idnits 2.17.1 draft-ietf-netlmm-pmipv6-heartbeat-07.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** The document seems to lack a License Notice according IETF Trust Provisions of 28 Dec 2009, Section 6.b.i or Provisions of 12 Sep 2009 Section 6.b -- however, there's a paragraph with a matching beginning. Boilerplate error? (You're using the IETF Trust Provisions' Section 6.b License Notice from 12 Feb 2009 rather than one of the newer Notices. See https://trustee.ietf.org/license-info/.) == The document has an IETF Trust Provisions of 28 Dec 2009, Section 6.c(i) Publication Limitation clause. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (April 9, 2009) is 5494 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-18) exists of draft-ietf-netlmm-pmip6-ipv4-support-10 ** Obsolete normative reference: RFC 4306 (Obsoleted by RFC 5996) ** Obsolete normative reference: RFC 3775 (Obsoleted by RFC 6275) Summary: 3 errors (**), 0 flaws (~~), 3 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 NETLMM Working Group V. Devarapalli (ed.) 3 Internet-Draft WiChorus 4 Intended status: Standards Track R. Koodli (ed.) 5 Expires: October 11, 2009 Starent Networks 6 H. Lim 7 N. Kant 8 Stoke 9 S. Krishnan 10 Ericsson 11 J. Laganier 12 DOCOMO Euro-Labs 13 April 9, 2009 15 Heartbeat Mechanism for Proxy Mobile IPv6 16 draft-ietf-netlmm-pmipv6-heartbeat-07.txt 18 Status of this Memo 20 This Internet-Draft is submitted to IETF in full conformance with the 21 provisions of BCP 78 and BCP 79. This document may not be modified, 22 and derivative works of it may not be created, except to format it 23 for publication as an RFC or to translate it into languages other 24 than English. 26 Internet-Drafts are working documents of the Internet Engineering 27 Task Force (IETF), its areas, and its working groups. Note that 28 other groups may also distribute working documents as Internet- 29 Drafts. 31 Internet-Drafts are draft documents valid for a maximum of six months 32 and may be updated, replaced, or obsoleted by other documents at any 33 time. It is inappropriate to use Internet-Drafts as reference 34 material or to cite them other than as "work in progress." 36 The list of current Internet-Drafts can be accessed at 37 http://www.ietf.org/ietf/1id-abstracts.txt. 39 The list of Internet-Draft Shadow Directories can be accessed at 40 http://www.ietf.org/shadow.html. 42 This Internet-Draft will expire on October 11, 2009. 44 Copyright Notice 46 Copyright (c) 2009 IETF Trust and the persons identified as the 47 document authors. All rights reserved. 49 This document is subject to BCP 78 and the IETF Trust's Legal 50 Provisions Relating to IETF Documents in effect on the date of 51 publication of this document (http://trustee.ietf.org/license-info). 52 Please review these documents carefully, as they describe your rights 53 and restrictions with respect to this document. 55 Abstract 57 Proxy Mobile IPv6 is a network-based mobility management protocol. 58 The mobility entities involved in the Proxy Mobile IPv6 protocol, the 59 Mobile Access Gateway (MAG) and the Local Mobility Anchor (LMA), 60 setup tunnels dynamically to manage mobility for a mobile node within 61 the Proxy Mobile IPv6 domain. This document describes a heartbeat 62 mechanism between the MAG and the LMA to detect failures, quickly 63 inform peers in the event of a recovery from node failures, and allow 64 a peer to take appropriate action. 66 Table of Contents 68 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 69 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 70 3. Heartbeat Mechanism . . . . . . . . . . . . . . . . . . . . . 4 71 3.1. Failure Detection . . . . . . . . . . . . . . . . . . . . 5 72 3.2. Restart Detection . . . . . . . . . . . . . . . . . . . . 6 73 3.3. Heartbeat Message . . . . . . . . . . . . . . . . . . . . 7 74 3.4. Restart Counter Mobility Option . . . . . . . . . . . . . 8 75 4. Exchanging Heartbeat Messages over an IPv4 Transport 76 Network . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 77 5. Configuration Variables . . . . . . . . . . . . . . . . . . . 9 78 6. Security Considerations . . . . . . . . . . . . . . . . . . . 