idnits 2.17.1 draft-ietf-mip4-dynamic-assignment-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3667, Section 5.1 on line 14. -- Found old boilerplate from RFC 3978, Section 5.5 on line 1011. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 988. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 995. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 1001. ** Found boilerplate matching RFC 3978, Section 5.4, paragraph 1 (on line 1017), which is fine, but *also* found old RFC 2026, Section 10.4C, paragraph 1 text on line 36. ** The document seems to lack an RFC 3978 Section 5.1 IPR Disclosure Acknowledgement -- however, there's a paragraph with a matching beginning. Boilerplate error? ** This document has an original RFC 3978 Section 5.4 Copyright Line, instead of the newer IETF Trust Copyright according to RFC 4748. ** This document has an original RFC 3978 Section 5.5 Disclaimer, instead of the newer disclaimer which includes the IETF Trust according to RFC 4748. ** The document uses RFC 3667 boilerplate or RFC 3978-like boilerplate instead of verbatim RFC 3978 boilerplate. After 6 May 2005, submission of drafts without verbatim RFC 3978 boilerplate is not accepted. The following non-3978 patterns matched text found in the document. That text should be removed or replaced: By submitting this Internet-Draft, I certify that any applicable patent or other IPR claims of which I am aware have been disclosed, or will be disclosed, and any of which I become aware will be disclosed, in accordance with RFC 3668. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The abstract seems to contain references ([1]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. == There are 2 instances of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- Couldn't find a document date in the document -- date freshness check skipped. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 3344 (ref. '1') (Obsoleted by RFC 5944) ** Obsolete normative reference: RFC 3012 (ref. '5') (Obsoleted by RFC 4721) Summary: 10 errors (**), 0 flaws (~~), 2 warnings (==), 7 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Mobile IP Working Group Milind Kulkarni 2 INTERNET-DRAFT Alpesh Patel 3 Category: Standards Track Kent Leung 4 Date : 28 September 2004 Cisco Systems Inc. 6 Mobile IPv4 Dynamic Home Agent Assignment 7 draft-ietf-mip4-dynamic-assignment-03.txt 9 Status of this Memo 11 By submitting this Internet-Draft, I certify that any applicable 12 patent or other IPR claims of which I am aware have been disclosed, 13 and any of which I become aware will be disclosed, in accordance with 14 RFC 3668. 16 Internet-Drafts are working documents of the Internet Engineering 17 Task Force (IETF), its areas, and its working groups. Note that 18 other groups may also distribute working documents as Internet- 19 Drafts. 21 Internet-Drafts are draft documents valid for a maximum of six months 22 and may be updated, replaced, or obsoleted by other documents at any 23 time. It is inappropriate to use Internet Drafts as reference 24 material or to cite them other than as "work in progress". 26 The list of current Internet-Drafts can be accessed at 27 http://www.ietf.org/ietf/1id-abstracts.txt. 29 The list of Internet-Draft Shadow Directories can be accessed at 30 http://www.ietf.org/shadow.html. 32 This Internet-Draft will expire on March 28, 2005. 34 Copyright Notice 36 Copyright (C) The Internet Society (2003). All Rights Reserved. 38 Abstract 40 Mobile IPv4 [1] uses the Home Agent (HA) to anchor sessions of a 41 roaming Mobile Node (MN). This draft proposes a messaging mechanism 42 for dynamic home agent assignment and HA redirection. The goal is to 43 provide a mechanism to assign an optimal HA for a Mobile IP session 44 while allowing any suitable method for HA selection. 46 Table of Contents 48 1. Introduction................................................3 49 2. Requirements Terminology....................................3 50 3. Problem Statement...........................................4 51 3.1 Scope.......................................................5 52 3.2 Dynamic Home Agent Discovery in Mobile IPv4.................5 53 3.3 NAI usage and dynamic HA assignment.........................5 54 3.4 Dynamic HA Extension........................................6 55 3.4.1 Requested HA Extension....................................6 56 3.4.2 Redirected HA Extension...................................7 57 4. Messaging mechanism for dynamic HA assignment/redirection...7 58 4.1 Messaging for dynamic HA assignment.........................7 59 4.1.1 Example with Message Flow Diagram.........................8 60 4.2 Messaging for HA redirection................................9 61 4.2.1 Example with Message Flow Diagram........................10 62 5. Mobility Agent Considerations..............................12 63 5.1 Mobile Node Considerations.................................12 64 5.1.1 MN using FA CoA..........................................12 65 5.1.2 MN using Collocated CoA..................................13 66 5.1.3 Refreshing Assigned HA Address on Mobile Node............13 67 5.2 Foreign Agent Considerations...............................14 68 5.3 Home Agent Considerations..................................14 69 5.3.1 Assigned Home Agent Considerations.......................15 70 6. Requested Home Agent Selection.............................16 71 7. Error Values...............................................17 72 8. IANA Considerations........................................18 73 9. Security Considerations....................................18 74 10. Backward Compatibility Considerations.....................19 75 11. Change Log from previous versions.........................19 76 12. Acknowledgements..........................................20 77 13. Normative References......................................20 