idnits 2.17.1 draft-xia-netext-radius-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** You're using the IETF Trust Provisions' Section 6.b License Notice from 12 Sep 2009 rather than the newer Notice from 28 Dec 2009. (See https://trustee.ietf.org/license-info/) Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 10 instances of too long lines in the document, the longest one being 10 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 1165 has weird spacing: '...Address is ...' == Line 1167 has weird spacing: '...Address is ...' == The document seems to contain a disclaimer for pre-RFC5378 work, but was first submitted on or after 10 November 2008. The disclaimer is usually necessary only for documents that revise or obsolete older RFCs, and that take significant amounts of text from those RFCs. If you can contact all authors of the source material and they are willing to grant the BCP78 rights to the IETF Trust, you can and should remove the disclaimer. Otherwise, the disclaimer is needed and you can ignore this comment. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (January 7, 2010) is 5217 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'MN1' is mentioned on line 308, but not defined == Missing Reference: 'MN2' is mentioned on line 308, but not defined ** Obsolete normative reference: RFC 4282 (Obsoleted by RFC 7542) ** Obsolete normative reference: RFC 3588 (Obsoleted by RFC 6733) -- Obsolete informational reference (is this intentional?): RFC 3775 (Obsoleted by RFC 6275) == Outdated reference: A later version (-18) exists of draft-ietf-netlmm-pmip6-ipv4-support-17 Summary: 4 errors (**), 0 flaws (~~), 7 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group F. Xia 3 Internet-Draft B. Sarikaya 4 Intended status: Standards Track Huawei USA 5 Expires: July 11, 2010 J. Korhonen 6 Nokia Siemens Networks 7 S. Gundavelli 8 Cisco 9 D. Damic 10 Siemens AG 11 January 7, 2010 13 RADIUS Support for Proxy Mobile IPv6 14 draft-xia-netext-radius-00 16 Abstract 18 This document defines new attributes to facilitate Proxy Mobile IPv6 19 operations using RADIUS infrastructure. The RADIUS interactions take 20 place when the Mobile Node attaches, authenticates and authorizes to 21 a Proxy Mobile IPv6 domain. Furthermore, this document also defines 22 a RADIUS based interface between the Local Mobility Anchor and the 23 RADIUS server for authorizing received initial Proxy Binding Update 24 messages for the mobility service session. In addition to the 25 mobility session setup related RADIUS interaction, this document 26 defines the baseline for both the Mobile Access Gateway and the Local 27 Mobility Anchor generated accounting. 29 Status of this Memo 31 This Internet-Draft is submitted to IETF in full conformance with the 32 provisions of BCP 78 and BCP 79. 34 Internet-Drafts are working documents of the Internet Engineering 35 Task Force (IETF), its areas, and its working groups. Note that 36 other groups may also distribute working documents as Internet- 37 Drafts. 39 Internet-Drafts are draft documents valid for a maximum of six months 40 and may be updated, replaced, or obsoleted by other documents at any 41 time. It is inappropriate to use Internet-Drafts as reference 42 material or to cite them other than as "work in progress." 44 The list of current Internet-Drafts can be accessed at 45 http://www.ietf.org/ietf/1id-abstracts.txt. 47 The list of Internet-Draft Shadow Directories can be accessed at 48 http://www.ietf.org/shadow.html. 50 This Internet-Draft will expire on July 11, 2010. 52 Copyright Notice 54 Copyright (c) 2010 IETF Trust and the persons identified as the 55 document authors. All rights reserved. 57 This document is subject to BCP 78 and the IETF Trust's Legal 58 Provisions Relating to IETF Documents 59 (http://trustee.ietf.org/license-info) in effect on the date of 60 publication of this document. Please review these documents 61 carefully, as they describe your rights and restrictions with respect 62 to this document. Code Components extracted from this document must 63 include Simplified BSD License text as described in Section 4.e of 64 the Trust Legal Provisions and are provided without warranty as 65 described in the BSD License. 67 This document may contain material from IETF Documents or IETF 68 Contributions published or made publicly available before November 69 10, 2008. The person(s) controlling the copyright in some of this 70 material may not have granted the IETF Trust the right to allow 71 modifications of such material outside the IETF Standards Process. 72 Without obtaining an adequate license from the person(s) controlling 73 the copyright in such materials, this document may not be modified 74 outside the IETF Standards Process, and derivative works of it may 75 not be created outside the IETF Standards Process, except to format 76 it for publication as an RFC or to translate it into languages other 77 than English. 79 Table of Contents 81 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 82 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 83 3. Solution Overview . . . . . . . . . . . . . . . . . . . . . . 5 84 4. Attribute definitions . . . . . . . . . . . . . . . . . . . . 8 85 4.1. MIP6-Feature-Vector . . . . . . . . . . . . . . . . . . . 8 86 4.2. Mobile-Node-Identifier . . . . . . . . . . . . . . . . . . 10 87 4.3. PMIP6-Home-LMA-IPv6-Address . . . . . . . . . . . . . . . 10 88 4.4. PMIP6-Visited-LMA-IPv6-Address . . . . . . . . . . . . . . 11 89 4.5. PMIP6-Home-LMA-IPv4-Address . . . . . . . . . . . . . . . 12 90 4.6. PMIP6-Visited-LMA-IPv4-Address . . . . . . . . . . . . . . 13 91 4.7. PMIP6-Home-LMA-FQDN . . . . . . . . . . . . . . . . . . . 14 92 4.8. PMIP6-Visited-LMA-FQDN . . . . . . . . . . . . . . . . . . 15 93 4.9. PMIP6-Home-HL-Prefix . . . . . . . . . . . . . . . . . . . 16 94 4.10. PMIP6-Visited-HL-Prefix . . . . . . . . . . . . . . . . . 17 95 4.11. PMIP6-Home-Interface-ID . . . . . . . . . . . . . . . . . 