idnits 2.17.1 draft-ietf-mip6-hiopt-18.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document seems to contain a disclaimer for pre-RFC5378 work, and may have content which was first submitted before 10 November 2008. The disclaimer is necessary when there are original authors that you have been unable to contact, or if some do not wish to grant the BCP78 rights to the IETF Trust. If you are able to get all authors (current and original) to grant those rights, you can and should remove the disclaimer; otherwise, the disclaimer is needed and you can ignore this comment. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (March 3, 2012) is 4429 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 3315 (Obsoleted by RFC 8415) ** Obsolete normative reference: RFC 3736 (Obsoleted by RFC 8415) ** Obsolete normative reference: RFC 4282 (Obsoleted by RFC 7542) Summary: 3 errors (**), 0 flaws (~~), 1 warning (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 MIP6 Working Group H. Jang 3 Internet-Draft A. Yegin 4 Intended status: Standards Track Samsung 5 Expires: September 4, 2012 K. Chowdhury 6 Starent Networks 7 J. Choi 8 Samsung 9 T. Lemon 10 Nominum 11 March 3, 2012 13 DHCP Options for Home Information Discovery in MIPv6 14 draft-ietf-mip6-hiopt-18.txt 16 Abstract 18 This draft defines a DHCP-based scheme to enable dynamic discovery of 19 Mobile IPv6 home network information. New DHCP options are defined 20 which allow a mobile node to request the home agent IP address, FQDN, 21 or home network prefix and obtain it via the DHCP response. 23 Status of this Memo 25 This Internet-Draft is submitted in full conformance with the 26 provisions of BCP 78 and BCP 79. 28 Internet-Drafts are working documents of the Internet Engineering 29 Task Force (IETF). Note that other groups may also distribute 30 working documents as Internet-Drafts. The list of current Internet- 31 Drafts is at http://datatracker.ietf.org/drafts/current/. 33 Internet-Drafts are draft documents valid for a maximum of six months 34 and may be updated, replaced, or obsoleted by other documents at any 35 time. It is inappropriate to use Internet-Drafts as reference 36 material or to cite them other than as "work in progress." 38 This Internet-Draft will expire on September 4, 2012. 40 Copyright Notice 42 Copyright (c) 2012 IETF Trust and the persons identified as the 43 document authors. All rights reserved. 45 This document is subject to BCP 78 and the IETF Trust's Legal 46 Provisions Relating to IETF Documents 47 (http://trustee.ietf.org/license-info) in effect on the date of 48 publication of this document. Please review these documents 49 carefully, as they describe your rights and restrictions with respect 50 to this document. Code Components extracted from this document must 51 include Simplified BSD License text as described in Section 4.e of 52 the Trust Legal Provisions and are provided without warranty as 53 described in the Simplified BSD License. 55 This document may contain material from IETF Documents or IETF 56 Contributions published or made publicly available before November 57 10, 2008. The person(s) controlling the copyright in some of this 58 material may not have granted the IETF Trust the right to allow 59 modifications of such material outside the IETF Standards Process. 60 Without obtaining an adequate license from the person(s) controlling 61 the copyright in such materials, this document may not be modified 62 outside the IETF Standards Process, and derivative works of it may 63 not be created outside the IETF Standards Process, except to format 64 it for publication as an RFC or to translate it into languages other 65 than English. 67 Table of Contents 69 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 70 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 71 3. DHCP options for Home Network/Agent Dynamic Discovery . . . . 6 72 3.1. MIP6 Home Network ID FQDN Option . . . . . . . . . . . . . 6 73 3.2. Home Network Information Options . . . . . . . . . . . . . 7 74 3.2.1. MIP6 Visited Home Network Information Option . . . . . 7 75 3.2.2. MIP6 Identified Home Network Information Option . . . 7 76 3.2.3. MIP6 Unrestricted Home Network Information Option . . 8 77 3.3. MIP6 Home Network Prefix Option . . . . . . . . . . . . . 8 78 3.4. MIP6 Home Agent Address Option . . . . . . . . . . . . . . 9 79 3.5. MIP6 Home Agent FQDN Option . . . . . . . . . . . . . . . 10 80 4. Option Usage . . . . . . . . . . . . . . . . . . . . . . . . . 11 81 4.1. Mobile Node Behavior . . . . . . . . . . . . . . . . . . . 