78 Authors' Addresses.............................................20 79 Intellectual Property Statement................................21 81 1. Introduction 83 This document adds to the Mobile IP protocol [1], by proposing a 84 messaging mechanism for dynamic home agent assignment and home agent 85 redirection during initial registration. The goal is to assign an 86 optimal HA for a Mobile IP session. The mobile node MUST use the 87 Network Access Identifier (NAI) extension [2] when requesting a 88 dynamically assigned HA. 90 The MN requests a dynamically assigned HA by setting the HA field in 91 the initial Registration Request to ALL-ZERO-ONE-ADDR (defined in 92 section 2). If the request is accepted, the HA sends a successful 93 Registration Reply containing the HA's own address. The requested HA 94 can suggest an alternate HA and if so, the Registration Reply is 95 rejected with a new error code REDIRECT-HA-REQ and the alternate HA 96 address is specified in a new extension (Redirected HA Extension). 98 This document also defines a new Requested HA Extension for use in 99 Registration Requests when the HA field is set to ALL-ZERO-ONE- 100 ADDRESS. The Requested HA address is a hint to the network about the 101 MN's preferred HA. 103 The messaging mechanism is defined in this document so that the 104 MN can request and receive a dynamic HA address in Mobile IP 105 messages. However, the mechanism by which the network selects 106 an HA for assignment to the MN is outside the scope of this 107 document. For example, the selection may be made by any 108 network node that receives the registration request (or 109 information about the registration request), such as a Foreign 110 Agent, AAA server, or Home Agent. The node that selects the 111 HA may select one based on a number of criteria, including but 112 not limited to HA load-balancing, geographical proximity, 113 administrative policy etc. 115 2. Requirements Terminology 117 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 118 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 119 document are to be interpreted as described in RFC 2119 [6]. 121 The Mobile IP related terminology described in RFC 3344 [1] is used 122 in this document. In addition, the following terms are used: 124 ALL-ZERO-ONE-ADDR: IP address 0.0.0.0 or 255.255.255.255. An 125 address of 255.255.255.255 indicates a preference 126 for an HA in the home domain. An address of 127 0.0.0.0 indicates no preference for home vs. 128 visited domain. 130 Requested HA: Destination IP address of Home Agent that the 131 Registration Request is sent to. Must be a 132 unicast IP address. This address can be 133 obtained as described in section 6. 135 Note that this specification defines a new 136 "Requested HA Extension" in section 3.4, which 137 is different from the term "Requested HA". 139 Assigned HA: The HA that accepts an MN's Registration Request 140 and returns a successful Registration Reply. 142 Redirected HA: If the registration is rejected with error code 143 REDIRECT-HA-REQ, the HA being referred to is 144 specified in a new extension (Redirected HA 145 Extension). 147 AAA server: Authentication, Authorization and Accounting 148 Server. 150 DNS: Domain Name System. 152 DHCP: Dynamic Host Configuration Protocol. 154 MN: Mobile Node as defined in Mobile IPv4 [1]. 156 HA: Home Agent as defined in Mobile IPv4 [1]. 158 FA: Foreign Agent as defined in Mobile IPv4 [1]. 160 CoA: Care of Address. 162 CCoA: Collocated Care of Address. 164 MN HoA: Mobile Node's Home Address. 166 NAI: Network Access Identifier [2]. 168 Src IP: Source IP address of the packet. 170 Dest IP: Destination IP address of the packet. 172 3. Problem Statement 174 The Mobile IPv4 NAI Extension for IPv4 [2] introduced the concept of 175 identifying a MN by the NAI and enabling dynamic home address 176 assignment. When the home address is dynamically assigned, it is 177 desirable to discover the Home Agent dynamically or inform the MN 178 about an optimal HA to use for a multitude of reasons, such as: 180 - If the distance between the visited network and the home network of 181 the mobile node is large, the signaling delay for these registrations 182 may be long. In such a case the MN will be anchored to its distant 183 home agent, resulting in tunneled traffic traveling a long distance 184 between home agent and the mobile node. When a Mobile IP session 185 initiates, if the mobile node can be assigned a home agent that is 186 close to the mobile node it can drastically reduce the latency 187 between the home agent and mobile node. 189 - In a large scale Mobile IP deployment, it is cumbersome to 190 provision MNs with multiple HA addresses. 192 - It is desirable to achieve some form of load balancing between 193 multiple HAs in the network. Dynamic HA assignment and/or HA 194 redirection lets the network select the optimal HA from among a set 195 of HAs and thus achieve load balancing among a group of HAs. 197 - Local administrative policies. 199 3.1 Scope 201 This specification does not address the problem of distributing a 202 security association between the MN and HA, and it can either be 203 statically preconfigured or dynamically distributed using other 204 mechanisms [7]. 206 The draft introduces the terms Requested/Assigned/Redirected HA 207 (section 6). The discovery of candidate HA addresses for insertion 208 into the Redirected HA Extension can be accomplished through various 209 means which are network and/or deployment specific and hence are 210 outside the scope of this specification. 