[Docs] [txt|pdf] [Tracker] [WG] [Email] [Diff1] [Diff2] [Nits] [IPR]

Versions: (draft-tschofenig-dime-mip6-integrated) 00 01 02 03 04 05 06 07 08 09 10 11 12 RFC 5447

Diameter Maintenance and                                     J. Korhonen
Extensions (DIME)                                            TeliaSonera
Internet-Draft                                              J. Bournelle
Expires: December 21, 2006                                       GET/INT
                                                           H. Tschofenig
                                                                 Siemens
                                                              C. Perkins
                                                                   Nokia
                                                           June 19, 2006


        Diameter MIPv6 Bootstrapping for the Integrated Scenario
                 draft-ietf-dime-mip6-integrated-00.txt

Status of this Memo

   By submitting this Internet-Draft, each author represents that any
   applicable patent or other IPR claims of which he or she is aware
   have been or will be disclosed, and any of which he or she becomes
   aware will be disclosed, in accordance with Section 6 of BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on December 21, 2006.

Copyright Notice

   Copyright (C) The Internet Society (2006).

Abstract

   A Mobile IPv6 node requires a home agent address, a home address, and
   IPsec security association with its home agent before it can start
   utilizing Mobile IPv6 service.  RFC 3775 requires that some or all of



Korhonen, et al.        Expires December 21, 2006               [Page 1]


Internet-Draft     Diameter MIPv6 Integrated Scenario          June 2006


   these parameters are statically configured.  Ongoing Mobile IPv6
   bootstrapping work aims to make this information dynamically
   available to the mobile node.  An important aspect of the Mobile IPv6
   bootstrapping solution is to support interworking with existing
   authentication, authorization and accounting infrastructure.  This
   document describes the usage of Diameter to facilitate Mobile IPv6
   bootstrapping for the integrated scenario.

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.  Terminology and Abbreviations  . . . . . . . . . . . . . . . .  4
   3.  Overview . . . . . . . . . . . . . . . . . . . . . . . . . . .  5
   4.  Commands, AVPs and Advertising Application Support . . . . . .  7
     4.1   Advertising Application Support  . . . . . . . . . . . . .  7
     4.2   Command Codes  . . . . . . . . . . . . . . . . . . . . . .  8
     4.3   Diameter-EAP-Request (DER) . . . . . . . . . . . . . . . .  8
     4.4   Diameter-EAP-Answer (DEA)  . . . . . . . . . . . . . . . .  9
     4.5   AA-Request (AAR) . . . . . . . . . . . . . . . . . . . . . 10
     4.6   AA-Answer (AAA)  . . . . . . . . . . . . . . . . . . . . . 11
     4.7   New AVPs . . . . . . . . . . . . . . . . . . . . . . . . . 12
       4.7.1   MIP6-Home-Agent-Address AVP  . . . . . . . . . . . . . 12
       4.7.2   MIP6-Home-Agent-FQDN AVP . . . . . . . . . . . . . . . 12
       4.7.3   MIP4-Home-Agent-Address AVP  . . . . . . . . . . . . . 12
       4.7.4   MIPv6-Bootstrapping-Feature AVP  . . . . . . . . . . . 13
   5.  Diameter Client and Server Behavior During MIPv6
       Bootstrapping  . . . . . . . . . . . . . . . . . . . . . . . . 14
     5.1   Client (NAS) Behavior  . . . . . . . . . . . . . . . . . . 14
     5.2   Server Behavior  . . . . . . . . . . . . . . . . . . . . . 15
     5.3   Example Message Flows  . . . . . . . . . . . . . . . . . . 16
   6.  AVP Occurrence Tables  . . . . . . . . . . . . . . . . . . . . 18
     6.1   DER and DEA Commands AVP Table . . . . . . . . . . . . . . 18
     6.2   AAR and AAA Commands AVP Table . . . . . . . . . . . . . . 18
   7.  MIPv6 Bootstrapping Integrated AVPs  . . . . . . . . . . . . . 19
   8.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 20
     8.1   AVP Codes  . . . . . . . . . . . . . . . . . . . . . . . . 20
     8.2   Application Identifier . . . . . . . . . . . . . . . . . . 20
     8.3   Namespaces . . . . . . . . . . . . . . . . . . . . . . . . 20
   9.  Security Considerations  . . . . . . . . . . . . . . . . . . . 21
   10.   Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 22
   11.   References . . . . . . . . . . . . . . . . . . . . . . . . . 23
     11.1  Normative References . . . . . . . . . . . . . . . . . . . 23
     11.2  Informative References . . . . . . . . . . . . . . . . . . 23
       Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 24
       Intellectual Property and Copyright Statements . . . . . . . . 26






Korhonen, et al.        Expires December 21, 2006               [Page 2]


Internet-Draft     Diameter MIPv6 Integrated Scenario          June 2006


1.  Introduction

   Mobile IPv6 specification [RFC3775] requires a Mobile Node (MN) to
   perform registration with a home agent with information about its
   current point of attachment (Care-of Address).  The home agent
   creates and maintains binding between the MN's Home Address and the
   MN's Care-of Address.

   In order to register with a home agent, the MN needs to know some
   information such as, the Home Link prefix, the home agent Address,
   the Home Address(es), the Home Link prefix Length and security
   related information in order to later secure the Binding Update.

