idnits 2.17.1 draft-ietf-mip4-dynamic-assignment-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3667, Section 5.1 on line 15. -- Found old boilerplate from RFC 3978, Section 5.5 on line 1006. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 982. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 989. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 995. ** Found boilerplate matching RFC 3978, Section 5.4, paragraph 1 (on line 1011), which is fine, but *also* found old RFC 2026, Section 10.4C, paragraph 1 text on line 38. ** The document seems to lack an RFC 3978 Section 5.1 IPR Disclosure Acknowledgement -- however, there's a paragraph with a matching beginning. Boilerplate error? ** This document has an original RFC 3978 Section 5.4 Copyright Line, instead of the newer IETF Trust Copyright according to RFC 4748. ** This document has an original RFC 3978 Section 5.5 Disclaimer, instead of the newer disclaimer which includes the IETF Trust according to RFC 4748. ** The document uses RFC 3667 boilerplate or RFC 3978-like boilerplate instead of verbatim RFC 3978 boilerplate. After 6 May 2005, submission of drafts without verbatim RFC 3978 boilerplate is not accepted. The following non-3978 patterns matched text found in the document. That text should be removed or replaced: By submitting this Internet-Draft, I certify that any applicable patent or other IPR claims of which I am aware have been disclosed, or will be disclosed, and any of which I become aware will be disclosed, in accordance with RFC 3668. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an Introduction section. (A line matching the expected section header was found, but with an unexpected indentation: ' 3.1 Scope' ) ** The document seems to lack a Security Considerations section. (A line matching the expected section header was found, but with an unexpected indentation: ' 9. Security Considerations' ) ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) (A line matching the expected section header was found, but with an unexpected indentation: ' 8. IANA Considerations' ) ** The abstract seems to contain references ([2], [3], [4], [5], [6], [7], [1]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- Couldn't find a document date in the document -- date freshness check skipped. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Missing reference section? '1' on line 929 looks like a reference -- Missing reference section? '2' on line 931 looks like a reference -- Missing reference section? '6' on line 939 looks like a reference -- Missing reference section? '7' on line 941 looks like a reference -- Missing reference section? '3' on line 933 looks like a reference -- Missing reference section? '5' on line 937 looks like a reference -- Missing reference section? '4' on line 935 looks like a reference Summary: 11 errors (**), 0 flaws (~~), 1 warning (==), 14 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Mobile IP Working Group Milind Kulkarni 3 INTERNET-DRAFT Alpesh Patel 4 Category: Standards Track Kent Leung 5 Date : 28 June 2004 Cisco Systems Inc. 7 Mobile IPv4 Dynamic Home Agent Assignment 8 draft-ietf-mip4-dynamic-assignment-02.txt 10 Status of this Memo 12 By submitting this Internet-Draft, I certify that any applicable 13 patent or other IPR claims of which I am aware have been disclosed, 14 and any of which I become aware will be disclosed, in accordance 15 with RFC 3668. 17 Internet-Drafts are working documents of the Internet Engineering 18 Task Force (IETF), its areas, and its working groups. Note that 19 other groups may also distribute working documents as Internet- 20 Drafts. 22 Internet-Drafts are draft documents valid for a maximum of six 23 months and may be updated, replaced, or obsoleted by other 24 documents at any time. It is inappropriate to use Internet Drafts 25 as reference material or to cite them other than as "work in 26 progress". 28 The list of current Internet-Drafts can be accessed at 29 http://www.ietf.org/ietf/1id-abstracts.txt. 31 The list of Internet-Draft Shadow Directories can be accessed at 32 http://www.ietf.org/shadow.html. 34 This Internet-Draft will expire on December 28, 2004. 36 Copyright Notice 38 Copyright (C) The Internet Society (2003). All Rights Reserved. 40 Abstract 42 Mobile IPv4 [1] uses the Home Agent (HA) to anchor sessions of a 43 roaming Mobile Node (MN). This draft proposes a messaging mechanism 44 for dynamic home agent assignment and HA redirection. The goal is 45 to provide a mechanism to assign an optimal HA for a Mobile IP 46 session while allowing any suitable method for HA selection. 48 Table of Contents 50 1. Introduction.................................................3 51 2. Requirements Terminology.....................................3 52 3. Problem Statement............................................4 53 3.1 Scope.......................................................5 54 3.2 Dynamic Home Agent Discovery in Mobile IPv4.................5 55 3.3 NAI usage and dynamic HA assignment.........................5 56 3.4 Dynamic HA extension........................................6 57 3.4.1 Requested HA extension....................................6 58 3.4.2 Redirected HA extension...................................7 59 4. Messaging mechanism for dynamic HA assignment/redirection....7 60 4.1 Messaging for dynamic HA assignment.........................7 61 4.1.1 Example with Message Flow Diagram.........................8 62 4.2 Messaging for HA redirection................................9 63 4.2.1 Example with Message Flow Diagram........................10 64 5. Mobility Agent Considerations...............................12 65 5.1 Mobile Node Considerations.................................12 66 5.1.1 MN using FA CoA..........................................12 67 5.1.2 MN using