idnits 2.17.1 draft-ietf-netlmm-pmipv6-heartbeat-04.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** The document seems to lack a License Notice according IETF Trust Provisions of 28 Dec 2009, Section 6.b.i or Provisions of 12 Sep 2009 Section 6.b -- however, there's a paragraph with a matching beginning. Boilerplate error? -- It seems you're using the 'non-IETF stream' Licence Notice instead Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (February 16, 2009) is 5519 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-18) exists of draft-ietf-netlmm-pmip6-ipv4-support-08 ** Obsolete normative reference: RFC 4306 (Obsoleted by RFC 5996) ** Downref: Normative reference to an Informational RFC: RFC 4887 ** Obsolete normative reference: RFC 3775 (Obsoleted by RFC 6275) Summary: 4 errors (**), 0 flaws (~~), 2 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 NETLMM Working Group V. Devarapalli (ed.) 3 Internet-Draft WiChorus 4 Intended status: Standards Track R. Koodli (ed.) 5 Expires: August 20, 2009 Starent Networks 6 H. Lim 7 N. Kant 8 Stoke 9 S. Krishnan 10 Ericsson 11 J. Laganier 12 DOCOMO Euro-Labs 13 February 16, 2009 15 Heartbeat Mechanism for Proxy Mobile IPv6 16 draft-ietf-netlmm-pmipv6-heartbeat-04.txt 18 Status of this Memo 20 This Internet-Draft is submitted to IETF in full conformance with the 21 provisions of BCP 78 and BCP 79. 23 Internet-Drafts are working documents of the Internet Engineering 24 Task Force (IETF), its areas, and its working groups. Note that 25 other groups may also distribute working documents as Internet- 26 Drafts. 28 Internet-Drafts are draft documents valid for a maximum of six months 29 and may be updated, replaced, or obsoleted by other documents at any 30 time. It is inappropriate to use Internet-Drafts as reference 31 material or to cite them other than as "work in progress." 33 The list of current Internet-Drafts can be accessed at 34 http://www.ietf.org/ietf/1id-abstracts.txt. 36 The list of Internet-Draft Shadow Directories can be accessed at 37 http://www.ietf.org/shadow.html. 39 This Internet-Draft will expire on August 20, 2009. 41 Copyright Notice 43 Copyright (c) 2009 IETF Trust and the persons identified as the 44 document authors. All rights reserved. 46 This document is subject to BCP 78 and the IETF Trust's Legal 47 Provisions Relating to IETF Documents 48 (http://trustee.ietf.org/license-info) in effect on the date of 49 publication of this document. Please review these documents 50 carefully, as they describe your rights and restrictions with respect 51 to this document. 53 Abstract 55 Proxy Mobile IPv6 is a network-based mobility management protocol. 56 The mobility entities involved in the Proxy Mobile IPv6 protocol, the 57 Mobile Access Gateway (MAG) and the Local Mobility Anchor (LMA), 58 setup tunnels dynamically to manage mobility for a mobile node within 59 the Proxy Mobile IPv6 domain. This document describes a heartbeat 60 mechanism between the MAG and the LMA to detect failures quickly and 61 take appropriate action. 63 Table of Contents 65 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 66 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 67 3. Heartbeat Mechanism . . . . . . . . . . . . . . . . . . . . . 3 68 3.1. Failure Detection . . . . . . . . . . . . . . . . . . . . 4 69 3.2. Restart Detection . . . . . . . . . . . . . . . . . . . . 5 70 3.3. Heartbeat Message . . . . . . . . . . . . . . . . . . . . 5 71 3.4. Restart Counter Mobility Option . . . . . . . . . . . . . 7 72 4. Exchanging Heartbeat Messages over an IPv4 Transport 73 Network . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 74 5. Configuration Variables . . . . . . . . . . . . . . . . . . . 8 75 6. Security Considerations . . . . . . . . . . . . . . . . . . . 8 76 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 77 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 9 78 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9 79 9.1. Normative References . . . . . . . . . . . . . . . . . . . 