212 3.2 Dynamic Home Agent Discovery in Mobile IPv4 214 Mobile IPv4 [1] specifies the mechanism for discovering the mobile 215 node's home agent using subnet-directed broadcast IP address in the 216 home agent field of the Registration Request. This mechanism was 217 designed for mobile nodes with a static home address and subnet 218 prefix, anchored on fixed home network. However, using subnet 219 directed broadcast as the destination IP address of the Registration 220 Request, it is unlikely that the Registration Request will reach the 221 home subnet because routers will drop these packets by default. See 222 CERT Advisory CA-1998-01 Smurf IP Denial-of-Service Attacks [3]. 224 3.3 NAI usage and dynamic HA assignment 226 The Mobile IPv4 NAI Extension for IPv4 [2] introduced the 227 concept of identifying a MN by the NAI and enabling dynamic 228 home address assignment. This document mandates that while 229 using dynamic HA assignment, MN MUST use the NAI and obtain a home 230 address. MN can still suggest a static home address in the 231 Registration Request, but must take the address in the Registration 232 Reply as the home address for the session. This is compatible with 233 the procedures documented in the NAI specification [2]. 235 3.4 Dynamic HA Extension 237 The Dynamic HA Extension, shown in figure 1, contains the address of 238 the HA. This is a generic extension and can be used in Registration 239 Request and Reply messages. It is a skippable extension. 241 0 1 2 3 242 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 243 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 244 | Type | Sub-Type | Length | 245 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 246 | HA-Address | 247 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 249 Figure 1: The Dynamic HA address Extension 251 Type DYNAMIC-HA-ADDRESS (skippable) (to be assigned by 252 IANA) is the type, which specifies the dynamic HA 253 address. 255 Sub-Type Defines the use of this extension as: 256 sub-type 1 = Requested HA Extension 257 2 = Redirected HA Extension 259 Length Indicates the length of the extension not 260 including the type, sub-type and length fields. 261 Length is always 4 bytes. 263 HA-Address Address of the Home Agent. 265 3.4.1 Requested HA Extension 267 The Requested HA Extension is a Dynamic HA Extension of subtype 1. 269 The MN may include the Requested HA Extension in the registration 270 request as a hint to the network where it wishes to be anchored. 271 This extension contains the address of the HA. A valid unicast IP 272 address MUST be used as HA address in this extension. 274 In absence of an FA, the RRQ is forwarded to this HA. In presence of 275 an FA, the FA MUST forward RRQ to the HA address in this extension. 277 3.4.2 Redirected HA Extension 279 The Redirected HA Extension is a Dynamic HA Extension of subtype 2. 281 The Redirected HA Extension contains the address of the HA where the 282 MN should attempt the next registration. The HA receiving a 283 Registration Request can suggest an alternate HA and, if so, the 284 Registration Reply is sent with a new error code REDIRECT-HA-REQ and 285 the alternate HA address is specified in this extension. 287 The Redirected HA Extension MUST be included in Registration Reply 288 when the reply code is REDIRECT-HA-REQ. 290 4. Messaging mechanism for dynamic HA assignment/redirection 292 This specification presents two alternatives for home agent 293 assignment. The two alternatives are: 294 (a) Dynamic HA assignment (described in section 4.1) and 295 (b) HA redirection (described in section 4.2). 297 4.1 Messaging for dynamic HA assignment 299 The following sequence of events occurs when the Requested HA accepts 300 the Registration Request and returns a Registration Reply to the 301 mobile node. 303 1. The MN sets the Home Agent address field in the Registration 304 Request to ALL-ZERO-ONE-ADDR. If the MN is aware of a desired HA 305 address, it can add that address in the Requested HA Extension in 306 the Registration Request. 307 2. The MN (if using collocated CoA and registering directly with the 308 HA) or the FA (if the MN is registering via the FA) sends the 309 Registration Request to the "Requested HA". If the Requested HA 310 Extension is present, Requested HA is specified in the "HA 311 Address" of this extension. 312 3. The "Requested HA" is the home agent that processes the 313 Registration Request in accordance with Mobile IPv4 [1] and as 314 per the specification in this document. It creates mobility 315 binding for successful Registration Request. It also sends a 316 Registration Reply to the MN. 317 4. The MN obtains an "Assigned HA" address from the HA field in the 318 successful Registration Reply and uses it for the remainder of 319 the session. (Note that the "Assigned HA" will be same as the 320 "Requested HA"). 321 5. Subsequent Registration Request messages for renewal are sent to 322 the Assigned HA. 324 Section 5.3.1 describes the Assigned HA in detail. Some ideas on how 325 to select the Requested HA are briefly covered in section 6. 327 4.1.1 Example with Message Flow Diagram 329 Detailed explanation of this alternative is best described with the 330 help of a message flow diagram and description. 332 Figure 2 shows one specific example of a Mobile Node using an FA- 333 located Care of Address (FA CoA). 335 Other scenarios such as when the mobile node uses a collocated care 336 of address are not described below, but the behavior is similar. 338 MN FA Requested/Assigned HA 339 | 1 | | 340 |------------>| 2 | 341 | |--------------->| 342 | | | 343 | | | 344 | | 3 | 345 | 4 |<---------------| 346 |<------------| | 347 | | | 348 | | 5 | 349 |----------------------------->| 350 | | | 352 Figure 2: Example message flow for dynamic HA assignment 354 1. The MN sets the Home Agent address field in the Registration 355 Request to ALL-ZERO-ONE-ADDR. Since the MN is using FA CoA in this 356 example, it sends the Registration Request to the FA. The 357 Registration Request is formatted as follows: 359 +-----------------------------------------------------------+ 360 | Src IP=| Dest IP = | MN HoA | HA Address = | CoA = | 361 | MN | FA | | ALL-ZERO-ONE-ADDR |FA CoA | 362 +-----------------------------------------------------------+ 364 If the MN is aware of a desired HA address, it can add that address 365 in the Requested HA Extension in Registration Request as a hint. 366 That extension is not shown above. 