idnits 2.17.1 draft-irtf-mobopts-mpa-framework-09.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (February 22, 2011) is 4805 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Unused Reference: 'RFC4830' is defined on line 1497, but no explicit reference was found in the text == Unused Reference: 'RFC4831' is defined on line 1500, but no explicit reference was found in the text == Unused Reference: 'RFC3046' is defined on line 1550, but no explicit reference was found in the text == Unused Reference: 'RFC5213' is defined on line 1571, but no explicit reference was found in the text == Unused Reference: 'Romdhani' is defined on line 1652, but no explicit reference was found in the text == Unused Reference: 'FMIP-results' is defined on line 1676, but no explicit reference was found in the text ** Obsolete normative reference: RFC 3775 (Obsoleted by RFC 6275) -- Obsolete informational reference (is this intentional?): RFC 5201 (Obsoleted by RFC 7401) -- Obsolete informational reference (is this intentional?): RFC 2679 (Obsoleted by RFC 7679) -- Obsolete informational reference (is this intentional?): RFC 2680 (Obsoleted by RFC 7680) Summary: 1 error (**), 0 flaws (~~), 7 warnings (==), 5 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 MOBOPTS Research Group A. Dutta (Ed.) 3 Internet-Draft V. Fajardo 4 Intended status: Informational Telcordia 5 Expires: August 26, 2011 Y. Ohba 6 K. Taniuchi 7 Toshiba 8 H. Schulzrinne 9 Columbia Univ. 10 February 22, 2011 12 A Framework of Media-Independent Pre-Authentication (MPA) for Inter- 13 domain Handover Optimization 14 draft-irtf-mobopts-mpa-framework-09 16 Abstract 18 This document describes Media-independent Pre-Authentication (MPA), a 19 new handover optimization mechanism that addresses the issues on 20 existing mobility management protocols and mobility optimization 21 mechanisms to support inter-domain handover. MPA is a mobile- 22 assisted, secure handover optimization scheme that works over any 23 link-layer and with any mobility management protocol and is best 24 applicable to support optimization during inter-domain handover. 25 MPA's pre-authentication, pre-configuration, and proactive handover 26 techniques allow many of the handoff related operations to take place 27 before the mobile has moved to the new network. We describe the 28 details of all the associated techniques and its applicability for 29 different scenarios involving various mobility protocols during 30 inter-domain handover. We have implemented MPA mechanism for various 31 network layer and application layer mobility protocols and report 32 summary of experimental performance results in this document. 34 This document is a product of the IP Mobility Optimizations (MobOpts) 35 Research Group. 37 Status of this Memo 39 This Internet-Draft is submitted to IETF in full conformance with the 40 provisions of BCP 78 and BCP 79. 42 Internet-Drafts are working documents of the Internet Engineering 43 Task Force (IETF). Note that other groups may also distribute 44 working documents as Internet-Drafts. The list of current Internet- 45 Drafts is at http://datatracker.ietf.org/drafts/current/. 47 Internet-Drafts are draft documents valid for a maximum of six months 48 and may be updated, replaced, or obsoleted by other documents at any 49 time. It is inappropriate to use Internet-Drafts as reference 50 material or to cite them other than as "work in progress." 52 This Internet-Draft will expire on August 26, 2011. 54 Copyright Notice 56 Copyright (c) 2011 IETF Trust and the persons identified as the 57 document authors. All rights reserved. 59 This document is subject to BCP 78 and the IETF Trust's Legal 60 Provisions Relating to IETF Documents 61 (http://trustee.ietf.org/license-info) in effect on the date of 62 publication of this document. Please review these documents 63 carefully, as they describe your rights and restrictions with respect 64 to this document. Code Components extracted from this document must 65 include Simplified BSD License text as described in Section 4.e of 66 the Trust Legal Provisions and are provided without warranty as 67 described in the Simplified BSD License. 69 Table of Contents 71 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5 72 1.1. Specification of Requirements . . . . . . . . . . . . . . 7 73 1.2. Performance Requirements . . . . . . . . . . . . . . . . . 7 74 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 8 75 3. Handover Taxonomy . . . . . . . . . . . . . . . . . . . . . . 9 76 4. Related Work . . . . . . . . . . . . . . . . . . . . . . . . . 12 77 5. Applicability of MPA . . . . . . . . . . . . . . . . . . . . . 13 78 6. MPA Framework . . . . . . . . . . . . . . . . . . . . . . . . 14 79 6.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . . 14 80 6.2. Functional Elements . . . . . . . . . . . . . . . . . . . 15 81 6.3. Basic Communication Flow . . . . . . . . . . . . . . . . . 16 82 7. MPA Operations . . . . . . . . . . . . . . . . . . . . . . . . 20 83 7.1. Discovery . . . . . . . . . . . . . . . . . . . . . . . . 21 84 7.2. Pre-authentication in multiple CTN environment . . . . . . 21 85 7.3. Proactive IP address acquisition . . . . . . . . . . . . . 22 86 7.3.1. PANA-assisted proactive IP address acquisition . . . . 23 87 7.3.2. IKEv2-assisted proactive IP address acquisition . . . 24 88 7.3.3. Proactive IP address acquisition using DHCPv4 only . . 24 89 7.3.4. Proactive IP address acquisition using stateless 90 autoconfiguration . . . . . . . . . . . . . . . . . . 25 91 7.4. Tunnel management . . . . . . . . . . . . . . . . . . . . 26 92 7.5. Binding Update . . . . . . . . . . . . . . . . . . . . . . 27 93 7.6. Preventing packet loss . . . . . . . . . . . . . . . . . . 28 94 7.6.1. Packet loss prevention in single interface MPA . . . . 28 95 7.6.2. Preventing packet losses for multiple interfaces . . . 29 96 7.6.3. Reachability test . . . . . . . . . . . . . . . . . . 30 97 7.7. Security and mobility . . . . . . . . . . . . . . . . . . 30 98 7.7.1. Link-layer security and mobility . . . . . . . . . . . 30 99 7.7.2. IP layer security and mobility . . . . . . . . . . . . 31 100 7.8. Authentication in initial network attachment . . . . . . . 32 101 8. Security Considerations . . . . . . . . . . . . . . . . . . . 32 102 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 33 103 10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 33 104 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 33 105 11.1. Normative References . . . . . . . . . . . . . . . . . . . 33 106 11.2. Informative References . . . . . . . . . . . . . . . . . . 35 107 Appendix A. Proactive duplicate address detection . . . . . . . . 38 108 Appendix B. Address resolution . . . . . . . . . . . . . . . . . 39 109 Appendix C. MPA Deployment Issues . . . . . . . . . . . . . . . . 40 110 C.1. Considerations for failed switching and switch-back . . . 40 111 C.2. Authentication state management . . . . . . . . . . . . . 42 112 C.3. Pre-allocation of QoS resources . . . . . . . . . . . . . 42 113 C.4. Resource allocation issue during pre-authentication . . . 43 114 C.5. Systems evaluation and performance results . . . . . . . . 44 115 C.5.1. Intra-technology, Intra-domain . . . . . . . . . . . . 45 116 C.5.2. Inter-technology, Inter-domain . . . . . . . . . . . . 47 117 C.5.3. MPA-assisted Layer 2 pre-authentication . . . . . . . 47 118 C.6. Guidelines for handover preparation . . . . . . . . . . . 52 119 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 53 121 1. Introduction 123 As wireless technologies including cellular and wireless LAN are 124 beginning to get popular, supporting terminal handovers across 125 different types of access networks, such as from a wireless LAN to 126 CDMA or to GPRS is considered a clear challenge. On the other hand, 127 supporting seamless terminal handovers between access networks of the 128 same type is still more challenging, especially when the handovers 129 are across IP subnets or administrative domains. To address those 130 challenges, it is important to provide terminal mobility that is 131 agnostic to link-layer technologies in an optimized and secure 132 fashion without incurring unreasonable complexity. In this document 133 we discuss a framework to support terminal mobility that provides 134 seamless handovers with low latency and low loss. Seamless handovers 135 are characterized in terms of performance requirements as described 136 in Section 1.2. [mpa-wireless] is an accompanying document which 137 describes implementation of a few MPA-based systems including 138 performance results to show how existing protocols could be leveraged 139 to realize the functionalities of MPA. 141 Terminal mobility is accomplished by a mobility management protocol 142 that maintains a binding between a locator and an identifier of a 143 mobile node, where the binding is referred to as the mobility 144 binding. The locator of the mobile node may dynamically change when 145 there is a movement of the mobile node. The movement that causes a 146 change of the locator may occur when there is a change in attachment 147 point due to physical movement or network change. A mobility 148 management protocol may be defined at any layer. In the rest of this 149 document, the term "mobility management protocol" refers to a 150 mobility management protocol which operates at the network layer or 151 higher. 153 There are several mobility management protocols at different layers. 154 Mobile IP [RFC5944] and Mobile IPv6 [RFC3775] are mobility management 155 protocols that operate at the network layer. Similarly, MOBIKE 156 (IKEv2 Mobility and Multihoming) [RFC4555] is an extension to IKEv2 157 that provides the ability to deal with a change of an IP address of 158 an IKEv2 end-point. There are several ongoing activities in the IETF 159 to define mobility management protocols at layers higher than network 160 layer. HIP (the Host Identity Protocol) [RFC5201] defines a new 161 protocol layer between network layer and transport layer to provide 162 terminal mobility in a way that is transparent to both network layer 163 and transport layer. Also, SIP-based mobility is an extension to SIP 164 to maintain the mobility binding of a SIP user agent [SIPMM]. 166 While mobility management protocols maintain mobility bindings, these 167 cannot provide seamless handover if used in their current form. An 168 additional optimization mechanism is needed to prevent the loss of 169 inflight packets transmitted during mobile's binding update procedure 170 and to achieve seamless handovers. Such a mechanism is referred to 171 as a mobility optimization mechanism. For example, mobility 172 optimization mechanisms [RFC4881] and [RFC5568] are defined for 173 Mobile IPv4 and Mobile IPv6, respectively, by allowing neighboring 174 access routers to communicate and carry information about mobile 175 terminals. There are protocols that are considered as "helpers" of 176 mobility optimization mechanisms. The CARD (Candidate Access Router 177 Discovery Mechanism) protocol [RFC4065] is designed to discover 178 neighboring access routers. The CTP (Context Transfer Protocol) 179 [RFC4066] is designed to carry state that is associated with the 180 services provided for the mobile node, or context, among access 181 routers. We describe some of the fast-handover schemes that attempt 182 to reduce the handover delay in Section 4. 184 There are several issues in existing mobility optimization 185 mechanisms. First, existing mobility optimization mechanisms are 186 tightly coupled with specific mobility management protocols. For 187 example, it is not possible to use mobility optimization mechanisms 188 designed for Mobile IPv4 or Mobile IPv6 for MOBIKE. What is strongly 189 desired is a single, unified mobility optimization mechanism that 190 works with any mobility management protocol. Second, there is no 191 existing mobility optimization mechanism that easily supports 192 handovers across administrative domains without assuming a pre- 193 established security association between administrative domains. A 194 mobility optimization mechanism should work across administrative 195 domains in a secure manner only based on a trust relationship between 196 a mobile node and each administrative domain. Third, a mobility 197 optimization mechanism needs to support not only terminals with 198 multiple-interfaces where simultaneous connectivity through multiple 199 interfaces or connectivity through single interface can be expected, 200 but also terminals with single-interface. 202 This document describes a framework of Media-independent Pre- 203 Authentication (MPA), a new handover optimization mechanism that 204 addresses all those issues. MPA is a mobile-assisted, secure 205 handover optimization scheme that works over any link-layer and with 206 any mobility management protocol including Mobile IPv4, Mobile IPv6, 207 MOBIKE, HIP, SIP mobility. In cases of multiple operators without 208 roaming relationship or without agreement to participate in a key 209 management scheme, MPA provides a framework that can perform pre- 210 authentication to establish the security mechanisms without assuming 211 a common source of trust. In MPA, the notion of IEEE 802.11i pre- 212 authentication is extended to work at higher layer, with additional 213 mechanisms to perform early acquisition of IP address from a network 214 where the mobile node may move as well as proactive handover to the 215 network while the mobile node is still attached to the current 216 network. Since this document focuses on the MPA framework, it is 217 left to future work to choose the protocols for MPA and define 218 detailed operations. The accompanying document [mpa-wireless] 219 provides one method that describes usage and interactions between 220 existing protocols to accomplish MPA functionality. 222 This document represents the consensus of the (MobOpts) Research 223 Group. It has been reviewed by Research Group members active in the 224 specific area of work. 226 1.1. Specification of Requirements 228 In this document, several words are used to signify the requirements 229 of the specification. These words are often capitalized. The key 230 words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", 231 "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document 232 are to be interpreted as described in [RFC2119]. 234 1.2. Performance Requirements 236 In order to provide desirable quality of service for interactive VoIP 237 and streaming traffic, one needs to limit the value of end-to-end 238 delay, jitter and packet loss to a certain threshold level. ITU-T 239 and ITU-E standards define the acceptable values for these 240 parameters. For example for one-way delay, ITU-T G.114 [RG98] 241 recommends 150 ms as the upper limit for most of the applications, 242 and 400 ms as generally unacceptable delay. One way delay tolerance 243 for video conferencing is in the range of 200 to 300 ms [ITU98]. 244 Also if an out-of-order packet is received after a certain threshold, 245 it is considered lost. According to ETSI TR 101 [ETSI], a normal 246 voice conversation can tolerate up to 2% packet loss. But this is 247 the mean packet loss probability and may be applicable to a scenario 248 when the mobile is subjected to repeated handoff during a normal 249 conversation. Measurement techniques for delay and jitter are 250 described in [RFC2679], [RFC2680] and [RFC2681]. 