   The aforementioned set of information may be statically provisioned
   in the MN.  However, static provisioning of this information has its
   drawbacks.  It increases provisioning and network maintenance becomes
   easily burden for an operator.  Moreover, static provisioning does
   not allow load balancing, failover, opportunistic home link
   assignment etc.  For example, the user may be accessing the network
   from a location that may be geographically far away from the
   preconfigured home link; the administrative burden to configure the
   MNs with the respective addresses is large and the ability to react
   on environmental changes is minimal.  In these situations static
   provisioning may not be desirable.

   Dynamic assignment of Mobile IPv6 home registration information is a
   desirable feature for ease of deployment and network maintenance.
   For this purpose, the Diameter infrastructure, which is used for
   access authentication, can be leveraged to assign some or all of the
   necessary parameters.  The Diameter server in Access Service
   Provider's (ASP) or in Mobility Service Provider's (MSP) network may
   return these parameters to the AAA client.  The AAA client might
   either be the NAS, in case of the integrated scenario, or the home
   agent, in case of the split scenario [I-D.ietf-mip6-bootstrapping-
   split].  The terms integrated and split are described in the
   terminology section and were introduced in
   [I-D.ietf-mip6-bootstrap-ps] and [I-D.ietf-mip6-aaa-ha-goals].














Korhonen, et al.        Expires December 21, 2006               [Page 3]


Internet-Draft     Diameter MIPv6 Integrated Scenario          June 2006


2.  Terminology and Abbreviations

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC2119 [RFC2119].

   General mobility terminology can be found in [RFC3753].  The
   following additional terms, as defined in
   [I-D.ietf-mip6-bootstrap-ps], are used in this document:

   Access Service Authorizer (ASA):

      A network operator that authenticates a mobile node and
      establishes the mobile node's authorization to receive Internet
      service.

   Access Service Provider (ASP):

      A network operator that provides direct IP packet forwarding to
      and from the mobile node.

   Mobility Service Authorizer (MSA):

      A service provider that authorizes Mobile IPv6 service.

   Mobility Service Provider (MSP):

      A service provider that provides Mobile IPv6 service.  In order to
      obtain such service, the mobile node must be authenticated and
      authorized to obtain the Mobile IPv6 service.

   Split scenario:

      A scenario where the mobility service and the network access
      service are authorized by different entities.

   Integrated Scenario:

      A scenario where the mobility service and the network access
      service are authorized by the same entity.











Korhonen, et al.        Expires December 21, 2006               [Page 4]


Internet-Draft     Diameter MIPv6 Integrated Scenario          June 2006


3.  Overview

   This document addresses the authentication, authorization and
   accounting functionality required by for the MIPv6 bootstrapping as
   outlined in the MIPv6 bootstrapping problem statement document (see
   [I-D.ietf-mip6-bootstrap-ps]).  This document focuses on the AAA
   functionality for the integrated scenario.  The AAA interaction for
   the split scenario is conceptually simpler and described in
   [I-D.tschofenig-mip6-aaa-ha-diameter].

   The subsequent text outlines the AAA interaction between the
   participating entities in the integrated scenario.  In the integrated
   scenario MIPv6 bootstrapping is provided as part of the network
   access authentication procedure.  Figure 1 shows the participating
   entities.  This document, however, only concentrates on the NAS,
   possible local Diameter proxies and the home Diameter server.


                      +---------------------------+  +-----------------+
                      |Access Service Provider    |  |ASA/MSA/(MSP)    |
                      |(Mobility Service Provider)|  |                 |
                      |                           |  |                 |
                      | +--------+                |  |    +--------+   |
                      | |Local   |      Diameter  |  |    |Home    |   |
                      | |Diameter|<---------------------->|Diameter|   |
                      | |Proxy   |                |  |    |Server  |   |
                      | +--------+                |  |    +--------+   |
                      |     ^                     |  |        ^        |
                      |     |                     |  |        |        |
                      |     |                     |  |        |        |
                      |     |Diameter             |  |        v        |
                      |     |           +-------+ |  |    +-------+    |
                      |     |           |Home   | |  |    |Home   |    |
                      |     |     +---->|Agent  | |  |    |Agent  |    |
                      |     |     |     |in ASP | |  |    |in MSP |    |
                      |     v     v     +-------+ |  |    +-------+    |
   +-------+ IEEE     | +-----------+   +-------+ |  +-----------------+
   |Mobile | 802.1X   | |NAS/Relay  |   |DHCPv6 | |
   |Node   |----------+-|Diameter   |---|Server | |
   |       | PANA,... | |Client     |   |       | |
   +-------+ DHCP     | +-----------+   +-------+ |
                      +---------------------------+

      Figure 1: Mobile IPv6 Bootstrapping in the Integrated Scenario

   In a typical Mobile IPv6 access scenario, as shown above, the MN is
   attached to an Access Service Provider's network.  During the network
   attachment procedure, the NAS/Diameter client interacts with the



Korhonen, et al.        Expires December 21, 2006               [Page 5]


Internet-Draft     Diameter MIPv6 Integrated Scenario          June 2006


   mobile node.  As shown in Figure 1, the authentication and
   authorization happens via the Diameter infrastructure.

   At the time of authorizing the user for the IPv6 access, the Diameter
   server in the MSA detects that the user is authorized for Mobile IPv6
   access.  Based on the MSA's policy, the Diameter server may allocate
   several parameters to the MN for use during the subsequent Mobile
   IPv6 protocol interaction with the home agent.

