draft-ietf-dime-mip6-integrated-00.txt   draft-ietf-dime-mip6-integrated-01.txt 
Diameter Maintenance and J. Korhonen Diameter Maintenance and J. Korhonen (ed.)
Extensions (DIME) TeliaSonera Extensions (DIME) TeliaSonera
Internet-Draft J. Bournelle Internet-Draft J. Bournelle
Expires: December 21, 2006 GET/INT Intended status: Informational GET/INT
H. Tschofenig Expires: December 3, 2006 H. Tschofenig
Siemens Siemens
C. Perkins C. Perkins
Nokia Nokia
June 19, 2006 K. Chowdhury
Starent Networks
Diameter MIPv6 Bootstrapping for the Integrated Scenario The NAS - HAAA Interface for MIPv6 Bootstrapping
draft-ietf-dime-mip6-integrated-00.txt draft-ietf-dime-mip6-integrated-01.txt
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 39 skipping to change at page 1, line 39
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on December 21, 2006. This Internet-Draft will expire on December 3, 2006.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2006). Copyright (C) The Internet Society (2006).
Abstract Abstract
A Mobile IPv6 node requires a home agent address, a home address, and A Mobile IPv6 node requires a home agent address, a home address, and
IPsec security association with its home agent before it can start IPsec security association with its home agent before it can start
utilizing Mobile IPv6 service. RFC 3775 requires that some or all of utilizing Mobile IPv6 service. RFC 3775 requires that some or all of
these parameters are statically configured. Ongoing Mobile IPv6 these parameters are statically configured. Ongoing Mobile IPv6
bootstrapping work aims to make this information dynamically bootstrapping work aims to make this information dynamically
available to the mobile node. An important aspect of the Mobile IPv6 available to the mobile node. An important aspect of the Mobile IPv6
bootstrapping solution is to support interworking with existing bootstrapping solution is to support interworking with existing
authentication, authorization and accounting infrastructure. This authentication, authorization and accounting infrastructure. This
document describes the usage of Diameter to facilitate Mobile IPv6 document describes the usage of Diameter to facilitate Mobile IPv6
bootstrapping for the integrated scenario. bootstrapping for the NAS - HAAA interface.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology and Abbreviations . . . . . . . . . . . . . . . . 4 2. Terminology and Abbreviations . . . . . . . . . . . . . . . . 3
3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
4. Commands, AVPs and Advertising Application Support . . . . . . 7 4. Commands, AVPs and Advertising Application Support . . . . . . 6
4.1 Advertising Application Support . . . . . . . . . . . . . 7 4.1. Advertising Application Support . . . . . . . . . . . . . 6
4.2 Command Codes . . . . . . . . . . . . . . . . . . . . . . 8 4.2. Command Codes . . . . . . . . . . . . . . . . . . . . . . 6
4.3 Diameter-EAP-Request (DER) . . . . . . . . . . . . . . . . 8 4.3. Diameter-EAP-Request (DER) . . . . . . . . . . . . . . . . 7
4.4 Diameter-EAP-Answer (DEA) . . . . . . . . . . . . . . . . 9 4.4. Diameter-EAP-Answer (DEA) . . . . . . . . . . . . . . . . 7
4.5 AA-Request (AAR) . . . . . . . . . . . . . . . . . . . . . 10 4.5. AA-Request (AAR) . . . . . . . . . . . . . . . . . . . . . 8
4.6 AA-Answer (AAA) . . . . . . . . . . . . . . . . . . . . . 11 4.6. AA-Answer (AAA) . . . . . . . . . . . . . . . . . . . . . 9
4.7 New AVPs . . . . . . . . . . . . . . . . . . . . . . . . . 12 4.7. New AVPs . . . . . . . . . . . . . . . . . . . . . . . . . 10
4.7.1 MIP6-Home-Agent-Address AVP . . . . . . . . . . . . . 12 4.7.1. MIP6-Home-Agent-Address AVP . . . . . . . . . . . . . 10
4.7.2 MIP6-Home-Agent-FQDN AVP . . . . . . . . . . . . . . . 12 4.7.2. MIP6-Home-Agent-FQDN AVP . . . . . . . . . . . . . . . 10
4.7.3 MIP4-Home-Agent-Address AVP . . . . . . . . . . . . . 12 4.7.3. MIP6-Home-Link-Prefix AVP . . . . . . . . . . . . . . 10
4.7.4 MIPv6-Bootstrapping-Feature AVP . . . . . . . . . . . 13 4.7.4. MIP4-Home-Agent-Address AVP . . . . . . . . . . . . . 11
4.8. Capability Advertisement . . . . . . . . . . . . . . . . . 11
5. Diameter Client and Server Behavior During MIPv6 5. Diameter Client and Server Behavior During MIPv6
Bootstrapping . . . . . . . . . . . . . . . . . . . . . . . . 14 Bootstrapping . . . . . . . . . . . . . . . . . . . . . . . . 11
5.1 Client (NAS) Behavior . . . . . . . . . . . . . . . . . . 14 5.1. Client (NAS) Behavior . . . . . . . . . . . . . . . . . . 12
5.2 Server Behavior . . . . . . . . . . . . . . . . . . . . . 15 5.2. Server Behavior . . . . . . . . . . . . . . . . . . . . . 13
