idnits 2.17.1 draft-ietf-dmm-distributed-mobility-anchoring-14.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (November 1, 2019) is 1635 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Outdated reference: A later version (-14) exists of draft-ietf-dmm-fpc-cpdp-12 == Outdated reference: A later version (-06) exists of draft-ietf-dmm-pmipv6-dlif-04 == Outdated reference: A later version (-26) exists of draft-ietf-rtgwg-atn-bgp-02 Summary: 0 errors (**), 0 flaws (~~), 4 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 DMM H. Chan, Ed. 3 Internet-Draft X. Wei 4 Intended status: Informational Huawei Technologies 5 Expires: May 4, 2020 J. Lee 6 Sangmyung University 7 S. Jeon 8 Sungkyunkwan University 9 CJ. Bernardos, Ed. 10 UC3M 11 November 1, 2019 13 Distributed Mobility Anchoring 14 draft-ietf-dmm-distributed-mobility-anchoring-14 16 Abstract 18 This document defines distributed mobility anchoring in terms of the 19 different configurations and functions to provide IP mobility 20 support. A network may be configured with distributed mobility 21 anchoring functions for both network-based or host-based mobility 22 support according to the needs of mobility support. In a distributed 23 mobility anchoring environment, multiple anchors are available for 24 mid-session switching of an IP prefix anchor. To start a new flow or 25 to handle a flow not requiring IP session continuity as a mobile node 26 moves to a new network, the flow can be started or re-started using 27 an IP address configured from the new IP prefix anchored to the new 28 network. If the flow needs to survive the change of network, there 29 are solutions that can be used to enable IP address mobility. This 30 document describes different anchoring approaches, depending on the 31 IP mobility needs, and how this IP address mobility is handled by the 32 network. 34 Status of This Memo 36 This Internet-Draft is submitted in full conformance with the 37 provisions of BCP 78 and BCP 79. 39 Internet-Drafts are working documents of the Internet Engineering 40 Task Force (IETF). Note that other groups may also distribute 41 working documents as Internet-Drafts. The list of current Internet- 42 Drafts is at https://datatracker.ietf.org/drafts/current/. 44 Internet-Drafts are draft documents valid for a maximum of six months 45 and may be updated, replaced, or obsoleted by other documents at any 46 time. It is inappropriate to use Internet-Drafts as reference 47 material or to cite them other than as "work in progress." 48 This Internet-Draft will expire on May 4, 2020. 50 Copyright Notice 52 Copyright (c) 2019 IETF Trust and the persons identified as the 53 document authors. All rights reserved. 55 This document is subject to BCP 78 and the IETF Trust's Legal 56 Provisions Relating to IETF Documents 57 (https://trustee.ietf.org/license-info) in effect on the date of 58 publication of this document. Please review these documents 59 carefully, as they describe your rights and restrictions with respect 60 to this document. Code Components extracted from this document must 61 include Simplified BSD License text as described in Section 4.e of 62 the Trust Legal Provisions and are provided without warranty as 63 described in the Simplified BSD License. 65 Table of Contents 67 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 68 2. Conventions and Terminology . . . . . . . . . . . . . . . . . 4 69 3. Distributed Mobility Anchoring . . . . . . . . . . . . . . . 5 70 3.1. Configurations for Different Networks . . . . . . . . . . 5 71 3.1.1. Network-based DMM . . . . . . . . . . . . . . . . . . 5 72 3.1.2. Client-based DMM . . . . . . . . . . . . . . . . . . 6 73 4. IP Mobility Handling in Distributed Anchoring Environments - 74 Mobility Support Only When Needed . . . . . . . . . . . . . . 7 75 4.1. Nomadic case (no need of IP mobility): Changing to new IP 76 prefix/address . . . . . . . . . . . . . . . . . . . . . 8 77 4.2. Mobility case, traffic redirection . . . . . . . . . . . 10 78 4.3. Mobility case, anchor relocation . . . . . . . . . . . . 13 79 5. Security Considerations . . . . . . . . . . . . . . . . . . . 14 80 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15 81 7. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 15 82 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 16 83 8.1. Normative References . . . . . . . . . . . . . . . . . . 