   Depending on the details of the solution interaction with the DHCPv6
   server may be required, as described in [I-D.ietf-mip6-bootstrapping-
   integrated-dhc].  However, the solution described in this document is
   not dependant on the DHCPv6 as the only possible MIPv6 bootstrapping
   method.





































Korhonen, et al.        Expires December 21, 2006               [Page 6]


Internet-Draft     Diameter MIPv6 Integrated Scenario          June 2006


4.  Commands, AVPs and Advertising Application Support

   This section describes command codes, defines AVPs and advertised
   application identifiers for  the Diameter MIPv6 bootstrapping in the
   integrated scenario.

4.1  Advertising Application Support

   Diameter nodes conforming to this specification SHOULD include the
   value of (TBD) in the Auth-Application-Id or the Acct-Application-Id
   AVP of the Capabilities-Exchange-Request and Capabilities-Exchange-
   Answer commands [RFC3588].  This application is referred as the
   Diameter MIPv6 Bootstrapping Integrated scenario -- MIP6BSTI.  From
   the advertised Application ID the home Diameter server is able to
   detect whether the Access Service Provider (and its NAS) supports
   MIPv6 bootstrapping and MIPv6.  If the NAS also supports the EAP
   application and/or the Diameter NAS Application application
   corresponding Application IDs should be advertised during the
   capability exchange.

   If the NAS receives a response with the Result-Code set to
   DIAMETER_APPLICATION_UNSUPPORTED [RFC3588], it indicates that the
   Diameter server in the ASA/MSA does not support MIPv6 Bootstrapping
   Integrated application.  In this case the NAS MAY attempt to fallback
   to basic network access authentication without MIPv6 bootstrapping.

   Whenever the mobile node authenticates using some EAP-based method
   then the NAS SHOULD use the Diameter MIPv6 Bootstrapping Integrated
   Application ID value of TBD in the Auth-Application-Id AVP in the
   Diameter-EAP-Request command [RFC4072] and subsequently the answering
   Diameter server in the Diameter-EAP-Answer command [RFC4072].  This
   implies that the NAS and the Diameter server MUST support MIPv6
   Bootstrapping Integrated application.  If either end lacks the
   required support, the NAS and subsequently also the Diameter server
   falls back to the EAP application [RFC4072].

   If the mobile node does not use EAP-based network access
   authentication then the NAS SHOULD use the Diameter MIPv6
   Bootstrapping Integrated Application ID value of TBD in the Auth-
   Application-Id AVP in the AA-Request command [RFC4005] and
   subsequently the answering Diameter server in the AA-Answer command
   [RFC4005].  This implies that the NAS and the Diameter server MUST
   support MIPv6 bootstrapping integrated application.  If either end
   lacks the required support, the NAS and subsequently also the
   Diameter server falls back to the Diameter NAS application [RFC4005].

   The value of zero (0) SHOULD be used as the Application-Id in all
   STR/STA, ACR/ACA, ASR/ASA, and RAR/RAA commands, because these



Korhonen, et al.        Expires December 21, 2006               [Page 7]


Internet-Draft     Diameter MIPv6 Integrated Scenario          June 2006


   commands are defined in the Diameter base protocol and no additional
   mandatory AVPs for those commands are defined in this document.

4.2  Command Codes

   This document re-uses the Diameter Base protocol [RFC3588], Diameter
   NAS Application [RFC4072] and EAP commands .  The following commands
   are used to carry MIPv6 related bootstrapping AVPs:


   Command-Name             Abbrev.   Code     Reference  Application

   Diameter-EAP-Request      DER       268      RFC 4072   MIP6BSTI
   Diameter-EAP-Answer       DEA       268      RFC 4072   MIP6BSTI

   AA-Request                AAR       265      RFC 4005   MIP6BSTI
   AA-Answer                 AAA       265      RFC 4005   MIP6BSTI


    Figure 2: MIPv6 Bootstrapping Integrated Application Command Codes

   When the Re-Auth-Request (RAR), Re-Auth-Answer (RAA), Session-
   Termination-Request (STR), Session-Termination-Answer (STA), Abort-
   Session-Request (ASR), Abort-Session-Answer (ASA), Accounting-Request
   (ACR), and Accounting-Answer (ACA) commands are used together with
   the Diameter MIPv6 Bootstrapping Integrated application, they follow
   the rules in the Diameter NAS [RFC4005], EAP [RFC4072] and BASE
   [RFC3588] applications.  The accounting commands use Application
   Identifier value of 3 (Diameter Base Accounting); the others use 0
   (Diameter Common Messages).

4.3  Diameter-EAP-Request (DER)

   The Diameter-EAP-Request (DER) command [RFC4072], indicated by the
   Command-Code field set to 268 and the 'R' bit set in the Command
   Flags field, may be sent by the NAS to the Diameter server providing
   network access authentication and authorization services.  At the
   same time with the network access authentication and authorization
   the NAS MAY request home agent assignment, to authorize for mobility
   service usage and optionally to indicate the support of possible
   local home agent assignment.  The NAS indicates the support for MIPv6
   Bootstrapping Integrated application by setting the
   Auth-Application-Id to value of TBD.  The DER command MAY also carry
   the DNS Update Mobility Option and the MIPv6 Bootstrapping Feature
   attribute.