Collocated CoA..................................13 68 5.1.3 Refreshing Assigned HA Address on Mobile Node............13 69 5.2 Foreign Agent Considerations...............................14 70 5.3 Home Agent Considerations..................................14 71 5.3.1 Assigned Home Agent Considerations.......................15 72 6. Requested Home Agent Selection..............................16 73 7. Error Values................................................17 74 8. IANA Considerations.........................................17 75 9. Security Considerations.....................................18 76 10. Backward Compatibility Considerations......................19 77 11. Change Log from previous versions..........................19 78 12. Acknowledgements...........................................20 79 13. Normative References.......................................20 80 Authors' Addresses.............................................20 81 Intellectual Property Statement................................21 83 1. Introduction 85 This document adds to the Mobile IP protocol [1], by proposing a 86 messaging mechanism for dynamic home agent assignment and home 87 agent redirection during initial registration. The goal is to 88 assign an optimal HA for a Mobile IP session. The mobile node MUST 89 use Network Access Identifier (NAI) extension [2] when requesting a 90 dynamically assigned HA. 92 MN requests a dynamically assigned HA by setting the HA field in 93 the initial Registration Request to ALL-ZERO-ONE-ADDR (defined in 94 section 2). If the request is accepted, the HA field in successful 95 Registration Reply contains the HA address. The requested HA can 96 suggest an alternate HA and if so, the Registration Reply is 97 rejected with a new error code (REDIRECT-HA-REQ) and the alternate 98 HA address is specified in a new extension (Redirected HA 99 extension). 101 If the RRQ is rejected with Redirected HA extension or if the MN 102 wishes to register at a specific HA, MN can put the HA address in 103 the Requested HA extension in Registration Request. The HA address 104 in Requested HA extension is a hint to the network where the MN may 105 be anchored. The HA field is set to ALL-ZERO-ONE-ADDRESS for 106 dynamic HA assignment. 108 The messaging mechanism is defined in this document so that the 109 MN can request and receive a dynamic HA address in Mobile IP 110 messages. However, the mechanism by which the network selects 111 an HA for assignment to the MN is outside the scope of this 112 document. For example, the selection may be made by any 113 network node that receives the registration request (or 114 information about the registration request), such as a Foreign 115 Agent, AAA server, or Home Agent. The node that selects the 116 HA may select one based on a number of criteria, including but 117 not limited to HA load-balancing, geographical proximity, 118 administrative policy etc.. 120 2. Requirements Terminology 122 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 123 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in 124 this document are to be interpreted as described in RFC 2119 [6]. 126 The Mobile IP related terminology described in RFC 3344 [1] is used 127 in this document. In addition, the following terms are used: 129 ALL-ZERO-ONE-ADDR: IP address 0.0.0.0 or 255.255.255.255. An 130 address of 255.255.255.255 would indicate 131 assigning HA in home domain. An address of 132 0.0.0.0 would mean MN just needs a dynamic 133 HA, it does not care whether in home or visited 134 domain. 136 Requested HA: Destination IP address of Home Agent that the 137 first Registration Request is sent to. Must be 138 a unicast IP address. This address can be 139 obtained as described in section 6. 141 Assigned HA: If registration is successful, this Home Agent 142 address field is obtained from successful 143 Registration Reply. 145 Redirected HA: If the registration is rejected with error code 146 (REDIRECT-HA-REQ), the HA being referred to is 147 specified in a new extension (Redirected HA 148 extension). 150 AAA server: Authentication, Authorization and Accounting 151 Server. 153 DNS: Domain Name System. 155 DHCP: Dynamic Host Configuration Protocol. 157 MN: Mobile Node as defined in Mobile IPv4 [1]. 159 HA: Home Agent as defined in Mobile IPv4 [1]. 161 FA: Foreign Agent as defined in Mobile IPv4 [1]. 163 CoA: Care of Address. 165 CCoA: Collocated Care of Address. 167 MN HoA: Mobile Node's Home Address. 169 NAI: Network Access Identifier [2]. 171 Src IP: Source IP address of the packet. 173 Dest IP: Destination IP address of the packet. 175 3. Problem Statement 177 Mobile IPv4 NAI Extension for IPv4 [2] introduced the concept of 178 identifying a MN by the NAI and enabling dynamic home address 179 assignment. When the home address is dynamically assigned, it is 180 desirable to discover the Home Agent dynamically or inform the MN 181 about an optimal HA to use for a multitude of reasons, such as: 183 - If the distance between the visited network and the home network 184 of the mobile node is large, the signaling delay for these 185 registrations may be long. In such a case the MN will be anchored 186 to its distant home agent, resulting in tunneled traffic traveling 187 a long distance between home agent and the mobile node. When a 188 Mobile IP session initiates, if the mobile node can be assigned a 189 home agent that is close to the mobile node it can drastically 190 reduce the latency between the home agent and mobile node. 192 - In a large scale Mobile IP deployment, it is cumbersome to 193 provision MNs with multiple HA addresses. 195 - It is desirable to achieve some form of load balancing between 196 multiple HAs in the network. Dynamic HA assignment and/or HA 197 redirection lets the network select the optimal HA from among a set 198 of HAs and thus achieve load balancing among a group of HAs. 200 - Local administrative policies. 