idnits 2.17.1 draft-ietf-mip4-nemo-v4-base-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 18. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 827. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 834. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 840. ** Found boilerplate matching RFC 3978, Section 5.4, paragraph 1, updated by RFC 4748 (on line 856), which is fine, but *also* found old RFC 3978, Section 5.4, paragraph 1 text on line 40. ** The document seems to lack an RFC 3978 Section 5.5 (updated by RFC 4748) Disclaimer -- however, there's a paragraph with a matching beginning. Boilerplate error? Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard == The page length should not exceed 58 lines per page, but there was 16 longer pages, the longest (page 1) being 61 lines Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 2 instances of lines with control characters in the document. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year == The copyright year in the IETF Trust Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (February 26, 2007) is 6262 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 3344 (Obsoleted by RFC 5944) Summary: 5 errors (**), 0 flaws (~~), 4 warnings (==), 6 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Network Working Group K. Leung 2 Internet-Draft G. Dommety 3 Expires: August 26, 2007 Cisco Systems 4 V. Narayanan 5 QUALCOMM, Inc. 6 A. Petrescu 7 Motorola 8 February 26, 2007 10 IPv4 Network Mobility (NEMO) Protocol 11 draft-ietf-mip4-nemo-v4-base-00.txt 13 Status of this Memo 15 By submitting this Internet-Draft, each author represents that any 16 applicable patent or other IPR claims of which he or she is aware 17 have been or will be disclosed, and any of which he or she becomes 18 aware will be disclosed, in accordance with Section 6 of BCP 79. 20 Internet-Drafts are working documents of the Internet Engineering 21 Task Force (IETF), its areas, and its working groups. Note that 22 other groups may also distribute working documents as Internet- 23 Drafts. 25 Internet-Drafts are draft documents valid for a maximum of six months 26 and may be updated, replaced, or obsoleted by other documents at any 27 time. It is inappropriate to use Internet-Drafts as reference 28 material or to cite them other than as "work in progress." 30 The list of current Internet-Drafts can be accessed at 31 http://www.ietf.org/ietf/1id-abstracts.txt. 33 The list of Internet-Draft Shadow Directories can be accessed at 34 http://www.ietf.org/shadow.html. 36 This Internet-Draft will expire on August 26, 2007. 38 Copyright Notice 40 Copyright (C) The Internet Society (2007). 42 Abstract 44 This document describes a protocol for supporting Mobile Networks 45 between a Mobile Router and a Home Agent by extending the Mobile IPv4 46 protocol. A Mobile Router is responsible for the mobility of one or 47 more network segments or subnets moving together. The Mobile Router 48 hides its mobility from the nodes on the mobile network. The nodes 49 on the Mobile Network may be fixed in relationship to the Mobile 50 Router and may not have any mobility function. 52 Extensions to Mobile IPv4 are introduced to support Mobile Networks. 54 Table of Contents 56 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 1 57 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 2 58 3. Requirements . . . . . . . . . . . . . . . . . . . . . . . . . 2 59 4. Mobile Network Extensions . . . . . . . . . . . . . . . . . . 3 60 4.1. Mobile Network Request Extension . . . . . . . . . . . . . 3 61 4.2. Mobile Network Acknowledgement Extension . . . . . . . . . 4 62 5. Mobile Router Operation . . . . . . . . . . . . . . . . . . . 5 63 5.1. Error Processing . . . . . . . . . . . . . . . . . . . . . 5 64 6. Home Agent Operation . . . . . . . . . . . . . . . . . . . . . 6 65 6.1. Summary . . . . . . . . . . . . . . . . . . . . . . . . . 6 66 6.2. Data Structures . . . . . . . . . . . . . . . . . . . . . 7 67 6.2.1. Registration Table . . . . . . . . . . . . . . . . . . 7 68 6.2.2. Prefix Table . . . . . . . . . . . . . . . . . . . . . 7 69 6.3. Mobile Network Prefix Registration . . . . . . . . . . . . 7 70 6.4. Advertising Mobile Network Reachability . . . . . . . . . 9 71 6.5. Establishment of Bi-directional Tunnel . . . . . . . . . . 9 72 6.6. Sending Registration Replies . . . . . . . . . . . . . . . 9 73 6.7. Mobile Network Prefix De-registration . . . . . . . . . . 