16 84 8.2. Informative References . . . . . . . . . . . . . . . . . 16 85 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 18 87 1. Introduction 89 A key requirement in distributed mobility management [RFC7333] is to 90 enable traffic to avoid traversing a single mobility anchor far from 91 an optimal route. This document defines different configurations, 92 functional operations and parameters for distributed mobility 93 anchoring and explains how to use them to avoid unnecessarily long 94 routes when a mobile node moves. 96 Companion distributed mobility management documents are already 97 addressing the architecture and deployment 98 [I-D.ietf-dmm-deployment-models], source address selection [RFC8653], 99 and control-plane data-plane signaling [I-D.ietf-dmm-fpc-cpdp]. A 100 number of distributed mobility solutions have also been proposed, for 101 example, in [I-D.seite-dmm-dma], [I-D.ietf-dmm-pmipv6-dlif], 102 [I-D.sarikaya-dmm-for-wifi], [I-D.yhkim-dmm-enhanced-anchoring], and 103 [I-D.matsushima-stateless-uplane-vepc]. 105 Distributed mobility anchoring employs multiple anchors in the data 106 plane. In general, control plane functions may be separated from 107 data plane functions and be centralized but may also be co-located 108 with the data plane functions at the distributed anchors. Different 109 configurations of distributed mobility anchoring are described in 110 Section 3.1. 112 As a Mobile Node (MN) attaches to an access router and establishes a 113 link between them, a /64 IPv6 prefix anchored to the router may be 114 assigned to the link for exclusive use by the MN [RFC6459]. The MN 115 may then configure a global IPv6 address from this prefix and use it 116 as the source IP address in a flow to communicate with its 117 correspondent node (CN). When there are multiple mobility anchors 118 assigned to the same MN, an address selection for a given flow is 119 first required before the flow is initiated. Using an anchor in a 120 MN's network of attachment has the advantage that the packets can 121 simply be forwarded according to the forwarding table. However, 122 after the flow has been initiated, the MN may later move to another 123 network which assigns a new mobility anchor to the MN. Since the new 124 anchor is located in a different network, the MN's assigned prefix 125 does not belong to the network where the MN is currently attached. 127 When the MN wants to continue using its assigned prefix to complete 128 ongoing data sessions after it has moved to a new network, the 129 network needs to provide support for the MN's IP address -- and 130 session continuity, since routing packets to the MN through the new 131 network deviates from applying default routes. The IP session 132 continuity needs of a flow (application) determines how the IP 133 address used by this flow has to be anchored. If the ongoing IP flow 134 can cope with an IP prefix/address change, the flow can be 135 reinitiated with a new IP address anchored in the new network. On 136 the other hand, if the ongoing IP flow cannot cope with such change, 137 mobility support is needed. A network supporting a mix of flows both 138 requiring and not requiring IP mobility support will need to 139 distinguish these flows. 141 2. Conventions and Terminology 143 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 144 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 145 "OPTIONAL" in this document are to be interpreted as described in BCP 146 14 [RFC2119] [RFC8174] when, and only when, they appear in all 147 capitals, as shown here. 149 All general mobility-related terms and their acronyms used in this 150 document are to be interpreted as defined in the Mobile IPv6 (MIPv6) 151 base specification [RFC6275], the Proxy Mobile IPv6 (PMIPv6) 152 specification [RFC5213], the "Mobility Related Terminologies" 153 [RFC3753], and the DMM current practices and gap analysis [RFC7429]. 154 These include terms such as mobile node (MN), correspondent node 155 (CN), home agent (HA), home address (HoA), care-of-address (CoA), 156 local mobility anchor (LMA), and mobile access gateway (MAG). 158 In addition, this document uses the following terms: 160 Home network of a home address: the network that has assigned the 161 HoA used as the session identifier by the application running in 162 an MN. The MN may be running multiple application sessions, and 163 each of these sessions can have a different home network. 