5.3 Example Message Flows . . . . . . . . . . . . . . . . . . 16 5.3. Example Message Flows . . . . . . . . . . . . . . . . . . 14
6. AVP Occurrence Tables . . . . . . . . . . . . . . . . . . . . 18 6. AVP Occurrence Tables . . . . . . . . . . . . . . . . . . . . 15
6.1 DER and DEA Commands AVP Table . . . . . . . . . . . . . . 18 6.1. DER and DEA Commands AVP Table . . . . . . . . . . . . . . 15
6.2 AAR and AAA Commands AVP Table . . . . . . . . . . . . . . 18 6.2. AAR and AAA Commands AVP Table . . . . . . . . . . . . . . 16
7. MIPv6 Bootstrapping Integrated AVPs . . . . . . . . . . . . . 19 7. MIPv6 Bootstrapping NAS - HAAA Interface AVPs . . . . . . . . 16
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 17
8.1 AVP Codes . . . . . . . . . . . . . . . . . . . . . . . . 20 9. Security Considerations . . . . . . . . . . . . . . . . . . . 17
8.2 Application Identifier . . . . . . . . . . . . . . . . . . 20 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 17
8.3 Namespaces . . . . . . . . . . . . . . . . . . . . . . . . 20 11. Revision history . . . . . . . . . . . . . . . . . . . . . . . 18
9. Security Considerations . . . . . . . . . . . . . . . . . . . 21 12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 18
10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 22 12.1. Normative References . . . . . . . . . . . . . . . . . . . 18
11. References . . . . . . . . . . . . . . . . . . . . . . . . . 23 12.2. Informative References . . . . . . . . . . . . . . . . . . 19
11.1 Normative References . . . . . . . . . . . . . . . . . . . 23 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 19
11.2 Informative References . . . . . . . . . . . . . . . . . . 23 Intellectual Property and Copyright Statements . . . . . . . . . . 21
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 24
Intellectual Property and Copyright Statements . . . . . . . . 26
1. Introduction 1. Introduction
Mobile IPv6 specification [RFC3775] requires a Mobile Node (MN) to Mobile IPv6 specification [RFC3775] requires a Mobile Node (MN) to
perform registration with a home agent with information about its perform registration with a home agent with information about its
current point of attachment (Care-of Address). The home agent current point of attachment (Care-of Address). The home agent
creates and maintains binding between the MN's Home Address and the creates and maintains binding between the MN's Home Address and the
MN's Care-of Address. MN's Care-of Address.
In order to register with a home agent, the MN needs to know some In order to register with a home agent, the MN needs to know some
skipping to change at page 3, line 36 skipping to change at page 3, line 36
MNs with the respective addresses is large and the ability to react MNs with the respective addresses is large and the ability to react
on environmental changes is minimal. In these situations static on environmental changes is minimal. In these situations static
provisioning may not be desirable. provisioning may not be desirable.
Dynamic assignment of Mobile IPv6 home registration information is a Dynamic assignment of Mobile IPv6 home registration information is a
desirable feature for ease of deployment and network maintenance. desirable feature for ease of deployment and network maintenance.
For this purpose, the Diameter infrastructure, which is used for For this purpose, the Diameter infrastructure, which is used for
access authentication, can be leveraged to assign some or all of the access authentication, can be leveraged to assign some or all of the
necessary parameters. The Diameter server in Access Service necessary parameters. The Diameter server in Access Service
Provider's (ASP) or in Mobility Service Provider's (MSP) network may Provider's (ASP) or in Mobility Service Provider's (MSP) network may
return these parameters to the AAA client. The AAA client might return these parameters to the AAA client. Regarding the
either be the NAS, in case of the integrated scenario, or the home bootstrapping procedures, the AAA client might either be the NAS, in
agent, in case of the split scenario [I-D.ietf-mip6-bootstrapping- case of the integrated scenario, or the home agent, in case of the
split]. The terms integrated and split are described in the split scenario [I-D.ietf-mip6-bootstrapping-split]. The terms
terminology section and were introduced in integrated and split are described in the terminology section and
[I-D.ietf-mip6-bootstrap-ps] and [I-D.ietf-mip6-aaa-ha-goals]. were introduced in [RFC4640] and [I-D.ietf-mip6-aaa-ha-goals].