   The message format is the same as defined in [RFC4072] with an
   addition of MIPv6 Bootstrapping Integrated application AVPs.  The



Korhonen, et al.        Expires December 21, 2006               [Page 8]


Internet-Draft     Diameter MIPv6 Integrated Scenario          June 2006


   figure below shows the DER message used with the MIPv6 Bootstrapping
   Integrated application:



     <Diameter-EAP-Request> ::= < Diameter Header: 268, REQ, PXY >
                                < Session-Id >
                                { Auth-Application-Id }
                                { Origin-Host }
                                { Origin-Realm }
                                { Destination-Realm }
                                { Auth-Request-Type }

                                [ MIPv6-Bootstrapping-Feature ]

                                [ Destination-Host ]
                                ...
                              * [ AVP ]

                  Figure 3: Diameter EAP Request Command


4.4  Diameter-EAP-Answer (DEA)

   The Diameter-EAP-Answer (DEA) message define in [RFC4072], indicated
   by the Command- Code field set to 268 and 'R' bit cleared in the
   Command Flags field is sent in response to the Diameter-EAP-Request
   message (DER).  If the mobility service is successfully authorized
   and the Diameter server was able to fulfill the bootstrapping request
   (if needed) then the response SHOULD include the MIP6-Home-Agent-
   Address AVP, MIP6-Home-Agent-FQDN and MIP4-Home-Agent-address AVPs.

   The message format is the same as defined in [RFC4072] with an
   addition of MIPv6 Bootstrapping Integrated application AVPs.  The
   figure below shows the DEA message used with the MIPv6 Bootstrapping
   Integrated application:















Korhonen, et al.        Expires December 21, 2006               [Page 9]


Internet-Draft     Diameter MIPv6 Integrated Scenario          June 2006


     <Diameter-EAP-Answer> ::= < Diameter Header: 268, PXY >
                               < Session-Id >
                               { Auth-Application-Id }
                               { Auth-Request-Type }
                               { Result-Code }
                               { Origin-Host }
                               { Origin-Realm }

                               [ MIP6-Home-Agent-Address ]
                               [ MIP6-Home-Agent-FQDN ]
                               [ MIP4-Home-Agent-address ]

                               [ User-Name ]
                               ...
                             * [ AVP ]

                   Figure 4: Diameter EAP Answer Command


4.5  AA-Request (AAR)

   The AA-Request (AAR) message, indicated by the Command-Code field set
   to 265 and 'R' bit set in the Command Flags field,  may be sent by
   the NAS to the Diameter server providing network access configuration
   services.  At the same time with the network access configuration the
   NAS MAY request home agent assignment, to authorize for mobility
   service usage and optionally to indicate the support of possible
   local home agent assignment.  The NAS indicates the support for MIPv6
   Bootstrapping Integrated application by setting the
   Auth-Application-Id to value of (TBD).  The AAR command MAY also
   carry the DNS Update Mobility Option and the MIPv6 Bootstrapping
   Feature attribute.

   The message format is the same as defined in [RFC4005] with an
   addition of MIPv6 Bootstrapping Integrated application AVPs.  The
   figure below shows the AAR message used with the MIPv6 Bootstrapping
   Integrated application:














Korhonen, et al.        Expires December 21, 2006              [Page 10]


Internet-Draft     Diameter MIPv6 Integrated Scenario          June 2006


     <AA-Request> ::= < Diameter Header: 265, REQ, PXY >
                      < Session-Id >
                      { Auth-Application-Id }
                      { Origin-Host }
                      { Origin-Realm }
                      { Destination-Realm }
                      { Auth-Request-Type }

                      [ MIPv6-Bootstrapping-Feature ]

                      [ Destination-Host ]
                      ...
                    * [ AVP ]

                       Figure 5: AA Request Command


4.6  AA-Answer (AAA)

   The AA-Answer (AAA) message, indicated by the Command-Code field set
   to 265 and 'R' bit cleared in the Command Flags field is sent in
   response to the AA-Request (AAR) message for confirmation of the
   result of MIPv6 HA bootstrapping.  If the mobility service is
   successfully authorized and the Diameter server was able to fulfill
   the bootstrapping request (if needed) then the response SHOULD
   include the MIP6-Home-Agent-Address AVP, MIP6-Home-Agent-FQDN and
   MIP4-Home-Agent-address AVPs.

   The message format is the same as defined in [RFC4005] with an
   addition of MIPv6 Bootstrapping Integrated application AVPs.  The
   figure below shows the DEA message used with the MIPv6 Bootstrapping
   Integrated application:



















Korhonen, et al.        Expires December 21, 2006              [Page 11]


Internet-Draft     Diameter MIPv6 Integrated Scenario          June 2006


     <AA-Answer> ::= < Diameter Header: 265, PXY >
                     < Session-Id >
                     { Auth-Application-Id }
                     { Auth-Request-Type }
                     { Result-Code }
                     { Origin-Host }
                     { Origin-Realm }

                     [ MIP6-Home-Agent-Address ]
                     [ MIP6-Home-Agent-FQDN ]
                     [ MIP4-Home-Agent-address ]

                     [ User-Name ]
                     ...
                   * [ AVP ]

                        Figure 6: AA Answer Command


4.7  New AVPs

4.7.1  MIP6-Home-Agent-Address AVP

   The MIP6-Home-Agent-Address AVP (AVP Code TBD) is of type OctetString
   and contains the Mobile IPv6 home agent address and the prefix length
   of the said address.  The AVP is a discriminated union, representing
   IPv6 address in network byte order.  The first two octets of this AVP
   represents the home link prefix length followed by 16 octets of the
   IPv6 address.