368 2. The FA sends the Registration Request to the Requested HA. If 369 Requested HA Extension is present, Requested HA is the HA address in 370 this extension. If the Requested HA Extension is not present, the FA 371 determines the Requested HA through means outside the scope of this 372 specification. The Registration Request is formatted as follows: 374 +-----------------------------------------------------------+ 375 | Src IP=| Dest IP = | MN HoA | HA Address = | CoA = | 376 | FA |Requested HA| | ALL-ZERO-ONE-ADDR |FA CoA | 377 +-----------------------------------------------------------+ 379 (If MN includes the Requested HA Extension, the FA copies that 380 extension. The FA then forwards the Registration Request, along with 381 the Requested HA Extension, to the HA address specified in Requested 382 HA Extension.) 384 3. The HA processes the Registration Request in accordance with 385 Mobile IPv4 [1] and the messaging defined in this document. The HA 386 creates mobility binding for successful request and becomes the 387 Assigned HA. The HA then sends Registration Reply to the FA, which 388 is formatted as follows: 390 +-----------------------------------------------------------+ 391 | Src IP=| Dest IP = | MN HoA | HA Address = | CoA = | 392 |Assigned| Src IP of | | Assigned HA |FA CoA/| 393 | HA | the RRQ | | | | 394 +-----------------------------------------------------------+ 396 4. The FA relays the Registration Reply to the MN, as follows. 398 +-----------------------------------------------------------+ 399 | Src IP=| Dest IP = | MN HoA | HA Address = | CoA = | 400 | FA | MN | | Assigned HA |FA CoA/| 401 +-----------------------------------------------------------+ 403 5. The MN obtains the Assigned HA address from the HA field in the 404 successful Registration Reply and uses it for the remainder of the 405 session. The MN sends subsequent Re-Registration or De-Registration 406 Requests for the remainder session directly to the Assigned HA. Note 407 that the Assigned HA is the same as the Requested HA. 409 4.2 Messaging for HA redirection 411 This section describes the events that occur when the Requested HA 412 does not accept the Registration Request and redirects the mobile 413 node to another HA (aka Redirected HA) instead. 415 1. The MN sets the Home Agent address field in the Registration 416 Request to ALL-ZERO-ONE-ADDR. 418 2. The MN (if using collocated CoA and registering directly with the 419 HA) or FA (if the MN is registering via the FA) sends the 420 Registration Request to the "Requested HA". If the MN is aware of 421 an HA address, it can add that address in the Requested HA 422 Extension in Registration Request. 424 3. When the HA receives the Registration Request, if the HA field is 425 set to ALL-ZERO-ONE-ADDR, the HA may reject the request with Reply 426 code REDIRECT-HA-REQ and suggest an alternate HA. 428 The HA may reject the Request for a number of reasons, which are 429 outside the scope of this specification. If the HA rejects the 430 Request, the HA field in the Reply is set to this HAs address. 431 The IP address of the HA that is the target of the redirection is 432 specified in Redirected HA Extension. The presence of this 433 extension is mandatory when the reply code is set to REDIRECT-HA- 434 REQ. HA sends the Reply to the FA/MN. 436 4. FA sends the Reply to the MN. 438 5. If the error code is set to REDIRECT-HA-REQ, MN obtains the HA 439 address from Redirected HA Extension. The MN then sends a 440 Registration Request to Redirected HA, unless it has already 441 received a redirection response from this HA while processing this 442 Registration Request. 444 4.2.1 Example with Message Flow Diagram 446 Figure 3 shows one specific example of a Mobile Node using FA-located 447 Care of Address. 449 MN FA Requested HA Redirected HA 450 | 1 | | | 451 |------------>| 2 | | 452 | |--------------->| | 453 | | | | 454 | | | | 455 | | 3 | | 456 | 4 |<---------------| | 457 |<------------| | | 458 | | | | 459 | | 5 | | 460 |--------------------------------------------->| 461 | | | | 463 Figure 3: Example message flow for HA redirection 465 1. The MN sets the Home Agent address field in the Registration 466 Request to ALL-ZERO-ONE-ADDR. Since the MN is using FA CoA in this 467 example, it sends the Registration Request to the FA. The 468 Registration Request is formatted as follows: 470 +-----------------------------------------------------------+ 471 | Src IP=| Dest IP = | MN HoA | HA Address = | CoA = | 472 | MN | FA | | ALL-ZERO-ONE-ADDR |FA CoA | 473 +-----------------------------------------------------------+ 475 If the MN is aware of an HA address, it can add that address in the 476 Requested HA Extension in Registration Request as a hint. That 477 extension is not shown above. 