9 80 9.2. Informative References . . . . . . . . . . . . . . . . . . 10 81 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 10 83 1. Introduction 85 Proxy Mobile IPv6 [RFC5213] enables network-based mobility for IPv6 86 hosts that do not implement any mobility protocols. The protocol is 87 described in detail in [RFC5213]. In order to facilitate the 88 network-based mobility, the PMIPv6 protocol defines a Mobile Access 89 Gateway (MAG), which acts as a proxy for the Mobile IPv6 [RFC3775] 90 signaling, and the Local Mobility Anchor (LMA) which acts similar to 91 a Home Agent, anchoring a Mobile Node's sessions within a Proxy 92 Mobile IPv6 (PMIPv6) domain. The LMA and the MAG establish a 93 bidirectional tunnel for forwarding all data traffic belonging to the 94 Mobile Nodes. 96 In a distributed environment such as a PMIPv6 domain consisting of 97 LMA and MAGs, it is necessary for the nodes to 1) have a consistent 98 state about each others reachability, and 2) quickly inform peers in 99 the event of recovery from node failures. So, when the LMA restarts 100 after a failure, the MAG should (quickly) learn about the restart so 101 that it could take appropriate actions (such as releasing any 102 resources). When there are no failures, a MAG should know about 103 LMA's reachability (and vice versa) so that the path can be assumed 104 to be functioning. 106 This document specifies a heartbeat mechanism between the MAG and the 107 LMA to detect the status of reachability between them. This document 108 also specifies a mechanism to indicate node restarts; the mechanism 109 could be used to quickly inform peers of such restarts. The 110 heartbeat message is a mobility header message (protocol type 135) 111 which is periodically exchanged at a configurable threshold of time 112 or sent unsolicited soon after a node restart. This document does 113 not specify the specific actions (such as releasing resources) that a 114 node takes as a response to processing the heartbeat messages. 116 2. Terminology 118 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 119 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 120 document are to be interpreted as described in [RFC2119]. 122 3. Heartbeat Mechanism 124 The MAG and the LMA exchange heartbeat messages every 125 HEARTBEAT_INTERVAL seconds to detect the current status of 126 reachability between them. The MAG initiates the heartbeat exchange 127 to test if the LMA is reachable by sending a Heartbeat Request 128 message to the LMA. Each Heartbeat Request contains a sequence 129 number that is incremented monotonically. The sequence number on the 130 last Heartbeat Request message is always recorded by the MAG, and is 131 used to match the corresponding Heartbeat Response. Similarly, the 132 LMA also initiates a heartbeat exchange with the MAG, by sending a 133 Heartbeat Request message, to check if the MAG is reachable. The 134 format of the Heartbeat message is described in Section 3.3. 136 A Heartbeat Request message can be sent only if the MAG has at least 137 one proxy binding cache entry at the LMA for a mobile node attached 138 to the MAG. If there are no proxy binding cache entries at the LMA 139 for any of the mobile nodes attached to the MAG, then the heartbeat 140 message SHOULD NOT be sent. Similarly, the LMA SHOULD NOT send a 141 Heartbeat Request message to a MAG if there is no active binding 142 cache entry created by the MAG. A PMIPv6 node SHOULD always respond 143 to a Heartbeat Request message with a Heartbeat Response message, 144 irrespective of whether there is an active binding cache entry. 146 The HEARTBEAT_INTERVAL SHOULD NOT be configured to a value less than 147 30 seconds. Sending heartbeat messages too often may become an 148 overhead on the path between the MAG and the LMA. The 149 HEARTBEAT_INTERVAL can be set to a much larger value on the LMA, if 150 required, to reduce of burden of sending periodic heartbeat messages. 