252 In case of interactive VoIP traffic, end-to-end delay affects the 253 jitter value, and thus is an important issue to consider. An end-to- 254 end delay consists of several components, such as network delay, 255 operating system (OS) delay, codec delay and application delay. A 256 complete analysis of these delays can be found in [Wenyu]. During a 257 mobile's handover, in-flight transient traffic cannot reach the 258 mobile because of the associated handover delay. These in-flight 259 packets could either be lost or buffered. If the in-flight packets 260 are lost, then it contributes to jitter between the last packet 261 before handoff and first packet after handoff. If these packets are 262 buffered, packet loss is minimized, but there is additional jitter 263 for the in-flight packets when these are flushed after the handoff. 264 Buffering during handoff avoids the packet loss, but at the cost of 265 additional one-way-delay. A trade-off between one-way-delay and 266 packet loss is desired based on the type of application. For 267 example, for streaming application, packet loss can be reduced by 268 increasing the playout buffer resulting in longer one-way packet 269 delay. 271 The handover delay is attributed due to several factors, such as 272 discovery, configuration, authentication, binding update and media 273 delivery. Many of the security related procedures such as handover 274 keying and re-authentication procedures deal with cases where there 275 is a single source of trust at the top and the underlying AAA domain 276 elements trust the top source of trust and the keys it generates and 277 distributes. In this scenario, there is an appreciable delay in re- 278 establishing link security related parameters, such as 279 authentication, link key management and access authorization during 280 inter-domain handover. The focus of this draft is the design of a 281 framework that can reduce the delay due to authentication and other 282 handoff related operations such as configuration and binding update. 284 2. Terminology 286 Mobility Binding: A binding between a locator and an identifier of a 287 mobile terminal. 289 Mobility Management Protocol (MMP): A protocol that operates at 290 network layer or above to maintain a binding between a locator and 291 an identifier of a mobile node. 293 Binding Update: A procedure to update a mobility binding. 295 Media-independent Pre-Authentication Mobile Node (MN): A mobile node 296 of media-independent pre-authentication (MPA) which is a mobile- 297 assisted, secure handover optimization scheme that works over any 298 link-layer and with any mobility management protocol. An MPA 299 mobile node is an IP node. In this document, the term "mobile 300 node" or "MN" without a modifier refers to "MPA mobile node". An 301 MPA mobile node usually has a functionality of a mobile node of a 302 mobility management protocol as well. 304 Candidate Target Network (CTN): 306 A network to which the mobile may move in the near future. 308 Target Network (TN): The network to which the mobile has decided to 309 move. The target network is selected from one or more candidate 310 target network. 312 Proactive Handover Tunnel (PHT): A bidirectional IP tunnel 313 [RFC2003], [RFC2473] that is established between the MPA mobile 314 node and an access router of a candidate target network. In this 315 document, the term "tunnel" without a modifier refers to 316 "proactive handover tunnel. 318 Point of Attachment (PoA): A link-layer device (e.g., a switch, an 319 access point or a base station) that functions as a link-layer 320 attachment point for the MPA mobile node to a network. 322 Care-of Address (CoA): An IP address used by a mobility management 323 protocol as a locator of the MPA mobile node. 325 3. Handover Taxonomy 327 Based on the type of movement, type of access network, and underlying 328 mobility support, one can primarily define the handover as inter- 329 technology, intra-technology, inter-domain, and intra-domain. We 330 describe briefly each of these handover processes. However, our 331 focus of the dicussion is on Inter-domain handover. 333 Inter-technology: A mobile may be equipped with multiple interfaces, 334 where each interface can support different access technology (802.11, 335 CDMA). A mobile may communicate with one interface at any time in 336 order to conserve the power. During the handover the mobile may move 337 out of the footprint of one access technology (e.g., 802.11) and move 338 into the footprint of a different access technology (e.g., CDMA). 339 This will warrant switching of the communicating interface on the 340 mobile as well. This type of Inter-technology handover is often 341 called as Vertical Handover since the mobile makes movement between 342 two different cell sizes. 344 Intra-technology: An intra-technology handover is defined when a 345 mobile moves between the same type of access technology such as 346 between 802.11[a,b,n] and 802.11 [a,b,n] or between CDMA1XRTT and 347 CDMA1EVDO. In this scenario a mobile may be equipped with a single 348 interface (with multiple PHY types of the same technology) or with 349 multiple interfaces. An Intra-technology handover may involve intra- 350 subnet or inter-subnet movement and thus may need to change its L3 351 locator depending upon type of movement. 353 Inter-domain: A domain can be defined in several ways. But for the 354 purposes of roaming we define domain as an administrative domain 355 which consists of networks that are managed by a single 356 administrative entity which authenticates and authorizes a mobile for 357 accessing the networks. An administrative entity may be a service 358 provider, an enterprise and any organization. Thus an Inter-domain 359 handover will by-default be subjected to inter-subnet handover and in 360 addition it may be subjected to either inter-technology or intra- 361 technology handover. A mobile is subjected to inter-subnet handover 362 when it moves from one subnet (broadcast domain) to another subnet 363 (broadcast domain). Inter-domain handover will be subjected to all 364 the transition steps a subnet handover goes through and in addition 365 it will be subjected to authentication and authorization process as 366 well. It is also likely that the type of mobility support in each 367 administrative domain will be different. For example, administrative 368 domain A may have MIPv6 support, while administrative domain B may 369 use Proxy MIPv6. 371 Intra-domain: When a mobile's movement is confined to movement within 372 an administrative domain it is called intra-domain movement. An 373 intra-domain movement may involve intra-subnet, inter-subnet, intra- 374 technology and inter-technology as well. 376 Both inter-domain and intra-domain handovers can be subjected to 377 either inter-technology or intra-technology handover based on the 378 network access characteristics. Inter-domain handover requires 379 authorization for acquisition or modification of resources assigned 380 to a mobile and the authorization needs interaction with a central 381 authority in a domain. In many cases, an authorization procedure 382 during inter-domain handover follows an authentication procedure that 383 also requires interaction with a central authority in a domain. 384 Thus, security associations between the network entities such as 385 routers in the neighboring administrative domains need to be 386 established before any interaction takes place between these 387 entities. Similarly, an inter-domain mobility may involve different 388 mobility protocols in each of its domains, such as MIPv6 and Proxy- 389 MIPv6. In that case, one needs a generalized framework to achieve 390 the optimization during inter-domain handover. Figure 1 shows a 391 typical example of inter-domain mobility involving two domains, such 392 as domain A and domain B. It illustrates several important components 393 such as AAA Home server (AAAH), AAA visited servers (e.g., AAAV1 and 394 AAAV2), Authentication Agent (AA), Layer 3 point of attachment, such 395 as Access Router (AR) and layer 2 point of attachment, such as Access 396 Point. Any mobile maybe using a specific mobility protocol and 397 associated mobility optimization technique during intra-domain 398 movement in either domain. But the same optimization technique may 399 not be suitable to support inter-domain handover independent of 400 whether it uses the same or different mobility protocol in either 401 domain. 403 +-----------------------------+ 404 | +--------+ | 405 | | | | 406 | | AAAH --------------------| 407 | | | | | 408 | +|-------+ | | 409 | | | | 410 | | Home Domain | | 411 | | | | 412 +-------|---------------------+ | 413 | | 414 | | 415 | | 416 +----------------------------|-----------+ +-------------|------------+ 417 | | | | +|-------+ | 418 | Domain A +-------|+ | | +-----+ | | | 419 | | | | | | ------ AAAV2 | | 420 | | AAAV1 | | | | AA | | | | 421 | +-------------- | | | +|----+ +--------+ | 422 | | | +--------+ | | | | 423 | |AA | | | |--- ---- | 424 | +--|--+ | | / \ / \ | 425 | | /----\ | || AR |-----| AR | | 426 | -|-- / \ | | \ / \ / | 427 | / \ | AR | | | -|-- --|- | 428 | | AR ----------- / | |+--|---+ +------|------+ | 429 | \ / \--|-/ | || AP4 | | L2 Switch | | 430 | -/-- +-----|------+ | || | +-|---------|-+ | 431 | / | L2 Switch | | |+------+ | | | 432 | / +-|-------|--+ | | +---|--+ +----|-+ | 433 | +----/-+ +----|-+ +-|----+ | |Domain B| | | | | 434 | | | | | | | | | | AP5 | |AP6 | | 435 | | AP1 | | AP2 | | AP3 | | | +--|---+ +------+ | 436 | +------+ +------+ +--|---+ | | | | 437 +--------------------------------|-------+ +-----------|--------------+ 438 --|--------- | 439 //// \\\\ -----|----- 440 // +------+ //// +------+ \\\\ 441 | | MN ------------->|MN | \\\ 442 | | | | | | | | 443 | +------+ | | +------+ | 444 \\ | // | 445 \\\\ \\\/ /// 446 ------------ \\\\------------- //// 448 Figure 1: Inter-domain Mobility 450 4. Related Work 452 While basic mobility management protocols such as Mobile IP 453 [RFC5944], Mobile IPv6 [RFC3775], SIP-Mobility [SIPMM] provide 454 continuity to TCP and RTP traffic, these are not optimized to reduce 455 the handover latency during mobile's movement between subnets and 456 domains. In general these mobility management protocols introduce 457 handover delays incurred at several layers such as, layer 3 and 458 application layer for updating the mobile's mobility binding. These 459 protocols also get affected due to underlying layer 2 delay as well. 460 As a result, applications using these mobility protocols suffer from 461 performance degradation. 463 There have been several optimization techniques that apply to current 464 mobility management schemes that try to reduce handover delay and 465 packet loss during a mobile's movement between cells, subnets and 466 domain. Micro-mobility management schemes [CELLIP], [HAWAII], and 467 intra-domain mobility management schemes such as [IDMP], 468 [I-D.ietf-mobileip-reg-tunnel] and [RFC5380] provide fast-handover by 469 limiting the signaling updates within a domain. Fast Mobile IP 470 protocols for IPv4 and IPv6 networks [RFC4881], [RFC5568] utilize 471 mobility information made available by link layer triggers. Yokota 472 et al. [YOKOTA] propose joint use of access point and a dedicated 473 MAC bridge to provide fast-handover without altering the MIPv4 474 specification. Shin et al. [MACD] propose a scheme reducing the 475 delay due to MAC layer handoff by providing a cache-based algorithm. 476 In this scheme, the mobile caches the neighboring channels that it 477 has already visited and thus uses a selective scanning method. This 478 helps to reduce the associated scanning time. 480 Some mobility management schemes use dual interfaces thus providing 481 make-before-break [SUM]. In a make-before-break situation, 482 communication usually continues with one interface, when the 483 secondary interface is in the process of getting connected. The IEEE 484 802.21 working group is discussing these scenarios in detail 485 [802.21]. Providing fast-handover using a single interface needs 486 more careful design than for a client with multiple interfaces. 487 Dutta et al [SIPFAST] provide an optimized handover scheme for SIP- 488 based mobility management, where the transient traffic is forwarded 489 from the old subnet to the new one by using an application layer 490 forwarding scheme. [MITH] provides a fast handover scheme for the 491 single interface case that uses mobile-initiated tunneling between 492 the old foreign agent and new foreign agent. [MITH] defines two 493 types of handover schemes such as Pre-MIT (Mobile Initiated 494 Tunneling) and Post-MIT (Media Initiated Tunneling). The proposed 495 MPA scheme is very similar to MITH's predictive scheme where the 496 mobile communicates with the foreign agent before actually moving to 497 the new network. However, the MPA scheme is not limited to MIP; this 498 scheme takes care of movement between domains and performs pre- 499 authentication in addition to proactive handover. Thus, MPA reduces 500 the overall delay to close to link-layer handover delay. Most of the 501 mobility optimization techniques developed so far are restricted to a 502 specific type of mobility protocol only. While supporting 503 optimization for inter-domain mobility, these protocols assume that 504 there is a pre-established security arrangement between two 505 administrative domains. But this assumption may not be viable 506 always. Thus, there is a need to develop an optimization mechanism 507 that can support inter-domain mobility without any underlying 508 constraints or security related assumption. 510 Recently, the HOKEY WG within IETF is defining the ways to expedite 511 the authentication process. In particular, it has defined pre- 512 authentication [RFC5836] and fast re-authentication [RFC5169] 513 mechanisms to expedite the authentication and security association 514 process. 516 5. Applicability of MPA 518 MPA is more applicable where an accurate prediction of movement can 519 be easily made. For other environments, special care must be taken 520 to deal with issues such as pre-authentication to multiple CTNs 521 (Candidate Target Networks) and failed switching and switching back 522 as described in [mpa-wireless]. However, addressing those issues in 523 actual deployments may not be easier. Some of the deployment issues 524 are described in Appendix C. 526 Authors have cited several use cases of how MPA can be used to 527 optimize several network layer and application layer mobility 528 protocols in an accompanying document [mpa-wireless]. The 529 effectiveness of MPA may be relatively reduced if the network employs 530 network-controlled localized mobility management in which the MN does 531 not need to change its IP address while moving within the network. 532 The effectiveness of MPA may also be relatively reduced if signaling 533 for network access authentication is already optimized for movements 534 within the network, e.g., when simultaneous use of multiple 535 interfaces during handover is allowed. In other words, MPA is a more 536 viable as a solution for inter-administrative domain predictive 537 handover without the simultaneous use of multiple interfaces. Since 538 MPA is not tied to a specific mobility protocol, it is also 539 applicable to support optimization for inter-domain handover where 540 each domain may be equipped with a different mobility protocol. 541 Figure 1 shows an example of inter-domain mobility where MPA could be 542 applied. For example, domain A may support just Proxy MIPv6, whereas 543 domain B may support Client Mobile IPv6. MPA's different functional 544 components can provide the desired optimization techniques 545 proactively. 