202 3.1 Scope 204 This specification does not address the problem of distributing a 205 security association between the MN and HA, and it can either be 206 statically preconfigured or dynamically distributed using other 207 mechanisms [7]. 209 The draft introduces the terms Requested/Assigned/Redirected HA 210 (section 6). The discovery of Requested/Assigned/Redirected HA can 211 be done by various means, which are network and/or deployment 212 specific and hence this discovery/assignment of 213 Requested/Assigned/Redirected HA is kept outside the scope of this 214 specification. 216 3.2 Dynamic Home Agent Discovery in Mobile IPv4 218 Mobile IPv4 [1] specifies the mechanism for discovering the mobile 219 node's home agent using subnet-directed broadcast IP address in the 220 home agent field of the Registration Request. This mechanism was 221 designed for mobile nodes with a static home address and subnet 222 prefix, anchored on fixed home network. But using subnet-directed 223 broadcast as the destination IP address of the Registration 224 Request, it is unlikely that the Registration Request will reach 225 the home subnet because routers will drop these packets by default. 226 See CERT Advisory CA-1998-01 Smurf IP Denial-of-Service Attacks 227 [3]. 229 3.3 NAI usage and dynamic HA assignment 231 Mobile IPv4 NAI Extension for IPv4 [2] introduced the 232 concept of identifying a MN by the NAI and enabling dynamic 233 home address assignment. This document mandates that while 234 using dynamic HA assignment, MN MUST use NAI and obtain a home 235 address. MN can still suggest a static home address in Registration 236 Request, but must take the address in Registration Reply as the 237 home address for the session. This is compatible with the 238 procedures documented in the NAI specification [2]. 240 3.4 Dynamic HA extension 242 The Dynamic HA extension, shown in figure 1, contains the address 243 of the HA. This is a generic extension and can be used in 244 Registration Request and Reply messages. It is a skippable 245 extension. 247 0 1 2 3 248 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 249 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 250 | Type | Sub-Type | Length | 251 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 252 | HA-Address | 253 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 255 Figure 1: The Dynamic HA address Extension 257 Type DYNAMIC-HA-ADDRESS (skippable) (to be assigned 258 by IANA) is the type, which specifies the 259 dynamic HA address. 261 Sub-Type Defines the use of this extension as: 262 sub-type 1 = Requested HA extension 263 2 = Redirected HA extension 265 Length Indicates the length of the extension not 266 including the type, sub-type and length fields. 267 Length is always 4 bytes. 269 HA-Address Address of the Home Agent. 271 3.4.1 Requested HA extension 273 The Requested HA extension is a Dynamic HA extension of subtype 1. 275 MN may include the Requested HA extension in the registration 276 request as a hint to the network where it wishes to be anchored. 277 This extension contains the address of the HA. A valid unicast IP 278 address MUST be used as HA address in this extension. 280 In absence of an FA, the RRQ is forwarded to this HA. In presence 281 of an FA, FA MUST forward RRQ to the HA address in this extension. 283 3.4.2 Redirected HA extension 285 The Redirected HA extension is a Dynamic HA extension of subtype 2. 287 The Redirected HA extension, contains the address of the HA where 288 the MN should attempt the next registration. The HA receiving a 289 Registration Request can suggest an alternate HA and if so, the 290 Registration Reply is rejected with a new error code (REDIRECT-HA- 291 REQ) and the alternate HA address is specified in this extension. 293 The Redirected HA extension MUST be included in Registration Reply 294 when the reply code is REDIRECT-HA-REQ. 296 4. Messaging mechanism for dynamic HA assignment/redirection 298 This specification presents two alternatives for home agent 299 assignment. The two alternatives are: 300 (a) Dynamic HA assignment (described in section 4.1) and 301 (b) HA redirection (described in section 4.2). 303 4.1 Messaging for dynamic HA assignment 305 The following sequence of events occurs when the Requested HA 306 accepts the Registration Request and returns a Registration Reply 307 to the mobile node. 309 1. MN sets the Home Agent address field in the Registration 310 Request to ALL-ZERO-ONE-ADDR. If the MN is aware of the HA 311 address, it can add that address in the Requested HA extension 312 in Registration Request. 313 2. The MN (if using collocated CoA) or FA (if using FA CoA) sends 314 the Registration Request to the "Requested HA". If the 315 Requested HA extension is present, Requested HA is specified in 316 the "HA Address" of this extension. 317 3. "Requested HA" is the home agent, which processes the 318 Registration Request in accordance with Mobile IPv4 [1] and as 319 per the specification in this document. It creates mobility 320 binding for successful Registration Request. It also sends 321 Registration Reply to the MN. 322 4. The MN obtains an "Assigned HA" address from the HA field in 323 the successful Registration Reply and uses it for the remainder 324 of the session. (Note that the "Assigned HA" will be same as 325 the "Requested HA"). 326 5. Subsequent Registration Request messages for renewal are sent 327 to the Assigned HA. 329 Section 5.3.1 describes the Assigned HA in detail. Some ideas on 330 how to select the Requested HA are briefly covered in section 6. 332 4.1.1 Example with Message Flow Diagram 334 Detailed explanation of this alternative is best described with the 335 help of a message flow diagram and description. 