165 Anchoring (of an IP prefix/address): An IP prefix, i.e., Home 166 Network Prefix (HNP), or address, i.e., HoA, assigned for use by 167 an MN is topologically anchored to an anchor node when the anchor 168 node is able to advertise a connected route into the routing 169 infrastructure for the assigned IP prefix. The traffic using the 170 assigned IP address/prefix must traverse the anchor node. We can 171 refer to the function performed by IP anchor node as anchoring, 172 which is a data plane function. 174 Location Management (LM) function: control plane function that keeps 175 and manages the network location information of an MN. The 176 location information may be a binding of the advertised IP 177 address/prefix, e.g., HoA or HNP, to the IP routing address of the 178 MN or of a node that can forward packets destined to the MN. 180 When the MN is a mobile router (MR), the location information will 181 also include the mobile network prefix (MNP), which is the 182 aggregate IP prefix delegated to the MR to assign IP prefixes for 183 use by the mobile network nodes (MNNs) in the mobile network. 185 In a client-server protocol model, location query and update 186 messages may be exchanged between a Location Management client 187 (LMc) and a Location Management server (LMs), where the location 188 information can be updated to or queried from the LMc. 189 Optionally, there may be a Location Management proxy (LMp) between 190 LMc and LMs. 192 With separation of control plane and data plane, the LM function 193 is in the control plane. It may be a logical function at the 194 control plane node, control plane anchor, or mobility controller. 196 It may be distributed or centralized. 198 Forwarding Management (FM) function: packet interception and 199 forwarding to/from the IP address/prefix assigned for use by the 200 MN, based on the internetwork location information, either to the 201 destination or to some other network element that knows how to 202 forward the packets to their destination. 204 This function may be used to achieve traffic indirection. With 205 separation of control plane and data plane, the FM function may 206 split into a FM function in the data plane (FM-DP) and a FM 207 function in the control plane (FM-CP). 209 FM-DP may be distributed with distributed mobility management. It 210 may be a function in a data plane anchor or data plane node. 212 FM-CP may be distributed or centralized. It may be a function in 213 a control plane node, control plane anchor or mobility controller. 215 3. Distributed Mobility Anchoring 217 3.1. Configurations for Different Networks 219 We next describe some configurations with multiple distributed 220 anchors. To cover the widest possible spectrum of scenarios, we 221 consider architectures in which the control and data planes are 222 separated, as described in [I-D.ietf-dmm-deployment-models]. 224 3.1.1. Network-based DMM 226 Figure 1 shows a general scenario for network-based distributed 227 mobility management. 229 The main characteristics of a network-based DMM solution are: 231 o There are multiple data plane anchors, each with a FM-DP function. 233 o The control plane may either be distributed (not shown in the 234 figure) or centralized (as shown in the figure). 235 o The control plane and the data plane (Control Plane Anchor -- CPA 236 -- and Data Plane Anchor -- DPA) may be co-located or not. If the 237 CPA is co-located with the distributed DPAs, then there are 238 multiple co-located CPA-DPA instances (not shown in the figure). 239 o An IP prefix/address IP1 (anchored to the DPA with IP address 240 IPa1) is assigned for use to a MN. The MN uses this IP1 address 241 to communicate with CNs (not shown in the figure). 242 o The location management (LM) function may be co-located or split 243 (as shown in the figure) into a separate server (LMs) and a client 244 (LMc). In this case, the LMs may be centralized whereas the LMc 245 may be distributed or centralized. 247 ____________ Network 248 ___/ \___________ 249 / +-----+ \___ 250 ( |LMs | Control \ 251 / +-.---+ plane \ 252 / +--------.---+ functions \ 253 ( |CPA: . | in the ) 254 ( |FM-CP, LMc | network ) 255 ( +------------+ \ 256 / . . \ 257 ( . . ) 258 ( . . ) 259 ( . . \ 260 \ +------------+ +------------+Distributed ) 261 ( |DPA(IPa1): | |DPA(IPa2): |DPAs ) 262 ( |anchors IP1 | |anchors IP2 | _/ 263 \ |FM-DP | |FM-DP | etc. / 264 \ +------------+ +------------+ / 265 \___ Data plane _____/ 266 \______ functions / 267 \__________________/ 269 +------------+ 270 |MN(IP1) | Mobile node attached 271 |flow(IP1,..)