152 If the LMA or the MAG do not support the heartbeat messages, they 153 respond with a Binding Error message with status set to '2' 154 (unrecognized MH type value) as described in [RFC3775]. When the 155 Binding Error message with status set to '2' is received in response 156 to Heartbeat Request message, the initiating MAG or the LMA MUST NOT 157 use heartbeat messages with the other end again. 159 If a PMIPv6 node has detected that a peer PMIPv6 node has failed or 160 restarted without retaining the PMIPv6 session state, it should mark 161 the corresponding binding update list or binding cache entries as 162 invalid. The PMIPv6 node may also take other actions which are 163 outside the scope of this document. 165 3.1. Failure Detection 167 A PMIPv6 node, (MAG or LMA) matches every received Heartbeat Response 168 to the Heartbeat Request sent using the sequence number. Before 169 sending the next Heartbeat Request, it increments a local variable 170 MISSING_HEARTBEAT if it has not received a Heartbeat Response for the 171 previous request. When this local variable MISSING_HEARTBEAT exceeds 172 a configurable parameter MISSING_HEARTBEATS_ALLOWED, the PMIPv6 node 173 concludes that the peer PMIPv6 node is not reachable. If a Heartbeat 174 Response message is received, the MISSING_HEARTBEATS counter is 175 reset. 177 3.2. Restart Detection 179 The section describes a mechanism for detecting failure recovery 180 without session persistence. In case the LMA or the MAG crashes and 181 re-boots and loses all state with respect to the PMIPv6 sessions, it 182 would be beneficial for the peer PMIPv6 node to discover the failure 183 and the loss of session state and establish the sessions again. 185 Each PMIPv6 node (both the MAG and LMA) MUST maintain a monotonically 186 increasing Restart Counter that is incremented every time the node 187 re-boots and looses PMIPv6 session state. The counter MUST NOT be 188 incremented if the recovery happens without losing state for the 189 PMIPv6 sessions active at the time of failure. This counter MUST be 190 stored in non-volatile memory. A PMIPv6 node includes a Restart 191 Counter mobility option, described in Section 3.4 in an Heartbeat 192 Response message to indicate the current value of the Restart 193 Counter. Each PMIPv6 node MUST also store the Restart Counter for 194 all the peer PMIPv6 nodes that it has sessions with currently. 195 Storing the Restart Counter values for peer PMIPv6 nodes does not 196 require non-volatile memory. 198 The PMIPv6 node that receives the Heartbeat Response message compares 199 the Restart Counter value with the previously received value. If the 200 value is different, the receiving node assumes that the peer PMIPv6 201 node had crashed and recovered. If the Restart Counter value changes 202 or if there was no previously stored value, the new value is stored 203 by the receiving PMIPv6 node. 205 If a PMIPv6 node restarts and looses PMIPv6 session state, it SHOULD 206 send an unsolicited Heartbeat Response message with an incremented 207 Restart Counter to all the PMIPv6 nodes that had previously 208 established PMIPv6 sessions. Note that this is possible only when 209 the PMIPv6 node stores information about the peers in non-volatile 210 memory. The unsolicited Heartbeat Response message allows the peer 211 PMIPv6 nodes to quickly discover the restart. The sequence number 212 field in the unsolicited Heartbeat Response is ignored and no 213 response is necessary; the nodes will synchronize during the next 214 Request and Response exchange. 216 3.3. Heartbeat Message 218 The Heartbeat Message is based on the Mobility Header defined in 219 Section 6.1 of [RFC3775]. The 'MH type' field in the Mobility Header 220 indicates that it is a Heartbeat Message. This document does not 221 make any other changes to the Mobility Header message. Please refer 222 to [RFC3775] for a description of the fields in the Mobility Header 223 Message. 225 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 226 | Payload Proto | Header Len | MH Type | Reserved | 227 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 228 | Checksum | | 229 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 230 | | 231 . . 