   The Diameter server MAY decide to assign a MIPv6 home agent to the MN
   that is in close proximity to the point of attachment (e.g.
   determined by the NAS-Identifier).  There may be other reasons for
   dynamically assigning home agents to the MN, for example to share the
   traffic load.  The AVP also contains the prefix length so that the MN
   can easily infer one of the possible Home Link prefixes from the home
   agent address.

4.7.2  MIP6-Home-Agent-FQDN AVP

   The MIP6-Home-Agent-FQDN AVP (AVP Code TBD) is of type UTF8String and
   contains the FQDN of a Mobile IPv6 home agent.

4.7.3  MIP4-Home-Agent-Address AVP

   The MIP4-Home-Agent-Address AVP (AVP Code TBD) is of type OctetString
   and contains the IPv4 home agent address and the prefix length of the
   said address.  The AVP is a discriminated union, representing IPv4



Korhonen, et al.        Expires December 21, 2006              [Page 12]


Internet-Draft     Diameter MIPv6 Integrated Scenario          June 2006


   address in network byte order.  The first two octets of this AVP
   represents the home link prefix length followed by 4 octets of the
   IPv4 address.

   The Diameter server MAY decide to assign a MIPv4 home agent to the MN
   in a case where dual stack Mobile IP is supported [I-D.ietf-mip6-
   nemo-v4traversal].

4.7.4  MIPv6-Bootstrapping-Feature AVP

   The MIPv6-Bootstrapping-Feature AVP (AVP Code TBD) is of type
   Unsigned32 and contains a 32 bits flags field of supported features
   by the NAS and the ASP.

   By using this payload the NAS indicates to the Diameter server
   certain capabilities and features.  For example, the NAS might want
   to indicate that local home agent assignment can be provided.

   Local-Home-Agent-Assignment         1
      This flag is set when the NAS knows that a local home agent
      located in the ASP can be provided for the MN.

   Dual-Stack-MIP-supported            2
      This flag is set when the NAS and the local access network
      supports dual stack Mobile IP as defined in [I-D.ietf-mip6-nemo-
      v4traversal] and bootstrapping functionality can also be provided
      for the Mobile IPv4 Home Address.
























Korhonen, et al.        Expires December 21, 2006              [Page 13]


Internet-Draft     Diameter MIPv6 Integrated Scenario          June 2006


5.  Diameter Client and Server Behavior During MIPv6 Bootstrapping

   This section describes the Diameter server and client behavior in
   case of the MIPv6 bootstrapping in the integrated scenario.  The text
   does several assumptions for brevity.

   o  The Diameter server is assumed to support at least the Diameter
      BASE, EAP and NAS applications.

   o  The Diameter client (i.e. the NAS) is assumed to support at least
      the Diameter BASE, EAP and NAS applications.

   o  The MN uses such network access authentication method and
      credentials that are supported by the NAS/ASP and ASA/MSA.

   o  The MN has been provisioned with Mobile IPv6 service.

   o  The capability exchange has already completed, thus the NAS and
      the Diameter server share the knowledge of mutually supported
      applications.  Cases where the ASA/MSA do not support MIPv6
      bootstrapping are not discussed.  In these cases the NAS has no
      other choice than to carry out the network access authentication
      as defined in the Diameter EAP or NAS applications.


5.1  Client (NAS) Behavior

   If the ASP/NAS does not support MIPv6 integrated scenario
   bootstrapping and/or the corresponding application then the NAS
   either selects the Diameter NAS or EAP application depending on which
   authentication method the MN has to use to authenticate itself.
   Naturally after a successful or a failed authentication the NAS does
   not have to do any MIPv6 bootstrapping related procedures.

   Next we describe two different scenarios for the network access
   authentication when the ASP/NAS supports MIPv6 integrated scenario
   bootstrapping and the corresponding application.

   1) The MN uses some EAP-based method (e.g. 802.11i/802.1X) to
      authenticate to the network.  In this scenario the NAS uses
      commands originally defined for the EAP application.  However, the
      Application IDs included in messages are set to the value of (TBD)
      indicating the MIP6BSTI application.  Depending on the ASP
      capabilities the NAS may include the MIPv6-Bootstrapping-Feature
      AVP in the first DER message.  This AVP indicates whether it is
      possible to allocate home agents locally and whether Mobile IPv4
      bootstrapping is also supported.




Korhonen, et al.        Expires December 21, 2006              [Page 14]


Internet-Draft     Diameter MIPv6 Integrated Scenario          June 2006


   2) The MN uses some other than EAP-based method to authenticate to
      the network.  In this scenario the NAS uses commands originally
      defined for the Diameter NAS application.  However, the
      Application IDs included in messages are set to the value of (TBD)
      indicating the MIP6BSTI application.  Depending on the ASP
      capabilities the NAS may include the MIPv6-Bootstrapping-Feature
      AVP in the first DER message.  This AVP indicates whether it is
      possible to allocate home agents locally and whether Mobile IPv4
      bootstrapping is also supported.

   If the network access authentication failed the NAS receives
   appropriate error codes as defined for the Diameter EAP or NAS
   applications.  The NAS does not allow the MN to access the network
   and does not do any MIPv6 bootstrapping related procedures.