10 79 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 80 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 10 81 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 11 82 9.1. Normative References . . . . . . . . . . . . . . . . . . . 11 83 9.2. Informative References . . . . . . . . . . . . . . . . . . 11 84 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 11 86 1. Introduction 88 Proxy Mobile IPv6 [RFC5213] enables network-based mobility for IPv6 89 hosts that do not implement any mobility protocols. The protocol is 90 described in detail in [RFC5213]. In order to facilitate the 91 network-based mobility, the PMIPv6 protocol defines a Mobile Access 92 Gateway (MAG), which acts as a proxy for the Mobile IPv6 [RFC3775] 93 signaling, and the Local Mobility Anchor (LMA) which acts similar to 94 a Home Agent, anchoring a Mobile Node's sessions within a Proxy 95 Mobile IPv6 (PMIPv6) domain. The LMA and the MAG establish a 96 bidirectional tunnel for forwarding all data traffic belonging to the 97 Mobile Nodes. 99 In a distributed environment such as a PMIPv6 domain consisting of 100 LMA and MAGs, it is necessary for the nodes to 1) have a consistent 101 state about each other's reachability, and 2) quickly inform peers in 102 the event of recovery from node failures. So, when the LMA restarts 103 after a failure, the MAG should (quickly) learn about the restart so 104 that it could take appropriate actions (such as releasing any 105 resources). When there are no failures, a MAG should know about 106 LMA's reachability (and vice versa) so that the path can be assumed 107 to be functioning. 109 This document specifies a heartbeat mechanism between the MAG and the 110 LMA to detect the status of reachability between them. This document 111 also specifies a mechanism to indicate node restarts; the mechanism 112 could be used to quickly inform peers of such restarts. The 113 heartbeat message is a mobility header message (protocol type 135) 114 which is periodically exchanged at a configurable threshold of time 115 or sent unsolicited soon after a node restart. This document does 116 not specify the specific actions (such as releasing resources) that a 117 node takes as a response to processing the heartbeat messages. 119 2. Terminology 121 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 122 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 123 document are to be interpreted as described in [RFC2119]. 125 3. Heartbeat Mechanism 127 The MAG and the LMA exchange heartbeat messages every 128 HEARTBEAT_INTERVAL seconds to detect the current status of 129 reachability between them. The MAG initiates the heartbeat exchange 130 to test if the LMA is reachable by sending a Heartbeat Request 131 message to the LMA. Each Heartbeat Request contains a sequence 132 number that is incremented monotonically. The sequence number on the 133 last Heartbeat Request message is always recorded by the MAG, and is 134 used to match the corresponding Heartbeat Response. Similarly, the 135 LMA also initiates a heartbeat exchange with the MAG, by sending a 136 Heartbeat Request message, to check if the MAG is reachable. The 137 format of the Heartbeat message is described in Section 3.3. 139 A Heartbeat Request message can be sent only if the MAG has at least 140 one proxy binding cache entry at the LMA for a mobile node attached 141 to the MAG. If there are no proxy binding cache entries at the LMA 142 for any of the mobile nodes attached to the MAG, then the heartbeat 143 message SHOULD NOT be sent. Similarly, the LMA SHOULD NOT send a 144 Heartbeat Request message to a MAG if there is no active binding 145 cache entry created by the MAG. A PMIPv6 node MUST respond to a 146 Heartbeat Request message with a Heartbeat Response message, 147 irrespective of whether there is an active binding cache entry. 149 The HEARTBEAT_INTERVAL SHOULD NOT be configured to a value less than 150 30 seconds. Deployments should be careful in setting the value for 151 the HEARTBEAT_INTERNVAL. Sending heartbeat messages too often may 152 become an overhead on the path between the MAG and the LMA. It could 153 also create congestion in the network and negatively affect network 154 performance. The HEARTBEAT_INTERVAL can be set to a much larger 155 value on the MAG and the LMA, if required, to reduce the burden of 156 sending periodic heartbeat messages. 