547 6. MPA Framework 549 6.1. Overview 551 Media-independent Pre-Authentication (MPA) is a mobile-assisted, 552 secure handover optimization scheme that works over any link layer 553 and with any mobility management protocol. With MPA, a mobile node 554 is not only able to securely obtain an IP address and other 555 configuration parameters for a CTN, but also able to send and receive 556 IP packets using the IP address obtained before it actually attaches 557 to the CTN. This makes it possible for the mobile node to complete 558 the binding update of any mobility management protocol and use the 559 new CoA before performing a handover at link-layer. 561 MPA adopts the following basic procedures to provide this 562 functionality. The first procedure is referred to as "pre- 563 authentication", the second procedure is referred to as "pre- 564 configuration", the combination of the third and fourth procedures 565 are referred to as "secure proactive handover". The security 566 association established through pre-authentication is referred to as 567 an "MPA-SA". 569 This functionality is provided by allowing a mobile node which has 570 connectivity to the current network but is not yet attached to a CTN, 571 to (i) establish a security association with the CTN to secure the 572 subsequent protocol signaling, then (ii) securely execute a 573 configuration protocol to obtain an IP address and other parameters 574 from the CTN as well as execute a tunnel management protocol to 575 establish a Proactive Handover Tunnel (PHT) [RFC2003] between the 576 mobile node and an access router of the CTN, then (iii) send and 577 receive IP packets, including signaling messages for binding update 578 of an MMP and data packets transmitted after completion of binding 579 update, over the PHT using the obtained IP address as the tunnel 580 inner address, and finally (iv) deleting or disabling the PHT 581 immediately before attaching to the CTN when it becomes the target 582 network and then re-assigning the inner address of the deleted or 583 disabled tunnel to its physical interface immediately after the 584 mobile node is attached to the target network through the interface. 585 Instead of deleting or disabling the tunnel before attaching to the 586 target network, the tunnel may be deleted or disabled immediately 587 after being attached to the target network. 589 Especially, the step (iii) in the previous paragraph (i.e., binding 590 update procedure) makes it possible for the mobile to complete the 591 higher-layer handover before starting link-layer handover. This 592 means that the mobile is able to send and receive data packets 593 transmitted after completing the binding update over the tunnel, 594 while data packets transmitted before completion of binding update do 595 not use the tunnel. 597 6.2. Functional Elements 599 In the MPA framework, the following functional elements are expected 600 to reside in each CTN to communicate with a mobile node: 601 Authentication Agent (AA), Configuration Agent (CA) and Access Router 602 (AR). These elements can reside in one or more network devices. 604 An authentication agent is responsible for pre-authentication. An 605 authentication protocol is executed between the mobile node and the 606 authentication agent to establish an MPA-SA. The authentication 607 protocol MUST be able to establish a shared key between the mobile 608 node and the authentication agent and SHOULD be able to provide 609 mutual authentication. The authentication protocol SHOULD be able to 610 interact with a AAA protocol such as RADIUS and Diameter to carry 611 authentication credentials to an appropriate authentication server in 612 the AAA infrastructure. This interaction happens through the 613 Authentication Agent such as PANA Authentication Agent (PAA). The 614 derived key is used for further deriving keys used for protecting 615 message exchanges used for pre-configuration and secure proactive 616 handover. Other keys that are used for bootstrapping link-layer 617 and/or network-layer ciphers MAY also be derived from the MPA-SA. A 618 protocol that can carry EAP [RFC3748] would be suitable as an 619 authentication protocol for MPA. 621 A configuration agent is responsible for one part of pre- 622 configuration, namely securely executing a configuration protocol to 623 deliver an IP address and other configuration parameters to the 624 mobile node. The signaling messages of the configuration protocol 625 (e.g., DHCP) MUST be protected using a key derived from the key 626 corresponding to the MPA-SA. 628 An access router in MPA framework is a router that is responsible for 629 the other part of pre-configuration, i.e., securely executing a 630 tunnel management protocol to establish a proactive handover tunnel 631 to the mobile node. IP packets transmitted over the proactive 632 handover tunnel SHOULD be protected using a key derived from the key 633 corresponding to the MPA-SA. Details of this procedure are described 634 in Section 6.3. 636 +----+ 637 | CN | 638 +----+ 639 / 640 (Core Network) 641 / \ 642 / \ 643 +----------------/--------+ +----\-----------------+ 644 | +-----+ | |+-----+ | 645 | | | +-----+ | || | +-----+ | 646 | | AA | |CA | | ||AA | | CA | | 647 | +--+--+ +--+--+ | |+--+--+ +--+--+ | 648 | | +------+ | | | | +-----+ | | 649 | | | pAR | | | | | |nAR | | | 650 | ---+---+ +---+-----+----+---+-+ +-----+ | 651 | +---+--+ | | +-----+ | 652 | | | | | 653 | | | | | 654 | | | | | 655 +------------+------------+ +--------|--------------+ 656 Current | Candidate| Target Network 657 Network | | 658 +------+ +------+ 659 | oPoA | | nPoA | 660 +--.---+ +--.---+ 661 . . 662 . . 663 +------+ 664 | MN | ----------> 665 +------+ 667 Figure 2: MPA Functional Components 669 6.3. Basic Communication Flow 671 Assume that the mobile node is already connected to a point of 672 attachment, say oPoA (old point of attachment), and assigned a 673 care-of address, say oCoA (old care-of address). The communication 674 flow of MPA is described as follows. Throughout the communication 675 flow, data packet loss should not occur except for the period during 676 the switching procedure in Step 5, and it is the responsibility of 677 link-layer handover to minimize packet loss during this period. 679 Step 1 (pre-authentication phase): The mobile node finds a CTN 680 through some discovery process such as IEEE 802.21 and obtains the IP 681 addresses of an authentication agent, a configuration agent and an 682 access router in the CTN (Candidate Target Network) by some means. 683 Details about discovery mechanisms are discussed in Section 7.1. The 684 mobile node performs pre-authentication with the authentication 685 agent. As discussed in Section 7.2, the mobile may need to pre- 686 authenticate with multiple candidate target networks. The decision 687 regarding which candidate network the mobile needs to pre- 688 authenticate with will depend upon several factors, such as signaling 689 overhead, bandwidth requirement (QoS), mobile's location, 690 communication cost, and handover robustness etc. Determining the 691 policy that decides the target network the mobile should pre- 692 authenticate with is out of scope for this document. 694 If the pre-authentication is successful, an MPA-SA is created between 695 the mobile node and the authentication agent. Two keys are derived 696 from the MPA-SA, namely an MN-CA key and an MN-AR key, which are used 697 to protect subsequent signaling messages of a configuration protocol 698 and a tunnel management protocol, respectively. The MN-CA key and 699 the MN-AR key are then securely delivered to the configuration agent 700 and the access router, respectively. 702 Step 2 (pre-configuration phase): The mobile node realizes that its 703 point of attachment is likely to change from oPoA to a new one, say 704 nPoA (new point of attachment). It then performs pre-configuration 705 with the configuration agent using the configuration protocol to 706 obtain several configuration parameters such as an IP address, say 707 nCoA (new care-of address), and default router from the CTN. The 708 mobile then communicates with the access router using the tunnel 709 management protocol to establish a proactive handover tunnel. In the 710 tunnel management protocol, the mobile node registers oCoA and nCoA 711 as the tunnel outer address and the tunnel inner address, 712 respectively. The signaling messages of the pre-configuration 713 protocol are protected using the MN-CA key and the MN-AR key. When 714 the configuration and the access router are co-located in the same 715 device, the two protocols may be integrated into a single protocol 716 like IKEv2. After completion of the tunnel establishment, the mobile 717 node is able to communicate using both oCoA and nCoA by the end of 718 Step 4. A configuration protocol and a tunnel management protocol 719 may be combined in a single protocol or executed in different orders 720 depending on the actual protocol(s) used for configuration and tunnel 721 management. 723 Step 3 (secure proactive handover main phase): The mobile node 724 decides to switch to the new point of attachment by some means. 725 Before the mobile node switches to the new point of attachment, it 726 starts secure proactive handover by executing the binding update 727 operation of a mobility management protocol and transmitting 728 subsequent data traffic over the tunnel (main phase). This proactive 729 binding update could be triggered based on certain local policy at 730 the mobile node end, after the pre-configuration phase is over. This 731 local policy could be signal-to-noise ratio, location of the mobile 732 etc. In some cases, it may cache multiple nCOA addresses and perform 733 simultaneous binding with the CN or HA. 735 Step 4 (secure proactive handover pre-switching phase): The mobile 736 node completes the binding update and becomes ready to switch to the 737 new point of attachment. The mobile may execute the tunnel 738 management protocol to delete or disable the proactive handover 739 tunnel and cache nCoA after deletion or disabling of the tunnel. 740 This transient tunnel can be deleted prior to or after the handover. 741 The buffering module at the next access router buffers the packets 742 once the tunnel interface is deleted. The decision as to when the 743 mobile node is ready to switch to the new point of attachment depends 744 on the handover policy. 746 Step 5 (switching): It is expected that a link-layer handover occurs 747 in this step. 749 Step 6 (secure proactive handover post-switching phase): The mobile 750 node executes the switching procedure. Upon successful completion of 751 the switching procedure, the mobile node immediately restores the 752 cached nCoA and assigns it to the physical interface attached to the 753 new point of attachment. If the proactive handover tunnel was not 754 deleted or disabled in Step 4, the tunnel is deleted or disabled as 755 well. After this, direct transmission of data packets using nCoA is 756 possible without using a proactive handover tunnel. 758 Call flow for MPA is shown in Figure 3 and Figure 4. 760 IP address(es) 761 Available for 762 Use by MN 763 | 764 +-----------------------------------+ | 765 | Candidate Target Network | | 766 | (Future Target Network) | | 767 MN oPoA | nPoA AA CA AR | | 768 | | | | | | | | | 769 | | +-----------------------------------+ | 770 | | | | | | . 771 +---------------+ | | | | | . 772 |(1) Found a CTN| | | | | | . 773 +---------------+ | | | | | | 774 | Pre-authentication | | | | 775 | [authentication protocol] | | | 776 |<--------+------------->|MN-CA key| | | 777 | | | |-------->|MN-AR key| | 778 +-----------------+ | | |------------------>| | 779 |(2) Increased | | | | | | [oCoA] 780 |chance to switch | | | | | | | 781 | to CTN | | | | | | | 782 +-----------------+ | | | | | | 783 | | | | | | | 784 | Pre-configuration | | | | 785 | [configuration protocol to get nCoA] | | 786 |<--------+----------------------->| | | 787 | Pre-configuration | | | | 788 | [tunnel management protocol to establish PHT] V 789 |<--------+--------------------------------->| 790 | | | | | | ^ 791 +-----------------+ | | | | | | 792 |(3) Determined | | | | | | | 793 |to switch to CTN | | | | | | | 794 +-----------------+ | | | | | | 795 | | | | | | | 796 | Secure proactive handover main phase | | 797 | [execution of binding update of MMP and | | 798 | transmission of data packets through AR | [oCoA, nCoA] 799 | based on nCoA over the PHT] | | | 800 |<<=======+================================>+--->... | 801 . . . . . . . 802 . . . . . . . 803 . . . . . . . 805 Figure 3: Example Communication Flow (1/2) 807 | | | | | | | 808 +----------------+ | | | | | | 809 |(4) Completion | | | | | | | 810 |of MMP BU and | | | | | | | 811 |ready to switch | | | | | | | 812 +----------------+ | | | | | | 813 | Secure proactive handover pre-switching phase | 814 | [tunnel management protocol to delete PHT] V 815 |<--------+--------------------------------->| 816 +---------------+ | | | | 817 |(5)Switching | | | | | 818 +---------------+ | | | | 819 | | | | | 820 +---------------+ | | | | 821 |(6) Completion | | | | | 822 |of switching | | | | | 823 +---------------+ | | | | 824 o<- Secure proactive handover post-switching phase ^ 825 | [Re-assignment of Tunnel Inner Address | | 826 | to the physical I/F] | | 827 | | | | | | 828 | Transmission of data packets through AR | [nCoA] 829 | based on nCoA| | | | | 830 |<---------------+---------------------------+-->... | 831 | | | | | . 833 Figure 4: Example Communication Flow (2/2) 835 7. MPA Operations 837 In order to provide an optimized handover for a mobile experiencing 838 rapid movement between subnets and/or domains handover, one needs to 839 look into several operations. These issues include: 841 i) discovery of neighboring networking elements, ii) connecting to 842 the right network based on certain policy, iii) changing the layer 2 843 point of attachment, iv) obtaining an IP address from a DHCP or PPP 844 server, v) confirming the uniqueness of the IP address, vi) pre- 845 authenticating with the authentication agent, vii) sending the 846 binding update to the correspondent host viii) obtaining the 847 redirected streaming traffic to the new point of attachment, ix) 848 ping-pong effect, x) probability of moving to more than one network 849 and associating with multiple target networks. We describe these 850 issues in detail in the following paragraphs and describe how we have 851 optimized these in case of MPA-based secure proactive handover. 853 7.1. Discovery 855 Discovery of neighboring networking elements such as access points, 856 access routers, authentication servers helps expedite the handover 857 process during a mobile's movement between networks. After 858 discovering the network neighborhood with a desired set of 859 coordinates, capabilities and parameters the mobile can perform many 860 of the operation such as pre-authentication, proactive IP address 861 acquisition, proactive address resolution, and binding update while 862 in the previous network. 864 There are several ways a mobile can discover neighboring networks. 865 The Candidate Access Router Discovery protocol [RFC2608] helps 866 discover the candidate access routers in the neighboring networks. 