9 74 7. Data Forwarding Operation . . . . . . . . . . . . . . . . . .10 75 8. Nested Mobile Networks . . . . . . . . . . . . . . . . . . . .10 76 9. Security Considerations . . . . . . . . . . . . . . . . . . .10 77 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . .12 78 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . .13 79 12. References . . . . . . . . . . . . . . . . . . . . . . . . . .13 80 12.1. Normative References . . . . . . . . . . . . . . . . . . .13 81 12.2. Informative References . . . . . . . . . . . . . . . . . .13 82 13. Changelog . . . . . . . . . . . . . . . . . . . . . . . . . .13 83 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . .14 84 Intellectual Property and Copyright Statements . . . . . . . . . .15 86 1. Introduction 88 This document describes protocol extensions to Mobile IPv4 89 ([RFC3344]) to enable support for Mobile Networks. This draft 90 addresses only co-located Care-of Address mode (not Foreign Agent 91 Care-of Address mode, for which the gentle reader is directed to 92 [1]). 94 A Mobile Network is defined as a network segment or subnet that can 95 change its point of attachment to the routing infrastructure. Such 96 movement is performed by a Mobile Router, which is the mobility 97 entity that provides connectivity and reachability as well as 98 session continuity for all the nodes in the Mobile Network. The 99 Mobile Router typically serves as the default gateway for the hosts 100 on the Mobile Network. 102 Mobility for the Mobile Network is supported by the Mobile Router 103 registering the point of attachment to its Home Agent. This 104 signaling sets up the tunnel between the two entities. The Mobile 105 Networks (either implicitly configured on the Home Agent or 106 explicitly identified by the Mobile Router) are advertised by the 107 Home Agent for route propagation. Traffic to and from nodes in the 108 Mobile Network are tunneled by the Home Agent to the Mobile Router, 109 and vice versa. Though packets from the Mobile Network can be 110 forwarded directly without tunneling (if reverse tunneling is not 111 used) packets will be dropped if ingress filtering is turned on. 113 This document specifies an additional tunnel between Mobile Router's 114 Home Address and the Home Agent. This tunnel is encapsulated within 115 the normal tunnel between the Care-of Address (CoA) and Home Agent. 116 In Foreign Agent CoA mode, the tunnel between the Mobile Router and 117 Home Agent is needed to allow the Foreign Agent to direct the 118 decapsulated packet to the proper visiting Mobile Router. However, 119 in Collocated CoA mode, the additional tunnel is not essential and 120 can be eliminated because the Mobile Router is the recipient of the 121 encapsulated packets for the Mobile Network. 123 All traffic between the nodes in the Mobile Network and Correspondent 124 Nodes passes through the Home Agent. This document does not cover 125 route optimization of this traffic. 127 A similar protocol has been documented in [RFC3963] for supporting 128 IPv6 mobile networks with Mobile IPv6 extensions. 130 Multihoming for Mobile Routers is outside the scope of this 131 document. 133 2. Terminology 135 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 136 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 137 document are to be interpreted as described in [RFC2119]. 139 Terminology for network mobility support is defined in [RFC3344]. In 140 addition, this document defines the following terms. 142 Mobile Network Prefix 144 The network prefix of the subnet delegated to a Mobile Router 145 as the Mobile Network. 147 Prefix Table 149 A list of Mobile Network Prefixes indexed by the Home Address 150 of a Mobile Router. The Home Agent manages and uses Prefix 151 Table to determine which Mobile Network Prefixes belong to a 152 particular Mobile Router. 154 3. Requirements 156 Although Mobile IPv4 stated that Mobile Network can be supported by 157 the Mobile Router and Home Agent using static configuration or 158 running a routing protocol, there is no solution for explicit 159 registration of the Mobile Networks served by the Mobile Router. A 160 solution needs to provide the Home Agent a means to ensure that a 161 Mobile Router claiming a certain Mobile Network Prefix is 162 authorized to do so. A solution would also expose the Mobile 163 Network Prefixes (and potentially other subnet-relevant 164 information) in the exchanged messages, to aid in network 165 debugging. 167 The following requirements for Mobile Network support are 168 enumerated: 170 o A Mobile Router should be able to operate in explicit or implicit 171 mode. A Mobile Router may explicitly inform the Home Agent which 172 Mobile Network(s) need to be propagated via routing protocol. A 173 Mobile Router may also function in implicit mode, where the Home 174 Agent may learn the mobile networks through other means, such as 175 from the AAA server or via pre-configuration. 177 o The Mobile Network should be supported using Foreign Agents that 178 are compliant to RFC 3344 without any changes ('legacy' Foreign 179 Agents). 