| to the network 272 +------------+ 274 Figure 1: Network-based DMM configuration 276 3.1.2. Client-based DMM 278 Figure 2 shows a general scenario for client-based distributed 279 mobility management. In this configuration, the mobile node performs 280 Control Plane Node (CPN) and Data Plane Node (DPN) mobility 281 functions, namely the forwarding management and location management 282 (client) roles. 284 +-----+ 285 |LMs | 286 +-.---+ 287 +--------.---+ 288 |CPA: . | 289 |FM-CP, LMp | 290 +------------+ 291 . . 292 . . 293 . . 294 . . 295 +------------+ +------------+ Distributed 296 |DPA(IPa1): | |DPA(IPa2): | DPAs 297 |anchors IP1 | |anchors IP2 | 298 |FM-DP | |FM-DP | etc. 299 +------------+ +------------+ 301 +------------+ 302 |MN(IP1) |Mobile node 303 |flow(IP1,..)|using IP1 304 |FM, LMc |anchored to 305 +------------+DPA(IPa1) 307 Figure 2: Client-based DMM configuration 309 4. IP Mobility Handling in Distributed Anchoring Environments - 310 Mobility Support Only When Needed 312 IP mobility support may be provided only when needed instead of being 313 provided by default. Three cases can be considered: 315 o Nomadic case: no address continuity is required. The IP address 316 used by the MN changes after a movement and traffic using the old 317 address is disrupted. If session continuity is required, then it 318 needs to be provided by a solution running at L4 or above. 319 o Mobility case, traffic redirection: address continuity is 320 required. When the MN moves, the previous anchor still anchors 321 the traffic using the old IP address, and forwards it to the new 322 MN's location. The MN obtains a new IP address anchored to the 323 new location, and preferably uses it for new communications, 324 established while connected at the new location. 325 o Mobility case, anchor relocation: address continuity is required. 326 In this case the route followed by the traffic is optimized, by 327 using some means for traffic indirection to deviate from default 328 routes. 330 A straightforward choice of mobility anchoring is the following: the 331 MN's chooses as source IP address for packets belonging to an IP 332 flow, an address allocated by the network the MN is attached to when 333 the flow was initiated. As such, traffic belonging to this flow 334 traverses the MN's mobility anchor [I-D.seite-dmm-dma] 335 [I-D.ietf-dmm-pmipv6-dlif]. 337 The IP prefix/address at the MN's side of a flow may be anchored to 338 the access router to which the MN is attached. For example, when a 339 MN attaches to a network (Net1) or moves to a new network (Net2), an 340 IP prefix from the attached network is assigned to the MN's 341 interface. In addition to configuring new link-local addresses, the 342 MN configures from this prefix an IP address which is typically a 343 dynamic IP address. It then uses this IP address when a flow is 344 initiated. Packets from this flow addressed to the MN are simply 345 forwarded according to the forwarding table. 347 There may be multiple IP prefixes/addresses that an MN can select 348 when initiating a flow. They may be from the same access network or 349 different access networks. The network may advertise these prefixes 350 with cost options [I-D.mccann-dmm-prefixcost] so that the mobile node 351 may choose the one with the least cost. In addition, these IP 352 prefixes/addresses may be of different types regarding whether 353 mobility support is needed [RFC8653]. A MN will need to choose which 354 IP prefix/address to use for each flow according to whether it needs 355 IP mobility support or not, using for example the mechanisms 356 described in [RFC8653]. 358 4.1. Nomadic case (no need of IP mobility): Changing to new IP prefix/ 359 address 361 When IP mobility support is not needed for a flow, the LM and FM 362 functions are not utilized so that the configurations in Section 3.1 363 are simplified as shown in Figure 3. 365 Net1 Net2 367 +---------------+ +---------------+ 368 |AR1 | AR is changed |AR2 | 369 +---------------+ -------> +---------------+ 370 |CPA: | |CPA: | 371 |---------------| |---------------| 372 |DPA(IPa1): | |DPA(IPa2): | 373 |anchors IP1 | |anchors IP2 | 374 +---------------+ +---------------+ 376 +...............