867 Given a certain network domain SLP (Service Location Protocol) 868 [RFC4066] and DNS help provide addresses of the networking components 869 for a given set of services in the specific domain. In some cases 870 many of the network layer and upper layer parameters may be sent over 871 link layer management frames such as beacons when the mobile 872 approaches the vicinity of the neighboring networks. IEEE 802.11u is 873 considering issues such as discovering neighborhood using information 874 contained in link layer. However, if the link-layer management 875 frames are encrypted by some link layer security mechanism, then the 876 mobile node may not be able to obtain the requisite information 877 before establishing link layer connectivity to the access point. In 878 addition this may add burden to the bandwidth constrained wireless 879 medium. In such cases a higher layer protocol is preferred to obtain 880 the information regarding the neighboring elements. Some proposals 881 such as [802.21] help obtain information about the neighboring 882 networks from a mobility server. When the movement is imminent, the 883 mobile node starts the discovery process by querying a specific 884 server and obtains the required parameters such as the IP address of 885 the access point, its characteristics, routers, SIP servers or 886 authentication servers of the neighboring networks. In the event of 887 multiple networks, it may obtain the required parameters from more 888 than one neighboring networks and keep these in a cache. At some 889 point the mobile finds out several CTNs out of many probable networks 890 and starts the pre-authentication process by communicating with the 891 required entities in the CTNs. Further details of this scenario are 892 in Section 7.2. 894 7.2. Pre-authentication in multiple CTN environment 896 In some cases, although a mobile selects a specific network to be the 897 target network, it may actually end up with moving into a neighboring 898 network other than the target network due to factors that are beyond 899 the mobile's control. Thus it may be useful to perform the pre- 900 authentication with a few probable candidate target networks and 901 establish time-bound transient tunnels with the respective access 902 routers in those networks. Thus, in the event of a mobile moving to 903 a candidate target network other than that was chosen as the target 904 network, it will not be subjected to packet loss due to 905 authentication and IP address acquisition delay that could occur if 906 the mobile did not pre-authenticate with that candidate target 907 network. It may appear that by pre-authenticating with a number of 908 candidate target networks and reserving the IP addresses, the mobile 909 is reserving resources that could be used otherwise. But since this 910 happens for a time-limited period it should not be a big problem; it 911 depends upon the mobility pattern and duration. The mobile uses a 912 pre-authentication procedure to obtain an IP address proactively and 913 to set up the time bound tunnels with the access routers of the 914 candidate target networks. Also, MN may retain some or all of the 915 nCoAs for future movement. 917 The mobile may choose one of these addresses as the binding update 918 address and send it to the CN (Correspondent Node) or HA (Home 919 Agent), and will thus receive the tunneled traffic via the target 920 network while in the previous network. But in some instances, the 921 mobile may eventually end up moving to a network that is other than 922 the target network. Thus, there will be a disruption in traffic as 923 the mobile moves to the new network since the mobile has to go 924 through the process of assigning the new IP address and sending the 925 binding update again. There are two solutions to this problem. The 926 mobile can take advantage of the simultaneous mobility binding and 927 send multiple binding updates to the corresponding host or HA. Thus, 928 the corresponding host or HA forwards the traffic to multiple IP 929 addresses assigned to the virtual interfaces for a specific period of 930 time. This binding update gets refreshed at the CH after the mobile 931 moves to the new network, thus stopping the flow to the other 932 candidate networks. RFC 5648 [RFC5648] discusses different scenarios 933 of mobility binding with multiple care-of-addresses. In case 934 simultaneous binding is not supported in a specific mobility scheme, 935 forwarding of traffic from the previous target network will help take 936 care of the transient traffic until the new binding update is sent 937 from the new network. 939 7.3. Proactive IP address acquisition 941 In general a mobility management protocol works in conjunction with 942 the Foreign Agent or in co-located address mode. The MPA approach 943 can use both co-located address mode and foreign agent address mode. 944 We discuss here the address assignment component that is used in co- 945 located address mode. There are several ways a mobile node can 946 obtain an IP address and configure itself. In some cases, a mobile 947 can configure itself statically in the absence of any configuration 948 element such as a server or router in the network. In a LAN 949 environment the mobile can obtain an IP address from DHCP servers. 950 In case of IPv6 networks, a mobile has the option of obtaining the IP 951 address using stateless auto-configuration or DHCPv6. In some wide 952 area networking environment, the mobile uses PPP (Point-to-Point 953 Protocol) to obtain the IP address by communicating with a NAS. 955 Each of these processes takes of the order of few hundred 956 milliseconds to few seconds depending upon the type of IP address 957 acquisition process and operating system of the clients and servers. 958 Since IP address acquisition is part of the handover process, it adds 959 to the handover delay and thus it is desirable to reduce this delay 960 as much as possible. There are few optimized techniques such as DHCP 961 Rapid Commit [RFC4039], GPS-coordinate based IP address [GPSIP] 962 available that attempt to reduce the handover time due to IP address 963 acquisition time. However, in all these cases the mobile also 964 obtains the IP address after it moves to the new subnet and incurs 965 some delay because of the signaling handshake between the mobile node 966 and the DHCP server. 968 In FastMIP6 [RFC5568], through the RtSolPr and PrRtAdv messages, the 969 MN also formulates a prospective new CoA (NCoA) when it is still 970 present on the PAR's link. Hence, the latency due to new prefix 971 discovery subsequent to handover is eliminated. However, in this 972 case, both the previous access router (PAR) and the next access 973 router (NAR) need to cooperate with each other to be able to retrieve 974 the prefix from the target network. 976 In the following paragraph we describe few ways a mobile node can 977 obtain the IP address proactively from the CTN and the associated 978 tunnel setup procedure. These can broadly be divided into four 979 categories such as PANA-assisted proactive IP address acquisition, 980 IKE-assisted proactive IP address acquisition, proactive IP address 981 acquisition using DHCP only and stateless autoconfiguration.When DHCP 982 is used for address configuration, a DHCP server is assumed to be 983 serving one subnet. 985 7.3.1. PANA-assisted proactive IP address acquisition 987 In case of PANA-assisted proactive IP address acquisition, the mobile 988 node obtains an IP address proactively from a CTN. The mobile node 989 makes use of PANA [RFC5191] messages to trigger the IP address 990 acquisition process via a DHCP client that is colocated with the PANA 991 authentication agent in the access router in the CTN acting on behalf 992 of the mobile. Upon receiving a PANA message from the mobile node, 993 the DHCP client on the authentication agent performs normal DHCP 994 message exchanges to obtain the IP address from the DHCP server in 995 the CTN. This address is piggy-backed in a PANA message and is 996 delivered to the mobile. In case of IPv6 Router Advertisment (RA) is 997 carried as part of PANA message. In case of stateless 998 autoconfiguration, the mobile uses the prefix(es) obtained as part of 999 RA and its MAC address to construct the unique IPv6 address(es) as it 1000 would have done in the new network. In case of stateful address 1001 configuration, te procedure similar to DHCPv4 can be applied. 1003 7.3.2. IKEv2-assisted proactive IP address acquisition 1005 IKEv2-assisted proactive IP address acquisition works when an IPsec 1006 gateway and a DHCP relay agent are resident within each access router 1007 in the CTN. In this case, the IPsec gateway and DHCP relay agent in 1008 a CTN help the mobile node acquire the IP address from the DHCP 1009 server in the CTN. The MN-AR key established during the pre- 1010 authentication phase is used as the IKEv2 pre-shared secret needed to 1011 run IKEv2 between the mobile node and the access router. The IP 1012 address from the CTN is obtained as part of standard IKEv2 procedure, 1013 with using the co-located DHCP relay agent for obtaining the IP 1014 address from the DHCP server in the target network using standard 1015 DHCP. The obtained IP address is sent back to the client in the 1016 IKEv2 Configuration Payload exchange. In this case, IKEv2 is also 1017 used as the tunnel management protocol for a proactive handover 1018 tunnel (see Section 7.4). Alternatively VPN-GW can itself dispense 1019 the IP address from its IP address pool. 1021 7.3.3. Proactive IP address acquisition using DHCPv4 only 1023 As another alternative, DHCP may be used for proactively obtaining an 1024 IP address from a CTN without relying on PANA or IKEv2-based 1025 approaches by allowing direct DHCP communication between the mobile 1026 node and the DHCP relay or DHCP server in the CTN. The mechanism 1027 described in this section is applicable to DHCPv4 only. The mobile 1028 node sends a unicast DHCP message to the DHCP relay agent or DHCP 1029 server in the CTN requesting an address, while using the address 1030 associated with the current physical interface as the source address 1031 of the request. 1033 When the message is sent to the DHCP relay agent, the DHCP relay 1034 agent relays the DHCP messages back and forth between the mobile node 1035 and the DHCP server. In the absence of a DHCP relay agent the mobile 1036 can also directly communicate with the DHCP server in the target 1037 network. The broadcast option in the client's unicast DISCOVER 1038 message should be set to 0 so that the relay agent or the DHCP server 1039 can send the reply directly back to the mobile using the mobile 1040 node's source address. 1042 In order to prevent malicious nodes from obtaining an IP address from 1043 the DHCP server, DHCP authentication should be used or the access 1044 router should install a filter to block unicast DHCP message sent to 1045 the remote DHCP server from mobile nodes that are not pre- 1046 authenticated. When DHCP authentication is used, the DHCP 1047 authentication key may be derived from the MPA-SA established between 1048 the mobile node and the authentication agent in the candidate target 1049 network. 1051 The proactively obtained IP address is not assigned to the mobile 1052 node's physical interface until the mobile has moved to the new 1053 network. The IP address thus obtained proactively from the target 1054 network should not be assigned to the physical interface but rather 1055 to a virtual interface of the client. Thus, such a proactively 1056 acquired IP address via direct DHCP communication between the mobile 1057 node and the DHCP relay or the DHCP server in the CTN may be carried 1058 with additional information that is used to distinguish it from other 1059 addresses as assigned to the physical interface. 1061 Upon the mobile's entry to the new network, the mobile node can 1062 perform DHCP over the physical interface to the new network to get 1063 other configuration parameters such as the SIP server, DNS server by 1064 using DHCP INFORM. This should not affect the ongoing communication 1065 between the mobile and correspondent host. Also, the mobile node can 1066 perform DHCP over the physical interface to the new network to extend 1067 the lease of the address that was proactively obtained before 1068 entering the new network. 1070 In order to maintain the DHCP binding for the mobile node and keep 1071 track of the dispensed IP address before and after the secure 1072 proactive handover, the same DHCP client identifier needs to be used 1073 for the mobile node for both DHCP for proactive IP address 1074 acquisition and DHCP performed after the mobile node enters the 1075 target network. The DHCP client identifier may be the MAC address of 1076 the mobile node or some other identifier. 1078 7.3.4. Proactive IP address acquisition using stateless 1079 autoconfiguration 1081 For IPv6, a network address is configured either using DHCPv6 or 1082 stateless autoconfiguration. In order to obtain the new IP address 1083 proactively, the router advertisement of the next hop router can be 1084 sent over the established tunnel, and a new IPv6 address is generated 1085 based on the prefix and MAC address of the mobile. Generating a COA 1086 from the new network will avoid the time needed to obtain an IP 1087 address and perform Duplicate Address Detection. 1089 Duplicate address detection and address resolution are part of the IP 1090 address acquisition process. As part of the proactive configuration 1091 these two processes can be done ahead of time. Details of how these 1092 two processes can be done proactively are described in Appendix A and 1093 Appendix B, respectively. 1095 In case of stateless autoconfiguration, the mobile checks to see the 1096 prefix of the router advertisement in the new network and matches it 1097 with the prefix of newly assigned IP address. If these turn out to 1098 be the same then the mobile does not go through the IP address 1099 acquisition phase again. 1101 7.4. Tunnel management 1103 After an IP address is proactively acquired from the DHCP server in a 1104 CTN or via stateless autoconfiguration in case of IPv6, a proactive 1105 handover tunnel is established between the mobile node and the access 1106 router in the CTN. The mobile node uses the acquired IP address as 1107 the tunnel's inner address. 1109 There are several reasons why this transient tunnel is established 1110 between the NAR and the mobile in the old PoA, unlike transient 1111 tunnel in FMIPv6 (Fast MIPv6) [RFC5568], where it is set up between 1112 mobile's new point of attachment and the old access router. 1114 In case of inter-domain handoff, it is important that any signaling 1115 message between nPoA and the mobile needs to be secured. This 1116 transient secured tunnel provides the desired functionality including 1117 the securing the proactive binding update and transient data between 1118 the end-points before the handover has taken place. Unlike proactive 1119 mode of FMIPv6, transient handover packets are not sent to PAR, and 1120 thus a tunnel between mobile's new point of attachment and old access 1121 router is not needed. 1123 In case of inter-domain handoff, PAR and NAR could logically be far 1124 from each other. Thus, the signaling and data during pre- 1125 authentication period will take a longer route, and thus, may be 1126 subjected to longer one-way-delay. Hence, MPA provides a tradeoff 1127 between larger packet loss or larger one-way-packet delay for a 1128 transient period, when the mobile is preparing to handoff. 1130 The proactive handover tunnel is established using a tunnel 1131 management protocol. When IKEv2 is used for proactive IP address 1132 acquisition, IKEv2 is also used as the tunnel management protocol. 1133 Alternatively, when PANA is used for proactive IP address 1134 acquisition, PANA may be used as the secure tunnel management 1135 protocol. 1137 Once the proactive handover tunnel is established between the mobile 1138 node and the access router in the candidate target network, the 1139 access router also needs to perform proxy address resolution (Proxy 1140 ARP) on behalf of the mobile node so that it can capture any packets 1141 destined to the mobile node's new address. 