181 o The mobile network should allow Fixed nodes, Mobile Nodes, or 182 Mobile Routers to be on it. 184 4. Mobile Network Extensions 186 4.1. Mobile Network Request Extension 188 For Explicit Mode, the Mobile Router informs the Home Agent about the 189 Mobile Network Prefixes during registration. The Registration 190 Request contains zero, one or several Mobile Network Request 191 extensions in addition to any other extensions defined by or in the 192 context of ([RFC3344]). When several Mobile Networks are needed to 193 be registered, each is included in a separate Mobile Network Request 194 extension, with its own Type, Length, Sub-Type, Prefix Length and 195 Prefix fields. A Mobile Network Request extension is encoded in 196 Type-Length-Value (TLV) format and respects the following format: 198 0 1 2 3 199 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 200 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 201 | Type | Length | Sub-Type | Prefix Length | 202 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 203 | Prefix | 204 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 206 Type: 208 Mobile Network Extension (skippable type range to be assigned 209 by IANA) 211 Length: 213 6 215 Sub-Type: 217 1 (Mobile Network Request) 219 Prefix Length: 221 8-bit unsigned integer indicating the number of bits covering 222 the network part of the address contained in the Prefix field. 224 Prefix: 226 32-bit unsigned integer in network byte-order containing an 227 IPv4 address whose first Prefix Length bits make up the Mobile 228 Network Prefix. 230 4.2. Mobile Network Acknowledgement Extension 232 The Registration Reply contains zero, one or several Mobile Network 233 Acknowledgement extensions in addition to any other extensions 234 defined by or in the context of ([RFC3344]). For Implicit Mode, 235 the Mobile Network Acknowledgement informs the Mobile Router the 236 prefixes for which the Home Agent sets up forwarding with respect 237 to this Mobile Router. Policies such as permitting only traffic 238 from these Mobile Networks to be tunneled to the Home Agent may be 239 applied by the Mobile Router. For Explicit Mode, when several 240 Mobile Networks are needed to be acknowledged explicitly, each is 241 included in a separate Mobile Network Acknowledgement extension, 242 with its own Type, Sub-Type, Length and Prefix Length fields. 243 Optionally, all requested Mobile Networks could be acknowledged 244 using only one Mobile Network Acknowledgement extension with 245 "Prefix Length" and "Prefix" fields set to zero. At least one 246 Mobile Network Acknowledgement extension MUST be in a successful 247 Registration Reply to indicate to the Mobile Router that the Mobile 248 Network Request extension was processed, thereby not skipped by the 249 Home Agent. A Registration Reply may contain any non-zero number 250 of Explicit Mode and Implicit Mode Acknowledgements sub-types. Both 251 sub-types can be present in a single Registration Reply. A Mobile 252 Network Acknowledgement extension is encoded in Type-Length-Value 253 (TLV) format and respects the following format: 255 When the registration is denied with code HA_MOBNET_ERROR, the Code 256 field in the extension provides the reason for the failure. 258 0 1 2 3 259 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 260 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 261 | Type | Length | Sub-Type | Code | 262 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 263 | Prefix Length | Reserved | Prefix 264 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 265 | 266 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 268 Type: 270 Mobile Network Extension (skippable type range to be assigned 271 by IANA) 273 Length: 275 8 277 Sub-Type: 279 TBA (Explicit Mode Acknowledgement) 281 TBA (Implicit Mode Acknowledgement) 283 Code: 285 Value indicating success or failure. 287 0 Success 289 TBA Invalid prefix (MOBNET_INVALID_PREFIX_LEN) 291 TBA MR is not authorized for prefix (MOBNET_UNAUTHORIZED) 293 TBA Forwarding setup failed (MOBNET_FWDING_SETUP_FAILED) 295 Prefix Length: 297 8-bit unsigned integer indicating the number of bits covering 298 the network part of the address contained in the Prefix field. 300 Reserved: 302 Sent as zero; ignored on reception. 304 Prefix: 306 32-bit unsigned integer in network byte-order containing an 307 IPv4 address whose first Prefix Length bits make up the Mobile 308 Network Prefix. 310 5. Mobile Router Operation 312 A Mobile Router's operation is generally derived from the behavior of 313 a Mobile Node, as set in ([RFC3344]). In addition to maintaining 314 mobility bindings for its Home Address, the Mobile Router, together 315 with the Home Agent, maintains forwarding information for the Mobile 316 Network Prefix(es) assigned to the Mobile Router. 318 A Mobile Router SHOULD set the 'T' bit to 1 in all Registration 319 Request messages it sends to indicate the need for reverse tunnels 320 for all traffic. Without reverse tunnels, all the traffic from the 321 mobile network will be subject to ingress filtering in the visited 322 networks. Upon reception of successful registration reply, the 323 Mobile Router processes the registration in accordance to RFC 3344. 