11 82 4.1.1. Requesting MIP6 configuration . . . . . . . . . . . . 11 83 4.1.2. Processing MIP6 configuration information . . . . . . 12 84 4.2. Relay Agent Behavior . . . . . . . . . . . . . . . . . . . 13 85 4.3. DHCP Server Behavior . . . . . . . . . . . . . . . . . . . 14 86 4.4. Home agent discovery using a Network Access Server . . . . 14 87 5. Security Considerations . . . . . . . . . . . . . . . . . . . 16 88 6. IANA Consideration . . . . . . . . . . . . . . . . . . . . . . 17 89 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 18 90 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 19 91 8.1. Normative References . . . . . . . . . . . . . . . . . . . 19 92 8.2. Informative References . . . . . . . . . . . . . . . . . . 19 93 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 21 95 1. Introduction 97 Before a mobile node can engage in Mobile IPv6 signaling with a home 98 agent, it should either know the IP address of the home agent via 99 pre-configuration, or dynamically discover it. The Mobile IPv6 100 specification [RFC6275] describes how home agents can be dynamically 101 discovered by mobile nodes that know the home network prefix. This 102 scheme does not work when prefix information is not already available 103 to the mobile node. This document specifies extensions to DHCPv6 104 [RFC3736] [RFC3315] to deliver the home agent information to the 105 mobile node in the form of the IP address of the home agent or the 106 Fully-qualified Domain Name (FQDN) [RFC1035] of the home agent. The 107 information delivered to the mobile node may also include the home 108 prefix for the mobile node. The solution involves defining a new 109 DHCP option to carry home network prefix, home agent IP address and 110 FQDN information. The mobile node MAY also use the home prefix to 111 discover the list of home agents serving the home prefix using the 112 Dynamic Home Agent Address Discovery mechanism specified in 113 [RFC6275]. 115 As part of configuring the initial TCP/IP parameters, a mobile node 116 can find itself a suitable home agent. Such a home agent might 117 reside in the access network that the mobile node connects to, or in 118 a home network that the mobile node is associated with. A mobile 119 node can indicate its home network identity when roaming to a visited 120 network in order to obtain the MIP6 bootstrap parameters from the 121 home network. As an example, the visited network may determine the 122 home network of the mobile node based on the realm portion of the NAI 123 (Network Access Identifier) [RFC4282] used in access authentication 124 [RFC5447]. 126 The mobile node may or may not be connected to the "home" network 127 when it attempts to learn Mobile IPv6 home network information. This 128 allows operators to centrally deploy home agents while being able to 129 bootstrap mobile nodes that are already roaming. This scenario also 130 occurs when HMIPv6 [RFC5380] is used, where the mobile node is 131 required to discover the MAP (a special home agent) that is located 132 multiple hops away from the mobile node's attachment point. 134 2. Terminology 136 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 137 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 138 document are to be interpreted as described in [RFC2119]. 140 General mobility terminology can be found in [RFC3753]. The 141 following additional terms, as defined in [RFC4640], are used in this 142 document: 144 Access Service Provider (ASP): A network operator that provides 145 direct IP packet forwarding to and from the mobile node. 147 Mobility Service Provider (MSP): A service provider that provides 148 Mobile IPv6 service. In order to obtain such service, the mobile 149 node must be authenticated and authorized to use the Mobile IPv6 150 service. 152 Mobility Service Authorizer (MSA): A service provider that 153 authorizes Mobile IPv6 service. 155 3. DHCP options for Home Network/Agent Dynamic Discovery 157 This section introduces new DHCP options which are used for dynamic 158 discovery of the home agent's IPv6 address, IPv6 home network prefix, 159 or FQDN information in Mobile IPv6. Transport to a home agent over 160 IPv4 is also supported by specifying an IPv4-Embedded IPv6 address. 161 The detailed procedures are described in Section 2.3.2 of Mobile IPv6 162 support for dual stack Hosts and Routers [RFC5555]. 