18 96 4.12. PMIP6-Visited-Interface-ID . . . . . . . . . . . . . . . . 18 97 4.13. PMIP6-Home-IPv4-HoA . . . . . . . . . . . . . . . . . . . 19 98 4.14. PMIP6-Visited-IPv4-HoA . . . . . . . . . . . . . . . . . . 20 99 4.15. PMIP6-Home-DHCP4-Server-Address . . . . . . . . . . . . . 21 100 4.16. PMIP6-Visited-DHCP4-Server-Address . . . . . . . . . . . . 22 101 4.17. PMIP6-Home-DHCP6-Server-Address . . . . . . . . . . . . . 23 102 4.18. PMIP6-Visited-DHCP6-Server-Address . . . . . . . . . . . . 24 103 4.19. Service-Selection . . . . . . . . . . . . . . . . . . . . 25 104 4.20. Calling-Station-Id . . . . . . . . . . . . . . . . . . . . 26 105 5. MAG to RADIUS server interface . . . . . . . . . . . . . . . . 26 106 5.1. General . . . . . . . . . . . . . . . . . . . . . . . . . 26 107 5.2. Table of Attributes . . . . . . . . . . . . . . . . . . . 26 108 6. LMA to RADIUS server interface . . . . . . . . . . . . . . . . 27 109 6.1. General . . . . . . . . . . . . . . . . . . . . . . . . . 27 110 6.2. Table of Attributes . . . . . . . . . . . . . . . . . . . 27 111 7. Accounting . . . . . . . . . . . . . . . . . . . . . . . . . . 28 112 7.1. Accounting at LMA . . . . . . . . . . . . . . . . . . . . 28 113 7.2. Accounting at MAG . . . . . . . . . . . . . . . . . . . . 28 114 7.3. Table of Attributes . . . . . . . . . . . . . . . . . . . 28 115 8. Security Considerations . . . . . . . . . . . . . . . . . . . 29 116 9. IANA consideration . . . . . . . . . . . . . . . . . . . . . . 29 117 9.1. Attribute Type Codes . . . . . . . . . . . . . . . . . . . 29 118 9.2. Namespaces . . . . . . . . . . . . . . . . . . . . . . . . 29 119 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 30 120 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 31 121 11.1. Normative References . . . . . . . . . . . . . . . . . . . 31 122 11.2. Informative references . . . . . . . . . . . . . . . . . . 31 123 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 33 125 1. Introduction 127 Proxy Mobile IPv6 (PMIPv6) [RFC5213] is network based mobility 128 management protocol which allows IP mobility session continuity for a 129 Mobile Node (MN) without its involvement in mobility management 130 signaling. A Mobile Access Gateway (MAG) represents the MN and is 131 authorized to send mobility management signaling messages on behalf 132 of the MN. Before the MAG is able to perform the required mobility 133 management signaling, it needs to know at minimum a Local Mobility 134 Anchor (LMA) address and the MN Identifier (MN-ID). This per MN 135 Policy Profile (PP) information is stored in a Policy Store (PS), 136 which may be local to the MAG or remote accessible, for example, 137 through an authentication, authorization and accounting (AAA) 138 infrastructure. 140 This document defines a RADIUS [RFC2865] based profile and 141 corresponding attributes to be used on the AAA interface between the 142 MAG and the RADIUS server. The interface that is used to download 143 the per MN Policy Profile from the remote Policy Store. The RADIUS 144 interactions take place when the MN attaches, authenticates and 145 authorizes to a PMIPv6 Domain. Furthermore, this document also 146 defines a RADIUS based interface between the LMA and the RADIUS 147 server for authorizing received initial Proxy Binding Update (PBU) 148 messages for the mobility service session. In addition to the 149 mobility session setup related RADIUS interaction, this document 150 defines the baseline for both the MAG and the LMA generated 151 accounting. 153 2. Terminology 155 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 156 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 157 document are to be interpreted as described in [RFC2119]. 159 The terminology in this document is based on the definitions found in 160 [RFC5213] and [I-D.ietf-netlmm-pmip6-ipv4-support]. The following 161 additional or clarified terms are also used in this document: 163 Network Access Server (NAS): 165 A device that provides an access service for a user to a network. 166 In the context of this document the NAS may be integrated into or 167 co-located to a MAG. The NAS contains a Diameter client function. 169 Home AAA (HAAA): 171 An Authentication, Authorization, and Accounting (AAA) server 172 located in MN's home network. A HAAA is essentially a RADIUS 173 server in this document. 175 Visited AAA (VAAA): 177 An Authentication, Authorization, and Accounting (AAA) server 178 located in MN's visited network. A VAAA is essentially a RADIUS 179 server in this document. When the MN moves to the visited 180 network, VAAA acting as a proxy receives an authentication (or 181 accounting) request from an AAA client (such as a NAS), forwards 182 the request to a HAAA server, receives the reply from the HAAA, 183 and sends that reply to the client, possibly with changes to 184 reflect local administrative policy. 186 3. Solution Overview 188 This document defines RADIUS based AAA interactions between the MAG 189 and the AAA, and between the LMA and the AAA. The policy profile is 190 downloaded from the AAA to the MAG during the MN attachment to the 191 PMIPv6 Domain; the LMA request authorization to the RADIUS server 192 when receiving initial Proxy Binding Update (PBU) messages for the 193 mobility service session. 195 When a MN attaches to a PMIPv6 Domain, a network access 196 authentication procedure is usually started. The choice of the 197 authentication mechanism is specific to the access network 198 deployment, but could be based on the Extensible Authentication 199 Protocol (EAP) [RFC3748]. During the network access authentication 200 procedure, the MAG acting as a Network Access Server (NAS) queries 201 the HAAA through the AAA infrastructure using the RADIUS protocol. 