232 . Message Data . 233 . . 234 | | 235 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 237 The Heartbeat Message follows the 'Checksum' field in the above 238 message. The following illustrates the message format for the 239 Heartbeat Mobility Header message. 241 0 1 2 3 242 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 243 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 244 | Reserved |U|R| 245 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 246 | Sequence Number | 247 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 248 | | 249 . . 250 . Mobility options . 251 . . 252 | | 253 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 255 Reserved 257 Set to 0 and ignored by the receiver. 259 'U' 261 Set to 1 in Unsolicited Heartbeat Response. Otherwise set to 0. 263 'R' 265 A 1-bit flag that indicates whether the message is a request or a 266 response. When the 'R' flag is set to 0, it indicates that the 267 Heartbeat message is a request. When the 'R' flag is set to 1, it 268 indicates that the Heartbeat message is a response. 270 Sequence Number 272 A 32-bit sequence number used for matching the request to the 273 reply. 275 Mobility Options 277 Variable-length field of such length that the complete Mobility 278 Header is an integer multiple of 8 octets long. This field 279 contains zero or more TLV-encoded mobility options. The receiver 280 MUST ignore and skip any options which it does not understand. At 281 the time of writing this document, the Restart Counter Mobility 282 Option, described in Section 3.4, is the only valid option in this 283 message. 285 3.4. Restart Counter Mobility Option 287 The following shows the message format for a new mobility option for 288 carrying the Restart Counter Value in the Heartbeat message. The 289 Restart Counter Mobility Option is only valid in a Heartbeat Response 290 message. It has an alignment requirement of 4n+2. 292 0 1 2 3 293 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 294 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 295 | Type | Length | 296 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 297 | Restart Counter | 298 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 300 Type 302 A 8-bit field that indicates that it is a Restart Counter mobility 303 option. 305 Length 307 A 8-bit field that indicates the length of the option in octets 308 excluding the 'Type' and 'Length' fields. It is set to '4'. 310 Restart Counter 312 A 32-bit field that indicates the current Restart Counter value. 314 4. Exchanging Heartbeat Messages over an IPv4 Transport Network 316 In some deployments, the network between the MAG and the LMA may not 317 be capable of transporting IPv6 packets. In this case, the Heartbeat 318 messages are tunneled over IPv4. If the Proxy Binding Update and 319 Proxy Binding Acknowledgment messages are sent using UDP 320 encapsulation to traverse NATs, then the Heartbeat messages are also 321 sent with UDP encapsulation. The UDP port used would be the same as 322 the port used for the Proxy Binding Update and Proxy Binding 323 Acknowledgement messages. For more details on tunneling Proxy Mobile 324 IPv6 signaling messages over IPv4, see 325 [I-D.ietf-netlmm-pmip6-ipv4-support]. 327 5. Configuration Variables 329 The LMA and the MAG must allow the following variables to be 330 configurable. 332 HEARTBEAT_INTERVAL 334 This variable is used to set the time interval in seconds between 335 two consecutive Heartbeat Request messages. The default value is 336 60 seconds. It SHOULD NOT be set to less than 30 seconds. 338 MISSING_HEARTBEATS_ALLOWED 340 This variable indicates the maximum number of consecutive 341 Heartbeat Request messages that a PMIPv6 node can miss before 342 concluding that the peer PMIPv6 node is not reachable. The 343 default value for this variable is 3. 