+ +---------------+ 377 .MN(IP1) . MN moves |MN(IP2) | 378 .flow(IP1,...) . =======> |flow(IP2,...) | 379 +...............+ +---------------+ 381 Figure 3: Changing to a new IP address/prefix 383 When there is no need to provide IP mobility to a flow, the flow may 384 use a new IP address acquired from a new network as the MN moves to 385 the new network. 387 Regardless of whether IP mobility is needed, if the flow has not 388 terminated before the MN moves to a new network, the flow may 389 subsequently restart using the new IP address assigned from the new 390 network. 392 When IP session continuity is needed, even if a flow is ongoing as 393 the MN moves, it may still be desirable for the flow to change to 394 using the new IP prefix configured in the new network. The flow may 395 then close and then restart using a new IP address configured in the 396 new network. Such a change in the IP address of the flow may be 397 enabled using a higher layer mobility support which is not in the 398 scope of this document. 400 In Figure 3, a flow initiated while the MN was using the IP prefix 401 IP1 -- anchored to a previous access router AR1 in network Net1 -- 402 has terminated before the MN moves to a new network Net2. After 403 moving to Net2, the MN uses the new IP prefix IP2 -- anchored to a 404 new access router AR2 in network Net2 -- to start a new flow. 405 Packets may then be forwarded without requiring IP layer mobility 406 support. 408 An example call flow is outlined in Figure 4. A MN attaches to AR1, 409 which sends a router advertisement (RA) including information about 410 the prefix assigned to MN, from which MN configures an IP address 411 (IP1). This address is used for new communications, for example with 412 a correspondent node (CN). If the MN moves to a new network and 413 attaches to AR2, the process is repeated (MN obtains a new IP 414 address, IP2, from AR2). Since the IP address (IP1) configured at 415 the previously visited network is not valid at the current attachment 416 point, and any existing flows have to be reestablished using IP2. 418 Note that in this scenarios, if there is no mobility support provided 419 by L4 or above, an application might be able to stop before changing 420 point of attachement, and therefore the traffic would stop. 422 MN AR1 AR2 CN 423 |MN attaches to AR1: | | | 424 |acquires MN-ID and profile | | 425 |--RS---------------->| | | 426 | | | | 427 |<----------RA(IP1)---| | | 428 | | | | 429 Assigned prefix IP1 | | | 430 IP1 address configuration | | 431 | | | | 432 |<-Flow(IP1,IPcn,...)-+------------------------------------------>| 433 | | | | 434 |MN detaches from AR1 | | | 435 |MN attaches to AR2 | | | 436 | | | | 437 |--RS------------------------------>| | 438 | | | | 439 |<--------------RA(IP2)-------------| | 440 | | | | 441 Assigned prefix IP2 | | | 442 IP2 address configuration | | 443 | | | | 444 |<-new Flow(IP2,IPcn,...)-----------+---------------------------->| 445 | | | | 447 Figure 4: Re-starting a flow with new IP prefix/address 449 4.2. Mobility case, traffic redirection 451 When IP mobility is needed for a flow, the LM and FM functions in 452 Section 3.1 are utilized. There are two possible cases: (i) the 453 mobility anchor remains playing that role and forwards traffic to a 454 new locator in the new network, and (ii) the mobility anchor (data 455 plane function) is changed but binds the MN's transferred IP address/ 456 prefix. The latter enables optimized routes but requires some data 457 plane node that enforces rules for traffic indirection. Next, we 458 focus on the first case. The second one is addressed in Section 4.3. 460 Mobility support can be provided by using mobility management 461 methods, such as the several approaches surveyed in the academic 462 papers ([Paper-Distributed.Mobility], 463 [Paper-Distributed.Mobility.PMIP] and 464 [Paper-Distributed.Mobility.Review]). After moving, a certain MN's 465 traffic flow may continue using the IP prefix from the prior network 466 of attachment. Yet, some time later, the application generating this 467 traffic flow may be closed. If the application is started again, the 468 new flow may not need to use the prior network's IP address to avoid 469 having to invoke IP mobility support. This may be the case where a 470 dynamic IP prefix/address, rather than a permanent one, is used. 471 Packets belonging to this flow may then use the new IP prefix (the 472 one allocated in the network where the flow is being initiated). 