202 If the HAAA detects that the subscriber is also authorized for the 203 PMIPv6 service, PMIPv6 specific information is returned along with 204 the successful network access authentication answer to the MAG. 206 After the MN has been successfully authenticated, the MAG sends a PBU 207 to the LMA based on the MN's policy profile information. Upon 208 receiving the PBU, the LMA interacts with the HAAA through the AAA 209 infrastructure,and fetches the relevant parts of the subscriber 210 policy profile and authorization information related to the mobility 211 service session. In this specification, the AAA has the role of the 212 PMIPv6 policy store. 214 Based on administrative domains which the MAG and LMA belong to, 215 there are three scenarios: the MAG and LMA are both in the home 216 network, The MAG and LMA are both in the visited network, and The MAG 217 is in the visited network while the LMA is in the home network. 219 Figure 1 shows the participating network entities which are in the 220 home network. The MAG and LMA interact with the HAAA. 222 +--------+ 223 | HAAA & | RADIUS +-----+ 224 | Policy |<-------->| LMA | 225 | Profile| +-----+ 226 +--------+ | <--- LMA-Address 227 ^ | 228 | // \\ 229 +---|------------- //---\\----------------+ 230 ( | IPv4/IPv6 // \\ ) 231 ( | Network // \\ ) 232 +---|-----------//---------\\-------------+ 233 | // \\ 234 RADIUS // <- Tunnel1 \\ <- Tunnel2 235 | // \\ 236 | |- MAG1-Address |- MAG2-Address 237 | +----+ +----+ 238 +---->|MAG1| |MAG2| 239 +----+ +----+ 240 | | 241 | | 242 [MN1] [MN2] 244 Figure 1: The MAG and LMA are both in the home network 246 Figure 2 shows both the LMA and the MAG are in the visited network. 247 The MAG and LMA exchange signaling with the HAAA through the VAAA 248 which acts as a proxy. Some visited network specific information may 249 be added to the replies from HAAA to the MAG and LMA. 251 +---------------+ 252 | HAAA & | 253 +----------| Policy Profile| 254 | +---------------+ 255 | 256 +--------+ 257 | VAAA & | RADIUS +-----+ 258 | Policy |<-------->| LMA | 259 | Profile| +-----+ 260 +--------+ | <--- LMA-Address 261 ^ // \\ 262 +---|------------- //---\\----------------+ 263 ( | IPv4/IPv6 // \\ ) 264 ( | Network // \\ ) 265 +---|-----------//---------\\-------------+ 266 | // \\ 267 RADIUS // <- Tunnel1 \\ <- Tunnel2 268 | // \\ 269 | |- MAG1-Address |- MAG2-Address 270 | +----+ +----+ 271 +---->|MAG1| |MAG2| 272 +----+ +----+ 273 | | 274 [MN1] [MN2] 276 Figure 2: The MAG and LMA are both in the visited network 278 Figure 3 illustrates the MAG is in the visited network while the LMA 279 is in the home network. Any message between the MAG and the HAAA is 280 through the VAAA acting as a proxy. Some visited network specific 281 policy may also be downloaded from the VAAA to the MAG. The LMA 282 accesses HAAA without any proxying. 284 +---------------+ 285 | HAAA & | 286 +----------| Policy Profile| 287 | +---------------+ 288 | | 289 | RADIUS 290 +--------+ | 291 | VAAA & | +-----+ 292 | Policy | | LMA | 293 | Profile| +-----+ 294 +--------+ | <--- LMA-Address 295 ^ // \\ 296 +---|------------- //---\\----------------+ 297 ( | IPv4/IPv6 // \\ ) 298 ( | Network // \\ ) 299 +---|-----------//---------\\-------------+ 300 | // \\ 301 RADIUS // <- Tunnel1 \\ <- Tunnel2 302 | // \\ 303 | |- MAG1-Address |- MAG2-Address 304 | +----+ +----+ 305 +---->|MAG1| |MAG2| 306 +----+ +----+ 307 | | 308 [MN1] [MN2] 310 Figure 3: Only MAG is in the visited network 312 4. Attribute definitions 314 4.1. MIP6-Feature-Vector 316 Diameter [RFC3588] reserves AVP Code space 1-255 as RADIUS attribute 317 compatibility space. The MIP6-Feature-Vector AVP (AVP Code 124) 318 defined in [RFC5447] is of type Unsigned64 and contains a 64-bit 319 flags field of supported mobility capabilities. This document 320 reserves new capability bits according to the rules in [RFC5447], and 321 reuses some of capability bits defined in [I-D.ietf-dime-pmip6]. The 322 following capability flag bits are defined or used in this document: 324 PMIP6_SUPPORTED (0x0000010000000000) 326 This is defined in [I-D.ietf-dime-pmip6]. When the MAG/NAS sets 327 this bit in the MIP6-Feature-Vector attribute, it is an indication 328 to the RADIUS server that the NAS supports PMIPv6. When the 329 RADIUS server sets this bit in the response MIP6-Feature-Vector 330 AVP, it indicates that the RADIUS server also has PMIPv6 support. 331 This capability flag bit can also be used to allow PMIPv6 mobility 332 support in a subscription granularity. 334 IP4_HOA_SUPPORTED (0x0000020000000000) 336 This is defined in [I-D.ietf-dime-pmip6]. Assignment of the IPv4- 337 HoA is supported [I-D.ietf-netlmm-pmip6-ipv4-support]. When the 338 MAG sets this bit in the MIP6-Feature-Vector attribute, it 339 indicates that the MAG implements a minimal functionality of a 340 DHCP server (and a relay) and is able to deliver IPv4-HoA to the 341 MN. When the RADIUS server sets this flag bit in the response 342 MIP6-Feature-Vector attribute, it indicates that the RADIUS server 343 has authorized the use of IPv4-HoA for the MN. If this bit is 344 unset in the returned MIP6-Feature-Vector attribute, the RADIUS 345 server does not authorize the configuration of IPv4 address. 347 LOCAL_MAG_ROUTING_SUPPORTED (0x0000040000000000) 349 This is defined in [I-D.ietf-dime-pmip6]. Direct routing of IP 350 packets between MNs anchored to the same MAG is supported. When a 351 MAG sets this flag bit in the MIP6-Feature-Vector, it indicates 352 that routing IP packets between MNs anchored to the same MAG is 353 supported, without reverse tunneling packets via the LMA or 354 requiring any Route Optimization related signaling (e.g. the 355 Return Routability Procedure in [RFC3775]) prior to direct 356 routing. If this flag bit is unset in the returned MIP6-Feature- 357 Vector AVP, the RADIUS server does not authorize direct routing of 358 packets between MNs anchored to the same MAG. This policy feature 359 MUST be supported per MN and subscription basis. 361 IP4_TRANSPORT_SUPPORTED (0x0000080000000000) 363 This document defines this bit for IPv4 transport support 364 negotiation between the MAG and AAA. When the MAG sets this flag 365 bit in the MIP6-Feature-Vector, it indicates that IPv4 transport 366 is used for traffic between the MAG and the LMA. If this flag bit 367 is unset in the returned MIP6-Feature-Vector AVP, the AAA does not 368 authorize IPv4 transport. 