337 Figure 2 shows one specific example of a Mobile Node using FA Care 338 of Address. 340 Other scenarios such as mobile node using collocated care of 341 address are not described below, but the behavior is similar. 343 MN FA Requested/Assigned HA 344 | 1 | | 345 |------------>| 2 | 346 | |--------------->| 347 | | | 348 | | | 349 | | 3 | 350 | 4 |<---------------| 351 |<------------| | 352 | | | 353 | | 5 | 354 |----------------------------->| 355 | | | 357 Figure 2: Example of message flows for dynamic HA assignment 359 1. MN sets the Home Agent address field in the Registration Request 360 to ALL-ZERO-ONE-ADDR. Since MN is using FA CoA in this example, it 361 sends the Registration Request to the FA. The Registration Request 362 looks as follows: 364 +-----------------------------------------------------------+ 365 | Src IP=| Dest IP = | MN HoA | HA Address = | CoA = | 366 | MN | FA | | ALL-ZERO-ONE-ADDR |FA CoA | 367 +-----------------------------------------------------------+ 369 If the MN is aware of an HA address, it can add that address in the 370 Requested HA extension in Registration Request as a hint. That 371 extension is not shown above. 373 2. The FA sends the Registration Request to the Requested HA. The 374 Registration Request looks as follows: 376 +-----------------------------------------------------------+ 377 | Src IP=| Dest IP = | MN HoA | HA Address = | CoA = | 378 | FA |Requested HA| | ALL-ZERO-ONE-ADDR |FA CoA | 379 +-----------------------------------------------------------+ 381 (If MN includes the Requested HA extension, the FA copies that 382 extension. The FA then forwards the Registration Request, along 383 with the Requested HA extension, to the HA address specified in 384 Requested HA extension.) 386 3. HA processes the Registration Request in accordance with Mobile 387 IPv4 [1] and the messaging defined in this document. HA creates 388 mobility binding for successful request. HA then sends Registration 389 Reply to the FA, which looks as follows. The Assigned HA address 390 corresponds to the HA receiving and processing the request (and is 391 same as Requested HA, only the name is changed for registration 392 reply). 394 +-----------------------------------------------------------+ 395 | Src IP=| Dest IP = | MN HoA | HA Address = | CoA = | 396 |Assigned| Src IP of | | Assigned HA |FA CoA/| 397 | HA | the RRQ | | | | 398 +-----------------------------------------------------------+ 400 4. The FA relays the Registration Reply to the MN, as follows. 402 +-----------------------------------------------------------+ 403 | Src IP=| Dest IP = | MN HoA | HA Address = | CoA = | 404 | FA | MN | | Assigned HA |FA CoA/| 405 +-----------------------------------------------------------+ 407 5. The MN obtains Assigned HA address from the HA field in the 408 successful Registration Reply and uses it for the remainder of the 409 session. MN sends subsequent Re-Registration or De-Registration 410 Requests for the remaining session directly to the Assigned HA. 411 Note that the Assigned HA is the same as the Requested HA. 413 4.2 Messaging for HA redirection 415 This section describes the events that occur when the Requested HA 416 does not accept the Registration Request and redirects the mobile 417 node to another HA (aka Redirected HA) instead. 419 1. MN sets the Home Agent address field in the Registration Request 420 to ALL-ZERO-ONE-ADDR. 422 2. The MN (if using collocated CoA) or FA (if using FA CoA) sends 423 the Registration Request to the "Requested HA". If the MN is 424 aware of an HA address, it can add that address in the Requested 425 HA extension in Registration Request. 427 3. When HA receives the Registration Request, if the HA field is 428 set to ALL-ZERO-ONE-ADDR, HA may reject the request with Reply 429 code REDIRECT-HA-REQ and suggest an alternate HA. 431 HA may reject the Request for a number of reasons, which are 432 outside the scope of this specification. If the HA rejects the 433 Request, the HA field in the Reply is set to this HAs address. 434 The IP address of the HA that is the target of the redirection 435 is specified in Redirected HA extension. The presence of this 436 extension is mandatory when the reply code is set to REDIRECT- 437 HA-REQ. HA sends the Reply to the FA/MN. 439 4. FA sends the Reply to the MN. 441 5. If the error code is set to REDIRECT-HA-REQ, MN obtains the HA 442 address from Redirected HA extension. The MN then sends a 443 Registration Request to Redirected HA, unless it has already 444 received a redirection response from this HA while processing 445 this Registration Request. 447 4.2.1 Example with Message Flow Diagram 449 Figure 3 shows one specific example of a Mobile Node using FA Care 450 of Address. 452 MN FA Requested HA Redirected HA 453 | 1 | | | 454 |------------>| 2 | | 455 | |--------------->| | 456 | | | | 457 | | | | 458 | | 3 | | 459 | 4 |<---------------| | 460 |<------------| | | 461 | | | | 462 | | 5 | | 463 |--------------------------------------------->| 464 | | | | 466 Figure 3: Example of message flows for HA redirection 468 1. MN sets the Home Agent address field in the Registration Request 469 to ALL-ZERO-ONE-ADDR address. Since MN is using FA CoA in this 470 example, it sends the Registration Request to the FA. The 471 Registration Request looks as follows: 473 +-----------------------------------------------------------+ 474 | Src IP=| Dest IP = | MN HoA | HA Address = | CoA = | 475 | MN | FA | | ALL-ZERO-ONE-ADDR |FA CoA | 476 +-----------------------------------------------------------+ 478 If the MN is aware of an HA address, it can add that address in the 479 Requested HA extension in Registration Request as a hint. That 480 extension is not shown above. 