473 Routing is again kept simpler without employing IP mobility and will 474 remain so as long as the MN which is now in the new network does not 475 move again to another network. 477 MN AR1 AR2 CN 478 |MN attaches to AR1: | | | 479 |acquires MN-ID and profile | | 480 |--RS---------------->| | | 481 | | | | 482 |<----------RA(IP1)---| | | 483 | | | | 484 Assigned prefix IP1 | | | 485 IP1 address configuration | | 486 | | | | 487 |<-Flow(IP1,IPcn,...)-+------------------------------------------>| 488 | | | | 489 |MN detaches from AR1 | | | 490 |MN attaches to AR2 | | | 491 | | | | 492 |--RS------------------------------>| | 493 (some IP mobility support solution) 494 |<--------------RA(IP2,IP1)---------| | 495 | | | | 496 | +<-Flow(IP1,IPcn,...)---------------------->| 497 | +<===========>+ | 498 |<-Flow(IP1,IPcn,...)-------------->+ | 499 | | | | 500 Assigned prefix IP2 | | | 501 IP2 address configuration | | 502 | | | | 503 Flow(IP1,IPcn) terminates | | 504 | | | | 505 |<-new Flow(IP2,IPcn,...)-----------+---------------------------->| 506 | | | | 508 Figure 5: A flow continues to use the IP prefix from its home network 509 after MN has moved to a new network 511 An example call flow in this case is outlined in Figure 5. In this 512 example, the AR1 plays the role of FM-DP entity and redirects the 513 traffic (e.g., using an IP tunnel) to AR2. Another solution could be 514 to place an FM-DP entity closer to the CN network to perform traffic 515 steering to deviate from default routes (which will bring the packet 516 to AR1 per default routing). The LM and FM functions are implemented 517 as shown in Figure 6. 519 Net1 Net2 521 +---------------+ +---------------+ 522 |AR1 | |AR2 | 523 +---------------+ +---------------+ 524 |CPA: | |CPA: | 525 | | |LM:IP1 at IPa1 | 526 |---------------| IP1 (anchored to Net1) |---------------| 527 |DPA(IPa1): | is redirected to Net2 |DPA(IPa2): | 528 |anchors IP1 | =======> |anchors IP2 | 529 +---------------+ +---------------+ 531 +...............+ +---------------+ 532 .MN(IP1) . MN moves |MN(IP2,IP1) | 533 .flow(IP1,...) . =======> |flow(IP1,...) | 534 . . |flow(IP2,...) | 535 +...............+ +---------------+ 537 Figure 6: Anchor redirection 539 Multiple instances of DPAs (at access routers), which are providing 540 IP prefixes to the MNs, are needed to provide distributed mobility 541 anchoring in an appropriate configuration such as those described in 542 Figure 1 (Section 3.1.1) for network-based distributed mobility or in 543 Figure 2 (Section 3.1.2) for client-based distributed mobility. 545 4.3. Mobility case, anchor relocation 547 We focus next on the case where the mobility anchor (data plane 548 function) is changed but binds the MN's transferred IP address/ 549 prefix. This enables optimized routes but requires some data plane 550 node that enforces rules for traffic indirection. 552 IP mobility is invoked to enable IP session continuity for an ongoing 553 flow as the MN moves to a new network. Here the anchoring of the IP 554 address of the flow is in the home network of the flow (i.e., 555 different from the current network of attachment). A centralized 556 mobility management mechanism may employ indirection from the anchor 557 in the home network to the current network of attachment. Yet it may 558 be difficult to avoid using an unnecessarily long route (when the 559 route between the MN and the CN via the anchor in the home network is 560 significantly longer than the direct route between them). An 561 alternative is to move the IP prefix/address anchoring to the new 562 network. 564 The IP prefix/address anchoring may move without changing the IP 565 prefix/address of the flow. Here the LM and FM functions in Figure 1 566 in Section 3.1 are implemented as shown in Figure 7. 568 Net1 Net2 570 +---------------+ +---------------+ 571 |AR1 | |AR2 | 572 +---------------+ +---------------+ 573 |CPA: | |CPA: | 574 |LM:IP1 at IPa1 | |LM:IP1 at IPa2 | 575 | changes to | | | 576 | IP1 at IPa2 | | | 577 |---------------| |---------------| 578 |DPA(IPa1): | IP1 anchoring effectively moved |DPA(IPa2): | 579 |anchored IP1 | =======> |anchors IP2,IP1| 580 +---------------+ +---------------+ 582 +...............+ +---------------+ 583 .MN(IP1) . MN moves |MN(IP2,IP1) | 584 .flow(IP1,...) . =======> |flow(IP1,...) | 585 +...............