370 The MIP6-Feature-Vector attribute is also used on the LMA to the 371 RADIUS server interface. Using the capability announcement attribute 372 it is possible to perform a simple capability negotiation between the 373 LMA and the RADIUS server. Those capabilities that are announced by 374 both parties are also known to be mutually supported. 376 4.2. Mobile-Node-Identifier 378 The Mobile-Node-Identifier attribute is of String and contains the 379 mobile node identifier (MN-Identifier, see [RFC5213]) in a NAI 380 [RFC4282] format. This AVP is used on the MAG to the RADIUS server 381 interface. The Mobile-Node-Identifier attribute is designed for 382 deployments where the MAG does not have a way to find out such MN 383 identity that could be used in subsequent PBU/PBA exchanges (e.g., 384 due to identity hiding during the network access authentication) or 385 the HAAA wants to assign periodically changing identities to the MN. 387 The Mobile-Node-Identifier attribute is returned in the Access-Accept 388 message that ends a successful authentication (and possibly an 389 authorization) exchange between the MAG and the HAAA, assuming the 390 HAAA is also able to provide the MAG with the MN-Identifier in the 391 first place. 393 0 1 2 3 394 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 395 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 396 | Type | Length | Mobile Node Identifier... ~ 397 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 399 Type: 401 Mobile-Node-Identifier to be defined by IANA. 403 Length: 405 >= 3 octets 407 Mobile Node Identifier: 409 This field is of type String and contains the MN-ID 410 of the MN to be used in the PBUs. 412 4.3. PMIP6-Home-LMA-IPv6-Address 414 Before the MAG can engage in Proxy Mobile IPv6 signaling with the 415 LMA, it should either know the IP address of the LMA via pre- 416 configuration, or dynamically discover it. After the MN has been 417 successfully authenticated, the MAG can get the IPv6 address of the 418 LMA by downloading MN's policy profile information from AAA. 420 When the LMA is located in the home network, this attribute MAY be 421 sent by the HAAA to the MAG in an Access-Accept packet. The 422 attribute carries the home LMA IPv6 address being assigned to the 423 MAG. 425 0 1 2 3 426 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 427 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 428 | Type | Length | Reserved | 429 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 430 | Home LMA IPv6 address | 431 . ... ... | 432 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 434 Type: 436 PMIP6-Home-LMA-IPv6-Address to be defined by IANA. 438 Length: 440 = 20 octets 442 Reserved: 444 Reserved for future use. The bits MUST be set to zero by the 445 sender, and MUST be ignored by the receiver. 447 Home LMA IPv6 address: 449 128-bit IPv6 address of the assigned home LMA IPv6 address. 451 4.4. PMIP6-Visited-LMA-IPv6-Address 453 Figure 1 shows the interactions among the MAG, LMA, and AAA server. 454 When the mobile node moves into a visited network, the MAG interacts 455 with the HAAA through a visited AAA, and a visited LMA may be 456 assigned by the visited AAA during the interaction. 458 This attribute MAY be sent by the MAG to the VAAA in an Access- 459 Request packet as a proposal by the MAG to allocate LMAs to the MN. 460 This attribute MAY be sent by the VAAA to the MAG in an Access-Accept 461 packet. The attribute carries the visited LMA IPv6 address being 462 assigned to the MAG. 464 0 1 2 3 465 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 466 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 467 | Type | Length | Reserved | 468 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 469 | Visited LMA IPv6 address | 470 . ... ... | 471 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 473 Type: 475 PMIP6-Visited-LMA-IPv6-Address to be defined by IANA. 477 Length: 479 = 20 octets 481 Reserved: 483 Reserved for future use. The bits MUST be set to zero by the 484 sender, and MUST be ignored by the receiver. 486 Visited LMA IPv6 address: 488 128-bit IPv6 address of the assigned visited LMA IPv6 address. 490 4.5. PMIP6-Home-LMA-IPv4-Address 492 [I-D.ietf-netlmm-pmip6-ipv4-support] supports Proxy Mobile IPv6 493 signaling exchange between the MAG and LMA over IPv4 transport,that 494 is, the LMA has an IPv4 address. 496 The PMIP6-Home-LMA-IPv4-Address attribute contains the IPv4 address 497 of the LMA assigned by the HAAA. When the LMA is located in the home 498 network, this attribute MAY be sent by the HAAA to the MAG in an 499 Access-Accept packet. 501 0 1 2 3 502 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 503 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 504 | Type | Length | Reserved | 505 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 506 | Home LMA IPv4 address | 507 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 509 Type: 511 PMIP6-Home-LMA-IPv4-Address to be defined by IANA. 513 Length: 515 = 8 octets 517 Reserved: 519 Reserved for future use. The bits MUST be set to zero by the 520 sender, and MUST be ignored by the receiver. 522 Home LMA IPv4 address: 524 32-bit IPv4 address of the assigned LMA. 526 4.6. PMIP6-Visited-LMA-IPv4-Address 528 When the LMA with IPv4 address is located in the visited network, the 529 VAAA may assign the LMA to the MAG during MN's authentication. 531 PMIP6-Visited-LMA-IPv4-Address attribute MAY be sent by the MAG to 532 VAAA in an Access-Request packet as a proposal by the MAG to allocate 533 a LMA to the MN. This attribute MAY be sent by the VAAA to the MAG 534 in an Access-Accept packet. 