482 2. The FA sends the Registration Request to the Requested HA. If 483 Requested HA extension is present, Requested HA is the HA address 484 in this extension. The Registration Request looks as follows: 486 +-----------------------------------------------------------+ 487 | Src IP=| Dest IP = | MN HoA | HA Address = | CoA = | 488 | FA |Requested HA| | ALL-ZERO-ONE-ADDR |FA CoA | 489 +-----------------------------------------------------------+ 491 3. HA processes the Registration Request in accordance with Mobile 492 IPv4 [1] and the messaging defined in this document. If the 493 registration is successful, but local configuration/ administrative 494 policy etc. directs HA to refer the MN to another HA, HA rejects 495 the Request with error code REDIRECT-HA-REQ. HA fills in the 496 address of the Redirected HA in the Redirected HA extension. HA 497 then sends Registration Reply reject to the FA, which looks as 498 follows: 500 +-----------------------------------------------------------+ 501 | Src IP=| Dest IP = | MN HoA | HA Address = | CoA = | 502 | | Src IP of | | HA |FA CoA | 503 | HA | the RRQ | | | | 504 +-----------------------------------------------------------+ 505 | Redirected HA extension ... | 506 +-----------------------------------------------------------+ 508 4. The FA relays the Registration Reply to the MN, as follows. 510 +-----------------------------------------------------------+ 511 | Src IP=| Dest IP = | MN HoA | HA Address = | CoA = | 512 | FA | MN | | HA |FA CoA/| 513 +-----------------------------------------------------------+ 514 | Redirected HA extension ... | 515 +-----------------------------------------------------------+ 517 5. If MN can authenticate the Reply, MN extracts the HA address 518 from Redirected HA extension. The MN then sends Registration 519 Request to Redirected HA, unless it has already received a 520 redirection response from this HA while processing the Registration 521 Request. 523 5. Mobility Agent Considerations 525 Following sections describe the behavior of each mobility agent in 526 detail. 528 5.1 Mobile Node Considerations 530 The mobile node MUST use NAI extension for home address assignment 531 when using the messaging mechanism in this document. Since MN uses 532 NAI extension, the Home Address field is set to 0.0.0.0. 534 While dynamic HA assignment is in progress and MN has not 535 successfully anchored at a Home Agent, mobile node MUST set the 536 Home Agent field in the Registration Request to an ALL-ZERO-ONE- 537 ADDR, which is either 255.255.255.255 or 0.0.0.0. 539 The Registration Request MUST be protected by a valid authenticator 540 as specified in Mobile IPv4 [1] or Mobile IPv4 Challenge/Response 541 Extensions [5]. Configuring security associations is deployment 542 specific and hence outside the scope of this specification. The 543 security associations between a MN and an individual HA may also be 544 dynamically derived during the dynamic HA assignment, based on a 545 shared secret between MN and AAA infrastructure [7]. 547 The mobile node MUST maintain the remaining Mobile IP session with 548 the Assigned HA. 550 Following sections describe MN behavior in FA CoA mode and 551 collocated CoA mode. 553 5.1.1 MN using FA CoA 555 When a mobile node initiates Mobile IP session requesting dynamic 556 HA assignment, it MUST set the home agent address field in the 557 Registration Request to ALL-ZERO-ONE-ADDR. The destination IP 558 address of Registration Request is the FA. The FA will determine 559 the Requested HA and forward the Registration Request to the 560 Requested HA. Registration Request processing takes place on the 561 Requested HA as per the specification in this draft. 563 The Registration Request MUST be appropriately authenticated for 564 the HA to validate the Request. 566 If successful Registration Reply is received, MN obtains Assigned 567 HA from the HA field of Reply. Assigned HA address is the same as 568 Requested HA address. 570 If Registration Reply is received with code REDIRECT-HA-REQ, MN 571 MUST authenticate the Reply based on HA address in HA field of 572 Reply and attempt Registration with the HA address specified in the 573 Redirected HA extension. MN MUST put the Redirected HA in the HA 574 address of the Requested HA extension. 576 In some cases, for the first Registration Request MN may want to 577 hint to the network to be anchored at a specific HA and the MN MUST 578 put that address in the HA address of the Requested HA extension. 580 If the Registration Request contains the Requested HA extension, 581 the HA address in that extension must match the destination IP of 582 the Request. 584 5.1.2 MN using Collocated CoA 586 Mobile Node in collocated CoA mode requesting dynamic HA assignment 587 MUST set the home agent address field in the Registration Request 588 to ALL-ZERO-ONE-ADDR. The destination IP address of the 589 Registration Request is the Requested HA. Some ideas on how to 590 select a Requested HA are briefly covered in section 6. 592 If successful Reply is received, the MN obtains Assigned HA address 593 from successful Registration Reply. The Assigned HA will be same as 594 Requested HA. The MN MUST cache the Assigned HA address for the 595 length of the Mobile IP session. The mobile node then MUST use this 596 previously cached Assigned HA address as the home agent address in 597 subsequent re-registration and de-registration request(s). This 598 will make sure that for the duration of the Mobile IP session, the 599 mobile node will always be anchored to the assigned home agent with 600 which it was initially registered. 602 If Registration Reply is received with code REDIRECT-HA-REQ, MN 603 MUST authenticate the Reply based on HA address in HA field of 604 Reply and attempt Registration with the HA address specified in the 605 Redirected HA extension. MN MUST put the Redirected HA in the HA 606 address of the Requested HA extension. 