2. Terminology and Abbreviations 2. Terminology and Abbreviations
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC2119 [RFC2119]. document are to be interpreted as described in RFC2119 [RFC2119].
General mobility terminology can be found in [RFC3753]. The General mobility terminology can be found in [RFC3753]. The
following additional terms, as defined in following additional terms, as defined in [RFC4640], are used in this
[I-D.ietf-mip6-bootstrap-ps], are used in this document: document:
Access Service Authorizer (ASA): Access Service Authorizer (ASA):
A network operator that authenticates a mobile node and A network operator that authenticates a mobile node and
establishes the mobile node's authorization to receive Internet establishes the mobile node's authorization to receive Internet
service. service.
Access Service Provider (ASP): Access Service Provider (ASP):
A network operator that provides direct IP packet forwarding to A network operator that provides direct IP packet forwarding to
skipping to change at page 5, line 5 skipping to change at page 4, line 36
Split scenario: Split scenario:
A scenario where the mobility service and the network access A scenario where the mobility service and the network access
service are authorized by different entities. service are authorized by different entities.
Integrated Scenario: Integrated Scenario:
A scenario where the mobility service and the network access A scenario where the mobility service and the network access
service are authorized by the same entity. service are authorized by the same entity.
Network Access Server (NAS):
A device that provides an access service for a user to a network.
Home AAA (HAAA):
An authentication, authorization and accounting server located in
user's home network.
3. Overview 3. Overview
This document addresses the authentication, authorization and This document addresses the authentication, authorization and
accounting functionality required by for the MIPv6 bootstrapping as accounting functionality required by for the MIPv6 bootstrapping as
outlined in the MIPv6 bootstrapping problem statement document (see outlined in the MIPv6 bootstrapping problem statement document (see
[I-D.ietf-mip6-bootstrap-ps]). This document focuses on the AAA [RFC4640]). This document focuses on the AAA functionality for the
functionality for the integrated scenario. The AAA interaction for NAS - HAAA interface.
the split scenario is conceptually simpler and described in
[I-D.tschofenig-mip6-aaa-ha-diameter].
The subsequent text outlines the AAA interaction between the The subsequent text outlines the AAA interaction between the
participating entities in the integrated scenario. In the integrated participating entities in the integrated scenario. In the integrated
scenario MIPv6 bootstrapping is provided as part of the network scenario MIPv6 bootstrapping is provided as part of the network
access authentication procedure. Figure 1 shows the participating access authentication procedure. Figure 1 shows the participating
entities. This document, however, only concentrates on the NAS, entities. This document, however, only concentrates on the NAS,
possible local Diameter proxies and the home Diameter server. possible local Diameter proxies and the home Diameter server.
+---------------------------+ +-----------------+ +---------------------------+ +-----------------+
|Access Service Provider | |ASA/MSA/(MSP) | |Access Service Provider | |ASA/MSA/(MSP) |
skipping to change at page 5, line 50 skipping to change at page 5, line 40
+-------+ IEEE | +-----------+ +-------+ | +-----------------+ +-------+ IEEE | +-----------+ +-------+ | +-----------------+
|Mobile | 802.1X | |NAS/Relay | |DHCPv6 | | |Mobile | 802.1X | |NAS/Relay | |DHCPv6 | |
|Node |----------+-|Diameter |---|Server | | |Node |----------+-|Diameter |---|Server | |
| | PANA,... | |Client | | | | | | PANA,... | |Client | | | |
+-------+ DHCP | +-----------+ +-------+ | +-------+ DHCP | +-----------+ +-------+ |
+---------------------------+ +---------------------------+
Figure 1: Mobile IPv6 Bootstrapping in the Integrated Scenario Figure 1: Mobile IPv6 Bootstrapping in the Integrated Scenario
In a typical Mobile IPv6 access scenario, as shown above, the MN is In a typical Mobile IPv6 access scenario, as shown above, the MN is
attached to an Access Service Provider's network. During the network attached to an ASP's network. During the network attachment
attachment procedure, the NAS/Diameter client interacts with the procedure, the NAS/Diameter client interacts with the mobile node.
mobile node. As shown in Figure 1, the authentication and As shown in Figure 1, the authentication and authorization happens
authorization happens via the Diameter infrastructure. via the Diameter infrastructure.