536 0 1 2 3 537 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 538 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 539 | Type | Length | Reserved | 540 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 541 | Visited LMA IPv4 address | 542 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 544 Type: 546 PMIP6-Visited-LMA-IPv4-Address to be defined by IANA. 548 Length: 550 = 8 octets 552 Reserved: 554 Reserved for future use. The bits MUST be set to zero by the 555 sender, and MUST be ignored by the receiver. 557 IPv4 LMA address: 559 32-bit IPv4 address of the assigned LMA. 561 4.7. PMIP6-Home-LMA-FQDN 563 An AAA server may assign an Fully Qualified Domain Name (FQDN) of the 564 LMA to the MAG. The MAG can perform DNS query with the FQDN to 565 derive the LMA address. When the LMA is located in the home network, 566 PMIP6-Home-LMA-FQDN contains FQDN of the LMA. 568 This attribute is sent by the HAAA to the MAG in an Access-Accept 569 packet. The attribute carries the FQDN of the assigned LMA. 571 0 1 2 3 572 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 573 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 574 | Type | Length | FQDN of home LMA.... 575 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 577 Type: 579 PMIP6-Home-LMA-FQDN to be defined by IANA. 581 Length: 583 Variable length. 585 FQDN of the assigned HA: 587 The data field MUST contain a FQDN as described in RFC 1035. 589 4.8. PMIP6-Visited-LMA-FQDN 591 When the LMA is located in the visited network, PMIP6-Home-LMA-FQDN 592 MAY be sent by the MAG to VAAA in an Access-Request packet as a 593 proposal by the MAG to allocate a LMA to the MN. This attribute is 594 sent by VAAA to the MAG in an Access-Accept packet. The attribute 595 carries the FQDN of the assigned LMA. 597 0 1 2 3 598 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 599 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 600 | Type | Length | FQDN of visited LMA.... 601 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 603 Type: 605 PMIP6-Visited-LMA-FQDN to be defined by IANA. 607 Length: 609 Variable length. 611 FQDN of the assigned HA: 613 The data field MUST contain a FQDN as described in RFC 1035. 615 4.9. PMIP6-Home-HL-Prefix 617 Mobile Node's Home Network Prefix (MN-HNP) is a prefix assigned to 618 the link between the MN and the MAG. The MN configures its interface 619 from its home network prefix(es). When the LMA is located in the 620 home network, PMIP6-Home-HL-Prefix attribute is used to carry the MN- 621 HNP from the HAAA to the MAG. The low 64 bits of the prefix MUST be 622 all zeroes. 624 The PMIP6-Home-HL-Prefix attribute is also used on the LMA-to-HAAA 625 interface containing the prefix assigned to the MN. If the LMA 626 delegates the assignment of the MN-HNP to the HAAA, the AVP MUST 627 contain all zeroes address (i.e., 0::0) in the request message. If 628 the LMA delegated the MN-HNP assignment to the HAAA, then the AVP 629 contains the HAAA assigned MN-HNP in the response message. 631 0 1 2 3 632 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 633 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 634 | Type | Length | Reserved | Prefix-Length | 635 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 636 | | 637 . Home Link Prefix . 638 . . 639 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 641 Type: 643 PMIP6-Home-HL-Prefix to be defined by IANA. 645 Length: 647 = 20 octets. 649 Reserved: 651 Reserved for future use. The bits MUST be set to zero by the 652 sender, and MUST be ignored by the receiver. 654 Prefix-Length: 656 This field indicates the prefix length of the Home Link Prefix. 658 Home Link Prefix: 660 Home link prefix for the MN's address configuration. 662 4.10. PMIP6-Visited-HL-Prefix 664 When the LMA is located in the visited network, PMIP6-Visited-HL- 665 Prefix attribute is used to carry the MN-HNP, if available, from the 666 VAAA to the MAG. The low 64 bits of the prefix MUST be all zeroes. 668 The PMIP6-Visited-HL-Prefix attribute is also used on the LMA to VAAA 669 interface containing the prefix assigned to the MN. If the LMA 670 delegates the assignment of the MN-HNP to the VAAA, the AVP MUST 671 contain all zeroes address (i.e., 0::0) in the request message. If 672 the LMA delegated the MN-HNP assignment to the VAAA, then the AVP 673 contains the VAAA assigned MN-HNP in the response message. 675 0 1 2 3 676 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 677 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 678 | Type | Length | Reserved | Prefix-Length | 679 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 680 | | 681 . Visited Home Link Prefix . 682 . . 683 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 685 Type: 687 PMIP6-Visited-HL-Prefix to be defined by IANA. 689 Length: 691 = 20 octets. 693 Reserved: 695 Reserved for future use. The bits MUST be set to zero by the 696 sender, and MUST be ignored by the receiver. 698 Prefix-Length: 700 This field indicates the prefix length of the Home Link. 702 Visited Home Link Prefix: 704 Home link prefix for the MN's address configuration. 706 4.11. PMIP6-Home-Interface-ID 708 The home link prefixes assigned to the mobile node have to be 709 maintained on a per-interface basis. When the LMA is located in the 710 home network, PMIP6-Home-Interface-ID attribute conveys 64 bits 711 interface identifier representing different interfaces. There can be 712 multiple unique home link prefix for each interface of the mobile 713 node. In some cases, the attribute may be assigned by the HAAA for 714 MN-HoA formulation. 716 This attribute MAY be sent by the LMA or the MAG to the HAAA in an 717 Access-Request packet as a proposal. This attribute MAY be sent by 718 HAAA to the LMA in an Access-Accept packet. 720 0 1 2 3 721 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 722 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 723 | Type | Length | Reserved | 724 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 725 | | 726 . Home Interface Identifier . 727 . . 728 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 730 Type: 732 PMIP6-Home-Interface-ID to be defined by IANA. 734 Length: 736 = 12 octets. 