164 The names of options listed in this section all start with MIP6, in 165 order to differentiate them from other DHCP options that might have 166 similar names. However, throughout the rest of this document, the 167 options are referred to by name without the MIP6 prefix, for brevity. 169 3.1. MIP6 Home Network ID FQDN Option 171 This option is used by mobile nodes to communicate to the DHCP server 172 an FQDN that identifies the target home network for which the client 173 is requesting configuration information. When the mobile nodes 174 requests configuration for more than one target home network, this 175 option is also used by the server to identify the target home network 176 for each Identified Home Network Information option returned. 178 When a mobile node sends this option to request information about a 179 specific home network, the option is simply included in the DHCP 180 message from the mobile node. When a server responds with an 181 Identified Home Network Information option, this option MUST be 182 encapsulated in the Identified Home Network Information option that 183 it identifies. 185 0 1 2 3 186 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 187 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 188 | OPTION_MIP6_HNIDF | Option-len | 189 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 190 | | 191 | Home Network Identification FQDN | 192 . . 193 . . 194 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 196 Option-code OPTION_MIP6_HNIDF (TBD) 198 Option-len Length of option, per RFC3315 199 Home Network Identification FQDN A fully-qualified domain name that 200 identifies a mobile IP home network for which the client is 201 seeking configuration information. This is encoded in accordance 202 with RFC3315, section 8, "Representation and Use of Domain 203 Names." 205 3.2. Home Network Information Options 207 There are three different options that specify home network 208 information. Which of these options is used depends on what kind of 209 home network information the client needs. Each of these options is 210 used to encapsulate options containing prefix and home agent 211 information about the home network for which configuration 212 information was requested. 214 3.2.1. MIP6 Visited Home Network Information Option 216 This option is used by relay agents and DHCP servers to provide 217 information about the local home network. 219 0 1 2 3 220 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 221 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 222 | OPTION_MIP6_VDINF | Option-len | 223 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 224 | | 225 | Options | 226 . . 227 . . 228 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 230 Option-code OPTION_MIP6_VDINF (TBD) 232 Option-len Length of option, per RFC3315 234 Suboptions One or more suboptions, specifying information about the 235 local ASP (visited domain). 237 3.2.2. MIP6 Identified Home Network Information Option 239 This option is used by relay agents and DHCP servers to provide 240 information about the the home network identified by a Home Network 241 Identifier FQDN option. 243 0 1 2 3 244 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 245 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 246 | OPTION_MIP6_IDINF | Option-len | 247 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 248 | | 249 | Options | 250 . . 251 . . 252 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 254 Option-code OPTION_MIP6_IDINF (TBD) 256 Option-len Length of option, per RFC3315 258 Suboptions One or more suboptions, specifying information about the 259 home network identified by a Home Network Identifier FQDN option 260 sent by a mobile node. 262 3.2.3. MIP6 Unrestricted Home Network Information Option 264 This option is used by relay agents and DHCP servers to provide 265 information about the a home network specified by the DHCP server 266 administrator. 268 0 1 2 3 269 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 270 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 271 | OPTION_MIP6_UDINF | Option-len | 272 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 273 | | 274 | Options | 275 . . 276 . . 277 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 279 Option-code OPTION_MIP6_UDINF (TBD) 281 Option-len Length of option, per RFC3315 283 Suboptions One or more suboptions, specifying information about some 284 home network as specified by the DHCP server administrator. 286 3.3. MIP6 Home Network Prefix Option 288 This option is used by DHCP servers and relay agents to define the 289 prefix for a home network. This option should only appear in one of 290 the Home Network Information options. 