+ +---------------+ 587 Figure 7: Anchor mobility 589 As an MN with an ongoing session moves to a new network, the flow may 590 preserve IP session continuity by moving the anchoring of the 591 original IP prefix/address of the flow to the new network. 593 One way to accomplish such a move is to use a centralized routing 594 protocol, but such a solution may present some scalability concerns 595 and its applicability is typically limited to small networks. One 596 example of this type of solution is described in 597 [I-D.ietf-rtgwg-atn-bgp]. When a mobile associates with an anchor 598 the anchor injects the mobile's prefix into the global routing 599 system. If the mobile moves to a new anchor, the old anchor 600 withdraws the /64 and the new anchor injects it instead. 602 5. Security Considerations 604 As stated in [RFC7333], "a DMM solution MUST supportany security 605 protocols and mechanisms needed to secure the network and to make 606 continuous security improvements". It "MUST NOT introduce new 607 security risks". 609 As described in [I-D.ietf-dmm-deployment-models], there are different 610 potential deployment models of a DMM solution. The present document 611 has presented 3 different scenarios for distributed anchoring: (i) 612 nomadic case, (ii) mobility case with traffic redirection, and (iii) 613 mobility case with anchor relocation. Each of them has different 614 security requirements, and the actual security mechanisms would 615 depend on the specifics of each solution/scenario. 617 As general rules, for the first distributed anchoring scenario 618 (nomadic case), no additional security consideration is needed, as 619 this does not involve any additional mechanism at L3. If session 620 connectivity is required, the L4 or above solution used to provide it 621 MUST also provide the required authentication and security. 623 The second and third distributed anchoring scenarios (mobility case) 624 involve mobility signalling among the mobile node and the control and 625 data plane anchors. The control-plane messages exchanged between 626 these entitites MUST be protected using end-to-end security 627 associations with data-integrity and data-origination capabilities. 628 IPsec ESP in transport mode with mandatory integrity protection 629 SHOULD be used for protecting the signaling messages. IKEv2 should 630 be used to set up security associations between the data and control 631 plane anchors. 633 6. IANA Considerations 635 This document presents no IANA considerations. 637 7. Contributors 639 Alexandre Petrescu and Fred Templin had contributed to earlier 640 versions of this document regarding distributed anchoring for 641 hierarchical network and for network mobility, although these 642 extensions were removed to keep the document within reasonable 643 length. 645 This document has benefited from other work on mobility support in 646 SDN network, on providing mobility support only when needed, and on 647 mobility support in enterprise network. These works have been 648 referenced. While some of these authors have taken the work to 649 jointly write this document, others have contributed at least 650 indirectly by writing these drafts. The latter include Philippe 651 Bertin, Dapeng Liu, Satoru Matushima, Pierrick Seite, Jouni Korhonen, 652 and Sri Gundavelli. 654 Valuable comments have been received from John Kaippallimalil, 655 ChunShan Xiong, Dapeng Liu, Fred Templin, Paul Kyzivat, Joseph 656 Salowey and Yoshifumi Nishida. Dirk von Hugo, Byju Pularikkal, 657 Pierrick Seite have generously provided careful review with helpful 658 corrections and suggestions. Marco Liebsch and Lyle Bertz also 659 performed very detailed and helpful reviews of this document. 661 8. References 663 8.1. Normative References 665 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 666 Requirement Levels", BCP 14, RFC 2119, 667 DOI 10.17487/RFC2119, March 1997, 668 . 670 [RFC3753] Manner, J., Ed. and M. Kojo, Ed., "Mobility Related 671 Terminology", RFC 3753, DOI 10.17487/RFC3753, June 2004, 672 . 674 [RFC5213] Gundavelli, S., Ed., Leung, K., Devarapalli, V., 675 Chowdhury, K., and B. Patil, "Proxy Mobile IPv6", 676 RFC 5213, DOI 10.17487/RFC5213, August 2008, 677 . 679 [RFC6275] Perkins, C., Ed., Johnson, D., and J. Arkko, "Mobility 680 Support in IPv6", RFC 6275, DOI 10.17487/RFC6275, July 681 2011, . 