738 Home Interface Identifier: 740 64 bits long using for differentiating different interfaces of the 741 MN. 743 4.12. PMIP6-Visited-Interface-ID 745 When the LMA is located in the visited network, PMIP6-Visited- 746 Interface-ID attribute MAY be sent by the LMA or the MAG to the VAAA 747 in an Access-Request packet as a proposal. This attribute MAY be 748 sent by the VAAA to the LMA in an Access-Accept packet. 750 0 1 2 3 751 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 752 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 753 | Type | Length | Reserved | 754 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 755 | | 756 . Visited Interface Identifier . 757 . . 758 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 760 Type: 762 PMIP6-Home-Interface-ID to be defined by IANA. 764 Length: 766 = 12 octets. 768 Visited Interface Identifier: 770 64 bits long using for differentiating different interfaces of the 771 mobile node. 773 4.13. PMIP6-Home-IPv4-HoA 775 [I-D.ietf-netlmm-pmip6-ipv4-support] specifies extensions to Proxy 776 Mobile IPv6 protocol which enable IPv4 home address mobility support 777 to the MN. The PMIP6-Home-IPv4-HoA attribute is of type Address and 778 contains the IPv4-HoA of the MN. The primary use of this attribute 779 is to carry the IPv4-HoA from the HAAA to the MAG. 781 The PMIP6-Home-IPv4-HoA is also used on the LMA-to-HAAA interface. 782 If the LMA in the home network delegates the assignment of the IPv4- 783 HoA to the HAAA, the attribute MUST contain all zeroes address in the 784 request message, and then the attribute contains the HAAA assigned 785 IPv4-HoA in the response message. 787 0 1 2 3 788 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 789 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 790 | Type | Length | Reserved | 791 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 792 | Home IPv4 HoA | 793 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 795 Type: 797 PMIP6-Home-IPv4-HoA to be defined by IANA. 799 Length: 801 = 8 octets 803 Reserved: 805 Reserved for future use. The bits MUST be set to zero by the 806 sender, and MUST be ignored by the receiver. 808 Home IPv4 HoA: 809 This field is of type Address and contains the IPv4 home 810 address of the MN in the home network. 812 4.14. PMIP6-Visited-IPv4-HoA 814 When both the MAG and the LMA are in the visited network, the PMIP6- 815 Visited-IPv4-HoA is used for containing IPv4-HoA of the MN. This 816 attribute is of type Address and the primary usage is to carry the 817 IPv4-HoA from VAAA to the MAG. 819 The PMIP6-Visited-IPv4-HoA is also used on the LMA-to-VAAA interface. 820 If the LMA delegates the assignment of the IPv4-HoA to the VAAA, the 821 attribute MUST contain all zeroes address in the request message, and 822 then the attribute contains the VAAA assigned IPv4-HoA in the 823 response message. 825 0 1 2 3 826 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 827 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 828 | Type | Length | Reserved | 829 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 830 | Visited IPv4 HoA | 831 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 833 Type: 835 PMIP6-Visited-IPv4-HoA to be defined by IANA. 837 Length: 839 = 8 octets 841 Reserved: 843 Reserved for future use. The bits MUST be set to zero by the 844 sender, and MUST be ignored by the receiver. 846 Visited IPv4 HoA: 848 This field is of type Address and contains the IPv4 home 849 address of the MN in the visited network. 851 4.15. PMIP6-Home-DHCP4-Server-Address 853 The PMIP6-Home-DHCP4-Server-Address contains the IP address of the 854 DHCPv4 server in the home network assigned to the MAG serving the 855 newly attached MN. The HAAA MAY assign a DHCP server to the MAG in 856 deployments where the MAG acts as a DHCP Relay 857 [I-D.ietf-netlmm-pmip6-ipv4-support]. 859 0 1 2 3 860 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 861 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 862 | Type | Length | Reserved | 863 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 864 | Home DHCPv4 server address | 865 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 867 Type: 869 PMIP6-Home-DHCP4-Server-Address to be defined by IANA. 871 Length: 873 = 8 octets 875 Reserved: 877 Reserved for future use. The bits MUST be set to zero by the 878 sender, and MUST be ignored by the receiver. 880 Home DHCPv4 server address: 882 This field contains 4-octet DHCPv4 server address for the MN in 883 the home network. 885 4.16. PMIP6-Visited-DHCP4-Server-Address 887 When both the MAG and the LMA are in the visited network, the PMIP6- 888 Visited-DHCP4-Server-Address contains the IP address of the DHCPv4 889 server in the visited network assigned to the MAG serving the newly 890 attached MN. The VAAA MAY assign a DHCPv4 server to the MAG in 891 deployments where the MAG acts as a DHCP Relay 892 [I-D.ietf-netlmm-pmip6-ipv4-support]. 894 0 1 2 3 895 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 896 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 897 | Type | Length | Reserved | 898 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 899 | Visited DHCPv4 server address | 900 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 902 Type: 904 PMIP6-Visited-DHCP4-Server-Address to be defined by IANA. 906 Length: 908 = 8 octets 910 Reserved: 912 Reserved for future use. The bits MUST be set to zero by the 913 sender, and MUST be ignored by the receiver. 915 Visited DHCPv4 server address: 917 This field contains 4-octet DHCPv4 server address for the MN in 918 the visited network. 920 4.17. PMIP6-Home-DHCP6-Server-Address 922 The PMIP6-Home-DHCP6-Server-Address contains the IP address of the 923 DHCPv6 server in the home network assigned to the MAG serving the 924 newly attached MN. The HAAA MAY assign a DHCPv6 server to the MAG in 925 deployments where the MAG acts as a DHCP Relay [RFC5213]. 