 898 Host Configuration Protocol Options for Coordinate-Based 899 Location Configuration Information", RFC 6225, July 2011. 901 [SMI] IANA, "PRIVATE ENTERPRISE NUMBERS", SMI Network Management 902 Private Enterprise Codes, 903 . 905 [TS23003] 3GPP, "Numbering, addressing and identification", 3GPP 906 TS 23.003 3.15.0, 2012. 908 [TS23203] 3GPP, "Policy and Charging Control Architecture", 3GPP 909 TS 23.203 10.7.0, 2012. 911 [TS23402] 3GPP, "Architecture enhancements for non-3GPP accesses", 912 3GPP TS 23.402 10.7.0, 2012. 914 [WGS84] NIMA, "World Geodetic System 1984", Third Edition, 915 NIMA TR8350.2, June 2004. 917 Authors' Addresses 919 Sri Gundavelli (editor) 920 Cisco 921 170 West Tasman Drive 922 San Jose, CA 95134 923 USA 925 EMail: sgundave@cisco.com 927 Jouni Korhonen (editor) 928 Broadcom 929 Porkkalankatu 24 930 Helsinki FIN-00180 931 Finland 933 EMail: jouni.nospam@gmail.com 934 Mark Grayson 935 Cisco 936 11 New Square Park 937 Bedfont Lakes, Feltham TW14 8HA 938 England 940 EMail: mgrayson@cisco.com 942 Kent Leung 943 Cisco 944 170 West Tasman Drive 945 San Jose, CA 95134 946 USA 948 EMail: kleung@cisco.com 950 Rajesh Pazhyannur 951 Cisco 952 170 West Tasman Drive 953 San Jose, CA 95134 954 USA 956 EMail: rpazhyan@cisco.com