1143 Since the mobile needs to be able to communicate with the 1144 correspondent node while in the previous network some or all parts of 1145 binding update and data from the correspondent node to mobile node 1146 need to be sent back to the mobile node over a proactive handover 1147 tunnel. Details of these binding update procedure are described in 1148 Section 7.5. 1150 In order for the traffic to be directed to the mobile node after the 1151 mobile node attaches to the target network, the proactive handover 1152 tunnel needs to be deleted or disabled. The tunnel management 1153 protocol used for establishing the tunnel is used for this purpose. 1154 Alternatively, when PANA is used as the authentication protocol the 1155 tunnel deletion or disabling at the access router can be triggered by 1156 means of PANA update mechanism as soon as the mobile moves to the 1157 target network. A link-layer trigger ensures that the mobile node is 1158 indeed connected to the target network and can also be used as the 1159 trigger to delete or disable the tunnel. A tunnel management 1160 protocol also triggers the router advertisement (RA) the from next 1161 access router to be sent over the tunnel, as soon as the tunnel 1162 creation is complete. 1164 7.5. Binding Update 1166 There are several kinds of binding update mechanisms for different 1167 mobility management schemes. 1169 In case of Mobile IPv4 and Mobile IPv6, the mobile performs a binding 1170 update with the home agent only, if route optimization is not used. 1171 Otherwise, the mobile performs binding update with both the home 1172 agent (HA) and corresponding node (CN). 1174 In case of SIP-based terminal mobility, the mobile sends binding 1175 update using INVITE to the correspondent node and REGISTER message to 1176 the Registrar. Based on the distance between the mobile and the 1177 correspondent node, the binding update may contribute to the handover 1178 delay. SIP-fast handover [SIPFAST] provides several ways of reducing 1179 the handover delay due to binding update. In case of secure 1180 proactive handover using SIP-based mobility management we do not 1181 encounter the delay due to binding update completely, as it takes 1182 place in the previous network. 1184 Thus, this proactive binding update scheme looks more attractive when 1185 the correspondent node is too far from the communicating mobile node. 1186 Similarly, in case of Mobile IPv6, the mobile sends the newly 1187 acquired CoA from the target network as the binding update to the HA 1188 and CN. Also all signaling messages between MN and HA and between MN 1189 and CN are passed through this proactive tunnel that is set up. 1190 These messages include Binding Update (BU), Binding Acknowledgement 1191 (BA) and the associated return routability messages such as Home Test 1192 Init (HoTI), Home Test (HoT), Care-of Test Init (CoTI), Care-of Test 1193 (COT). In Mobile IPv6, since the receipt of on-link router 1194 advertisement is mandatory for the mobile to detect the movement and 1195 trigger the binding update, router advertisement from next access 1196 router needs to be advertised over the tunnel. By proper 1197 configuration on NAR, router advertisement can be sent over the 1198 tunnel interface to trigger the proactive binding update. The mobile 1199 also needs to make the tunnel interface the active interface, so that 1200 it can send the binding update using this interface as soon as it 1201 receives the router advertisement. 1203 If the proactive handover tunnel is realized as an IPsec tunnel, it 1204 will also protect these signaling messages between the tunnel end 1205 points and will make the return routability test secured as well. 1206 Any subsequent data will also be tunneled through as long as the 1207 mobile is in the previous network. The accompanying document 1208 [mpa-wireless] talks about the details of how binding updates and 1209 signaling for return routability are sent over the secured tunnel. 1211 7.6. Preventing packet loss 1213 7.6.1. Packet loss prevention in single interface MPA 1215 For single interface MPA, there may be some transient packets during 1216 link-layer handover that are directed to the mobile node at the old 1217 point of attachment before the mobile node is able to attach to the 1218 target network. Those transient packets can be lost. Buffering 1219 these packets at the access router of the old point of attachment can 1220 eliminate packet loss. Dynamic buffering signals that are signalled 1221 from the MN can temporarily hold transient traffic during handover 1222 and then these packets can be forwarded to the MN once it attaches to 1223 the target network. A detailed analysis of buffering technique can 1224 be found in [PIMRC06]. 1226 An alternative method is to use bicasting. Bicasting helps to 1227 forward the traffic to two destinations at the same time. However, 1228 it does not eliminate packet loss if link-layer handover is not 1229 seamlessly performed. On the other hand, buffering does not reduce 1230 packet delay. While packet delay can be compensated by a playout 1231 buffer at the receiver side for streaming application, a playout 1232 buffer does not help much for interactive VoIP application that 1233 cannot tolerate for large delay jitters. Thus it is still important 1234 to optimize the link-layer handover anyway. 1236 7.6.2. Preventing packet losses for multiple interfaces 1238 MPA usage in multi-interface handover scenarios involves preparing 1239 the second interface for use via the current active interface. This 1240 preparation involves pre-authentication and provisioning at a target 1241 network where the second interface would be the eventual active 1242 interface. For example, during inter-technology handover from a 1243 Wi-Fi to a CDMA network, pre-authentication at the CDMA network can 1244 be performed via the Wi-Fi interface. The actual handover occurs 1245 when the CDMA interface becomes the active interface for the MN. 1247 In such scenarios, if handover occurs while both interfaces are 1248 active, there is generally no packet loss since transient packets 1249 directed towards the old interface will still reach the MN. However, 1250 if sudden disconnection of the current active interface is used to 1251 initiate handover to the prepared interface then transient packets 1252 for the disconnected interface will be lost while the MN attempts to 1253 be reachable at the prepared interface. In such cases, a specialized 1254 form of buffering can be used to eliminate packet loss where packets 1255 are merely copied at an access router in the current active network 1256 prior to disconnection. If sudden disconnection does occur, copied 1257 packets can be forwarded to the MN once the prepared interface 1258 becomes the active reachable interface. The copy-and-foward 1259 mechanism is not limited to multi-interface handover. 1261 A notable side-effect of this process is the possible duplication of 1262 packets during forwarding to the new active interface. Several 1263 approaches can be employed to minimize this effect. Relying on upper 1264 layer protocols such as TCP to detect and eliminate duplicates is the 1265 most common approach. Customized duplicate detection and handling 1266 techniques can also be used. In general, packet duplication is a 1267 well known issue that can also be handled locally by the MN. 1269 If the mobile takes a longer amount of time to detect the 1270 disconnection event of the current active interface, it can also have 1271 an adverse effect on the length of the handover process. Thus it 1272 becomes necessary to use an optimized scheme of detecting interface 1273 disconnection in such scenarios. Use of the current interface to 1274 perform pre-authentication instead of the new interface is desirable 1275 in certain circumstances, such as to save battery power or in cases 1276 where the adjacent cells (e.g., WiFi, and CDMA) are non-overlapping 1277 or in cases when the carrier does not allow simultaneous use of both 1278 interfaces. However, in certain circumstances, depending upon the 1279 type of target network, only parts of MPA operations can be performed 1280 (e.g., pre-authentication, pre-configuration, proactive binding 1281 update). In a specific scenario involving handoff between WiFi and 1282 CDMA network, some of the PPP context can be set up during the pre- 1283 authentication period, thus reducing the time for PPP activation. 1285 7.6.3. Reachability test 1287 In addition to previous techniques, the MN may also want to ensure 1288 reachability of the new point of attachment before switching from the 1289 old one. This can be done by exchanging link-layer management frames 1290 with the new point of attachment. This reachability check should be 1291 performed as quickly as possible. In order to prevent packet loss 1292 during this reachability check, transmission of packets over the link 1293 between the MN and old point of attachment should be suspended by 1294 buffering the packets at both ends of the link during the 1295 reachability check. How to perform this buffering is out of scope of 1296 this document. Some of the results using this buffering scheme are 1297 explained in the accompanying implementation document. 1299 7.7. Security and mobility 1301 7.7.1. Link-layer security and mobility 1303 Using the MPA-SA established between the mobile node and the 1304 authentication agent for a CTN, during the pre-authentication phase, 1305 it is possible to bootstrap link-layer security in the CTN while the 1306 mobile node is in the current network in the following way. Figure 5 1307 shows the sequence of operation. 1309 (1) The authentication agent and the mobile node derives a PMK (Pair- 1310 wise Master Key) [RFC5247] using the MPA-SA that is established as a 1311 result of successful pre-authentication. Successful operation of EAP 1312 and an AAA protocol may be involved during pre-authentication to 1313 establish the MPA-SA. From the PMK, distinct TSKs (Transient Session 1314 Keys) [RFC5247] for the mobile node are directly or indirectly 1315 derived for each point of attachment of the CTN. 1317 (2) The authentication agent may install the keys derived from the 1318 PMK and used for secure association to points of attachment. The 1319 derived keys may be TSKs or intermediary keys from which TSKs are 1320 derived. 1322 (3) After the mobile node chooses a CTN as the target network and 1323 switches to a point of attachment in the target network (which now 1324 becomes the new network for the mobile node), it executes a secure 1325 association protocol such as the IEEE 802.11i 4-way handshake 1326 [802.11] using the PMK in order to establish PTKs (Pair-wise 1327 Transient Keys) and GTKs (Group Transient Keys) [RFC5247] used for 1328 protecting link-layer packets between the mobile node and the point 1329 of attachment. No additional execution of EAP authentication is 1330 needed here. 1332 (4) While the mobile node is roaming in the new network, the mobile 1333 node only needs to perform a secure association protocol with its 1334 point of attachment point and no additional execution of EAP 1335 authentication is needed either. Integration of MPA with link-layer 1336 handover optimization mechanisms such as 802.11r can be archived this 1337 way. 1339 The mobile node may need to know the link-layer identities of the 1340 point of attachments in the CTN to derive TSKs. 1342 _________________ ____________________________ 1343 | Current Network | | CTN | 1344 | ____ | | ____ | 1345 | | | (1) pre-authentication | | | 1346 | | MN |<------------------------------->| AA | | 1347 | |____| | | |____| | 1348 | . | | | | 1349 | . | | | | 1350 |____.____________| | | | 1351 .movement | |(2) Keys | 1352 ____.___________________| | | 1353 | _v__ _____ | | 1354 | | |(3) secure assoc. | | | | 1355 | | MN |<------------------>| AP1 |<-------+ | 1356 | |____| |_____| | | 1357 | . | | 1358 | .movement | | 1359 | . | | 1360 | . | | 1361 | _v__ _____ | | 1362 | | |(4) secure assoc. | | | | 1363 | | MN |<------------------>| AP2 |<-------+ | 1364 | |____| |_____| | 1365 |_____________________________________________________| 1367 Figure 5: Bootstrapping Link-layer Security 1369 7.7.2. IP layer security and mobility 1371 IP layer security is typically maintained between the mobile and 1372 first hop router or any other network element such as SIP proxy by 1373 means of IPsec. This IPSec SA can be set up either in tunnel mode or 1374 in ESP mode. However, as the mobile moves, the IP address of the 1375 router and outbound proxy will change in the new network. The 1376 mobile's IP address may or may not change depending upon the mobility 1377 protocol being used. This will warrant re-establishing a new 1378 security association between the mobile and the desired network 1379 entity. In some cases such as in 3GPP/3GPP2 IMS/MMD environment data 1380 traffic is not allowed to pass through unless there is an IPsec SA 1381 established between the mobile and outbound proxy. This will of 1382 course add unreasonable delay to the existing real-time communication 1383 during mobile's movement. In this scenario, key exchange is done as 1384 part of SIP registration that follows a key exchange procedure called 1385 AKA (Authentication and Key Agreement). 1387 MPA can be used to bootstrap this security association as part of 1388 pre-authentication via the new outbound proxy. Prior to the 1389 movement, if the mobile can pre-register via the new outbound proxy 1390 in the target network and completes the pre-authentication procedure, 1391 then the new SA state between the mobile and new outbound proxy can 1392 be established prior to the movement to the new network. A similar 1393 approach can also be applied if a key exchange mechanism other than 1394 AKA is used or the network element with which the security 1395 association has to be established is different than an outbound 1396 proxy. 1398 By having the security association established ahead of time, the 1399 mobile does not need to involve in any exchange to set up the new 1400 security association after the movement. Any further key exchange 1401 will be limited to renew the expiry time. This will also reduce the 1402 delay for real-time communication as well. 1404 7.8. Authentication in initial network attachment 1406 When the mobile node initially attaches to a network, network access 1407 authentication would occur regardless of the use of MPA. The 1408 protocol used for network access authentication when MPA is used for 1409 handover optimization can be a link-layer network access 1410 authentication protocol such as IEEE 802.1X or a higher-layer network 1411 access authentication protocol such as PANA. 1413 8. Security Considerations 1415 This document describes a framework of a secure handover optimization 1416 mechanism based on performing handover-related signaling between a 1417 mobile node and one or more candidate target networks to which the 1418 mobile node may move in the future. This framework involves 1419 acquisition of the resources from the CTN as well as data packet 1420 redirection from the CTN to the mobile node in the current network 1421 before the mobile node physically connects to one of those CTN. 1423 Acquisition of the resources from the candidate target networks must 1424 be done with appropriate authentication and authorization procedures 1425 in order to prevent an unauthorized mobile node from obtaining the 1426 resources. For this reason, it is important for the MPA framework to 1427 perform pre-authentication between the mobile node and the candidate 1428 target networks. The MN-CA key and the MN-AR key generated as a 1429 result of successful pre-authentication can protect subsequent 1430 handover signaling packets and data packets exchanged between the 1431 mobile node and the MPA functional elements in the CTN's. 1433 The MPA framework also addresses security issues when the handover is 1434 performed across multiple administrative domains. With MPA, it is 1435 possible for handover signaling to be performed based on direct 1436 communication between the mobile node and routers or mobility agents 1437 in the candidate target networks. This eliminates the need for a 1438 context transfer protocol [RFC5247] for which known limitations exist 1439 in terms of security and authorization. For this reason, the MPA 1440 framework does not require trust relationship among administrative 1441 domains or access routers, which makes the framework more deployable 1442 in the Internet without compromising the security in mobile 1443 environments. 