   If the network access authentication completed successfully, the NAS
   looks for home agent defining AVPs in the reply messages (either DEA
   or AAA depending on the used authentication method).  The NAS
   associates the received bootstrapping information to the MN that
   initiated the access authentication and stores the information
   internally (storing time is determined by the ASP policy).  The
   stored bootstrapping information is then available for the NAS and
   the DHCP relay for later step during the MN bootstrapping process.

   The actual bootstrapping from the MN point of view takes place after
   the network access authentication has completed.  The bootstrapping
   may be realized e.g. using DHCP as defined in [I-D.ietf-mip6-
   bootstrapping-integrated-dhc] and [RFC2132].

   The MN has actually no consistent way of indicating to the NAS that
   it supports MIPv6 integrated scenario way of bootstrapping during the
   network access authentication.  Subsequently the NAS has no
   possibilities to find out whether the terminal attempting to
   authenticate is actually a MN with MIPv6 bootstrapping functionality
   prior the network access authentication has completed.  Thus it is
   possible that the NAS initiates MIPv6 integrated scenario
   bootstrapping configuration even if the MN is not able to make any
   use of it later.  The Diameter server in the ASA/MSA might be able to
   detect this situation during the authentication phase based on MN's
   identity -- assuming the ASA is able to verify from the MSA whether
   the MN has been provisioned with a MIPv6 service.

5.2  Server Behavior

   If the ASP/NAS does not support MIPv6 integrated scenario
   bootstrapping and/or the corresponding application then the NAS
   either selects the Diameter NAS or EAP application depending on which
   access authentication method the MN has to use to authenticate.  The



Korhonen, et al.        Expires December 21, 2006              [Page 15]


Internet-Draft     Diameter MIPv6 Integrated Scenario          June 2006


   Diameter server in the ASA/MSA is able to detect this case (based on
   used Application IDs) and does not have to do any MIPv6 bootstrapping
   related procedures.

   Next we describe two different scenarios for the network access
   authentication using the MIPv6 integrated scenario bootstrapping and
   the corresponding MIP6BSTI application.

   1) The MN uses some EAP-based method to authenticate to the network.
      In this scenario the NAS uses commands originally defined for the
      EAP application.  However, the Application IDs included in
      messages are set to the value of (TBD) indicating the MIP6BSTI
      application.  Depending on the ASA/MSA policy the Diameter server
      SHOULD assign a Mobile IPv6 home agent to the MN and include
      corresponding MIP6-Home-Agent-Address and the MIP6-Home-Agent-FQDN
      AVPs in the final DEA message.  If the DER message received from
      the NAS included MIPv6-Bootstrapping-Feature AVP with Dual-Stack-
      MIP-supported flag set, the Diameter server MAY assign the MN with
      a Mobile IPv4 home agent and include a corresponding MIP4-Home-
      Agent-Address AVP in the final DEA message.  If the MIPv6-
      Bootstrapping-Feature AVP has the Local-Home-Agent-Assignment flag
      set the Diameter server MAY attempt to assign a home agent located
      in the ASP network to the MN.

   2) The MN uses some other than EAP-based method to authenticate to
      the network.  In this scenario the NAS uses commands originally
      defined for the Diameter NAS application.  However, the
      Application IDs included in messages are set to the value of (TBD)
      indicating the MIP6BSTI application.  Depending on the ASA/MSA
      policy the Diameter server SHOULD assign the MN a Mobile IPv6 home
      agent and include corresponding MIP6-Home-Agent-Address and the
      MIP6-Home-Agent-FQDN AVPs in the final AAA message.  If the AAR
      message received from the NAS included MIPv6-Bootstrapping-Feature
      AVP with Dual-Stack-MIP-supported flag set, the Diameter server
      MAY assign the MN a Mobile IPv4 home agent and include a
      corresponding MIP4-Home-Agent-Address AVP in the final AAA
      message.  If the MIPv6-Bootstrapping-Feature AVP has the Local-
      Home-Agent-Assignment flag set the Diameter server MAY attempt to
      assign a home agent located in the ASP network to the MN.


5.3  Example Message Flows

   This section shows basic message flows of MIPv6 integrated scenario
   bootstrapping and dynamic home agent assignment.  In the Figure 7
   network access authentication is based on EAP (e.g. 802.11i/802.1X).
   The NAS informs home Diameter server that home agent assignment in
   the foreign network is possible.  The Diameter server assigns the MN



Korhonen, et al.        Expires December 21, 2006              [Page 16]


Internet-Draft     Diameter MIPv6 Integrated Scenario          June 2006


   a home agent either in the home MSP or in the ASP.  The assignment
   procedure is out of scope of this document.  The Diameter server then
   replies to the NAS with home agent related bootstrapping information.


   NAS                          Local proxy                  Home server
    |                                |                                |
    |  Diameter-EAP-Request          |                                |
    |  MIPv6-Bootstrapping-Feature=Local-Home-Agent-Assignment        |
    |  Auth-Request-Type=AUTHORIZE_AUTHENTICATE                       |
    |  EAP-Payload(EAP Start)        |                                |
    |------------------------------->|------------------------------->|
    |                                |                                |
    |                                :                                |
    :              ...more EAP Request/Response pairs...              :
    |                                :                                |
    |                                |                                |
    |                                |           Diameter-EAP-Answer  |
    |                          MIP6-Home-Agent-Address(IPv6 address)  |
    |                            MIP6-Home-Agent-FQDN=ha.example.com  |
    |                                |  Result-Code=DIAMETER_SUCCESS  |
    |                                |      EAP-Payload(EAP Success)  |
    |                                |        EAP-Master-Session-Key  |
    |                                |          (authorization AVPs)  |
    |                                |                          ...   |
    |<-------------------------------|<-------------------------------|
    |                                |                                |

   Figure 7: MIPv6 integrated scenario bootstrapping example when EAP is
                      used for access authentication





















Korhonen, et al.        Expires December 21, 2006              [Page 17]


Internet-Draft     Diameter MIPv6 Integrated Scenario          June 2006


6.  AVP Occurrence Tables

6.1  DER and DEA Commands AVP Table

   The following table lists the additional MIPv6 Bootstrapping
   Integrated application (MIP6BSTI) AVPs that may be present in the DER
   and DEA Commands, as defined in this document and in [RFC4072].