158 If the LMA or the MAG do not support the heartbeat messages, they 159 respond with a Binding Error message with status set to '2' 160 (unrecognized MH type value) as described in [RFC3775]. When the 161 Binding Error message with status set to '2' is received in response 162 to Heartbeat Request message, the initiating MAG or the LMA MUST NOT 163 use heartbeat messages with the other end again. 165 If a PMIPv6 node has detected that a peer PMIPv6 node has failed or 166 restarted without retaining the PMIPv6 session state, it should mark 167 the corresponding binding update list or binding cache entries as 168 invalid. The PMIPv6 node may also take other actions which are 169 outside the scope of this document. 171 The detection of failures and restarts events may be signaled to 172 network operators by using asynchronous notifications. Future work 173 may define such notifications in a SMIv2 Management Information Base 174 (MIB) module. 176 3.1. Failure Detection 178 A PMIPv6 node, (MAG or LMA) matches every received Heartbeat Response 179 to the Heartbeat Request sent using the sequence number. Before 180 sending the next Heartbeat Request, it increments a local variable 181 MISSING_HEARTBEAT if it has not received a Heartbeat Response for the 182 previous request. When this local variable MISSING_HEARTBEAT exceeds 183 a configurable parameter MISSING_HEARTBEATS_ALLOWED, the PMIPv6 node 184 concludes that the peer PMIPv6 node is not reachable. If a Heartbeat 185 Response message is received, the MISSING_HEARTBEATS counter is 186 reset. 188 3.2. Restart Detection 190 The section describes a mechanism for detecting failure recovery 191 without session persistence. In case the LMA or the MAG crashes and 192 re-boots and loses all state with respect to the PMIPv6 sessions, it 193 would be beneficial for the peer PMIPv6 node to discover the failure 194 and the loss of session state and establish the sessions again. 196 Each PMIPv6 node (both the MAG and LMA) MUST maintain a monotonically 197 increasing Restart Counter that is incremented every time the node 198 re-boots and looses PMIPv6 session state. The counter MUST NOT be 199 incremented if the recovery happens without losing state for the 200 PMIPv6 sessions active at the time of failure. This counter MUST be 201 treated as state that is preserved across reboots. A PMIPv6 node 202 includes a Restart Counter mobility option, described in Section 3.4 203 in an Heartbeat Response message to indicate the current value of the 204 Restart Counter. Each PMIPv6 node MUST also store the Restart 205 Counter for all the peer PMIPv6 nodes that it has sessions with 206 currently. Storing the Restart Counter values for peer PMIPv6 nodes 207 does not need to be preserved across reboots. 209 The PMIPv6 node that receives the Heartbeat Response message compares 210 the Restart Counter value with the previously received value. If the 211 value is different, the receiving node assumes that the peer PMIPv6 212 node had crashed and recovered. If the Restart Counter value changes 213 or if there was no previously stored value, the new value is stored 214 by the receiving PMIPv6 node. 216 If a PMIPv6 node restarts and looses PMIPv6 session state, it SHOULD 217 send an unsolicited Heartbeat Response message with an incremented 218 Restart Counter to all the PMIPv6 nodes that had previously 219 established PMIPv6 sessions. Note that this is possible only when 220 the PMIPv6 node is capable of storing information about the peers 221 across reboots. The unsolicited Heartbeat Response message allows 222 the peer PMIPv6 nodes to quickly discover the restart. The sequence 223 number field in the unsolicited Heartbeat Response is ignored and no 224 response is necessary; the nodes will synchronize during the next 225 Request and Response exchange. 227 3.3. Heartbeat Message 229 The Heartbeat Message is based on the Mobility Header defined in 230 Section 6.1 of [RFC3775]. The 'MH type' field in the Mobility Header 231 indicates that it is a Heartbeat Message. The value MUST be set to 232 . This document does not make any other changes to the 233 Mobility Header message. Please refer to [RFC3775] for a description 234 of the fields in the Mobility Header Message. 