927 0 1 2 3 928 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 929 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 930 | Type | Length | Reserved | 931 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 932 | | 933 . Home DHCPv6 server address . 934 . . 935 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 937 Type: 939 PMIP6-Home-DHCP6-Server-Address to be defined by IANA. 941 Length: 943 = 20 octets 945 Reserved: 947 Reserved for future use. The bits MUST be set to zero by the 948 sender, and MUST be ignored by the receiver. 950 Home DHCPv6 server address: 952 This field contains 16-octet DHCPv6 server address for the MN in the 953 home network. 955 4.18. PMIP6-Visited-DHCP6-Server-Address 957 When both the MAG and the LMA are in the visited network, the PMIP6- 958 Visited-DHCP6-Server-Address contains the IP address of the DHCPv6 959 server in the visited network assigned to the MAG serving the newly 960 attached MN. The VAAA MAY assign a DHCPv6 server to the MAG in 961 deployments where the MAG acts as a DHCP Relay [RFC5213]. 963 0 1 2 3 964 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 965 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 966 | Type | Length | Reserved | 967 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 968 | | 969 . Visited DHCPv6 server address . 970 . . 971 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 973 Type: 975 PMIP6-Visited-DHCP6-Server-Address to be defined by IANA. 977 Length: 979 = 20 octets 981 Reserved: 983 Reserved for future use. The bits MUST be set to zero by the 984 sender, and MUST be ignored by the receiver. 986 Visited DHCPv6 server address: 988 This field contains 16-octet DHCPv6 server address for the MN in the 989 visited network. 991 4.19. Service-Selection 993 The Service-Selection attribute is of type String and contains the 994 name of the service or the external network that the mobility service 995 should be associated with. The RADIUS server MAY return the Service- 996 Selection attribute to the MAG and in that way indicate the default 997 service to the MAG. Between the LMA to the RADIUS server interface, 998 the LMA MAY populate the Service-Selection attribute with the service 999 information found from the received PBU, if such information is 1000 available [RFC5149]. 1002 0 1 2 3 1003 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1004 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1005 | Type | Length | Service Identifier... ~ 1006 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1008 Type: 1010 Service-Selection to be defined by IANA. 1012 Length: 1014 >= 3 octets 1016 Service Identifier: 1017 This field is of type String and contains the Service Identifier 1018 the MN MUST be associated with. 1020 4.20. Calling-Station-Id 1022 The Calling-Station-Id attribute is of type String and contains a 1023 Link-Layer Identifier of the MN. This identifier may correspond to a 1024 real physical interface or something that the MAG has generated. 1026 5. MAG to RADIUS server interface 1028 5.1. General 1030 The MAG to the RADIUS server interface is primarily used for 1031 downloading the Policy Profile (i.e., to bootstrap the PMIPv6 1032 mobility service session) when a MN attaches and authenticates and 1033 authorizes to a PMIPv6 domain. Whenever the MAG sends a RADIUS 1034 request message to the RADIUS server, the User-Name attribute SHOULD 1035 contain the MN identity. At minimum the home realm of the MN MUST be 1036 available at the MAG when the network access authentication takes 1037 place. Otherwise the MAG is not able to route the RADIUS request 1038 messages towards the correct RADIUS server. The MN identity MUST be 1039 in Network Access Identifier (NAI) [RFC4282] format. 1041 5.2. Table of Attributes 1043 The following table provides a guide to which attributes may be found 1044 in authentication and authorization process. 1046 Request Accept Reject Challenge # Attribute 1047 0 0-1 0 0 TBD PMIP6-Home-LMA-IPv6-Address 1048 0-1 0-1 0 0 TBD PMIP6-Visited-LMA-IPv6-Address 1049 0 0-1 0 0 TBD PMIP6-Home-LMA-IPv4-Address 1050 0-1 0-1 0 0 TBD PMIP6-Visited-LMA-IPv4-Address 1051 0 0-1 0 0 TBD PMIP6-Home-LMA-FQDN 1052 0-1 0-1 0 0 TBD PMIP6-Visited-LMA-FQDN 1053 0 0-1 0 0 TBD PMIP6-Home-HL-Prefix 1054 0 0-1 0 0 TBD PMIP6-Visited-HL-Prefix 1055 0 0-1 0 0 TBD PMIP6-Home-Interface-ID 1056 0 0-1 0 0 TBD PMIP6-Visited-Interface-ID 1057 0 0-1 0 0 TBD PMIP6-Home-IPv4-HoA 1058 0 0-1 0 0 TBD PMIP6-Visited-IPv4-HoA 1059 0 0-1 0 0 TBD PMIP6-Home-DHCP4-Server-Address 1060 0-1 0-1 0 0 TBD PMIP6-Visited-DHCP4-Server-Address 1061 0 0-1 0 0 TBD PMIP6-Home-DHCP6-Server-Address 1062 0-1 0-1 0 0 TBD PMIP6-Visited-DHCP6-Server-Address 1063 0 1 0 0 TBD Mobile-Node-Identifier 1064 0-1 0-1 0 0 124 MIP6-Feature-Vector 1065 0-1 0-1 0 0 TBD Service-Selection 1066 0-1 0 0 0 31 Calling-Station-Id 1068 6. LMA to RADIUS server interface 1070 6.1. General 1072 The LMA-to-HAAA interface may be used for multiple purposes. These 1073 include the authorization of the incoming PBU, updating the LMA 1074 address to the HAAA, accounting and PMIPv6 session management. 1076 6.2. Table of Attributes 1078 The following table provides a guide to which attributes may be found 1079 in authentication and authorization process. 