683 [RFC7333] Chan, H., Ed., Liu, D., Seite, P., Yokota, H., and J. 684 Korhonen, "Requirements for Distributed Mobility 685 Management", RFC 7333, DOI 10.17487/RFC7333, August 2014, 686 . 688 [RFC7429] Liu, D., Ed., Zuniga, JC., Ed., Seite, P., Chan, H., and 689 CJ. Bernardos, "Distributed Mobility Management: Current 690 Practices and Gap Analysis", RFC 7429, 691 DOI 10.17487/RFC7429, January 2015, 692 . 694 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 695 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 696 May 2017, . 698 8.2. Informative References 700 [I-D.ietf-dmm-deployment-models] 701 Gundavelli, S. and S. Jeon, "DMM Deployment Models and 702 Architectural Considerations", draft-ietf-dmm-deployment- 703 models-04 (work in progress), May 2018. 705 [I-D.ietf-dmm-fpc-cpdp] 706 Matsushima, S., Bertz, L., Liebsch, M., Gundavelli, S., 707 Moses, D., and C. Perkins, "Protocol for Forwarding Policy 708 Configuration (FPC) in DMM", draft-ietf-dmm-fpc-cpdp-12 709 (work in progress), June 2018. 711 [I-D.ietf-dmm-pmipv6-dlif] 712 Bernardos, C., Oliva, A., Giust, F., Zuniga, J., and A. 713 Mourad, "Proxy Mobile IPv6 extensions for Distributed 714 Mobility Management", draft-ietf-dmm-pmipv6-dlif-04 (work 715 in progress), January 2019. 717 [I-D.ietf-rtgwg-atn-bgp] 718 Templin, F., Saccone, G., Dawra, G., Lindem, A., and V. 719 Moreno, "A Simple BGP-based Mobile Routing System for the 720 Aeronautical Telecommunications Network", draft-ietf- 721 rtgwg-atn-bgp-02 (work in progress), May 2019. 723 [I-D.matsushima-stateless-uplane-vepc] 724 Matsushima, S. and R. Wakikawa, "Stateless user-plane 725 architecture for virtualized EPC (vEPC)", draft- 726 matsushima-stateless-uplane-vepc-06 (work in progress), 727 March 2016. 729 [I-D.mccann-dmm-prefixcost] 730 McCann, P. and J. Kaippallimalil, "Communicating Prefix 731 Cost to Mobile Nodes", draft-mccann-dmm-prefixcost-03 732 (work in progress), April 2016. 734 [I-D.sarikaya-dmm-for-wifi] 735 Sarikaya, B. and L. Li, "Distributed Mobility Management 736 Protocol for WiFi Users in Fixed Network", draft-sarikaya- 737 dmm-for-wifi-05 (work in progress), October 2017. 739 [I-D.seite-dmm-dma] 740 Seite, P., Bertin, P., and J. Lee, "Distributed Mobility 741 Anchoring", draft-seite-dmm-dma-07 (work in progress), 742 February 2014. 744 [I-D.yhkim-dmm-enhanced-anchoring] 745 Kim, Y. and S. Jeon, "Enhanced Mobility Anchoring in 746 Distributed Mobility Management", draft-yhkim-dmm- 747 enhanced-anchoring-05 (work in progress), July 2016. 749 [Paper-Distributed.Mobility] 750 Lee, J., Bonnin, J., Seite, P., and H. Chan, "Distributed 751 IP Mobility Management from the Perspective of the IETF: 752 Motivations, Requirements, Approaches, Comparison, and 753 Challenges", IEEE Wireless Communications, October 2013. 755 [Paper-Distributed.Mobility.PMIP] 756 Chan, H., "Proxy Mobile IP with Distributed Mobility 757 Anchors", Proceedings of GlobeCom Workshop on Seamless 758 Wireless Mobility, December 2010. 760 [Paper-Distributed.Mobility.Review] 761 Chan, H., Yokota, H., Xie, J., Seite, P., and D. Liu, 762 "Distributed and Dynamic Mobility Management in Mobile 763 Internet: Current Approaches and Issues", February 2011. 765 [RFC6459] Korhonen, J., Ed., Soininen, J., Patil, B., Savolainen, 766 T., Bajko, G., and K. Iisakkila, "IPv6 in 3rd Generation 767 Partnership Project (3GPP) Evolved Packet System (EPS)", 768 RFC 6459, DOI 10.17487/RFC6459, January 2012, 769 . 771 [RFC8653] Yegin, A., Moses, D., and S. Jeon, "On-Demand Mobility 772 Management", RFC 8653, DOI 10.17487/RFC8653, October 2019, 773 . 775 Authors' Addresses 777 H. Anthony Chan (editor) 778 Huawei Technologies 779 5340 Legacy Dr. Building 3 780 Plano, TX 75024 781 USA 783 Email: h.a.chan@ieee.org 785 Xinpeng Wei 786 Huawei Technologies 787 Xin-Xi Rd. No. 3, Haidian District 788 Beijing, 100095 789 P. R. China 791 Email: weixinpeng@huawei.com 792 Jong-Hyouk Lee 793 Sangmyung University 794 31, Sangmyeongdae-gil, Dongnam-gu 795 Cheonan 31066 796 Republic of Korea 798 Email: jonghyouk@smu.ac.kr 800 Seil Jeon 801 Sungkyunkwan University 802 2066 Seobu-ro, Jangan-gu 803 Suwon, Gyeonggi-do 804 Republic of Korea 806 Email: seiljeon@skku.edu 808 Carlos J. Bernardos (editor) 809 Universidad Carlos III de Madrid 810 Av. Universidad, 30 811 Leganes, Madrid 28911 812 Spain 814 Phone: +34 91624 6236 815 Email: cjbc@it.uc3m.es 816 URI: http://www.it.uc3m.es/cjbc/