1445 9. IANA Considerations 1447 This document has no actions for IANA. 1449 10. Acknowledgments 1451 We would like to thank Farooq Anjum and Raziq Yaqub for their review 1452 of this document, and Subir Das for standardization support in the 1453 IEEE 802.21 WG. 1455 Authors would like to acknowledge Christian Vogt, Rajeev Koodli, 1456 Marco Liebsch, Juergen Schoenwaelder and Charles Perkins for their 1457 thorough review of the draft and useful feedback. 1459 11. References 1461 11.1. Normative References 1463 [RFC5944] Perkins, C., "IP Mobility Support for IPv4, Revised", 1464 RFC 5944, November 2010. 1466 [RFC3748] Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., and H. 1467 Levkowetz, "Extensible Authentication Protocol (EAP)", 1468 RFC 3748, June 2004. 1470 [RFC3775] Johnson, D., Perkins, C., and J. Arkko, "Mobility Support 1471 in IPv6", RFC 3775, June 2004. 1473 [RFC2205] Braden, B., Zhang, L., Berson, S., Herzog, S., and S. 1474 Jamin, "Resource ReSerVation Protocol (RSVP) -- Version 1 1475 Functional Specification", RFC 2205, September 1997. 1477 [RFC5380] Soliman, H., Castelluccia, C., ElMalki, K., and L. 1478 Bellier, "Hierarchical Mobile IPv6 (HMIPv6) Mobility 1479 Management", RFC 5380, October 2008. 1481 [RFC5568] Koodli, R., "Mobile IPv6 Fast Handovers", RFC 5568, 1482 July 2009. 1484 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1485 Requirement Levels", BCP 14, RFC 2119, March 1997. 1487 [RFC4555] Eronen, P., "IKEv2 Mobility and Multihoming Protocol 1488 (MOBIKE)", RFC 4555, June 2006. 1490 [RFC4881] El Malki, K., "Low-Latency Handoffs in Mobile IPv4", 1491 RFC 4881, June 2007. 1493 [RFC4066] Liebsch, M., Singh, A., Chaskar, H., Funato, D., and E. 1494 Shim, "Candidate Access Router Discovery (CARD)", 1495 RFC 4066, July 2005. 1497 [RFC4830] Kempf, J., "Problem Statement for Network-Based Localized 1498 Mobility Management (NETLMM)", RFC 4830, April 2007. 1500 [RFC4831] Kempf, J., "Goals for Network-Based Localized Mobility 1501 Management (NETLMM)", RFC 4831, April 2007. 1503 [RFC4065] Kempf, J., "Instructions for Seamoby and Experimental 1504 Mobility Protocol IANA Allocations", RFC 4065, July 2005. 1506 [RFC5247] Aboba, B., Simon, D., and P. Eronen, "Extensible 1507 Authentication Protocol (EAP) Key Management Framework", 1508 RFC 5247, August 2008. 1510 [RFC5191] Forsberg, D., Ohba, Y., Patil, B., Tschofenig, H., and A. 1511 Yegin, "Protocol for Carrying Authentication for Network 1512 Access (PANA)", RFC 5191, May 2008. 1514 [RG98] ITU-T, "General Characteristics of International Telephone 1515 Connections and International Telephone Circuits: One-Way 1516 Transmission Time", ITU-T Recommendation G.114 1998. 1518 [ITU98] ITU-T, "The E-Model, a computational model for use in 1519 transmission planning", ITU-T Recommendation G.107 1998. 1521 [ETSI] ETSI, "Telecommunications and Internet Protocol 1522 Harmonization Over Networks (TIPHON) Release 3: End-to-end 1523 Quality of Service in TIPHON systems; Part 1: General 1524 aspects of Quality of Service.", ETSI TR 101 329-6 V2.1.1. 1526 11.2. Informative References 1528 [RFC5201] Moskowitz, R., Nikander, P., Jokela, P., and T. Henderson, 1529 "Host Identity Protocol", RFC 5201, April 2008. 1531 [RFC2679] Almes, G., Kalidindi, S., and M. Zekauskas, "A One-way 1532 Delay Metric for IPPM", RFC 2679, September 1999. 1534 [RFC2680] Almes, G., Kalidindi, S., and M. Zekauskas, "A One-way 1535 Packet Loss Metric for IPPM", RFC 2680, September 1999. 1537 [RFC2681] Almes, G., Kalidindi, S., and M. Zekauskas, "A Round-trip 1538 Delay Metric for IPPM", RFC 2681, September 1999. 1540 [RFC2003] Perkins, C., "IP Encapsulation within IP", RFC 2003, 1541 October 1996. 1543 [RFC2608] Guttman, E., Perkins, C., Veizades, J., and M. Day, 1544 "Service Location Protocol, Version 2", RFC 2608, 1545 June 1999. 1547 [RFC2473] Conta, A. and S. Deering, "Generic Packet Tunneling in 1548 IPv6 Specification", RFC 2473, December 1998. 1550 [RFC3046] Patrick, M., "DHCP Relay Agent Information Option", 1551 RFC 3046, January 2001. 1553 [RFC4039] Park, S., Kim, P., and B. Volz, "Rapid Commit Option for 1554 the Dynamic Host Configuration Protocol version 4 1555 (DHCPv4)", RFC 4039, March 2005. 1557 [RFC5172] Varada, S., "Negotiation for IPv6 Datagram Compression 1558 Using IPv6 Control Protocol", RFC 5172, March 2008. 1560 [RFC5648] Wakikawa, R., Devarapalli, V., Tsirtsis, G., Ernst, T., 1561 and K. Nagami, "Multiple Care-of Addresses Registration", 1562 RFC 5648, October 2009. 1564 [RFC4429] Moore, N., "Optimistic Duplicate Address Detection (DAD) 1565 for IPv6", RFC 4429, April 2006. 1567 [RFC5836] Ohba, Y., Wu, Q., and G. Zorn, "Extensible Authentication 1568 Protocol (EAP) Early Authentication Problem Statement", 1569 RFC 5836, April 2010. 1571 [RFC5213] Gundavelli, S., Leung, K., Devarapalli, V., Chowdhury, K., 1572 and B. Patil, "Proxy Mobile IPv6", RFC 5213, August 2008. 1574 [RFC5974] Manner, J., Karagiannis, G., and A. McDonald, "NSIS 1575 Signaling Layer Protocol (NSLP) for Quality-of-Service 1576 Signaling", RFC 5974, October 2010. 1578 [RFC5169] Clancy, T., Nakhjiri, M., Narayanan, V., and L. Dondeti, 1579 "Handover Key Management and Re-Authentication Problem 1580 Statement", RFC 5169, March 2008. 1582 [SIPMM] Schulzrinne, H. and E. Wedlund, "Application Layer 1583 Mobility Using SIP", ACM MC2R. 1585 [CELLIP] Cambell, A., Gomez, J., Kim, S., Valko, A., and C. Wan, 1586 "Design, Implementation, and Evaluation of Cellular IP", 1587 IEEE Personal communication Auguest 2000. 1589 [MOBIQUIT07] 1590 Lopez, R., Dutta, A., Ohba, Y., Schulzrinne, H., and A. 1591 Skarmeta, "Network-layer assisted mechanism to optimize 1592 authentication delay during handoff in 802.11 networks", 1593 IEEE Mobiquitous June 2007. 1595 [IEEE-03-084] 1596 Mishra, A., Shin, M., Arbaugh, W., Lee, I., and K. Jang, 1597 "Proactive Key Distribution to support fast and secure 1598 roaming, IEEE 802.11 Working Group, IEEE-03-084r1-I, 1599 "www.ieee802.org/11/Documents/DocumentHolder/3-084.zip"", 1600 IEEE June 2003. 1602 [SPRINGER07] 1603 Dutta, A., Das, S., Famolari, D., Ohba, Y., Taniuchi, K., 1604 Fajardo, V., Schulzrinne, H., Lopez, R., Kodama, T., and 1605 A. Skarmeta, "Seamless proactive handover across 1606 heterogeneous access networks", Wireless Personal 1607 Communication February 2007. 1609 [HAWAII] Ramjee, R., Porta, T., Thuel, S., Varadhan, K., and S. 1610 Wang, "HAWAII: A Domain-based Approach for Supporting 1611 Mobility in Wide-area Wireless networks", International 1612 Conference on Network Protocols ICNP'99. 1614 [IDMP] Das, S., Dutta, A., Misra, A., and S. Das, "IDMP: An 1615 Intra-Domain Mobility Management Protocol for Next 1616 Generation Wireless Networks", IEEE Wireless Communication 1617 Magazine October 2000. 1619 [I-D.ietf-mobileip-reg-tunnel] 1620 Calhoun, P., Montenegro, G., Perkins, C., and E. 1621 Gustafsson, "Mobile IPv4 Regional Registration", 1622 draft-ietf-mobileip-reg-tunnel-09 (work in progress), 1623 July 2004. 1625 [YOKOTA] Yokota, H., Idoue, A., and T. Hasegawa, "Link Layer 1626 Assisted Mobile IP Fast Handoff Method over Wireless LAN 1627 Networks", Proceedings of ACM Mobicom 2002. 1629 [MACD] Shin, S., "Reducing MAC Layer Handoff Latency in IEEE 1630 802.11 Wireless LANs", MOBIWAC Workshop . 1632 [SUM] Dutta, A., Zhang, T., Madhani, S., Taniuchi, K., Ohba, Y., 1633 and H. Schulzrinne, "Secured Universal Mobility", 1634 WMASH 2004. 1636 [SIPFAST] Dutta, A., Madhani, S., and H. Schulzrinne, "Fast handoff 1637 Schemes for Application Layer Mobility Management", 1638 PIMRC 2004. 1640 [PIMRC06] Dutta, A., Ohba, Y., and H. Schulzrinne, "Dynamic 1641 Buffering Protocol for Mobile", PIMRC 2006. 1643 [MITH] Gwon, Y., Fu, G., and R. Jain, "Fast Handoffs in Wireless 1644 LAN Networks using Mobile initiated Tunneling Handoff 1645 Protocol for IPv4 (MITHv4)", Wireless Communications and 1646 Networking 2003, January 2005. 1648 [Wenyu] Jiang, W. and H. Schulzrinne, "Modeling of Packet Loss and 1649 Delay and their Effect on Real-Time Multimedia Service 1650 Quality", NOSSDAV 2000, June 2000. 1652 [Romdhani] 1653 Romdhani, I., Kellil, M., Lach, H., and A. Bouabdallah, 1654 "IP Mobile Multicast Challenges and Solutions", IEEE 1655 Communication Magazine 2004, March 2000. 1657 [802.21] "IEEE Standard for Local and Metropolitan Area Networks: 1658 Media Independent Handover Services, IEEE 802.21-2008", A 1659 contribution to IEEE 802.21 WG , January 2009. 1661 [802.11] "IEEE Wireless LAN Edition A compilation based on IEEE Std 1662 802.11-1999(R2003)", Institute of Electrical and 1663 Electronics Engineers September 2003. 1665 [GPSIP] Dutta, A., "GPS-IP based fast-handoff for Mobiles", IEEE 1666 Sarnoff Symposium 2006. 1668 [MAGUIRE] Vatn, J. and G. Maguire, "The effect of using co-located 1669 care-of-address on macro handover latency", 14th Nordic 1670 Teletraffic Seminar 1998. 1672 [mpa-mobike] 1673 Mghazli, Y. and J. Bournelle, "MPA using IKEv2 and 1674 MOBIKE", draft-yacine-preauth-ipsec-00 IETF. 1676 [FMIP-results] 1677 Cabellos-Apaicio, A., Nunez-Martinez, J., Julian-Bertomeu, 1678 H., Jakab, L., Serral-Gracia, R., and J. Domingo-Pascual, 1679 "Evaluation of Fast Handover Implementation for Mobile 1680 IPv6 in a Real Testbed", IPOM 2005 LNCS 3751. 1682 [mpa-wireless] 1683 Dutta, A., Famolari, D., Das, S., Ohba, Y., Fajardo, V., 1684 Taniuchi, K., Lopez, R., and H. Schulzrinne, "Media- 1685 Independent Pre-authentication Supporting Secure 1686 Interdomain Handover Optimization", IEEE Wireless 1687 Magazine April 2008. 1689 Appendix A. Proactive duplicate address detection 1691 When the DHCP server dispenses an IP address, it updates its lease 1692 table, so that this same address is not given to another client for 1693 that specific period of time. At the same time the client also keeps 1694 a lease table locally so that it can renew when needed. In some 1695 cases where a network consists of both DHCP and non-DHCP enabled 1696 clients, there is a probability that another client in the LAN may 1697 have been configured with an IP address from the DHCP address pool. 1698 In such scenario the server detects a duplicate address based on ARP 1699 (Address Resolution Protocol) or IPv6 Neighbor Discovery before 1700 assigning the IP address. This detection procedure may take from 4 1701 sec to 15 sec [MAGUIRE] and will thus contribute to a larger handover 1702 delay. In case of a proactive IP address acquisition process, this 1703 detection is performed ahead of time and thus, does not affect the 1704 handover delay at all. By performing the duplicate address detection 1705 ahead of time, we reduce the IP address acquisition time. 1707 The proactive duplicate address detection (DAD) over the candidate 1708 target network should be performed by the NAR on behalf of the mobile 1709 at the time of proactive handover tunnel establishment since 1710 duplicate address detection over a tunnel is not always performed. 1711 For example, in the case of IPv6, DAD over an IP-IP tunnel interface 1712 is turned off in an existing implementation. In the case of IPv6 1713 over PPP [RFC5172], IPCPv6 negotiates the link local addresses and 1714 hence DAD over the tunnel is not needed. After the mobile has moved 1715 to the target network, a DAD procedure may be started because of 1716 reassignment of the nCoA to the physical interface to the target 1717 network. In that case, the mobile should use optimistic DAD 1718 [RFC4429] over the physical interface so that the nCoA that was used 1719 inside the proactive handover tunnel before handover can be 1720 immediately used over that physical interface after handover. The 1721 schemes used for the proactive DAD and optimistic DAD are applicable 1722 to both stateless and stateful address autoconfiguration schemes used 1723 for obtaining a nCoA. 1725 Appendix B. Address resolution 1727 Address resolution involves updating next access router's neighbor 1728 cache. We briefly describe these two operations below. 1730 During the process of pre-configuration, the MAC address resolution 1731 mappings needed by the mobile node to communicate with nodes in the 1732 target network after attaching to the target network can also be 1733 known, where the communicating nodes maybe the access router, 1734 authentication agent, configuration agent and correspondent node. 1735 There are several possible ways of performing such proactive MAC 1736 address resolution. 1738 o Use an information service mechanism [802.21] to resolve the MAC 1739 addresses of the nodes. This might require each node in the 1740 target network to be involved in the information service so that 1741 the server of the information service can construct the database 1742 for proactive MAC address resolution. 1744 o Extend the authentication protocol used for pre-authentication or 1745 the configuration protocol used for pre-configuration to support 1746 proactive MAC address resolution. For example, if PANA is used as 1747 the authentication protocol for pre-authentication, PANA messages 1748 may carry AVPs used for proactive address resolution. In this 1749 case, the PANA authentication agent in the target network may 1750 perform address resolution for on behalf of the mobile node. 1752 o One can also make use of DNS to map the MAC address of the 1753 specific interface associated with a specific IP address of the 1754 network element in the target network. One may define a new DNS 1755 resource record (RR) to proactively resolve the MAC addresses of 1756 the nodes in the target network. But this approach may have its 1757 own limitations since a MAC address is a resource that is bound to 1758 an IP address, not directly to a domain name. 1760 When the mobile node attaches to the target network, it installs the 1761 proactively obtained address resolution mappings without necessarily 1762 performing address resolution queries for the nodes in the target 1763 network. 