At the time of authorizing the user for the IPv6 access, the Diameter At the time of authentication the user for the network access, the
server in the MSA detects that the user is authorized for Mobile IPv6 Diameter server in the MSA detects that the user is also authorized
access. Based on the MSA's policy, the Diameter server may allocate for Mobile IPv6 access. Based on the MSA's policy, the Diameter
several parameters to the MN for use during the subsequent Mobile server may allocate several parameters to the MN for use during the
IPv6 protocol interaction with the home agent. subsequent Mobile IPv6 protocol interaction with the home agent.
Depending on the details of the solution interaction with the DHCPv6 Depending on the details of the solution interaction with the DHCPv6
server may be required, as described in [I-D.ietf-mip6-bootstrapping- server may be required, as described in
integrated-dhc]. However, the solution described in this document is [I-D.ietf-mip6-bootstrapping-integrated-dhc]. However, the solution
not dependant on the DHCPv6 as the only possible MIPv6 bootstrapping described in this document is not dependant on the DHCPv6 as the only
method. possible MIPv6 bootstrapping method.
4. Commands, AVPs and Advertising Application Support 4. Commands, AVPs and Advertising Application Support
This section describes command codes, defines AVPs and advertised This section describes command codes, defines AVPs and advertised
application identifiers for the Diameter MIPv6 bootstrapping in the application identifiers for the Diameter MIPv6 bootstrapping in the
integrated scenario. NAS - HAAA interface.
4.1 Advertising Application Support 4.1. Advertising Application Support
Diameter nodes conforming to this specification SHOULD include the Diameter nodes conforming to this specification SHOULD include the
value of (TBD) in the Auth-Application-Id or the Acct-Application-Id value of 1 (NASREQ application) or 5 (EAP application) in the Auth-
AVP of the Capabilities-Exchange-Request and Capabilities-Exchange- Application-Id or the Acct-Application-Id AVP of the Capabilities-
Answer commands [RFC3588]. This application is referred as the Exchange-Request and Capabilities-Exchange-Answer commands [RFC3588].
Diameter MIPv6 Bootstrapping Integrated scenario -- MIP6BSTI. From
the advertised Application ID the home Diameter server is able to
detect whether the Access Service Provider (and its NAS) supports
MIPv6 bootstrapping and MIPv6. If the NAS also supports the EAP
application and/or the Diameter NAS Application application
corresponding Application IDs should be advertised during the
capability exchange.
If the NAS receives a response with the Result-Code set to
DIAMETER_APPLICATION_UNSUPPORTED [RFC3588], it indicates that the
Diameter server in the ASA/MSA does not support MIPv6 Bootstrapping
Integrated application. In this case the NAS MAY attempt to fallback
to basic network access authentication without MIPv6 bootstrapping.
Whenever the mobile node authenticates using some EAP-based method
then the NAS SHOULD use the Diameter MIPv6 Bootstrapping Integrated
Application ID value of TBD in the Auth-Application-Id AVP in the
Diameter-EAP-Request command [RFC4072] and subsequently the answering
Diameter server in the Diameter-EAP-Answer command [RFC4072]. This
implies that the NAS and the Diameter server MUST support MIPv6
Bootstrapping Integrated application. If either end lacks the
required support, the NAS and subsequently also the Diameter server
falls back to the EAP application [RFC4072].
If the mobile node does not use EAP-based network access
authentication then the NAS SHOULD use the Diameter MIPv6
Bootstrapping Integrated Application ID value of TBD in the Auth-
Application-Id AVP in the AA-Request command [RFC4005] and
subsequently the answering Diameter server in the AA-Answer command
[RFC4005]. This implies that the NAS and the Diameter server MUST
support MIPv6 bootstrapping integrated application. If either end
lacks the required support, the NAS and subsequently also the
Diameter server falls back to the Diameter NAS application [RFC4005].
The value of zero (0) SHOULD be used as the Application-Id in all The value of zero (0) SHOULD be used as the Application-Id in all
STR/STA, ACR/ACA, ASR/ASA, and RAR/RAA commands, because these STR/STA, ACR/ACA, ASR/ASA, and RAR/RAA commands, because these
commands are defined in the Diameter base protocol and no additional commands are defined in the Diameter base protocol and no additional
mandatory AVPs for those commands are defined in this document. mandatory AVPs for those commands are defined in this document.