608 In some cases, for the first Registration Request MN may want to 609 hint to the network to be anchored at a specific HA and the MN MUST 610 put that address in the HA address of the Requested HA extension. 612 While requesting dynamic HA assignment in collocated CoA mode, 613 Requested HA extension must always be included. 615 5.1.3 Refreshing Assigned HA Address on Mobile Node 617 When the Mobile IP session terminates, the mobile node MAY clear 618 the Assigned HA address cached as the home agent address. It MAY 619 request a new HA address for the new Mobile IP session by not 620 including the Requested HA extension. The advantage of this 621 approach is that the mobile node will be always anchored to an 622 optimal home agent from where it initiated Mobile IP session. 624 Alternately, MN may save the Assigned HA address and use it in the 625 Requested HA extension along with ALL-ZERO-ONE-ADDR address in 626 Registration Request. 628 5.2 Foreign Agent Considerations 630 When the mobile node is using foreign agent CoA or MN using CCoA 631 finds R bit is set in the FA advertisement, it sends the 632 Registration Request to the foreign agent. 634 When the FA receives a Registration Request with HA address field 635 set to ALL-ZERO-ONE-ADDR and it doesn't contain the Requested HA 636 extension, FA obtains the Requested HA address to forward the 637 Registration Request. Some ideas on how to select a Requested HA 638 are briefly covered in section 6. 640 If the FA cannot obtain the Requested HA to forward a Registration 641 Request from MN, it MUST reject request with error code NONZERO-HA- 642 REQD. 644 If the MN has included the Requested HA extension, FA MUST forward 645 Registration Request to the address in this extension. If the HA 646 address in this extension is not a routable unicast address, FA 647 MUST reject request with error code NONZERO-HA-REQD. 649 If the Registration Request contains the Requested HA extension, 650 the HA address in that extension must match the destination IP of 651 the Request. 653 Backward compatibility issues related to the mobility agents are 654 addressed in section 10. 656 5.3 Home Agent Considerations 658 Home Agent can process an incoming Registration Request in one of 659 the following two ways: 661 1. MN or FA sends the Registration Request to the Requested HA. The 662 term Requested HA has meaning in context of the Registration 663 Request message. When the Requested HA successfully processes 664 Registration Request and creates a binding and sends a Reply with 665 its address, it becomes the Assigned HA. The term Assigned HA is 666 meaningful in context of a Registration Reply message. 668 2. Home Agent receiving the Registration Request with HA field set 669 to ALL-ZERO-ONE-ADDR MAY reject the request even if successfully 670 authenticated and suggest an alternate HA address in Reply. In such 671 a case, the HA puts its own address in HA field of Reply and sets 672 the Reply code to REDIRECT-HA-REQ and adds the Redirected HA 673 extension. 675 If the Registration Request contains the Requested HA extension, 676 the HA address in that extension must match the destination IP of 677 the Request. If it does not match, the Requested HA must reject the 678 Registration Request with error code 136. 680 5.3.1 Assigned Home Agent Considerations 682 The HA that processes the incoming Registration Request fully in 683 accordance with Mobile IPv4 [1] and this specification becomes the 684 Assigned HA. The Registration Request terminates at the Assigned 685 HA. 687 The Assigned HA creates one mobility binding per MN and sends 688 Registration Reply to the MN by copying its address in the home 689 agent field and as the source IP address of the Reply. 691 There are two IP addresses to consider, destination IP address and 692 Home Agent address field in the Registration Request. When 693 destination IP address is unicast, only one HA receives the 694 Registration Request. This HA should unambiguously accept or deny 695 the registration, regardless of the value in the Home Agent field. 696 When the Home Agent field is non-unicast, the HA should set the 697 value to its own IP address in the Registration Reply. 699 The following table summarizes the behavior of Assigned HA. 701 Dest IP Addr HA field Processing at Assigned HA 702 ------------ ------------ ---------------------------------- 704 Unicast non-unicast Mobile IPv4 [1]: There is no change 705 in handling for this case from 706 (Must be Mobile IPv4. It is mentioned here 707 equal to the for reference only. 708 HA receiving HA denies the registration 709 the RRQ) with error code 136 and sets 710 HA field to its own IP 711 address in the reply as per 712 section 3.8.3.2 in [1]. 714 ALL-ZERO- 715 ONE-ADDR New Behavior: Accept the RRQ as per 716 this specification. Authenticate 717 the RRQ and create mobility binding 718 if the HA is acting as Assigned HA. 719 Set HA field to its own IP address 720 in the Registration Reply. 722 OR 724 New Behavior: If authentication is 725 successful, reject RRQ with a new 726 error code (REDIRECT-HA-REQ). HA 727 puts its address in HA address 728 field of Reject. HA suggests an 729 alternate HA to use in the new 730 Redirected HA extension. 732 Table 1: Registration Request handling at Assigned HA 734 As per the messaging proposed here, the mobile node (or the foreign 735 agent) sends the Registration Request to the Requested HA address, 736 which is a unicast address. Because HA does not receive 737 Registration Request that is sent to the subnet-directed broadcast 738 address, Mobile IPv4 [1] section 3.8.2.1 doesn't apply. Although 739 the Home Agent field in the Registration Request is not a unicast 740 address, the destination IP address is a unicast address. This 741 avoids the problem associated with subnet-directed broadcast 742 destination IP address that may result in multiple HAs responding. 