                                     +---------------+
                                     |  Command-Code |
                                     |-------+-------+
      Attribute Name                 |  DER  |  DEA  |
      -------------------------------+-------+-------+
      MIP6-Home-Agent-Address        |   0   |   1   |
      MIP6-Home-Agent-FQDN           |   0   |  0-1  |
      MIP4-Home-Agent-address        |   0   |  0-1  |
      MIPv6-Bootstrapping-Feature    |  0-1  |   0   |
                                     +-------+-------+


                 Figure 8: DER and DEA Commands AVP table


6.2  AAR and AAA Commands AVP Table

   The following table lists the additional MIPv6 Bootstrapping
   Integrated application (MIP6BSTI) AVPs that may be present in the AAR
   and AAA Commands, as defined in this document and in [RFC4005].



                                     +---------------+
                                     |  Command-Code |
                                     |-------+-------+
      Attribute Name                 |  AAR  |  AAA  |
      -------------------------------|-------+-------|
      MIP6-Home-Agent-Address        |   0   |   1   |
      MIP6-Home-Agent-FQDN           |   0   |  0-1  |
      MIP4-Home-Agent-address        |   0   |  0-1  |
      MIPv6-Bootstrapping-Feature    |  0-1  |   0   |
                                     +-------+-------+

                 Figure 9: AAR and AAA Commands AVP table






Korhonen, et al.        Expires December 21, 2006              [Page 18]


Internet-Draft     Diameter MIPv6 Integrated Scenario          June 2006


7.  MIPv6 Bootstrapping Integrated AVPs

   This section defines the AVPs that are specific to Diameter MIPv6
   Bootstrapping Integrated application and that MAY be included in the
   Diameter EAP [RFC4072] and the NAS [RFC4005] applications messages
   listed in Section 4 of this document.  The Diameter AVP rules are
   defined in the Diameter Base [RFC3588], Section 4.  These AVP rules
   are observed in AVPs defined in this section.

   The following table describes the Diameter AVPs defined in the
   MIP6BSTI application, their AVP Code values, types, possible flag
   values, and whether the AVP MAY be encrypted.  The Diameter base
   [RFC3588] specifies the AVP Flag rules for AVPs in section 4.5.

                                            +--------------------+
                                            |    AVP Flag rules  |
                                            +----+-----+----+----+----+
                     AVP  Section           |    |     |SHLD|MUST|    |
   Attribute Name    Code Defined Data Type |MUST| MAY | NOT|NOT |Encr|
   -----------------------------------------+----+-----+----+----+----+
   MIP6-Home-Agent-  TBD  x.y    OctetString| M  |  P  |    | V  | Y  |
       Address                              |    |     |    |    |    |
   MIP6-Home-Agent-  TBD  x.y    UTF8String | M  |  P  |    | V  | Y  |
       FQDN                                 |    |     |    |    |    |
   MIP4-Home-Agent-  TBD  x.y    OctetString| M  |  P  |    | V  | Y  |
       address                              |    |     |    |    |    |
   MIPv6-            TBD  x.y    Unsigned32 | M  |  P  |    | V  | Y  |
      Bootstrapping-Feature                 |    |     |    |    |    |
   -----------------------------------------+----+-----+----+----+----+

                      Figure 10: AVP flag rules table




















Korhonen, et al.        Expires December 21, 2006              [Page 19]


Internet-Draft     Diameter MIPv6 Integrated Scenario          June 2006


8.  IANA Considerations

   This document defines seven new Diameter AVPs, a new Diameter
   application and two new namespaces.

8.1  AVP Codes

   This specification defines the following new AVPs:

     MIP6-Home-Agent-Address          is set to TBD
     MIP6-Home-Agent-FQDN             is set to TBD
     MIP4-Home-Agent-address          is set to TBD
     MIPv6-Bootstrapping-Feature      is set to TBD


8.2  Application Identifier

   This specification defines new Diameter application called "MIPv6
   Bootstrapping Integrated application" i.e.  MIP6BSTI.  The
   Application Identifier code for this application is set to TBD.