1765 On the other hand, the nodes that reside in the target network and 1766 are communicating with the mobile node should also update their 1767 address resolution mappings for the mobile node as soon as the mobile 1768 node attaches to the target network. The above proactive address 1769 resolution methods could also be used for those nodes to proactively 1770 resolve the MAC address of the mobile node before the mobile node 1771 attaches to the target network. However, this is not useful since 1772 those nodes need to detect the attachment of the mobile node to the 1773 target network before adopting the proactively resolved address 1774 resolution mapping. A better approach would be integration of 1775 attachment detection and address resolution mapping update. This is 1776 based on gratuitously performing address resolution [RFC5944], 1777 [RFC3775] in which the mobile node sends an ARP Request or an ARP 1778 Reply in the case of IPv4 or a Neighbor Advertisement in the case of 1779 IPv6 immediately after the mobile node attaches to the new network so 1780 that the nodes in the target network can quickly update the address 1781 resolution mapping for the mobile node. 1783 Appendix C. MPA Deployment Issues 1785 In this section we describe some of the deployment issues related to 1786 MPA. 1788 C.1. Considerations for failed switching and switch-back 1790 The ping-Pong effect is one of the common problems found during 1791 handover. The Ping-pong effect arises when a mobile is located at 1792 the borderline of the cell or decision point and a handover procedure 1793 is frequently executed. This results in higher call drop 1794 probability, lower connection quality, increased signaling traffic 1795 and waste of resources. All of these affect mobility optimization. 1796 Handoff algorithms are the deciding factors for performing the 1797 handoff between the networks. Traditionally these algorithms employ 1798 a threshold to compare the values of different metrics to decide on 1799 the handoff. These metrics include signal strength, path loss, 1800 carrier-to-interference ratios (CIR), Signal to Interference Ratios 1801 (SIR), Bit Error Rate (BER), power budget. In order to avoid the 1802 ping-pong effect, some additional parameters are employed by the 1803 decision algorithm such as hystereris margin, dwell timers, and 1804 averaging window. For a vehicle moving with a high speed, other 1805 parameters such as distance between the mobile node and the point of 1806 attachment, velocity of the mobile, location of the mobile, traffic 1807 and bandwidth characteristics are also taken into account to reduce 1808 the ping-pong effect. Most recently there are other handoff 1809 algorithms that help reduce the ping-pong effect in a heterogeneous 1810 network environment that are based on techniques such as hypothesis 1811 testing, dynamic programming and pattern recognition techniques. 1812 While it is important to devise smart handoff algorithms to reduce 1813 the ping-pong effect, it is also important to devise methods to 1814 recover from this effect. 1816 In the case of the MPA framework, the ping-pong effect will result in 1817 the back-and-forth movement of the mobile between the current network 1818 and target network and between the candidate target networks. MPA in 1819 its current form will be affected because of a number of tunnels 1820 setup between the mobile and neighboring access routers, number of 1821 binding updates and associated handoff latency resulting out of ping- 1822 pong situation. The mobile's handoff rate may also contribute to 1823 delay and packet loss. We propose few techniques that will help 1824 reduce the probability of ping-pong and propose several methods for 1825 the MPA framework so that it can recover from the packet loss 1826 resulting out of the ping-pong effect. 1828 The MPA framework can take advantage of the mobile's geo-location 1829 with respect to APs in the neighboring networks using GPS. In order 1830 to avoid the oscillation between the networks, a location-aware 1831 algorithm can be derived by using a co-relation between user's 1832 location and cached data from the previous handover attempts. In 1833 some cases only location may not be the only indicator for a handoff 1834 decision. For example in Manhattan type grid networks, although a 1835 mobile is close to an AP, it may not have enough SNR (Signal to Noise 1836 Ration) to make a good connection. Thus knowledge of mobility 1837 pattern, dwell time in a call and path identification will help avoid 1838 the ping-pong problem to a great extent. 1840 In the absence of a good handoff algorithm that can avoid ping-pong 1841 effect, it may be required to put in place a good recovery mechanism 1842 so as to mitigate the effect of ping-pong. It may be necessary to 1843 keep the established context in the current network for a period of 1844 time, so that it can be quickly recovered when the mobile comes back 1845 to the network where the context was last used. This context may 1846 include security association, IP address used, tunnels established. 1847 Bicasting the data to both the previous network and the new network 1848 for a predefined period will also help the mobile to take care of the 1849 lost packets in case the mobile moves back and forth between the 1850 networks. The mobile can also take certain action, after it 1851 determines that it is in a stable state with respect to a ping-pong 1852 situation. 1854 When the MPA framework takes advantage of a combination of IKEv2 and 1855 MOBIKE, the ping-pong effect can be reduced further [mpa-mobike]. 1857 C.2. Authentication state management 1859 In case of pre-authentication with multiple target networks, it is 1860 useful to maintain the state in the authentication agent of each of 1861 the neighboring networks for certain time. Thus, if the mobile does 1862 move back and forth between neighboring networks, already maintained 1863 authentication state can be helpful. We provide some highlights on 1864 multiple security association state management below. 1866 A mobile node that has pre-authenticated with an authentication agent 1867 in a candidate target network and has a MPA-SA, may need to continue 1868 to keep the MPA-SA while it continues to stay in the current network 1869 or even after it does handover to a network that is different from 1870 the candidate target network. 1872 When an MN that has been authenticated and authorized by an 1873 authentication agent in the current network makes a handover to a 1874 target network, it may want to hold the SA that has been established 1875 between the MN and the authentication agent for a certain time period 1876 so that it does not have to go through the entire authentication 1877 signaling to create an SA from scratch in case it returns to the 1878 previous network. Such an SA being held at the authentication agent 1879 after the MN's handover to other network is considered as an MPA-SA. 1880 In this case, the authentication agent should change the fully 1881 authorized state for the MN to an unauthorized state. The 1882 unauthorized state can be changed to the fully authorized state only 1883 when the MN comes back to the network and provides a proof of 1884 possession of a key associated with the MPA-SA. 1886 While an MPA-SA is being held at an authentication agent, the MN will 1887 need to keep updating the authentication agent when an IP address of 1888 the MN changes due to a handover to re-establish the new SA. 1890 C.3. Pre-allocation of QoS resources 1892 In the pre-configuration phase, it is also possible to pre-allocate 1893 QoS resources that may be used by the mobile node not only after 1894 handover but also before handover. When pre-allocated QoS resources 1895 are used before handover, it is used for application traffic carried 1896 over a proactive handover tunnel. 1898 It is possible that QoS resources are pre-allocated in an end-to-end 1899 fashion. One method to achieve this proactive end-to-end QoS 1900 reservation is to execute NSLP [RFC5974] or RSVP [RFC2205] over a 1901 proactive handover tunnel where pre-authentication can be used for 1902 bootstrapping a security association for the proactive handover 1903 tunnel to protect the QoS signaling. In this case, QoS resources are 1904 pre-allocated on the path between the correspondent node and a target 1905 access router can be used continuously before and after handover. On 1906 the other hand, duplicate pre-allocation of QoS resources between the 1907 target access router and the mobile node is necessary when using pre- 1908 allocated QoS resources before handover due to difference in paths 1909 between the target access router and the mobile node before and after 1910 handover. QoS resources to be used for the path between the target 1911 access router and the mobile node after handover may be pre-allocated 1912 by extending NSLP to work for off-path signaling (Note: this path can 1913 be viewed as off-path before handover) or by media-specific QoS 1914 signaling at layer 2. 1916 C.4. Resource allocation issue during pre-authentication 1918 In case of multiple CTNs, establishing multiple tunnels with the 1919 neighboring target networks provides some additional benefits. But 1920 it also contributes to some resource utilization issues as well. A 1921 pre-authentication process with multiple candidate target networks 1922 can happen in several ways. 1924 The very basic scheme involves authenticating the mobile with the 1925 multiple authentication agents in the neighboring networks, but 1926 actual pre-configuration and binding update take place only after 1927 layer 2 movement to a specific network is complete. 1929 Similarly, in addition to pre-authentication, the mobile can also 1930 complete the pre-configuration while in the previous network, but can 1931 postpone the binding update until after the mobile has moved. Like 1932 the previous case, in this case the mobile also does not need to set 1933 up the pre-configured tunnels. While the pre-authentication process 1934 and part of the pre-configuration process are taken care of before 1935 the mobile has moved to the new network, binding update is actually 1936 done after the mobile has moved. 1938 The third type of multiple pre-authentication involves all the three 1939 steps while the mobile is in the previous networks, such as 1940 authentication, configuration and binding update. But, this specific 1941 process utilizes the most amount of resources. Some of the resources 1942 that get used during this process are as follows: 1944 1)Additional signaling for pre-authentication in the neighboring 1945 networks 1947 2)Holding the IP address of the neighboring networks in mobiles cache 1948 for certain amount of time. It needs additional processing in the 1949 mobile for storing these IP addresses. In addition it also uses up 1950 the temporary IP addresses from the neighboring routers. 1952 3)There is an additional cost associated with setting up additional 1953 transient tunnels with the target routers in the neighboring networks 1954 and mobile. 1956 4) In case of binding update with multiple IP addresses obtained from 1957 the neighboring networks, multiple transient streams flow between the 1958 CN and mobile using these transient tunnels. 1960 When only pre-authentication and pre-configuration are done ahead of 1961 time with multiple networks, the mobile sends one binding update to 1962 the CN. In this case it is important to find out when to send the 1963 binding update after the layer 2 handoff. 1965 In case binding update with multiple contact addresses is sent, 1966 multiple media streams stem out of CN using the transient tunnels. 1967 But in that case one needs to send another Binding Update after the 1968 handover with the contact address set to the new address (only one 1969 address) where the mobile has moved. This way the mobile stops 1970 sending media to other neighboring networks where the mobile did not 1971 move. 1973 The following is an illustration of this specific case that takes 1974 care of multiple binding streams, when the mobile moves only to a 1975 specific network, but sends multiple binding updates in the previous 1976 network. MN sends a binding update to CH with multiple contact 1977 addresses such as c1,c2, and c3 that were obtained from three 1978 neighboring networks. This allows the CN to send transient multiple 1979 streams to the mobile over the pre-established tunnels. After the 1980 mobile moves to the actual network, it sends another binding update 1981 to the CN with the care-of-address of the mobile in the network where 1982 the mobile has moved in. Some of the issues with multiple streams 1983 are consumption of extra bandwidth for a small period of time. 1985 Alternatively, one can apply the buffering technique at the target 1986 access router or at the home agent. Transient data can be forwarded 1987 to the mobile after it has moved in. Forwarding of data can be 1988 triggered by the mobile either as part of Mobile IP registration or 1989 as a separate buffering protocol. 1991 C.5. Systems evaluation and performance results 1993 In this Section, we present some of the results from MPA 1994 implementation when applied to different handover scenarios. We 1995 present the summary of results from our experiments using MPA 1996 techniques for two types of handovers I) Intra-technology and Intra- 1997 domain, II) Inter-technology and Inter-domain. We also present the 1998 results from how MPA can bootstrap layer 2 security for both roaming 1999 and non-roaming cases. Detailed procedure and results are explained 2000 in [MOBIQUIT07] and [SPRINGER07]. 2002 C.5.1. Intra-technology, Intra-domain 2004 The results for MIPv6 and SIP mobility involving intra-domain 2005 mobility are shown in Figure 6 and Figure 7, respectively. 2007 Buffering Buffering Buffering Buffering 2008 (disabled) (enabled) (disabled) (enabled) 2009 & RO & RO & RO & RO 2010 (disabled) (disabled) (enabled) (enabled) 2011 ------------------------------------------------------------------- 2012 L2 handoff (ms) 4.00 4.33 4.00 4.00 2014 L3 handoff (ms) 1.00 1.00 1.00 1.00 2016 Avg. packet loss 1.33 0 0.66 0 2018 Avg. inter-packet 16.00 16.00 16.00 16.00 2019 arrival interval 2020 (ms) 2022 Avg. inter-packet n/a 45.33 n/a 66.60 2023 arrival time during 2024 handover 2025 (ms) 2027 Avg. packet jitter n/a 29.33 n/a 50.60 2028 (ms) 2030 Buffering Period n/a 50.00 n/a 50.00 2031 (ms) 2033 Buffered Packets n/a 2.00 n/a 3.00 2035 Figure 6: Mobile IPv6 with MPA Results 2036 Buffering Buffering 2037 disabled enabled 2038 ----------------------------------------------- 2039 L2 handoff (ms) 4.00 5.00 2041 L3 handoff (ms) 1.00 1.00 2043 Avg. packet loss 1.50 0 2045 Avg. inter-packet 16.00 16.00 2046 arrival interval 2047 (ms) 2049 Avg. inter-packet n/a 29.00 2050 arrival time during 2051 handover 2052 (ms) 2054 Avg. packet jitter n/a 13.00 2055 (ms) 2057 Buffering Period n/a 20.00 2058 (ms) 2060 Buffered Packets n/a 3.00 2062 Figure 7: SIP Mobility with MPA Results 2064 For all measurement, we did not experience any performance 2065 degradation during handover in terms of the audio quality of the 2066 voice traffic. 2068 With the use of buffering during handover, packet loss during the 2069 actual L2 and L3 handover is eliminated with an appropriate and 2070 reasonable settings of the buffering period for both MIP6 and SIP 2071 mobility. In the case of MIP6, there is not a significant difference 2072 in results with and without route optimization. It should be noted 2073 that results with more samples would be necessary for a more detailed 2074 analysis. 2076 In case of non-MPA assisted handover, handover delay and associated 2077 packet loss occurs from the moment the link-layer handover procedure 2078 begins up to successful processing of the binding update. During 2079 this process, IP address acquisitions via DHCP incurs the longest 2080 delay. This is due to the detection of duplicate IP address in the 2081 network before DHCP request completes. Binding update exchange also 2082 experiences long delay if the CN is too far from the MN. As a 2083 result, the Non-MPA assisted handover took an average of 4 seconds to 2084 complete with an approximate packet loss of about 200 packets. The 2085 measurement is based on the same traffic rate and traffic source as 2086 the MPA assisted handover. 