743 Thus, there is no need to deny the registration as stated in Mobile 744 IPv4 [1] section 3.8.3.2. 746 When the destination IP address is a unicast address and Home Agent 747 field is ALL-ZERO-ONE-ADDR, the HA accepts/denies registration and 748 sets HA field to its own IP address in the reply (i.e. registration 749 is not rejected with error code 136). 751 HA can reject the request with the error code REDIRECT-HA-REQ and 752 suggest an alternate HA. This redirection can be used for load 753 balancing, geographical proximity based on care-of-address or other 754 reasons. HA puts its own address in HA field of the Registration 755 Reply message and puts the address of the redirected HA in the 756 Redirected HA extension. If HA accepts the Request, HA field in the 757 Registration Reply is set to this HA address. 759 The Assigned HA performs standard validity checks on the 760 Registration Request. If there is any error, the Registration 761 Request is rejected with error codes specified in Mobile IPv4 [1]. 763 6. Requested Home Agent Selection 765 When dynamic HA assignment is requested, the destination IP address 766 of the Registration Request is the Requested HA. This address MUST 767 be a unicast IP address. If the MN has included a Requested HA 768 extension in Registration Request, the HA address in this extension 769 is the Requested HA. 771 Some example methods by which the MN or the FA may select the 772 Requested HA are briefly described below: 774 DHCP: 776 MN performs DHCP to obtain an IP address on the visited network. 777 The Requested HA is learned from the DHCP Mobile IP Home Agent 778 Option 68 [4]. MN sends Registration Request directly to this HA 779 and receives the Assigned HA to be used for the remainder of the 780 Mobile IP session. 782 AAA: 784 MN performs challenge/response [5] with the FA. The FA retrieves 785 the Requested HA from the AAA server and forwards the Registration 786 Request directly to this HA. The Assigned HA sends Registration 787 Reply to the FA, which relays it to the MN. MN uses the Assigned 788 HA for the remainder of the Mobile IP session. 790 DNS: 792 In this case hostname of HA is configured on MN or obtained by some 793 other means e.g. using a service location protocol. MN performs DNS 794 lookup on the HA hostname. The DNS infrastructure provides resource 795 record with information to identify the nearest HA to the MN. The 796 MN sends Registration Request directly to the HA and receives the 797 Assigned HA to be used for remainder of the Mobile IP session. 799 Static configuration: 801 HA address is statically configured on MN. The MN sends the 802 Registration Request to the configured address. 804 7. Error Values 806 Each entry in the following table contains the name and value for 807 the error code to be returned in a Registration Reply. It also 808 includes the section in which the error code is first mentioned in 809 this document. 811 Error Name Value Section Description 812 ---------- ----- ------- ----------------------------- 813 NONZERO-HA-REQD XX 5.2 Non-zero HA address required 814 in Registration Request. 815 REDIRECT-HA-REQ YY 5.3 Reregister with redirected HA. 817 8. IANA Considerations 818 The code value NONZERO-HA-REQD is a Mobile IP response code [1] 819 taken from the range of values associated with rejection by the 820 foreign agent (i.e. value in the range 64-127). 822 The code value REDIRECT-HA-REQ is a Mobile IP response code [1] 823 taken from the range of values associated with rejection by the 824 home agent (i.e. value in the range 128-192). 826 The Dynamic HA extension is assigned from the range of values 827 associated with skippable extensions at the home agent (i.e. value 828 in the range 128-255). 830 IANA should record the values as defined in Section 7 and 3.4. 832 9. Security Considerations 834 This specification assumes that a security configuration has been 835 preconfigured between the MN and the HA or is configured along with 836 the initial RRQ/RRP as per [7]. 837 This specification does not change or degrade the security model 838 established in Mobile IPv4 [1]. Mobile Nodes are often connected to 839 the network via wireless link, which may be more prone to passive 840 eavesdropping, replay attacks. Such an attack might lead to bogus 841 registrations or redirection of traffic or denial of service. 843 As per the messaging in this draft, the Assigned Home Agent will 844 process the incoming Registration Request as per Mobile IPv4 [1]. 845 Hence the Assigned Home Agent will have same security concerns as 846 that of the Home Agent in Mobile IPv4 [1]. They are addressed in 847 Section 5 "Security Considerations" of Mobile IPv4 [1]. 849 The Registration Request and Registration Reply messages are 850 protected by a valid authenticator as specified in Mobile IPv4 [1]. 851 Configuring security associations is a deployment specific issue 852 and is covered by other specifications in Mobile IP WG. There can 853 be many ways of configuring security associations, but this 854 specification does not mandate any specific way. 856 An example is where the security association between a MN and an 857 individual HA (Dynamic or Assigned) is dynamically derived during 858 the dynamic HA assignment, based on a shared secret between MN and 859 AAA infrastructure, as defined in [7]. The Registration Request is 860 protected with MN-AAA authentication extension and Registration 861 Reply is protected with MN-HA Authentication Extension. Since the 862 security association is shared between MN and AAA, any dynamically 863 assigned HA in the local domain can proxy authenticate the MN using 864 AAA as per [7]. 