324 In addition, the following steps are taken: 326 o Check for Mobile Network Acknowledgement extension(s) in 327 Registration Reply 329 o Create tunnel to the Home Agent if registered in reverse tunneling 330 mode 332 o Set up default route via this tunnel or egress interface when 333 registered with or without reverse tunneling, respectively 335 In accordance with this specification, a Mobile Router may operate in 336 one of the following two modes: explicit and implicit. In explicit 337 mode, the Mobile Router includes Mobile Network Prefix information in 338 all Registration Requests (as Mobile Network Request extensions), 339 while in implicit mode it does not include this information in any 340 Registration Request. In this latter case, the Home Agent obtains 341 the Mobile Network Prefixes by other means than Mobile IP. One 342 example of obtention of the Mobile Network Prefix is through static 343 configuration on the Home Agent. 345 A Mobile Router can obtain a Collocated or Foreign Agent Care-of- 346 Address while operating in explicit or implicit modes. 348 For de-registration, the Mobile Router sends a registration request 349 with lifetime set to zero without any Mobile Network Request 350 extensions. 352 5.1. Error Processing 354 A Mobile Router interprets the values of the Code field in Mobile 355 Network Acknowledgement Extension of the Registration Reply in order 356 to identify any error related to managing the Mobile Network Prefixes 357 by the Home Agent. 359 If the value of the Code field in the Registration Reply is set to 360 HA_MOBNET_DISALLOWED, then the Mobile Router MUST stop sending 361 Registration Requests with any Mobile Network Prefix extensions to 362 that Home Agent. 364 If the value of the Code field in the Registration Reply is set to 365 HA_MOBNET_ERROR then the Mobile Router MUST stop sending Registration 366 Requests that contain any of the Mobile Network Prefixes that are 367 defined by the values of the fields Prefix and Prefix Length in the 368 Mobile Network Acknowledgement extension. Note that the registration 369 is denied in this case and no forwarding for any Mobile Network 370 Prefixes would be set up by the Home Agent for the Mobile Router. 372 It is possible that the Mobile Router receives a registration reply 373 with no mobile network extensions if the registration was processed 374 by a Mobile IPv4 home agent that does not support this specification 375 at all. In that case, the absence of mobile network extensions must 376 be interpreted by the Mobile Router as the case where the Home Agent 377 does not support mobile networks. 379 All the error code values are TBA (To Be Assigned) subject to IANA 380 allocation. 382 6. Home Agent Operation 384 6.1. Summary 386 A Home Agent MUST support all the operations specified in ([RFC3344]) 387 for mobile node support. The Home Agent MUST support both implicit 388 and explicit modes of operation for a Mobile Router. 390 The Home Agent processes the registration in accordance to RFC 3344, 391 which includes route set up to the Mobile Router's home address via 392 the tunnel to the Care-of Address. In addition, for a Mobile Router 393 registering in explicit mode, the following steps are taken: 395 1. Check that the Mobile Network Prefix information is valid 397 2. Ensure the Mobile Network Prefix(es) is or are authorized to be 398 on the Mobile Router 400 3. Create tunnel to the Mobile Router if it does not already exist 402 4. Set up route for the Mobile Network Prefix via this tunnel 404 5. Propagate Mobile Network Prefix routes via routing protocol 406 6. Send the Registration Reply with the Mobile Network 407 Acknowledgement extension(s) 409 If there are any subnet routes via the tunnel to the Mobile Router 410 that are not specified in the Mobile Network extensions, these routes 411 are removed. 413 In the case where the Mobile Node is not permitted to act as a Mobile 414 Router, the Home Agent sends a registration denied message with error 415 code HA_MOBNET_DISALLOWED. 417 For a Mobile Router registering in implicit mode, the Home Agent 418 performs steps 3-6 above, once the registration request is processed 419 successfully. 421 For deregistration, the Home Agent removes the tunnel to the Mobile 422 Router and all routes using this tunnel. The Mobile Network 423 extensions are ignored. 