292 0 1 2 3 293 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 294 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 295 | OPTION_MIP6_HNP | Option-len | 296 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 297 | Prefix-len | | 298 +-+-+-+-+-+-+-+-+ + 299 | | 300 | Prefix | 301 | | 302 | +-+-+-+-+-+-+-+ 303 | | 304 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 306 Option-code OPTION_MIP6_HNP (TBD) 308 Option-len Length of option, per RFC3315 310 Prefix-len Length of prefix 312 Prefix Home Network Prefix 314 3.4. MIP6 Home Agent Address Option 316 This option is used by DHCP servers and relay agents to specify the 317 home agent IP address. In cases where the home agent must be 318 contacted over an IPv4-only infrastructure, the IPv4 address is 319 specified as an IPv4-Embedded IPv6 address using the Well-Known 320 prefix [RFC6052]. This option should only appear in one of the Home 321 Network Information options. 323 0 1 2 3 324 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 325 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 326 | OPTION_MIP6_HAA | Option-len | 327 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 328 | | 329 | | 330 | Address | 331 | | 332 | | 333 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 334 Option-code OPTION_MIP6_HAA (TBD) 336 Option-len Length of option, per RFC3315 338 Address IP Address of home agent 340 3.5. MIP6 Home Agent FQDN Option 342 This option is used by DHCP servers and relay agents to specify the 343 home agent FQDN. This FQDN is used to look up one or more A or AAAA 344 records containing IPv4 or IPv6 addresses for the home agent, as 345 needed. This option should only appear in one of the Home Network 346 Information options. 348 0 1 2 3 349 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 350 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 351 | OPTION_MIP6_HAF | Option-len | 352 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 353 | | 354 | | 355 | FQDN | 356 | | 357 | | 358 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 360 Option-code OPTION_MIP6_HAF (TBD) 362 Option-len Length of option, per RFC3315 364 Address FQDN resolving to one or more IPv4 and/or IPv6 addresses for 365 the home agent. This is encoded in accordance with RFC3315, 366 section 8, "Representation and Use of Domain Names." 368 4. Option Usage 370 The requesting and sending of the proposed DHCP options follow the 371 rules for DHCPv6 options in [RFC3315]. 373 4.1. Mobile Node Behavior 375 Mobile nodes MAY obtain MIP6 configuration information either during 376 a stateful configuration exchange [RFC3315] or a stateless 377 configuration exchange [RFC3736]. 379 Mobile nodes that obtain MIP6 configuration information using a 380 stateful configuration exchange SHOULD include the same options in 381 every message they send to the DHCP server. 383 Mobile nodes that obtain MIP6 configuration using a stateless 384 exchange MAY omit MIP6 configuration from some exchanges, but SHOULD 385 reconfigure whenever a change in the attached network is detected. 386 If the DHCP server responds to a MIP6-related stateless configuration 387 request with an Information Request Timer option, the mobile node 388 SHOULD attempt to reconfigure when the IRT expires. 390 A mobile node using stateless configuration may try to perform home 391 network information discovery when it lacks home network information 392 for MIPv6 or needs to change the home agent for some reason. For 393 example, this may be necessary to recover from the failure of an 394 existing home agent or to use the local home agent located in the 395 network where the mobile node is currently attached. Note that 396 despite the home information discovery procedure the mobile node may 397 continue to use the old home agent, in order to avoid losing current 398 sessions. 400 4.1.1. Requesting MIP6 configuration 402 Mobile nodes signal that they are interested in being configured with 403 MIP6 home agent information by requesting one or more of the three 404 Home Network Information options--the Visited Home Network 405 Information option, the Identified Home Network Information option, 406 or the Unrestricted Home Network Information option. To request 407 these options, the client lists them in the Option Request Option. A 408 client that requests any of these three options in the ORO MUST also 409 request the Home Network Identification FQDN option, the Home Network 410 Prefix option, the Home Agent Address Option, and the Home Agent FQDN 411 option. 