479 2. The FA sends the Registration Request to the Requested HA. If 480 Requested HA Extension is present, Requested HA is the HA address in 481 this extension. If the Requested HA Extension is not present, the FA 482 determines the Requested HA through means outside the scope of this 483 specification. The Registration Request is formatted as follows: 485 +-----------------------------------------------------------+ 486 | Src IP=| Dest IP = | MN HoA | HA Address = | CoA = | 487 | FA |Requested HA| | ALL-ZERO-ONE-ADDR |FA CoA | 488 +-----------------------------------------------------------+ 490 3. The HA processes the Registration Request in accordance with 491 Mobile IPv4 [1] and the messaging defined in this specification. If 492 the registration is successful, but local configuration/ 493 administrative policy etc. directs HA to refer the MN to another HA, 494 the HA rejects the Request with error code REDIRECT-HA-REQ. The HA 495 fills in the address of the Redirected HA in the Redirected HA 496 Extension. The HA then sends Registration Reply reject to the FA, 497 which is formatted as follows: 499 +-----------------------------------------------------------+ 500 | Src IP=| Dest IP = | MN HoA | HA Address = | CoA = | 501 | | Src IP of | | HA |FA CoA | 502 | HA | the RRQ | | | | 503 +-----------------------------------------------------------+ 504 | Redirected HA Extension ... | 505 +-----------------------------------------------------------+ 507 4. The FA relays the Registration Reply to the MN, as follows. 509 +-----------------------------------------------------------+ 510 | Src IP=| Dest IP = | MN HoA | HA Address = | CoA = | 511 | FA | MN | | HA |FA CoA/| 512 +-----------------------------------------------------------+ 513 | Redirected HA Extension ... | 514 +-----------------------------------------------------------+ 516 5. If the MN can authenticate the Reply, the MN extracts the HA 517 address from the Redirected HA Extension. The MN then sends a 518 Registration Request to the Redirected HA, unless it has already 519 received a redirection response from that HA while processing the 520 Registration Request. 522 5. Mobility Agent Considerations 524 The following sections describe the behavior of each mobility agent 525 in detail. 527 5.1 Mobile Node Considerations 529 The mobile node MUST use the NAI extension for home address 530 assignment when using the messaging mechanism in this document. 531 Since MN uses the NAI extension, the Home Address field is set to 532 0.0.0.0. 534 While dynamic HA assignment is in progress and the MN has not 535 successfully anchored at a Home Agent, the MN MUST set the Home Agent 536 field in the Registration Request to an ALL-ZERO-ONE-ADDR, which is 537 either 255.255.255.255 or 0.0.0.0. 539 The Registration Request MUST be protected by a valid authenticator 540 as specified in Mobile IPv4 [1] or Mobile IPv4 Challenge/Response 541 Extensions [5]. Configuring security associations is deployment 542 specific and hence outside the scope of this specification. The 543 security associations between a MN and an individual HA may also be 544 dynamically derived during the dynamic HA assignment, based on a 545 shared secret between MN and AAA infrastructure [7]. 547 The mobile node MUST maintain the remaining Mobile IP session with 548 the Assigned HA. 550 The following sections describe MN behavior in FA CoA mode and 551 collocated CoA mode. 553 5.1.1 MN using FA CoA 555 When a mobile node initiates a Mobile IP session requesting dynamic 556 HA assignment, it MUST set the home agent address field in the 557 Registration Request to ALL-ZERO-ONE-ADDR. The destination IP 558 address of the Registration Request is the FA. The FA will determine 559 the Requested HA and forward the Registration Request to the 560 Requested HA. Registration Request processing takes place on the 561 Requested HA as per the specification in this draft. 563 The Registration Request MUST be appropriately authenticated for the 564 HA to validate the Request. 566 If a successful Registration Reply is received, the MN obtains the 567 Assigned HA from the HA field of Reply. The Assigned HA address will 568 be the same as the Requested HA Extension, if it was included in the 569 Registration Request by the MN. 571 If a Registration Reply is received with code REDIRECT-HA-REQ, the MN 572 MUST authenticate the Reply based on HA address in HA field of Reply 573 and attempt Registration with the HA address specified in the 574 Redirected HA Extension. The MN MUST put the Redirected HA address 575 as the Requested HA Extension of the new Registration Request. 577 In some cases, for the first Registration Request the MN may want to 578 hint to the network to be anchored at a specific HA. The MN SHOULD 579 put that address in the HA address of the Requested HA Extension. 581 If the Registration Request contains the Requested HA Extension, the 582 HA address in that extension MUST match the destination IP of the 583 Request. 585 5.1.2 MN using Collocated CoA 587 An MN in collocated CoA mode requesting dynamic HA assignment MUST 588 set the home agent address field in the Registration Request to ALL- 589 ZERO-ONE-ADDR. The destination IP address of the Registration 590 Request is the Requested HA. Some ideas on how to select a Requested 591 HA are briefly covered in section 6. 593 If a successful Reply is received, the MN obtains the Assigned HA 594 address from the successful Registration Reply. The Assigned HA will 595 be the same as Requested HA to which the Registration Request was 596 sent. The MN MUST cache the Assigned HA address for the length of 597 the Mobile IP session. The mobile node then MUST use this previously 598 cached Assigned HA address as the home agent address in subsequent 599 re-registration and de-registration request(s). This will make sure 600 that for the duration of the Mobile IP session, the mobile node will 601 always be anchored to the assigned home agent with which it was 602 initially registered. 604 If a Registration Reply is received with code REDIRECT-HA-REQ, the MN 605 MUST authenticate the Reply based on HA address in HA field of Reply 606 and attempt Registration with the HA address specified in the 607 Redirected HA Extension. The MN MUST put the Redirected HA in the 608 Requested HA Extension of the new Registration Request. 610 In some cases, for the first Registration Request MN may want to hint 611 to the network to be anchored at a specific HA and the MN SHOULD put 612 that address in the HA address of the Requested HA Extension. 