425 6.2. Data Structures 427 6.2.1. Registration Table 429 The Registration Table in the Home Agent, in accordance with 430 [RFC3344], contains binding information for every Mobile Node 431 registered with it. [RFC3344] defines the format of Registration 432 Table. In addition to all the parameters specified by [RFC3344], 433 the Home Agent MUST store the Mobile Network Prefixes associated 434 with the Mobile Router in the corresponding registration entry, 435 when the corresponding registration was performed in explicit mode. 436 When the Home Agent is advertising reachability to Mobile Network 437 Prefixes served by a Mobile Router, this information stored in the 438 Registration Table can be used. 440 6.2.2. Prefix Table 442 The Home Agent must be able to authorize a Mobile Router for use of 443 Mobile Network Prefixes when the Mobile Router is operating in 444 explicit mode. Also, when the Mobile Router operates in implicit 445 mode, the Home Agent must be able to locate the Mobile Network 446 Prefixes associated with that Mobile Router. The Home Agent may 447 store the home address of the Mobile Router along with the mobile 448 network prefixes associated with that Mobile Router. If the Mobile 449 Router does not have a home address assigned, this table may store 450 the NAI ([RFC2794]) of the Mobile Router that will be used in 451 dynamic home address assignment. 453 6.3. Mobile Network Prefix Registration 455 The Home Agent must process registration requests coming from Mobile 456 Routers in accordance with this section. ([RFC3344]) specifies that 457 the home address of a mobile node registering with a Home Agent must 458 belong to a prefix advertised on the home network. In accordance 459 with this specification, however, the home address must be configured 460 from a prefix that is served by the Home Agent, not necessarily the 461 one on the home network. 463 If the registration request is valid, the Home Agent checks to see 464 if there are any Mobile Network Prefix extensions included in the 465 Registration Request. If so, the Mobile Network Prefix information 466 is obtained from the included extensions, and the Home Address from 467 the Home Address field of the UDP header Registration Request. For 468 every Mobile Network Prefix extension included in the registration 469 request, the Home Agent MUST perform a check against the Prefix 470 Table. If the Prefix Table does not contain at least one entry 471 pairing that Home Address to that Mobile Network Prefix then the 472 check fails, otherwise it succeeds. 474 Following this check against the Prefix Table, the Home Agent MUST 475 construct a Registration Reply containing Mobile Network 476 Acknowledgement extensions. For a Mobile Network Prefix for which 477 the check was unsuccessfull the Code field in the corresponding 478 Mobile Network Acknowledgement extension should be set to 479 MOBNET_UNAUTHORIZED. For a Mobile Network Prefix for which the 480 check was successfull the Code field in the respective Mobile 481 Network Acknowledgement extensions should be set to 0. 483 The Home Agent MUST attempt to set up forwarding for each Mobile 484 Network Prefix extension for which the Prefix Table check was 485 successfull. If the forwarding setup fails for a particular Mobile 486 Network Prefix (for reasons like not enough memory available, or 487 not enough devices available, or other similar) the Code field in 488 the respective Mobile Network Acknowledgement extension should be 489 set to MOBNET_FWDING_SETUP_FAILED. 491 If forwarding and setup was successful for at least one Mobile 492 Network Prefix then the Code field of the Registration Reply 493 message should be set to 0. Otherwise that Code should be 494 HA_MOBNET_ERROR. 496 If the registration request is sent in implicit mode, i.e., without 497 any Mobile Network Request extension, the Home Agent may use pre- 498 configured mobile network prefix information for the Mobile Router to 499 set up forwarding. 501 If the Home Agent is updating an existing binding entry for the 502 Mobile Router, it MUST check all the prefixes in the registration 503 table against the prefixes included in the registration request. 504 If one or more mobile network prefix is missing from the included 505 information in the registration request, it MUST delete those 506 prefixes from the registration table. Also, the Home Agent MUST 507 disable forwarding for those prefixes. 509 If all checks are successful, the Home Agent either creates a new 510 entry for the Mobile Router or updates an existing binding entry 511 for it and returns a successful registration reply back to the 512 Mobile Router or the Foreign Agent (if the registration request was 513 received from a Foreign Agent). 515 In accordance with ([RFC3344]), the Home Agent does proxy ARP for 516 the Mobile Router home address, when the Mobile Router home address 517 is derived from the home network. If the 'T' bit is set, the Home 518 Agent creates a bi-directional tunnel for the corresponding mobile 519 network prefixes or updates the existing bi-directional tunnel. 520 This tunnel is maintained independent of the reverse tunnel for the 521 Mobile Router home address itself. 