2088 C.5.2. Inter-technology, Inter-domain 2090 Handoff involving heterogeneous access can take place in many 2091 different ways. We limit the experiment to two interfaces and 2092 therefore results in several possible setup scenarios depending upon 2093 the activity of the second interface. In one scenario, the second 2094 interface comes up when the link to the first interface goes down. 2095 This is a reactive scenario and usually gives rise to undesirable 2096 packet loss and handoff delay. In a second scenario, the second 2097 interface is being prepared while the mobile still communicates using 2098 the old interface. Preparation of the second interface should 2099 include setup of all the required state and security associations 2100 (e.g., PPP state, LCP, CHAP). If such lengthly process is 2101 established ahead of time, it reduces the time taken for the 2102 secondary interface to be attached to the network. After 2103 preparation, the mobile decides to use the second interface as the 2104 active interface. This results in less packet loss as it uses make- 2105 before-break techniques. This is a proactive scenario and can have 2106 two flavors. The first is where both interfaces are up and the 2107 second is when only the old interface is up the prepared interface is 2108 brought up only when handoff is about to occur. This scenario may be 2109 beneficial from a battery management standpoint. Devices that 2110 operate two interfaces simultaneously can rapidly deplete their 2111 batteries. However, by activating the second interface only after an 2112 appropriate network has been selected the client may utilize battery 2113 effectively. 2115 As compared to non-optimized handover that may result in delay up to 2116 18 sec and 1000 packet loss during handover from WLAN to CDMA, we 2117 observed 0 packet loss, and 50 ms handoff delay between the last pre- 2118 handoff packet and first in-handoff packet. This handoff delay 2119 includes the time due to link down detection and time needed to 2120 delete the tunnel after the mobile has moved. However, we observed 2121 about 10 duplicate packets because of the copy-and-forward mechanism 2122 at the access routers. But these duplicate packets are usually 2123 handled easily by the upper layer protocols. 2125 C.5.3. MPA-assisted Layer 2 pre-authentication 2127 In this section, we discuss the results obtained from MPA-assisted 2128 layer 2 pre-authentication and compare these with EAP authentication 2129 and IEEE 802.11i's pre-authentication techniques. Figure 12 shows 2130 the experimental testbed where we have conducted the MPA-assisted 2131 pre-authentication experiment for bootstrapping layer 2 security as 2132 explained in Section 7. By pre-authenticating and pre-configuring 2133 the link, the security association procedure during handoff reduces 2134 to a 4-way handshake only. Then MN moves to the AP and, after 2135 association, runs a 4-way handshake by using the PSKap (Pre-shared 2136 Key at AP) generated during PANA pre-authentication. At this point 2137 the handoff is complete. Details of this experimental testbed can be 2138 found in [MOBIQUIT07]. 2140 +----------------------------+-----------+ +-------------+------------+ 2141 | | | | 2142 | Home Domain +-------++ | | | 2143 | | | | | | 2144 | |AAAHome | | | | 2145 | + | | | | 2146 | +-----+--+ | | | 2147 | | | | Network B | 2148 | Network A | | | | 2149 | /----\ | | /---\ | 2150 | /nAR \ | | / \ | 2151 | | PAA |--------+-+----------+ pAR | | 2152 | \ / | | \ / | 2153 | \----/ | | \-+-/ | 2154 | | | | | | 2155 | +-------------------| | | | | 2156 | | IEEE 802.11i| | | | | 2157 | +------+ +------+ | | +---+--+ | 2158 | | | | | | | | | | 2159 | |AP2 | |AP1 | | | |AP0 | | 2160 | +------+ +------+ | | +------+ | 2161 | +------+ +-----+ | | +-----+ | 2162 | | | | | | | | | | 2163 | |MN +----------->|MN |<+------------- |MN | | 2164 | +------+ +-----+ | | ++----+ | 2165 |-----------------------------------------+-+------------+-------------+ 2167 Figure 8: Experimental Testbed for MPA-assisted L2 Pre-authentication 2168 (Non-roaming) 2170 +-----------------------------+ 2171 | +--------+ | 2172 | | | | 2173 | | AAAH + | 2174 | | | | 2175 | ++-------+ | 2176 | | | 2177 | | Home AAA Domain | 2178 | | | 2179 +-------+---------------------+ 2180 | 2181 | 2182 | 2183 Radius/ | 2184 Diameter | 2185 | 2186 | 2187 +----------------------------+-----------+ +-------------+------------+ 2188 | | | | | 2189 | Roaming +-------++ | | | 2190 | AAA Domain A | | | | | 2191 | | AAAV | | | | 2192 | + | | | | 2193 | Network A +-----+--+ | | Network B | 2194 | | | | | 2195 | | | | | 2196 | /----\ | | /---\ | 2197 | /nAR \ | | / \ | 2198 | | PAA |--------+-+----------+ pAR | | 2199 | \ / | | \ / | 2200 | \----/ | | \-+-/ | 2201 | | | | | | 2202 | +-------------------| | | | | 2203 | | IEEE 802.11i| | | | | 2204 | +------+ +------+ | | +---+--+ | 2205 | | | | | | | | | | 2206 | |AP2 | |AP1 | | | |AP0 | | 2207 | +------+ +------+ | | +------+ | 2208 | +------+ +-----+ | | +-----+ | 2209 | | | | | | | | | | 2210 | |MN +----------->|MN |<---------------| MN | | 2211 | +------+ +-----+ | | ++----+ | 2212 ----------------------- -----------------+ +------------+-------------+ 2214 Figure 9: Experimental Testbed for MPA-assisted L2 Pre-authentication 2215 (Roaming) 2217 We have experimented with three types of movement scenarios involving 2218 both non-roaming and roaming cases using the testbeds shown in 2219 figures 12 and 13, respectively. In the roaming case, MN is visiting 2220 in a domain different than its home domain. Consequently, the AAAh 2221 needs to be contacted which is placed in a location far from the 2222 visiting domain. For the non-roaming case, we assume the MN is 2223 moving within its home domain and only the local AAA server (AAAHome) 2224 is contacted which is the home AAA server for the mobile. 2226 The first scenario does not involve any pre-authentication. The MN 2227 is initially connected to AP0 and moves to AP1. Because neither 2228 network-layer authentication is enabled nor IEEE 802.11i pre- 2229 authentication is used, the MN needs to engage in a full EAP 2230 authentication with AP1 to gain access to the network after the move 2231 (post-authentication). This experiment shows the effect of absence 2232 of any kind of pre-authentication. 2234 The second scenario involves 802.11i pre-authentication and involves 2235 movement between AP1 and AP2. In this scenario, the MN is initially 2236 connected to AP2, and starts IEEE 802.11i pre-authentication with 2237 AP1. This is an ideal scenario to compare the values obtained from 2238 802.11i pre-authentication with that of network-layer assisted pre- 2239 authentication. Both scenarios use RADIUS as AAA protocol (APs 2240 implement a RADIUS client). The third scenario takes advantage of 2241 network layer assisted link-layer pre-authentication. It involves 2242 movement between two APs (e.g., between AP0 and AP1) that belong to 2243 two different subnets where 802.11i pre-authentication is not 2244 possible. Here, Diameter is used as AAA protocol (PAA implements a 2245 Diameter client). 2247 In this third movement scenario, the MN is initially connected to 2248 AP0. The MN starts PANA pre-authentication with the PAA which is co- 2249 located on the AR in the new candidate target network (nAR in network 2250 A) from the current associated network (network B). After 2251 authentication, PAA proactively installs two keys, PSKap1 and PSKap2 2252 in both AP1 and AP2 respectively. By doing the key installations 2253 proactively, it preempts the process of communicating with AAA server 2254 for the keys after the mobile moves to the new network. Finally, 2255 because PSKap1 is already installed, AP1 starts immediately the 4-way 2256 handshake. We have used measurement tools such as ethereal and 2257 kismet to analyze the measurements for the 4-way handshake and PANA 2258 authentication. These measurements reflect different operations 2259 involved during network-layer pre-authentication. 2261 In our experiment, as part of the discovery phase, we assume that the 2262 MN is able to retrieve PAA's IP address and all required information 2263 about AP1 and AP2 (e.g. channel, security-related parameters, etc.) 2264 at some point before the handover. This avoids the scanning during 2265 link-layer handoff. We have applied this assumption to all three 2266 scenarios. Because our focus is on reducing the time spent on 2267 authentication part during handoff, we do not discuss the details of 2268 how we avoid the scanning. 2270 ==================================================================== 2271 Types |802.11i | 802.11i | MPA-assisted 2272 |Post | Pre | Layer 2 2273 |Authentication | Authentication | Preauthentication 2274 ==================================================================== 2275 Operation| Non | Roaming | Non | Roaming |Non | Roaming| 2276 | Roaming | | Roaming | |Roaming| | 2277 =================================================================== 2278 Tauth | 61 ms | 599 ms | 99 ms | 638 ms | 177 ms| 831 ms | 2279 ------------------------------------------------------------------- 2280 Tconf | -- | -- | -- | -- | 16 ms | 17ms | 2281 ------------------------------------------------------------------- 2282 Tassoc+4 | | | | | | | 2283 way | 18 ms | 17 ms | 16 ms | 17 ms | 16 ms | 17 ms | 2284 ------------------------------------------------------------------| 2285 Total | 79 ms | 616 ms | 115 ms | 655 ms | 208 ms| 865 ms | 2286 ------------------------------------------------------------------| 2287 Time | | | | | | | 2288 affecting| 79 ms | 616 ms | 16 ms | 17 ms | 15 ms |17 ms | 2289 handover | | | | | | | 2290 ------------------------------------------------------------------| 2292 Figure 10: Results of MPA-assisted Layer 2 results 2294 Figure 14 shows the timing (rounded off to the most significant 2295 number) associated with some of the handoff operations we have 2296 measured in the testbed. We describe each of the timing below. 2297 Tauth refers to the execution of EAP-TLS authentication. This time 2298 does not distinguish whether this authentication was performed during 2299 pre-authentication or a typical post-authentication. 2301 Tconf refers to time spent during PSK generation and installation 2302 after EAP authentication is complete. When network-layer pre- 2303 authentication is not used, this time is not considered. 2305 Tassoc+4way refers to the time dedicated to the completion of 2306 association and the 4-way handshake with the target AP after the 2307 handoff. 2309 C.6. Guidelines for handover preparation 2311 In this section, we provide some guidelines for the roaming clients 2312 that use pre-authentication mechanisms to reduce the handoff delay. 2313 These guidelines can help determine the extent of pre-authentication 2314 operation that is needed based on a specific type of movement of the 2315 client. IEEE 802.11i and 802.11r take advantage of preauthentication 2316 mechanism at layer 2. Thus, many of the guidelines observed for 2317 802.11i-based pre-authentication and 802.11r-based fast roaming could 2318 also be applicable to the clients that use MPA-based pre- 2319 authentication techniques. However, since MPA operations are not 2320 limited to a specific subnet and involve inter-subnet and inter- 2321 domain handover the guidelines need to take into account other 2322 factors such as movement pattern of the mobile, cell size etc. 2324 The time needed to complete pre-authentication mechanism is an 2325 important parameter since the mobile node needs to determine how much 2326 ahead of time the mobile needs to start the pre-authentication 2327 process so that it can finish the desired operations before the 2328 handover to the target network starts. The pre-authentication time 2329 will vary depending upon the speed of the mobile (e.g., pedestrian, 2330 vs. vehicular) and cell sizes (e.g., WiFi, Cellular). Cell residence 2331 time is defined as the average time the mobile stays in the cell 2332 before the next handoff takes place. Cell residence time is 2333 dependent upon the coverage area and velocity of the mobile. Thus, 2334 cell residence time is an important factor in determining the 2335 desirable pre-authentication time that a mobile should consider. 2337 Since pre-authentication operation involves six sub-operations as 2338 described in Section 7.2 and each sub-operation takes some discrete 2339 amount of time, only part of these sub-operations may be completed 2340 before handoff depending upon the available delay budget. 2342 For example, a mobile could complete only network discovery and 2343 network layer authentication process before the handoff and postpone 2344 the rest of the operations to until after the handover is complete. 2345 On the other hand if it is a slow moving vehicle and the adjacent 2346 cells are sparsely spaced, a mobile could complete all the desired 2347 MPA related operations. Finishing all the MPA related operations 2348 ahead of time reduces the handoff delay but adds other constraints 2349 such as cell residence time. 2351 We give a numerical example here similar to [IEEE-03-084]. 2353 D= Coverage diameter, 2355 v= Mobile's velocity, 2356 RTT = round trip time from AP to AAA server including processing time 2357 for authentication Tauth 2359 Tpsk = Time spent to install keys proactively on the target APs 2361 If for a given value of D = 100ft, Tpsk = 10 ms, and RTT = 100 ms, a 2362 mobile needs to execute only the pre-authentication procedure 2363 associated with MPA, then the following can be calculated for a 2364 successful MPA procedure before the handoff is complete. 2366 2RTT+Tpsk < D/v 2368 v = 100 ft/(200 ms +10 ms) = ~500 ft/sec 2370 Similarly, for a similar cell size, if the mobile is involved in both 2371 pre-authentication and pre-configuration operations as part of the 2372 MPA procedure, and it takes an amount of time Tconfig= 190 ms to 2373 complete the layer 3 configuration including IP address 2374 configuration, then for a successful MPA operation, 2376 2RTT+Tpsk+Tconfig < D/v 2378 v = 100 ft /(200 ms + 10 ms + 190 ms) = ~250 ft/sec 2380 Thus, compared to only pre-authentication part of MPA operation, in 2381 order to be able to complete both pre-autentication and pre- 2382 configuration operations successfully, either the mobile needs to 2383 move at a slower pace or it needs to expedite these operations for 2384 this given cell size. Thus, types of MPA operations will be 2385 constrained by the velocity of the mobile. 2387 As an alternative if a mobile does complete all the pre- 2388 authentication procedure much ahead of time, it uses up the resources 2389 accordingly by way of extra IP address, tunnel and extra bandwidth. 2390 Thus, there is always a tradeoff between the performance benefit 2391 obtained from pre-authentication mechanism and network 2392 characteristics, such as movement speed, cell size, and resources 2393 utilized. 2395 Authors' Addresses 2397 Ashutosh Dutta 2398 Telcordia Technologies 2399 1 Telcordia Drive 2400 Piscataway, NJ 08854 2401 USA 2403 Phone: +1 732 699 3130 2404 Email: ashutosh.dutta@ieee.org 2406 Victor Fajardo 2407 Telcordia Technologies 2408 1 Telcordia Drive 2409 Piscataway, NJ 08854 2410 USA 2412 Phone: 2413 Email: vf0213@gmail.com 2415 Yoshihiro Ohba 2416 Corporate R&D Center, Toshiba Corporation 2417 1 Komukai-Toshiba-cho, Saiwai-ku 2418 Kawasaki, Kanagawa 212-0001 2419 Japan 2421 Phone: 2422 Email: yoshihiro.ohba@toshiba.co.jp 2424 Kenichi Taniuchi 2425 Toshiba Corporation 2426 2-9 Suehiro-cho 2427 Ome, Tokyo 198-8710 2428 Japan 2430 Phone: 2431 Email: kenichi.taniuchi@toshiba.co.jp 2432 Henning Schulzrinne 2433 Columbia University 2434 Department of Computer Science 2435 450 Computer Science Building 2436 New York, NY 10027 2437 USA 2439 Phone: +1 212 939 7004 2440 Email: hgs@cs.columbia.edu