8.3  Namespaces

   This specification defines a new namespace for the MIPv6-
   Bootstrapping-Feature AVP flag values:

     Local-Home-Agent-Assignment      is set to 1
     Dual-Stack-MIP-supported         is set to 2























Korhonen, et al.        Expires December 21, 2006              [Page 20]


Internet-Draft     Diameter MIPv6 Integrated Scenario          June 2006


9.  Security Considerations

   The security considerations for the Diameter interaction required to
   accomplish the integrated scenario are described in [I-D.ietf-mip6-
   bootstrapping-integrated-dhc] .  Additionally, the security
   considerations of the Diameter base protocol [RFC3588], Diameter NAS
   application [RFC4005] / Diameter EAP [RFC4072] application (with
   respect to network access authentication and the transport of keying
   material) are applicable to this document.










































Korhonen, et al.        Expires December 21, 2006              [Page 21]


Internet-Draft     Diameter MIPv6 Integrated Scenario          June 2006


10.  Acknowledgements

   This document is heavily based on the ongoing work for RADIUS MIPv6
   interaction.  Hence, credits go to Kuntal Chowdhury and Avi Lior for
   their work with draft-chowdhury-mip6-radius-00.txt.  Furthermore, the
   author would like to thank the authors of
   draft-le-aaa-diameter-mobileipv6-04.txt (Franck Le, Basavaraj Patil,
   Charles E. Perkins, Stefano Faccin) for their work in context of
   MIPv6 Diameter interworking.  Their work influenced this document.










































Korhonen, et al.        Expires December 21, 2006              [Page 22]


Internet-Draft     Diameter MIPv6 Integrated Scenario          June 2006


11.  References

11.1  Normative References

   [I-D.ietf-mip6-aaa-ha-goals]
              Giaretta, G., "Goals for AAA-HA interface",
              draft-ietf-mip6-aaa-ha-goals-01 (work in progress),
              January 2006.

   [I-D.ietf-mip6-bootstrap-ps]
              Giaretta, G. and A. Patel, "Problem Statement for
              bootstrapping Mobile IPv6",
              draft-ietf-mip6-bootstrap-ps-05 (work in progress),
              May 2006.

   [I-D.ietf-mip6-bootstrapping-integrated-dhc]
              Chowdhury, K. and A. Yegin, "MIP6-bootstrapping via DHCPv6
              for the Integrated Scenario",
              draft-ietf-mip6-bootstrapping-integrated-dhc-01 (work in
              progress), June 2006.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", March 1997.

   [RFC3588]  Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J.
              Arkko, "Diameter Base Protocol", RFC 3588, September 2003.

   [RFC3775]  Johnson, D., Perkins, C., and J. Arkko, "Mobility Support
              in IPv6", RFC 3775, June 2004.

11.2  Informative References

   [I-D.ietf-mip6-bootstrapping-split]
              Giaretta, G., "Mobile IPv6 bootstrapping in split
              scenario", draft-ietf-mip6-bootstrapping-split-02 (work in
              progress), March 2006.

   [I-D.ietf-mip6-nemo-v4traversal]
              Soliman, H., "Mobile IPv6 support for dual stack Hosts and
              Routers (DSMIPv6)", draft-ietf-mip6-nemo-v4traversal-01
              (work in progress), March 2006.

   [I-D.jang-mip6-hiopt]
              Jang, H., "DHCP Option for Home Information Discovery in
              MIPv6", draft-jang-mip6-hiopt-00 (work in progress),
              June 2006.

   [I-D.tschofenig-mip6-aaa-ha-diameter]



Korhonen, et al.        Expires December 21, 2006              [Page 23]


Internet-Draft     Diameter MIPv6 Integrated Scenario          June 2006


              Tschofenig, H., "Mobile IPv6 Bootstrapping using
              Diameter", draft-tschofenig-mip6-aaa-ha-diameter-01 (work
              in progress), October 2005.

   [RFC2132]  Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor
              Extensions", RFC 2132, March 1997.

   [RFC3753]  Manner, J. and M. Kojo, "Mobility Related Terminology",
              RFC 3753, June 2004.

   [RFC4005]  Calhoun, P., Zorn, G., Spence, D., and D. Mitton,
              "Diameter Network Access Server Application", RFC 4005,
              August 2005.

   [RFC4072]  Eronen, P., Hiller, T., and G. Zorn, "Diameter Extensible
              Authentication Protocol (EAP) Application", RFC 4072,
              August 2005.


Authors' Addresses

   Jouni Korhonen
   TeliaSonera
   Teollisuuskatu 13
   Sonera  FIN-00051
   Finland

   Email: jouni.korhonen@teliasonera.com


   Julien Bournelle
   GET/INT
   9 rue Charles Fourier
   Evry  91011
   France

   Email: julien.bournelle@int-evry.fr


   Hannes Tschofenig
   Siemens
   Otto-Hahn-Ring 6
   Munich, Bavaria  81739
   Germany

   Email: Hannes.Tschofenig@siemens.com
   URI:   http://www.tschofenig.com




Korhonen, et al.        Expires December 21, 2006              [Page 24]


Internet-Draft     Diameter MIPv6 Integrated Scenario          June 2006


   Charles E. Perkins
   Nokia

   Email: charliep@iprg.nokia.com















































Korhonen, et al.        Expires December 21, 2006              [Page 25]


Internet-Draft     Diameter MIPv6 Integrated Scenario          June 2006


Intellectual Property Statement

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at
   ietf-ipr@ietf.org.


Disclaimer of Validity

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.


Copyright Statement

   Copyright (C) The Internet Society (2006).  This document is subject
   to the rights, licenses and restrictions contained in BCP 78, and
   except as set forth therein, the authors retain all their rights.


Acknowledgment

   Funding for the RFC Editor function is currently provided by the
   Internet Society.




Korhonen, et al.        Expires December 21, 2006              [Page 26]


Html markup produced by rfcmarkup 1.129b, available from https://tools.ietf.org/tools/rfcmarkup/