614 While requesting dynamic HA assignment and registering directly with 615 an HA, the Requested HA Extension MUST be included and MUST contain 616 the address of the HA to which the Registration Request is sent. 617 When using collocated CoA but registering via an FA the Requested HA 618 Extension MAY be present or MAY be omitted. 620 5.1.3 Refreshing Assigned HA Address on Mobile Node 621 When the Mobile IP session terminates, the mobile node MAY clear the 622 Assigned HA address cached as the home agent address. It MAY request 623 a new HA address for the new Mobile IP session by not including the 624 Requested HA Extension. The advantage of this approach is that the 625 mobile node will be always anchored to an optimal home agent from 626 where it initiated the Mobile IP session. 628 Alternately, the MN may save the Assigned HA address and use it in 629 the Requested HA Extension along with ALL-ZERO-ONE-ADDR HA address in 630 Registration Request for a new Mobile IP session. 632 5.2 Foreign Agent Considerations 634 When the mobile node is using FA CoA it always registers via the FA. 635 When the MN is using a collocated CoA it may register using an FA or 636 it may register directly with an HA, unless the R bit is set in the 637 FA's agent advertisement, in which case it always registers with the 638 FA. 640 When the FA receives a Registration Request with HA address field set 641 to ALL-ZERO-ONE-ADDR that doesn't contain the Requested HA Extension, 642 the FA obtains the Requested HA address to forward the Registration 643 Request using means outside the scope of this specification. Some 644 ideas on how to select a Requested HA are briefly covered in section 645 6. 647 If the FA cannot obtain the Requested HA to which to forward a 648 Registration Request from MN, it MUST reject request with error code 649 NONZERO-HA-REQD. 651 If the MN has included the Requested HA Extension, the FA MUST 652 forward Registration Request to the address in this extension. If 653 the HA address in this extension is not a routable unicast address, 654 the FA MUST reject request with error code NONZERO-HA-REQD. 656 If the Registration Request contains the Requested HA Extension, the 657 FA uses that address as the destination for the relayed Registration 658 Request. 660 Backward compatibility issues related to the mobility agents are 661 addressed in section 10. 663 5.3 Home Agent Considerations 665 A Home Agent can process an incoming Registration Request in one of 666 the following two ways: 668 1. The MN or FA sends the Registration Request to the Requested HA. 669 The term Requested HA has meaning in the context of a Registration 670 Request message. When the Requested HA successfully processes the 671 Registration Request and creates a binding and sends a Reply with its 672 address, it becomes the Assigned HA. The term Assigned HA is 673 meaningful in the context of a Registration Reply message. 675 2. A Home Agent receiving a Registration Request with HA field set 676 to ALL-ZERO-ONE-ADDR MAY reject the request even if successfully 677 authenticated and suggest an alternate HA address in Reply. In such 678 a case, the HA puts its own address in HA field of Reply and sets the 679 Reply code to REDIRECT-HA-REQ and adds the Redirected HA Extension. 681 If the Registration Request contains the Requested HA Extension, the 682 HA address in that extension must match the destination IP of the 683 Request. If it does not match, the Requested HA MUST reject the 684 Registration Request with error code 136. 686 5.3.1 Assigned Home Agent Considerations 688 The HA that processes the incoming Registration Request fully in 689 accordance with Mobile IPv4 [1] and this specification becomes the 690 Assigned HA. The Registration Request terminates at the Assigned HA. 692 The Assigned HA creates one mobility binding per MN and sends 693 Registration Reply to the MN by copying its address in the home agent 694 field and as the source IP address of the Reply. 696 The following table summarizes the behavior of the Assigned HA, based 697 on the value of the destination IP address and Home Agent field of 698 the Registration Request. 700 Dest IP Addr HA field Processing at Assigned HA 701 ------------ ------------ ---------------------------------- 703 Unicast non-unicast Mobile IPv4 [1]: There is no change 704 in handling for this case from 705 (Must be Mobile IPv4. It is mentioned here 706 equal to the for reference only. 707 HA receiving HA denies the registration with 708 the RRQ) error code 136 and sets HA field to 709 its own IP address in the reply as 710 per section 3.8.3.2 in [1]. 712 ALL-ZERO- New Behavior: Accept the RRQ as per 713 ONE-ADDR this specification. Authenticate 714 the RRQ and create mobility binding 715 if the HA is acting as Assigned HA. 716 Set HA field to its own IP address 717 in the Registration Reply. 719 OR 721 New Behavior: If authentication is 722 successful, reject RRQ with a new 723 error code REDIRECT-HA-REQ. HA 724 puts its address in HA address 725 field of Reject. HA suggests an 726 alternate HA to use in the new 727 Redirected HA Extension. 729 Table 1: Registration Request handling at Assigned HA 731 As per the messaging proposed here, the mobile node (or the foreign 732 agent) sends the Registration Request to the Requested HA address, 733 which is a unicast address. Therefore, this document does not 734 specify any new behavior for the case where the HA receives a subnet 735 directed broadcast Registration Request as specified in section 736 3.8.2.1 of the Mobile IPv4 specification [1]. Although the Home 737 Agent field in the Registration Request is not a unicast address, the 738 destination IP address is a unicast address. This avoids the 739 problem associated with subnet-directed broadcast destination IP 740 address that may result in multiple HAs responding. Thus, there is 741 no need to deny the registration as stated in Mobile IPv4 [1] section 742 3.8.3.2. 