523 6.4. Advertising Mobile Network Reachability 525 If the mobile network prefixes served by the Home Agent are 526 aggregated with the home network prefix and if the Home Agent is 527 the default router on the home network, the Home Agent does not 528 have to advertise the Mobile Network Prefixes. The routes for the 529 Mobile Network Prefix are automatically aggregated into the home 530 network prefix (it is assumed that the Mobile Network Prefixes are 531 automatically aggregated into the home network prefix). If the 532 Mobile Router updates the mobile network prefix routes via a 533 dynamic routing protocol, the Home Agent SHOULD propagate the 534 routes on the appropriate networks. 536 6.5. Establishment of Bi-directional Tunnel 538 The Home Agent creates and maintains a bi-directional tunnel for the 539 mobile network prefixes of a Mobile Router registered with it. A 540 home agent supporting IPv4 Mobile Router operation MUST be able to 541 forward packets destined to the mobile network prefixes served by the 542 mobile router to its care-of-address. Also, the Home Agent MUST be 543 able to accept packets tunneled by the Mobile Router with the source 544 address of the outer header is set to the care-of-address of the 545 mobile router and that of the inner header is set to the Mobile 546 Router's home address or an address from one of the registered mobile 547 network prefixes. 549 6.6. Sending Registration Replies 551 The Home Agents MUST set the status code in the registration reply to 552 0 to indicate successful processing of the registration request and 553 successful set up of forwarding for all the mobile network prefixes 554 served by the Mobile Router. The registration reply MUST contain at 555 least one Mobile Network Acknowledgement extension. 557 If the Home Agent is unable to set up forwarding for one of more 558 mobile network prefixes served by the Mobile Router, it MUST set the 559 Mobile Network Acknowledgement Extension status code in the 560 registration reply to MOBNET_FWDING_SETUP_FAILED. When the prefix 561 length is zero or greater than 32, the status code MUST be set to 562 MOBNET_INVALID_PREFIX_LEN. 564 If the Mobile Router is not authorized to forward packets to one or 565 mobile network prefixes included in the request, the Home Agent MUST 566 set the code to MOBNET_UNAUTHORIZED_MR. 568 6.7. Mobile Network Prefix De-registration 570 If the received registration request is for de-registration of the 571 care-of-address, the Home Agent, upon successful processing of it, 572 MUST delete the entry(ies) from its registration table. The home 573 agent tears down the bi-directional tunnel and stops forwarding any 574 packets to/from the Mobile Router. The Home Agent MUST ignore any 575 included Mobile Network Request extension in a de-registration 576 request. 578 7. Data Forwarding Operation 580 For traffic to the nodes in the Mobile Network, the Home Agent MUST 581 perform double tunneling of the packet, if the Mobile Router had 582 registered with a Foreign Agent care-of-address. In this case, the 583 Home Agent MUST encapsulate the packet with tunnel header (source IP 584 address set to Home Agent and destination IP address set to Mobile 585 Router's home address) and then encapsulate one more time with tunnel 586 header (source IP address set to Home Agent and destination IP 587 address set to CoA). 589 For optimization, the Home Agent SHOULD only encapsulate the packet 590 with the tunnel header (source IP address set to Home Agent and 591 destination IP address set to CoA) for Collocated CoA mode. 593 When a Home Agent receives a packet from the mobile network prefix in 594 the bi-directional tunnel, it MUST de-encapsulate the packet and 595 route it as a normal IP packet. It MUST verify that the incoming 596 packet has the source IP address set to the care-of-address of the 597 Mobile Router. The packet MUST be dropped if the source address is 598 not set to the care-of-address of the Mobile Router. 600 For traffic from the nodes in the Mobile Network, the Mobile Router 601 encapsulates the packet with tunnel header (source IP address set to 602 Mobile Router's home address and destination IP address set to Home 603 Agent) if reverse tunnel is enabled. Otherwise, the packet is routed 604 directly to the Foreign Agent or access router. 606 In Collocated CoA mode, the Mobile Router MAY encapsulate one more 607 times with tunnel header (source IP address set to the CoA and 608 destination IP address set to Home Agent). 610 8. Nested Mobile Networks 612 Nested Network Mobility is a scenario where a Mobile Router allows 613 another Mobile Router to attach to its Mobile Network. There could 614 be arbitrary levels of nested mobility. The operation of each Mobile 615 Router remains the same whether the Mobile Router attaches to another 616 Mobile Router or to a fixed Access Router on the Internet. The 617 solution described here does not place any restriction on the number 618 of levels for nested mobility. But note that this might introduce 619 significant overhead on the data packets as each level of nesting 620 introduces another tunnel header encapsulation. 