866 The Assigned Home Agent authenticates Registration Request from the 867 mobile node as specified in Mobile IPv4 [1] and RFC-3012. The MN 868 also authenticates the Registration Reply from the Assigned HA, 869 thus the existing trust model in Mobile IPv4 [1] is maintained. 871 10. Backward Compatibility Considerations 873 In this section, we examine concerns that may arise when using this 874 specification in a mixed environment where some nodes implement the 875 specification and others do not. In each of the examples below, we 876 consider the case where one node is a "Legacy" node which does not 877 implement the specification in the context of other nodes which do. 879 Legacy Home Agent: 881 Legacy home agents may reject the Registration Request with error 882 code 136 because the Home Agent field is not a unicast address. 883 However, some legacy HA implementations may coincidentally process 884 the Registration Request in accordance with this draft, when the HA 885 field in RRQ is set to ALL-ZERO-ONE-ADDR. 887 Legacy Foreign Agent: 889 Legacy foreign agents may forward Registration Request with home 890 agent field set to ALL-ZERO-ONE-ADDR by setting the destination IP 891 address to ALL-ZERO-ONE-ADDR. This will result packet being 892 dropped or incidentally handled by a next hop HA, adjacent to the 893 FA. 895 Legacy Mobile Node: 897 MN that does not set HA field to ALL-ZERO-ONE-ADDR will continue to 898 achieve its registrations through statically configured HA. In 899 collocated mode, the endpoint of the MN's tunnel is the Assigned 900 HA. 902 11. Change Log from previous versions 904 Changes from revision 1 to 2: 906 1. Editorial changes suggested by the WG, the chair's reviews 907 and idnits. 909 Changes from revision 0 to 1: 911 1. Added subtype field in Redirected HA Address Extension. 912 2. Aligned the HA address at 4-byte world boundary. 913 3. The case of handling unicast HA field is removed in section 914 5.3.1. 916 12. Acknowledgements 918 The authors would like to thank Pete McCann for thorough review, 919 suggestions on security considerations and definition of ALL-ZERO- 920 ONE-ADDR. Thanks to Kuntal Chowdhury for extensive review and 921 comments on this draft. Also thanks to Henrik Levkowetz for 922 detailed reviews and suggestions. 924 The authors would like to thank Mike Andrews, Madhavi Chandra and 925 Yoshi Tsuda for their review and suggestions. 927 13. Normative References 929 [1] C. Perkins, "IP Mobility Support for IPv4", RFC 3344, August 930 2002. 931 [2] P. Calhoun and C. Perkins, "Mobile IP Network Access Identifier 932 Extension for IPv4", RFC 2794, March 2000. 933 [3] D. Senie, "Changing the Default for Directed Broadcasts in 934 Routers", RFC 2644, August 1999. 935 [4] S. Alexander and R. Droms, "DHCP Options and BOOTP Vendor 936 Extensions", RFC 2132, March 1997. 937 [5] C. Perkins and P. Calhoun, "Mobile IPv4 Challenge/Response 938 Extensions", RFC 3012, November 2000. 939 [6] Bradner, S., "Key words for use in RFCs to Indicate Requirement 940 Levels", BCP 14, RFC 2119, March 1997. 941 [7] C. Perkins and P. Calhoun, "AAA Registration Keys for Mobile 942 IP", draft-ietf-mip4-aaa-key-06.txt, June 2004. 944 Authors' Addresses 946 Milind Kulkarni 947 Cisco Systems Inc. 948 170 W. Tasman Drive, 949 San Jose, CA 95134 950 USA 952 Email: mkulkarn@cisco.com 953 Phone:+1 408-527-8382 955 Alpesh Patel 956 Cisco Systems Inc. 957 170 W. Tasman Drive, 958 San Jose, CA 95134 959 USA 961 Email: alpesh@cisco.com 962 Phone:+1 408-853-9580 964 Kent Leung 965 Cisco Systems Inc. 966 170 W. Tasman Drive, 967 San Jose, CA 95134 968 USA 970 Email: kleung@cisco.com 971 Phone: +1 408-526-5030 973 Intellectual Property Statement 975 The IETF takes no position regarding the validity or scope of any 976 Intellectual Property Rights or other rights that might be claimed 977 to pertain to the implementation or use of the technology described 978 in this document or the extent to which any license under such 979 rights might or might not be available; nor does it represent that 980 it has made any independent effort to identify any such rights. 981 Information on the procedures with respect to rights in RFC 982 documents can be found in BCP 78 and BCP 79. 984 Copies of IPR disclosures made to the IETF Secretariat and any 985 assurances of licenses to be made available, or the result of an 986 attempt made to obtain a general license or permission for the use 987 of such proprietary rights by implementers or users of this 988 specification can be obtained from the IETF on-line IPR repository 989 at http://www.ietf.org/ipr. 991 The IETF invites any interested party to bring to its attention 992 any copyrights, patents or patent applications, or other 993 proprietary rights that may cover technology that may be required 994 to implement this standard. Please address the information to the 995 IETF at ietf-ipr@ietf.org. 997 Disclaimer of Validity 999 This document and the information contained herein are provided on 1000 an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE 1001 REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND 1002 THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, 1003 EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT 1004 THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR 1005 ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A 1006 PARTICULAR PURPOSE. 1008 Copyright Statement 1009 Copyright (C) The Internet Society (2003). This document is subject 1010 to the rights, licenses and restrictions contained in BCP 78, and 1011 except as set forth therein, the authors retain all their rights. 1013 Acknowledgement 1015 Funding for the RFC Editor function is currently provided by the 1016 Internet Society.