236 0 1 2 3 237 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 238 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 239 | Payload Proto | Header Len | MH Type | Reserved | 240 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 241 | Checksum | | 242 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 243 | | 244 . . 245 . Message Data . 246 . . 247 | | 248 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 250 Figure 1: Mobility Header Message Format 252 The Heartbeat Message follows the 'Checksum' field in the above 253 message. The following illustrates the message format for the 254 Heartbeat Mobility Header message. 256 0 1 2 3 257 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 258 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 259 | Reserved |U|R| 260 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 261 | Sequence Number | 262 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 263 | | 264 . . 265 . Mobility options . 266 . . 267 | | 268 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 270 Figure 2: Heartbeat Message Format 272 Reserved 274 Set to 0 and ignored by the receiver. 276 'U' 278 Set to 1 in Unsolicited Heartbeat Response. Otherwise set to 0. 280 'R' 282 A 1-bit flag that indicates whether the message is a request or a 283 response. When the 'R' flag is set to 0, it indicates that the 284 Heartbeat message is a request. When the 'R' flag is set to 1, it 285 indicates that the Heartbeat message is a response. 287 Sequence Number 289 A 32-bit sequence number used for matching the request to the 290 reply. 292 Mobility Options 294 Variable-length field of such length that the complete Mobility 295 Header is an integer multiple of 8 octets long. This field 296 contains zero or more TLV-encoded mobility options. The receiver 297 MUST ignore and skip any options which it does not understand. At 298 the time of writing this document, the Restart Counter Mobility 299 Option, described in Section 3.4, is the only valid option in this 300 message. 302 3.4. Restart Counter Mobility Option 304 The following shows the message format for a new mobility option for 305 carrying the Restart Counter Value in the Heartbeat message. The 306 Restart Counter Mobility Option is only valid in a Heartbeat Response 307 message. It has an alignment requirement of 4n+2. 309 0 1 2 3 310 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 311 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 312 | Type | Length | 313 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 314 | Restart Counter | 315 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 317 Figure 3: Restart Counter Mobility Option 319 Type 321 A 8-bit field that indicates that it is a Restart Counter mobility 322 option. It MUST be set to . 324 Length 326 A 8-bit field that indicates the length of the option in octets 327 excluding the 'Type' and 'Length' fields. It is set to '4'. 329 Restart Counter 331 A 32-bit field that indicates the current Restart Counter value. 333 4. Exchanging Heartbeat Messages over an IPv4 Transport Network 335 In some deployments, the network between the MAG and the LMA may not 336 be capable of transporting IPv6 packets. In this case, the Heartbeat 337 messages are tunneled over IPv4. If the Proxy Binding Update and 338 Proxy Binding Acknowledgment messages are sent using UDP 339 encapsulation to traverse NATs, then the Heartbeat messages are also 340 sent with UDP encapsulation. The UDP port used would be the same as 341 the port used for the Proxy Binding Update and Proxy Binding 342 Acknowledgement messages. For more details on tunneling Proxy Mobile 343 IPv6 signaling messages over IPv4, see 344 [I-D.ietf-netlmm-pmip6-ipv4-support]. 346 5. Configuration Variables 348 The LMA and the MAG must allow the following variables to be 349 configurable. 351 HEARTBEAT_INTERVAL 353 This variable is used to set the time interval in seconds between 354 two consecutive Heartbeat Request messages. The default value is 355 60 seconds. It SHOULD NOT be set to less than 30 seconds or 356 larger than 3600 seconds. 