622 9. Security Considerations 624 The Mobile Network extension is protected by the same rules for 625 Mobile IP extensions in registration messages. See the Security 626 Considerations section in RFC 3344. 628 The Home Agent MUST be able to verify that the Mobile Router is 629 authorized to provide mobility service for the Mobile Networks in 630 the registration request, before anchoring these Mobile Network 631 Prefixes on behalf of the Mobile Router. Forwarding for prefixes 632 MUST NOT be set up without successful authorization of the Mobile 633 Router for those prefixes. A registration failure MUST be notified 634 to the mobile router when it cannot be successfully authorized for 635 prefixes requested by it. 637 All registration requests and replies MUST be authenticated by the 638 MN-HA Authentication Extension as specified in ([RFC3344]). When the 639 registration request is sent in explicit mode, i.e., with one or more 640 Mobile Network Prefix extensions, all the Mobile Network Prefix 641 extensions MUST be included before the MN-HA Authentication 642 extension. Also, these extensions MUST be included in the 643 calculation of the MN-HA authenticator value. 645 The Mobile Router should perform ingress filtering on all the packets 646 received on the mobile network prior to reverse tunneling them to the 647 Home Agent. The Mobile Router MUST drop any packets that do not have 648 a source address belonging to the mobile network. The Mobile Router 649 MUST also ensure that the source address of packets arriving on the 650 mobile network is not the same as the Mobile Router's IP address on 651 any interface. These checks will protect against nodes attempting to 652 launch IP spoofing attacks through the bi-directional tunnel. 654 The Home Agent, upon receiving packets through the bi-directional 655 tunnel, MUST verify that the source addresses of the outer IP header 656 of the packets are set to the Mobile Router's care-of-address. Also, 657 it MUST ensure that the source address of the inner IP header is a 658 topologically correct address on the mobile network. This will 659 prevent nodes from using the Home Agent to launch attacks inside the 660 protected network. 662 If a dynamic routing protocol is used between the Mobile Router and 663 the Home Agent to propagate the mobile network information into the 664 home network, the routing updates SHOULD be protected with IPsec ESP 665 confidentiality between the Mobile Router and Home Agent, to prevent 666 information about home network topology from being visible to 667 eavesdroppers. 669 10. IANA Considerations 671 IANA to modify rules for the existing registry "Mobile IPv4 numbers - 672 per RFC 3344". The numbering space for Extensions that may appear in 673 Mobile IP control messages (those sent to and from UDP port number 674 434) should be modified. 676 The new Values and Names for the Type for Extensions appearing in 677 Mobile IP control messages are the following: 679 Value Name 680 ----- ------------------------------------------ 681 TBA Mobile Network Extension (To Be Assigned by IANA) 683 The new Values and Names for the Sub-Type for Mobile Network 684 Extension are the following: 686 Value Name 687 ----- ------------------------------------------ 688 TBA Mobile Network Request Extension 689 TBA Explicit Mode Acknowledgement Extension 690 TBA Implicit Mode Acknowledgement Extension 692 The new Code values for Mobile IP Registration Reply messages are the 693 following: 695 Code Values for Mobile IP Registration Reply messages 696 ----------------------------------------------------- 698 Registration denied by the Home Agent: (To Be Assigned by IANA) 700 TBA Mobile Network Prefix operation error (HA_MOBNET_ERROR) 701 TBA MR operation is not permitted (HA_MOBNET_DISALLOWED) 703 The new Code Values for Mobile IP Registration Reply messages are the 704 following: 706 Code Values for Mobile Network Acknowledgement Extension 707 -------------------------------------------------------- 709 Registration denied by the Home Agent: 711 TBA Invalid prefix length (MOBNET_INVALID_PREFIX_LEN) 712 TBA MR is not authorized for prefix (MOBNET_UNAUTHORIZED) 713 TBA Forwarding setup failed (MOBNET_FWDING_SETUP_FAILED) 715 The current (non-modified) numbering spaces could be consulted at the 716 following URL: http://www.iana.org/assignments/mobileip-numbers 718 11. Acknowledgements 720 The authors would like to thank Christophe Janneteau, George 721 Popovich, Ty Bekiares, Ganesh Srinivasan, Alpesh Patel, Ryuji 722 Wakikawa, George Tsirtsis, and Henrik Levkowetz for their helpful 723 discussions, reviews and comments. Vijay Devarapalli extensively 724 reviewed one of the later versions of the draft. 