744 When the destination IP address is a unicast address and the Home 745 Agent field is ALL-ZERO-ONE-ADDR, the HA accepts/denies registration 746 and sets the HA field to its own IP address in the reply (i.e. the 747 registration is not rejected with error code 136). 749 The HA can reject the request with the error code REDIRECT-HA-REQ and 750 suggest an alternate HA. This redirection can be used for load 751 balancing, geographical proximity based on care-of-address or other 752 reasons. The HA puts its own address in HA field of the Registration 753 Reply message and puts the address of the redirected HA in the 754 Redirected HA Extension. If the HA accepts the Request, it sets the 755 HA field in the Registration Reply to its own address. 757 The Requested HA always performs standard validity checks on the 758 Registration Request. If there is any error, the Registration 759 Request is rejected with error codes specified in Mobile IPv4 [1]. 761 6. Requested Home Agent Selection 763 When dynamic HA assignment is requested, the MN (or FA in the case of 764 registration via FA) sends the Registration Request to the Requested 765 HA. This address MUST be a unicast IP address. If the MN has 766 included a Requested HA Extension in Registration Request, the HA 767 address in this extension is the Requested HA. 769 Some example methods by which the MN or the FA may select the 770 Requested HA are briefly described below: 772 DHCP: 774 MN performs DHCP to obtain an IP address on the visited network. The 775 Requested HA is learned from the DHCP Mobile IP Home Agent Option 68 776 [4]. MN sends Registration Request directly to this HA and receives 777 the Assigned HA to be used for the remainder of the Mobile IP 778 session. 780 AAA: 782 MN performs challenge/response [5] with the FA. The FA retrieves the 783 Requested HA from the AAA server and forwards the Registration 784 Request directly to this HA. The Assigned HA sends a Registration 785 Reply to the FA, which relays it to the MN. MN uses the Assigned HA 786 for the remainder of the Mobile IP session. 788 DNS: 790 In this case the hostname of the HA is configured on the MN or 791 obtained by some other means; e.g., using a service location 792 protocol. MN performs DNS lookup on the HA hostname. The DNS 793 infrastructure provides a resource record with information to 794 identify the optimal HA to the MN. The MN sends a Registration 795 Request directly to the HA and receives the Assigned HA to be used 796 for remainder of the Mobile IP session. 798 Static configuration: 800 The HA address is statically configured on the MN. The MN sends the 801 Registration Request to the configured address. The Requested HA may 802 then redirect the MN to a Redirected HA. 804 7. Error Values 806 Each entry in the following table contains the name and value for the 807 error code to be returned in a Registration Reply. It also includes 808 the section in which the error code is first mentioned in this 809 document. 811 Error Name Value Section Description 812 --------------- ----- ------- ----------------------------- 813 NONZERO-HA-REQD XX 5.2 Non-zero HA address required 814 in Registration Request. 815 REDIRECT-HA-REQ YY 5.3 Reregister with redirected HA. 817 8. IANA Considerations 819 The code value NONZERO-HA-REQD is a Mobile IP response code [1] taken 820 from the range of values associated with rejection by the foreign 821 agent (i.e. value in the range 64-127). 823 The code value REDIRECT-HA-REQ is a Mobile IP response code [1] taken 824 from the range of values associated with rejection by the home agent 825 (i.e. value in the range 128-192). 827 The Dynamic HA Extension is assigned from the range of values 828 associated with skippable extensions at the home agent (i.e. value in 829 the range 128-255). 831 IANA should record the values as defined in Section 7 and 3.4. 833 9. Security Considerations 835 This specification assumes that a security configuration has been 836 preconfigured between the MN and the HA or is configured along with 837 the initial RRQ/RRP as per [7]. 839 This specification does not change the security model established in 840 Mobile IPv4 [1]. Mobile Nodes are often connected to the network via 841 wireless links, which may be more prone to passive eavesdropping or 842 replay attacks. Such an attack might lead to bogus registrations or 843 redirection of traffic or denial of service. 845 As per the messaging in this draft, the Assigned Home Agent will 846 process the incoming Registration Request as per Mobile IPv4 [1]. 847 Hence the Assigned Home Agent will have same security concerns as 848 that of the Home Agent in Mobile IPv4 [1]. They are addressed in 849 Section 5 "Security Considerations" of Mobile IPv4 [1]. 851 The Registration Request and Registration Reply messages are 852 protected by a valid authenticator as specified in Mobile IPv4 [1]. 853 Configuring security associations is a deployment specific issue and 854 is covered by other Mobile IP specifications. There can be many ways 855 of configuring security associations, but this specification does not 856 mandate any specific way. 858 An example is where the security association between an MN and an 859 individual HA (Requested or Assigned) is dynamically derived during 860 the registration process based on a shared secret between MN and AAA 861 infrastructure, as defined in [7]. The Registration Request is 862 protected with MN-AAA authentication extension and Registration Reply 863 is protected with MN-HA Authentication Extension. Because the 864 security association is shared between MN and AAA, any dynamically 865 assigned HA in the local domain can proxy authenticate the MN using 866 AAA as per [7]. 