413 If the mobile node requests the Visited Home Network Information 414 option, this indicates that it is interested in learning the home 415 network information that pertains to the currently visited network. 417 This type can be used to discover local home agents in the local ASP. 419 If the mobile node requests the Identified Home Network Information 420 option, this indicates that it is interested in learning the home 421 network information that pertains to a specified realm. This type 422 can be used to discover home agents that are hosted by a user's home 423 domain or by any target domain. A mobile node requesting the 424 Identified Home Network Information option MUST include a Client Home 425 Network ID FQDN option identifying the MSP being identified. The 426 target MSP can be a mobile node's home MSP or any MSP which has a 427 trusted roaming relationship with the mobile node's MSA. 429 If the mobile node has no preference as to the home network with 430 which it should be configured, it SHOULD request the Unrestricted 431 Home Network Information option, and SHOULD NOT request either the 432 Visited Home Network Information option or the Identified Home 433 Network Information option. 435 A client that wishes to be configured with both the Visited Home 436 Network Information option and the Identified Home Network 437 Information option may request both options in the Option Request 438 Option. A client may request information about more than one 439 identified domain by requesting the Identified Home Network 440 Information option in the ORO and including more than one Home 441 Network ID FQDN option. A client that sends more than one Home 442 Network ID FQDN option MUST request the Home Network ID option in the 443 ORO. 445 4.1.2. Processing MIP6 configuration information 447 DHCP Clients on mobile nodes should be prepared to receive any MIP6 448 Home Network Information options they request. If more than one Home 449 Network ID FQDN option was sent, the client should be prepared to 450 handle zero or more Identified Home Network Information options in 451 response; the DHCP server may not have configuration information for 452 all targeted domains, or, indeed, for any. If a misconfigured server 453 returns an Identified Home Network option that does not contain a 454 Home Network ID FQDN option corresponding to one that the client 455 requested, the client MUST silently discard that Identified Home 456 Network option. 458 If any of the three Home Network Information options is returned, 459 configuration information will be included within it. The client 460 must be prepared to handle home agent addresses either in the form of 461 the Home Agent Address option or the Home Agent FQDN option. 463 If the client finds a v4-embedded IPv6 address in a Home Agent 464 Address option, it may only use this address to communicate over 465 IPv4. If a Home Network Information option does not contain complete 466 configuration information, the client MUST silently discard that Home 467 Network Information option. 469 If the client receives any Home Network ID FQDN options, Home Network 470 Prefix options, Home Agent Address options, or Home Agent FQDN 471 options that are not encapsulated in one of the three types of Home 472 Network Information options, it MUST silently discard these options. 474 The DHCP client must pass whatever configuration information it 475 receives to the appropriate mobile IP implementation on the mobile 476 node. How this is done, and what the mobile IP implementation on the 477 mobile node does with this information, is outside the scope of this 478 document. 480 As described later in this section, servers may provide more than one 481 Home Network Information option, or multiple Home Agent Prefix, Home 482 Agent Address or Home Agent FQDN options. When provided with 483 multiple Visited Home Network Information options or Unrestricted 484 Home Network Information options of the same type, or with multiple 485 sub-options within such an option, the mobile node SHOULD choose the 486 first one that it can employ. 488 If the DHCP client on a mobile node receives any MIP6 Home Network 489 Prefix options, MIP6 Home Agent Address option, or MIP6 Home Agent 490 FQDN option that are not contained within Home Network Information 491 options, the DHCP client MUST silently discard these options. 