726 12. References 728 12.1. Normative References 730 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 731 Requirement Levels", BCP 14, RFC 2119, March 1997. 733 [RFC2794] Calhoun, P. and C. Perkins, "Mobile IP Network Access 734 Identifier Extension for IPv4", RFC 2794, March 2000. 736 [RFC3344] Perkins, C., "IP Mobility Support for IPv4", RFC 3344, 737 August 2002. 739 12.2. Informative References 741 [RFC3963] Devarapalli, V., Wakikawa, R., Petrescu, A., and P. 742 Thubert, "Network Mobility (NEMO) Basic Support Protocol", 743 RFC 3963, January 2005. 745 [1] Tsirtsis, G., Park, V., Narayanan, V., and K. Leung, "FA 746 extensions to NEMOv4 Base", 747 draft-tsirtsis-nemov4-fa-01.txt, IETF Internet-Draft, 748 Work in Progress, January 31, 2007. 750 13. Changelog 752 From version 00 to 01: 753 -removed error code HA_MOBNET_UNSUPPORTED. 754 -changed all values to be assigned by IANA, from specific 755 numbers to "TBA" (To Be Assigned). 756 -substituted "egress interface" for "roaming interface". 757 -changed HA behaviour upon reception of MNPs. In 00 the HA 758 replied positively only if all MNPs in RegReq were valid, in 01 759 a reply is constructed specifying which MNP was valid and which 760 not. 761 -clarified a 3-line paragraph saying that RegRep may contain 762 both implicit and explicit acknowledgements. 764 From draft-ietf-nemo-v4-base-01.txt to 765 draft-ietf-mip4-nemo-v4-base-00.txt: 766 -changed draft name, headers and footers. 767 -changed title. 768 -a more coherent use of terms 'subnet', 'prefix' and 'mobile 769 network'. 771 -clarified only co-located CoA mode is supported (not FA CoA) 772 for Mobile Routers in this specification. And added reference 773 to the FA NEMO optimizations draft. 774 -changed 'devices' to 'hosts'. 775 -changed 'moving networks' to 'mobile networks'. 776 -clarified what 'reachability' in a certain context is: packets 777 may be dropped if ingress filtering is turned on. 778 -removed the MR-FA-CoA tunnel overhead optimization. There is 779 still an issue with text at HA doing optimization. 781 Authors' Addresses 783 Kent Leung 784 Cisco Systems 785 170 W. Tasman Drive 786 San Jose, CA 95134 787 US 789 Phone: +1 408-526-5030 790 Email: kleung@cisco.com 792 Gopal Dommety 793 Cisco Systems 794 170 W. Tasman Drive 795 San Jose, CA 95134 796 US 798 Phone: +1 408-525-1404 799 Email: gdommety@cisco.com 801 Vidya Narayanan 802 QUALCOMM, Inc. 803 5775 Morehouse Dr 804 San Diego, CA 805 USA 807 Phone: +1 858-845-2483 808 Email: vidyan@qualcomm.com 810 Alexandru Petrescu 811 Motorola 812 Parc les Algorithmes Saint Aubin 813 Gif-sur-Yvette 91193 814 France 816 Email: Alexandru.Petrescu@motorola.com 818 Intellectual Property Statement 820 The IETF takes no position regarding the validity or scope of any 821 Intellectual Property Rights or other rights that might be claimed to 822 pertain to the implementation or use of the technology described in 823 this document or the extent to which any license under such rights 824 might or might not be available; nor does it represent that it has 825 made any independent effort to identify any such rights. Information 826 on the procedures with respect to rights in RFC documents can be 827 found in BCP 78 and BCP 79. 829 Copies of IPR disclosures made to the IETF Secretariat and any 830 assurances of licenses to be made available, or the result of an 831 attempt made to obtain a general license or permission for the use of 832 such proprietary rights by implementers or users of this 833 specification can be obtained from the IETF on-line IPR repository at 834 http://www.ietf.org/ipr. 836 The IETF invites any interested party to bring to its attention any 837 copyrights, patents or patent applications, or other proprietary 838 rights that may cover technology that may be required to implement 839 this standard. Please address the information to the IETF at 840 ietf-ipr@ietf.org. 842 Disclaimer of Validity 844 This document and the information contained herein are provided on 845 an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE 846 REPRESENTS OR IS SPONSORED BY (IF ANY), THE IETF TRUST AND THE 847 INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR 848 IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF 849 THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 850 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 852 Copyright Statement 854 Copyright (C) The IETF Trust (2007). This document is subject to 855 the rights, licenses and restrictions contained in BCP 78, and 856 except as set forth therein, the authors retain all their rights. 858 Acknowledgment 860 Funding for the RFC Editor function is currently provided by the 861 Internet Society.