868 The Assigned Home Agent authenticates each Registration Request from 869 the mobile node as specified in Mobile IPv4 [1] and/or RFC-3012. The 870 MN also authenticates the Registration Reply from the Assigned HA, 871 thus the existing trust model in Mobile IPv4 [1] is maintained. 873 10. Backward Compatibility Considerations 875 In this section, we examine concerns that may arise when using this 876 specification in a mixed environment where some nodes implement the 877 specification and others do not. In each of the examples below, we 878 consider the case where one node is a "Legacy" node which does not 879 implement the specification in the context of other nodes which do. 881 Legacy Home Agent: 883 Legacy home agents may reject the Registration Request with error 884 code 136 because the Home Agent field is not a unicast address. 885 However, some legacy HA implementations may coincidentally process 886 the Registration Request in accordance with this draft, when the HA 887 field in Registration Request is set to ALL-ZERO-ONE-ADDR. 889 Legacy Foreign Agent: 891 Legacy foreign agents may forward a Registration Request with home 892 agent field set to ALL-ZERO-ONE-ADDR by setting the destination IP 893 address to ALL-ZERO-ONE-ADDR. This will result packet being dropped 894 or incidentally handled by a next hop HA, adjacent to the FA. 896 Legacy Mobile Node: 898 A MN that does not set HA field to ALL-ZERO-ONE-ADDR will continue to 899 achieve its registrations through statically configured HA. In 900 collocated mode, the endpoint of the MN's tunnel is the Assigned HA. 902 11. Change Log from previous versions 904 Note: This section should be removed before publication. 906 Changes from revision 2 to 3: 908 1. More editorial changes suggested by the chair's reviews. 910 Changes from revision 1 to 2: 912 1. Editorial changes suggested by the WG, the chair's reviews and 913 idnits. 915 Changes from revision 0 to 1: 917 1. Added subtype field in Redirected HA Address Extension. 918 2. Aligned the HA address at 4-byte world boundary. 919 3. The case of handling unicast HA field is removed in section 920 5.3.1. 922 12. Acknowledgements 924 The authors would like to thank Pete McCann for thorough review, 925 suggestions on security considerations and definition of ALL-ZERO- 926 ONE-ADDR. Thanks to Kuntal Chowdhury for extensive review and 927 comments on this draft. Also thanks to Henrik Levkowetz for detailed 928 reviews and suggestions. 930 The authors would like to thank Mike Andrews, Madhavi Chandra and 931 Yoshi Tsuda for their review and suggestions. 933 13. Normative References 935 [1] C. Perkins, "IP Mobility Support for IPv4", RFC 3344, August 936 2002. 937 [2] P. Calhoun and C. Perkins, "Mobile IP Network Access Identifier 938 Extension for IPv4", RFC 2794, March 2000. 939 [3] D. Senie, "Changing the Default for Directed Broadcasts in 940 Routers", RFC 2644, August 1999. 941 [4] S. Alexander and R. Droms, "DHCP Options and BOOTP Vendor 942 Extensions", RFC 2132, March 1997. 943 [5] C. Perkins and P. Calhoun, "Mobile IPv4 Challenge/Response 944 Extensions", RFC 3012, November 2000. 945 [6] Bradner, S., "Key words for use in RFCs to Indicate Requirement 946 Levels", BCP 14, RFC 2119, March 1997. 947 [7] C. Perkins and P. Calhoun, "AAA Registration Keys for Mobile 948 IP", draft-ietf-mip4-aaa-key-06.txt, June 2004. 950 Authors' Addresses 952 Milind Kulkarni 953 Cisco Systems Inc. 954 170 W. Tasman Drive, 955 San Jose, CA 95134 956 USA 958 Email: mkulkarn@cisco.com 959 Phone:+1 408-527-8382 961 Alpesh Patel 962 Cisco Systems Inc. 963 170 W. Tasman Drive, 964 San Jose, CA 95134 965 USA 967 Email: alpesh@cisco.com 968 Phone:+1 408-853-9580 970 Kent Leung 971 Cisco Systems Inc. 972 170 W. Tasman Drive, 973 San Jose, CA 95134 974 USA 976 Email: kleung@cisco.com 977 Phone: +1 408-526-5030 979 Intellectual Property Statement 981 The IETF takes no position regarding the validity or scope of any 982 Intellectual Property Rights or other rights that might be claimed to 983 pertain to the implementation or use of the technology described in 984 this document or the extent to which any license under such rights 985 might or might not be available; nor does it represent that it has 986 made any independent effort to identify any such rights. 987 Information on the procedures with respect to rights in RFC documents 988 can be found in BCP 78 and BCP 79. 990 Copies of IPR disclosures made to the IETF Secretariat and any 991 assurances of licenses to be made available, or the result of an 992 attempt made to obtain a general license or permission for the use 993 of such proprietary rights by implementers or users of this 994 specification can be obtained from the IETF on-line IPR repository 995 at http://www.ietf.org/ipr. 997 The IETF invites any interested party to bring to its attention 998 any copyrights, patents or patent applications, or other 999 proprietary rights that may cover technology that may be required to 1000 implement this standard. Please address the information to the IETF 1001 at ietf-ipr@ietf.org. 1003 Disclaimer of Validity 1005 This document and the information contained herein are provided on an 1006 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 1007 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET 1008 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, 1009 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE 1010 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 1011 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 1013 Copyright Statement 1015 Copyright (C) The Internet Society (2003). This document is subject 1016 to the rights, licenses and restrictions contained in BCP 78, and 1017 except as set forth therein, the authors retain all their rights. 1019 Acknowledgement 1021 Funding for the RFC Editor function is currently provided by the 1022 Internet Society.