1081 Request Accept Reject Challenge # Attribute 1082 0-1 0-1 0 0 TBD PMIP6-Home-HL-Prefix 1083 0-1 0-1 0 0 TBD PMIP6-Home-IPv4-HoA 1084 0 0-1 0 0 TBD PMIP6-Home-Interface-ID 1085 0 0-1 0 0 TBD PMIP6-Visited-Interface-ID 1086 1 0 0 0 TBD Mobile-Node-Identifier 1087 0-1 0-1 0 0 124 MIP6-Feature-Vector 1088 0-1 0-1 0 0 TBD Service-Selection 1089 0-1 0 0 0 31 Calling-Station-Id 1091 7. Accounting 1093 7.1. Accounting at LMA 1095 The accounting at the LMA to AAA server interface is based on 1096 [RFC2865] and [RFC2866]. The interface must support the transfer of 1097 accounting records needed for service control and charging. These 1098 include (but may not be limited to): time of binding cache entry 1099 creation and deletion, octets sent and received by the MN in bi- 1100 directional tunneling, etc. 1102 7.2. Accounting at MAG 1104 The accounting at the MAG to AAA server interface is based on 1105 [RFC2865] and [RFC2866]. The interface must also support the 1106 transfer of accounting records which include: time of binding cache 1107 entry creation and deletion, octets sent and received by the MN in 1108 bi-directional tunneling, etc. 1110 If there is data traffic between a visiting mobile node and a 1111 correspondent node that is locally attached to an access link 1112 connected to the mobile access gateway, the mobile access gateway MAY 1113 optimize on the delivery efforts by locally routing the packets and 1114 by not reverse tunneling them to the mobile node's local mobility 1115 anchor. In this case, local data traffic MUST be reported to AAA 1116 servers through RADIUS protocol. 1118 7.3. Table of Attributes 1120 The following table provides a guide to which attributes may be found 1121 in accounting messages. 1123 Request Interim Stop Attribute 1124 0-1 0 0-1 PMIP6-Home-LMA-IPv6-Address 1125 0-1 0 0-1 PMIP6-Visited-LMA-IPv6-Address 1126 0-1 0 0-1 PMIP6-Home-LMA-IPv4-Address 1127 0-1 0 0-1 PMIP6-Visited-LMA-IPv4-Address 1128 0-1 0 0-1 PMIP6-Home-HL-Prefix 1129 0-1 0 0-1 PMIP6-Visited-HL-Prefix 1130 0-1 0 0-1 PMIP6-Home-IPv4-HoA 1131 0-1 0 0-1 PMIP6-Visited-IPv4-HoA 1132 0-1 0 0-1 Service-Selection 1133 0-1 0 0-1 MIP6-Feature-Vector 1134 0-1 0-1 0-1 Mobile-Node-Identifier 1135 0-1 0 0-1 Calling-Station-Id 1137 8. Security Considerations 1139 The RADIUS messages may be transported between the MAG and/or the LMA 1140 to the RADIUS server via one or more AAA brokers or RADIUS proxies. 1141 In this case the HA to the RADIUS server AAA communication relies on 1142 the security properties of the intermediate AAA brokers and RADIUS 1143 proxies. 1145 9. IANA consideration 1147 9.1. Attribute Type Codes 1149 This specification defines the following new RADIUS attribute type 1150 codes: 1152 Mobile-Node-Identifier is set to TBD 1153 PMIP6-Home-LMA-IPv6-Address is set to TBD 1154 PMIP6-Visited-LMA-IPv6-Address is set to TBD 1155 PMIP6-Home-LMA-IPv4-Address is set to TBD 1156 PMIP6-Visited-LMA-IPv4-Address is set to TBD 1157 PMIP6-Home-LMA-FQDN is set to TBD 1158 PMIP6-Visited-LMA-FQDN is set to TBD 1159 PMIP6-Home-HL-Prefix is set to TBD 1160 PMIP6-Visited-HL-Prefix is set to TBD 1161 PMIP6-Home-Interface-ID is set to TBD 1162 PMIP6-Visited-Interface-ID is set to TBD 1163 PMIP6-Home-IPv4-HoA is set to TBD 1164 PMIP6-Visited-IPv4-HoA is set to TBD 1165 PMIP6-Home-DHCP4-Server-Address is set to TBD 1166 PMIP6-Visited-DHCP4-Server-Address is set to TBD 1167 PMIP6-Home-DHCP6-Server-Address is set to TBD 1168 PMIP6-Visited-DHCP6-Server-Address is set to TBD 1169 Service-Selection is set to TBD 1170 Calling-Station-Id is set to TBD 1172 9.2. Namespaces 1174 This specification defines new values to the Mobility Capability 1175 registry (see [RFC5447]) for use with the MIP6- Feature-Vector AVP: 1177 Token | Value 1178 ----------------------------------+-------------------- 1179 PMIP6_SUPPORTED | 0x0000010000000000 1180 IP4_HOA_SUPPORTED | 0x0000020000000000 1181 LOCAL_MAG_ROUTING_SUPPORTED | 0x0000040000000000 1182 IP4_TRANSPORT_SUPPORTED | 0x0000080000000000 1184 10. Acknowledgements 1186 The authors would like to thank Glen Zorn, Avi Lior for reviewing the 1187 document. The authors would also like to thank the authors of 1188 [I-D.ietf-dime-pmip6] as this document re-uses some procedural ideas 1189 of the mentioned specification. 1191 11. References 1193 11.1. Normative References 1195 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1196 Requirement Levels", BCP 14, RFC 2119, March 1997. 1198 [RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson, 1199 "Remote Authentication Dial In User Service (RADIUS)", 1200 RFC 2865, June 2000. 1202 [RFC5213] Gundavelli, S., Leung, K., Devarapalli, V., Chowdhury, K., 1203 and B. Patil, "Proxy Mobile IPv6", RFC 5213, August 2008. 1205 [RFC4282] Aboba, B., Beadles, M., Arkko, J., and P. Eronen, "The 1206 Network Access Identifier", RFC 4282, December 2005. 1208 [RFC5447] Korhonen, J., Bournelle, J., Tschofenig, H., Perkins, C., 1209 and K. Chowdhury, "Diameter Mobile IPv6: Support for 1210 Network Access Server to Diameter Server Interaction", 1211 RFC 5447, February 2009. 1213 [RFC3588] Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J. 1214 Arkko, "Diameter Base Protocol", RFC 3588, September 2003. 1216 11.2. Informative references 1218 [RFC2866] Rigney, C., "RADIUS Accounting", RFC 2866, June 2000. 1220 [RFC3748] Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., and H. 1221 Levkowetz, "Extensible Authentication Protocol (EAP)", 1222 RFC 3748, June 2004. 1224 [RFC5149] Korhonen, J., Nilsson, U., and V. Devarapalli, "Service 1225 Selection for Mobile IPv6", RFC 5149, February 2008. 1227 [RFC3775] Johnson, D., Perkins, C., and J. Arkko, "Mobility Support 1228 in IPv6", RFC 3775, June 2004. 1230 [I-D.ietf-netlmm-pmip6-ipv4-support] 1231 Wakikawa, R. and S. Gundavelli, "IPv4 Support for Proxy 1232 Mobile IPv6", draft-ietf-netlmm-pmip6-ipv4-support-17 1233 (work in progress), September 2009. 1235 [I-D.ietf-dime-pmip6] 1236 Korhonen, J., Bournelle, J., Chowdhury, K., Muhanna, A., 1237 and U. Meyer, "Diameter Proxy Mobile IPv6: Mobile Access 1238 Gateway and Local Mobility Anchor Interaction with 1239 Diameter Server", draft-ietf-dime-pmip6-04 (work in 1240 progress), September 2009. 1242 Authors' Addresses 1244 Frank Xia 1245 Huawei USA 1246 1700 Alma Dr. Suite 500 1247 Plano, TX 75075 1249 Phone: +1 972-509-5599 1250 Email: xiayangsong@huawei.com 1252 Behcet Sarikaya 1253 Huawei USA 1254 1700 Alma Dr. Suite 500 1255 Plano, TX 75075 1257 Phone: +1 972-509-5599 1258 Email: sarikaya@ieee.org 1260 Jouni Korhonen 1261 Nokia Siemens Networks 1263 Email: jouni.nospam@gmail.com 1265 Sri Gundavelli 1266 Cisco 1267 170 West Tasman Drive 1268 San Jose, CA 95134 1270 Email: sgundave@cisco.com 1272 Damjan Damic 1273 Siemens AG 1275 Email: damjan.damic@siemens.com