493 4.2. Relay Agent Behavior 495 DHCP relay agents may in some cases have access to configuration 496 information for the mobile node. In such cases, relay agents MAY 497 send Visited Home Network Information options, Identified Home 498 Network Information options, and/or Unrestricted Home Network 499 Information options to the DHCP server. To do so, the Relay agent 500 MUST encapsulate these options in a Relay Supplied Options option 501 [RFC6422]. If the DHCP Relay Agent includes any Identified Home 502 Network Information options, these options MUST correspond to home 503 networks identified in Home Network ID FQDN options in the client 504 request. In addition, each Identified Home Network option must 505 contain a Home Network ID FQDN option identical to the one sent by 506 the client, to identify the network to the client. 508 No special handling is required when processing relay-reply messages. 510 4.3. DHCP Server Behavior 512 DHCP servers generally can simply be configured with Visited Network 513 Information options, Identified Network Information options, and 514 Unrestricted Network Information options. In the case of Visited 515 Network Information options and Unrestricted Network Information 516 options, which clients get what options depends on operator 517 configuration. 519 A DHCP server MAY maintain a table of Home Network ID FQDNs. For 520 each such FQDN, a server that maintains such a table SHOULD include 521 an Identified Network Information option. Such a server would look 522 up the FQDN from any Home Network ID FQDN options provided by the 523 client in its table, and for each match, include the Identified 524 Network Information option configured in the table entry for that 525 FQDN. 527 If a DHCP server does not implement the Home Network ID FQDN table, 528 or some similar functionality, it is an error for the operator to 529 configure it with any Identified Network Information options. These 530 options could be erroneously forwarded to the client, which would 531 have no use for them, and is required to discard them. 533 DHCP servers that implement the Home Network ID FQDN table must, when 534 sending an Identified Network Information option to the client, 535 include a Home Network ID option within the Identified Network 536 Information option that identifies the home network for which 537 configuration information is being sent. 539 Aside from the Home Network ID FQDN table, the actual behavior of the 540 DHCP server with respect to MIP6 configuration is simply in 541 accordance with the DHCPv6 protocol specification [RFC3315] and 542 depends on operator configuration. No special processing is required 543 for Visited Home Network Information options or Unrestricted Home 544 Network Information options. 546 4.4. Home agent discovery using a Network Access Server 548 [RFC5447] describes the complete procedure for home agent assignment 549 among the mobile node, NAS (Network Access Server), DHCP and AAA 550 entities for the bootstrapping procedure in the integrated scenario. 552 A NAS is assumed to be co-located with a DHCP relay agent or a DHCP 553 server in this solution. In a network where the NAS is not co- 554 located with a DHCP relay nor a server, the server may not be 555 provided with the home network information from the NAS, and thereby 556 it may either fail to provide information, or provide home 557 information which has been preconfigured by the administrator or 558 which is acquired through a mechanism that is not described in this 559 document. 561 5. Security Considerations 563 Secure delivery of home agent and home network information from a 564 DHCP server to the mobile node (DHCP client) relies on the same 565 security as DHCP. The particular option defined in this draft does 566 not have additional impact on DHCP security. 568 Aside from the DHCP client to server interaction, an operator must 569 also ensure secure delivery of mobile IP information to the DHCP 570 server. This is outside the scope of DHCP and the newly defined 571 option. 573 The mechanisms in this specification could be used by attackers to 574 learn the addresses of home agents in the home network, or to feed 575 incorrect information to mobile nodes. 577 The ability to learn addresses of nodes may be useful to attackers 578 because brute-force scanning of the address space is not practical 579 with IPv6. Thus, they could benefit from any means which make 580 mapping the networks easier. For example, if a security threat 581 targeted at routers or even home agents is discovered, having a 582 simple mechanism to easily find out possible targets may prove to be 583 an additional security risk. 585 Apart from discovering the address(es) of home agents, attackers will 586 not be able to learn much from this information, and mobile nodes 587 cannot be tricked into using wrong home agents, as the actual 588 communication with the home agents employs mutual authentication. 