358 MISSING_HEARTBEATS_ALLOWED 360 This variable indicates the maximum number of consecutive 361 Heartbeat Request messages that a PMIPv6 node did not receive a 362 response for before concluding that the peer PMIPv6 node is not 363 reachable. The default value for this variable is 3. 365 6. Security Considerations 367 The heartbeat messages are just used for checking reachability 368 between the MAG and the LMA. They do not carry information that is 369 useful for eavesdroppers on the path. Therefore, confidentiality 370 protection is not required. Integrity protection using IPsec 371 [RFC4301] for the heartbeat messages MUST be supported on the MAG and 372 the LMA. RFC 5213 [RFC5213] describes how to protect the Proxy 373 Binding Update and Acknowledgment signaling messages with IPsec. The 374 Heartbeat message defined in this specification is merely another 375 subtype of the same Mobility Header protocol that is already being 376 protected by IPsec. Therefore, protecting this additional message is 377 possible using the mechanisms and security policy models from these 378 RFCs. The security policy database entries should use the new MH 379 Type, the Heartbeat Message, for the MH Type selector. 381 If dynamic key negotiation between the MAG and the LMA is required, 382 IKEv2 [RFC4306] should be used. 384 7. IANA Considerations 386 The Heartbeat message defined in Section 3.3 must have the type value 387 allocated from the same space as the 'MH Type' name space in the 388 Mobility Header defined in RFC 3775 [RFC3775]. 390 The Restart Counter mobility option defined in Section 3.4 must have 391 the type value allocated from the same name space as the Mobility 392 Options defined in RFC 3775 [RFC3775]. 394 8. Acknowledgments 396 A heartbeat mechanism for a network-based mobility management 397 protocol was first described in [I-D.giaretta-netlmm-dt-protocol]. 398 The authors would like to thank the members of a NETLMM design team 399 that produced that document. The mechanism described in this 400 document also derives from the path management mechanism described in 401 [GTP]. 403 We would like to thank Alessio Casati for first suggesting a fault 404 handling mechanism for Proxy Mobile IPv6. 406 9. References 407 9.1. Normative References 409 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 410 Requirement Levels", BCP 14, RFC 2119, March 1997. 412 [RFC5213] Gundavelli, S., Leung, K., Devarapalli, V., Chowdhury, K., 413 and B. Patil, "Proxy Mobile IPv6", RFC 5213, August 2008. 415 [I-D.ietf-netlmm-pmip6-ipv4-support] 416 Wakikawa, R. and S. Gundavelli, "IPv4 Support for Proxy 417 Mobile IPv6", draft-ietf-netlmm-pmip6-ipv4-support-10 418 (work in progress), March 2009. 420 [RFC4301] Kent, S. and K. Seo, "Security Architecture for the 421 Internet Protocol", RFC 4301, December 2005. 423 [RFC4306] Kaufman, C., "Internet Key Exchange (IKEv2) Protocol", 424 RFC 4306, December 2005. 426 [RFC3775] Johnson, D., Perkins, C., and J. Arkko, "Mobility Support 427 in IPv6", RFC 3775, June 2004. 429 9.2. Informative References 431 [I-D.giaretta-netlmm-dt-protocol] 432 Giaretta, G., "The NetLMM Protocol", 433 draft-giaretta-netlmm-dt-protocol-02 (work in progress), 434 October 2006. 436 [GTP] 3rd Generation Partnership Project, "3GPP Technical 437 Specification 29.060 V7.6.0: "Technical Specification 438 Group Core Network and Terminals; General Packet Radio 439 Service (GPRS); GPRS Tunnelling Protocol (GTP) across the 440 Gn and Gp interface (Release 7)"", July 2007. 442 Authors' Addresses 444 Vijay Devarapalli 445 WiChorus 446 3950 North First Street 447 San Jose, CA 95134 448 USA 450 Email: vijay@wichorus.com 451 Rajeev Koodli 452 Starent Networks 453 USA 455 Email: rkoodli@starentnetworks.com 457 Heeseon Lim 458 Stoke 459 5403 Betsy Ross Drve 460 Santa Clara, CA 95054 461 USA 463 Email: hlim@stoke.com 465 Nishi Kant 466 Stoke 467 5403 Betsy Ross Drive 468 Santa Clara, CA 95054 469 USA 471 Email: nishi@stoke.com 473 Suresh Krishnan 474 Ericsson 475 8400 Decarie Blvd. 476 Town of Mount Royal, QC 477 Canada 479 Email: suresh.krishnan@ericsson.com 481 Julien Laganier 482 DOCOMO Euro-Labs 483 Landsbergerstrasse 312 484 Munich, D-80687 485 Germany 487 Email: julien.IETF@laposte.net