345 6. Security Considerations 347 The heartbeat messages are just used for checking reachability 348 between the MAG and the LMA. They do not carry information that is 349 useful for eavesdroppers on the path. Therefore, confidentiality 350 protection is not required. Integrity protection using IPsec 351 [RFC4301] for the heartbeat messages MUST be supported on the MAG and 352 the LMA. RFC 4887 [RFC4887] describes how to protect Mobile IPv6 353 Binding Update and Acknowledgment signaling with IPsec. The 354 Heartbeat message defined in this specification is merely another 355 subtype of the same Mobility Header protocol that is already being 356 protected by IPsec. Therefore, protecting this additional message is 357 possible using the mechanisms and security policy models from these 358 RFCs. The security policy database entries should use the new MH 359 Type, the Heartbeat Message, for the MH Type selector. See RFC 4887 360 for more details. 362 If dynamic key negotiation between the MAG and the LMA is required, 363 IKEv2 [RFC4306] should be used. 365 7. IANA Considerations 367 The Heartbeat message defined in Section 3.3 must have the type value 368 allocated from the same space as the 'MH Type' name space in the 369 Mobility Header defined in RFC 3775 [RFC3775]. 371 The Restart Counter mobility option defined in Section 3.4 must have 372 the type value allocated from the same name space as the Mobility 373 Options defined in RFC 3775 [RFC3775]. 375 8. Acknowledgments 377 A heartbeat mechanism for a network-based mobility management 378 protocol was first described in [I-D.giaretta-netlmm-dt-protocol]. 379 The authors would like to thank the members of a NETLMM design team 380 that produced that document. The mechanism described in this 381 document also derives from the path management mechanism described in 382 [GTP]. 384 We would like to thank Alessio Casati for first suggesting a fault 385 handling mechanism for Proxy Mobile IPv6. 387 9. References 389 9.1. Normative References 391 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 392 Requirement Levels", BCP 14, RFC 2119, March 1997. 394 [RFC5213] Gundavelli, S., Leung, K., Devarapalli, V., Chowdhury, K., 395 and B. Patil, "Proxy Mobile IPv6", RFC 5213, August 2008. 397 [I-D.ietf-netlmm-pmip6-ipv4-support] 398 Wakikawa, R. and S. Gundavelli, "IPv4 Support for Proxy 399 Mobile IPv6", draft-ietf-netlmm-pmip6-ipv4-support-08 400 (work in progress), January 2009. 402 [RFC4301] Kent, S. and K. Seo, "Security Architecture for the 403 Internet Protocol", RFC 4301, December 2005. 405 [RFC4306] Kaufman, C., "Internet Key Exchange (IKEv2) Protocol", 406 RFC 4306, December 2005. 408 [RFC4887] Thubert, P., Wakikawa, R., and V. Devarapalli, "Network 409 Mobility Home Network Models", RFC 4887, July 2007. 411 [RFC3775] Johnson, D., Perkins, C., and J. Arkko, "Mobility Support 412 in IPv6", RFC 3775, June 2004. 414 9.2. Informative References 416 [I-D.giaretta-netlmm-dt-protocol] 417 Giaretta, G., "The NetLMM Protocol", 418 draft-giaretta-netlmm-dt-protocol-02 (work in progress), 419 October 2006. 421 [GTP] 3rd Generation Partnership Project, "3GPP Technical 422 Specification 29.060 V7.6.0: "Technical Specification 423 Group Core Network and Terminals; General Packet Radio 424 Service (GPRS); GPRS Tunnelling Protocol (GTP) across the 425 Gn and Gp interface (Release 7)"", July 2007. 427 Authors' Addresses 429 Vijay Devarapalli 430 WiChorus 431 3950 North First Street 432 San Jose, CA 95134 433 USA 435 Email: vijay@wichorus.com 437 Rajeev Koodli 438 Starent Networks 439 USA 441 Email: rkoodli@starentnetworks.com 442 Heeseon Lim 443 Stoke 444 5403 Betsy Ross Drve 445 Santa Clara, CA 95054 446 USA 448 Email: hlim@stoke.com 450 Nishi Kant 451 Stoke 452 5403 Betsy Ross Drive 453 Santa Clara, CA 95054 454 USA 456 Email: nishi@stoke.com 458 Suresh Krishnan 459 Ericsson 460 8400 Decarie Blvd. 461 Town of Mount Royal, QC 462 Canada 464 Email: suresh.krishnan@ericsson.com 466 Julien Laganier 467 DOCOMO Euro-Labs 468 Landsbergerstrasse 312 469 Munich, D-80687 470 Germany 472 Email: julien.IETF@laposte.net