590 The mechanisms from this specification may also leak interesting 591 information about network topology and prefixes to attackers, and 592 where there is no security to protect DHCP, even modify this 593 information. Again, the mobile nodes and home agents employ end-to- 594 end security when they communicate with each other. The authentic 595 source of all information is that communication, not the information 596 from DHCP. 598 However, attacks against the information carried in DHCP may lead to 599 denial-of-service if mobile nodes are unable to connect to any home 600 agent, or choose a home agent that is not the most preferred one. 602 6. IANA Consideration 604 IANA is requested to assign the following new DHCPv6 Option Codes, 605 DHCPv6 Sub-option Codes, and Id-type Codes in the registry maintained 606 in http://www.iana.org/assignments/dhcpv6-parameters: 608 IANA is requested to assign the following new DHCPv6 Option Codes: 610 o OPTION_MIP6_HNIDF for the Home Network ID FQDN option 612 o OPTION_MIP6_VDINF for the Visited Home Network Information option 614 o OPTION_MIP6_IDINF for the Identified Home Network Information 615 option 617 o OPTION_MIP6_UDINF for the Unrestricted Home Network Information 618 option 620 o OPTION_MIP6_HNP for the Home Network Prefix option 622 o OPTION_MIP6_HAA for the Home Agent Address option 624 o OPTION_MIP6_HAF for the Home Agent FQDN option 626 7. Acknowledgments 628 The authors would like to thank Kilian Weniger, Domagoj Premec, 629 Basavaraj Patil, Vijay Devarapalli, Gerardo Giaretta, Bernie Volz, 630 David W. Hankins, Behcet Sarikaya, Vidya Narayanan, Francis Dupont, 631 Sam Weiler, Jari Arkko, Alfred Hoenes, Suresh Krishnan, and Miguel A. 632 Diaz for their valuable feedback. 634 8. References 636 8.1. Normative References 638 [RFC1035] Mockapetris, P., "Domain names - implementation and 639 specification", STD 13, RFC 1035, November 1987. 641 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 642 Requirement Levels", BCP 14, RFC 2119, March 1997. 644 [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., 645 and M. Carney, "Dynamic Host Configuration Protocol for 646 IPv6 (DHCPv6)", RFC 3315, July 2003. 648 [RFC3736] Droms, R., "Stateless Dynamic Host Configuration Protocol 649 (DHCP) Service for IPv6", RFC 3736, April 2004. 651 [RFC4282] Aboba, B., Beadles, M., Arkko, J., and P. Eronen, "The 652 Network Access Identifier", RFC 4282, December 2005. 654 [RFC5555] Soliman, H., "Mobile IPv6 Support for Dual Stack Hosts and 655 Routers", RFC 5555, June 2009. 657 [RFC6052] Bao, C., Huitema, C., Bagnulo, M., Boucadair, M., and X. 658 Li, "IPv6 Addressing of IPv4/IPv6 Translators", RFC 6052, 659 October 2010. 661 [RFC6275] Perkins, C., Johnson, D., and J. Arkko, "Mobility Support 662 in IPv6", RFC 6275, July 2011. 664 [RFC6422] Lemon, T. and Q. Wu, "Relay-Supplied DHCP Options", 665 RFC 6422, December 2011. 667 8.2. Informative References 669 [RFC3753] Manner, J. and M. Kojo, "Mobility Related Terminology", 670 RFC 3753, June 2004. 672 [RFC4640] Patel, A. and G. Giaretta, "Problem Statement for 673 bootstrapping Mobile IPv6 (MIPv6)", RFC 4640, 674 September 2006. 676 [RFC5380] Soliman, H., Castelluccia, C., ElMalki, K., and L. 677 Bellier, "Hierarchical Mobile IPv6 (HMIPv6) Mobility 678 Management", RFC 5380, October 2008. 680 [RFC5447] Korhonen, J., Bournelle, J., Tschofenig, H., Perkins, C., 681 and K. Chowdhury, "Diameter Mobile IPv6: Support for 682 Network Access Server to Diameter Server Interaction", 683 RFC 5447, February 2009. 685 Authors' Addresses 687 Heejin Jang 688 Samsung Electronics 689 416 Maetan-3dong, Yeongtong-gu 690 Suwon 443-742 691 Korea 693 Email: heejin.jang@samsung.com 695 Alper E. Yegin 696 Samsung Electronics 697 Istanbul 698 Turkey 700 Email: a.yegin@partner.samsung.com 702 Kuntal Chowdhury 703 Starent Networks 704 30 International Place 705 Tewksbury, MA 01876 706 US 708 Email: kchowdhury@starentnetworks.com 710 JinHyeock Choi 711 Samsung Advanced Institute of Technology 712 P.O. Box 111 713 Suwon 440-600 714 Korea 716 Email: jinchoe@samsung.com 718 Ted Lemon 719 Nominum 720 2000 Seaport Blvd 721 Redwood City, CA 94063 722 USA 724 Phone: +1 650 381 6000 725 Email: mellon@nominum.com