4.2 Command Codes 4.2. Command Codes
This document re-uses the Diameter Base protocol [RFC3588], Diameter This document re-uses the Diameter Base protocol [RFC3588], Diameter
NAS Application [RFC4072] and EAP commands . The following commands NASREQ application [RFC4072] and EAP commands . The following
are used to carry MIPv6 related bootstrapping AVPs: commands are used to carry MIPv6 related bootstrapping AVPs:
Command-Name Abbrev. Code Reference Application Command-Name Abbrev. Code Reference Application
Diameter-EAP-Request DER 268 RFC 4072 MIP6BSTI Diameter-EAP-Request DER 268 RFC 4072 EAP
Diameter-EAP-Answer DEA 268 RFC 4072 MIP6BSTI Diameter-EAP-Answer DEA 268 RFC 4072 EAP
AA-Request AAR 265 RFC 4005 MIP6BSTI AA-Request AAR 265 RFC 4005 NASREQ
AA-Answer AAA 265 RFC 4005 MIP6BSTI AA-Answer AAA 265 RFC 4005 NASREQ
Figure 2: MIPv6 Bootstrapping Integrated Application Command Codes Figure 2: MIPv6 Bootstrapping NAS - HAAA Interface Command Codes
When the Re-Auth-Request (RAR), Re-Auth-Answer (RAA), Session- When the Re-Auth-Request (RAR), Re-Auth-Answer (RAA), Session-
Termination-Request (STR), Session-Termination-Answer (STA), Abort- Termination-Request (STR), Session-Termination-Answer (STA), Abort-
Session-Request (ASR), Abort-Session-Answer (ASA), Accounting-Request Session-Request (ASR), Abort-Session-Answer (ASA), Accounting-Request
(ACR), and Accounting-Answer (ACA) commands are used together with (ACR), and Accounting-Answer (ACA) commands are used together with
the Diameter MIPv6 Bootstrapping Integrated application, they follow the Diameter MIPv6 bootstrapping NAS - HAAA interface, they follow
the rules in the Diameter NAS [RFC4005], EAP [RFC4072] and BASE the rules in the Diameter NASREQ [RFC4005], EAP [RFC4072] and BASE
[RFC3588] applications. The accounting commands use Application [RFC3588] applications. The accounting commands use Application
Identifier value of 3 (Diameter Base Accounting); the others use 0 Identifier value of 3 (Diameter Base Accounting); the others use 0
(Diameter Common Messages). (Diameter Common Messages).
4.3 Diameter-EAP-Request (DER) 4.3. Diameter-EAP-Request (DER)
The Diameter-EAP-Request (DER) command [RFC4072], indicated by the The Diameter-EAP-Request (DER) command [RFC4072], indicated by the
Command-Code field set to 268 and the 'R' bit set in the Command Command-Code field set to 268 and the 'R' bit set in the Command
Flags field, may be sent by the NAS to the Diameter server providing Flags field, may be sent by the NAS to the Diameter server providing
network access authentication and authorization services. At the network access authentication and authorization services. At the
same time with the network access authentication and authorization same time with the network access authentication and authorization
the NAS MAY request home agent assignment, to authorize for mobility the NAS MAY indicate the access network capability of MIPv6
service usage and optionally to indicate the support of possible bootstrapping and optionally also the capability of a local home
local home agent assignment. The NAS indicates the support for MIPv6 agent assignment.
Bootstrapping Integrated application by setting the
Auth-Application-Id to value of TBD. The DER command MAY also carry
the DNS Update Mobility Option and the MIPv6 Bootstrapping Feature
attribute.
The message format is the same as defined in [RFC4072] with an The message format is the same as defined in [RFC4072] with an
addition of MIPv6 Bootstrapping Integrated application AVPs. The addition of possible MIPv6 bootstrapping NAS - HAAA interface AVPs to
figure below shows the DER message used with the MIPv6 Bootstrapping indicate capabilities of the NAS and ASP:
Integrated application:
<Diameter-EAP-Request> ::= < Diameter Header: 268, REQ, PXY > <Diameter-EAP-Request> ::= < Diameter Header: 268, REQ, PXY >
< Session-Id > < Session-Id >
{ Auth-Application-Id } { Auth-Application-Id }
{ Origin-Host } { Origin-Host }
{ Origin-Realm } { Origin-Realm }
{ Destination-Realm } { Destination-Realm }
{ Auth-Request-Type } { Auth-Request-Type }
[ MIPv6-Bootstrapping-Feature ] [ MIP6-Home-Agent-Address ]
[ MIP6-Home-Agent-FQDN ]
[ MIP6-Home-Link-Prefix ]
[ MIP4-Home-Agent-Address ]
[ Destination-Host ] [ Destination-Host ]
... ...
* [ AVP ] * [ AVP ]
Figure 3: Diameter EAP Request Command Figure 3: Diameter EAP Request Command
4.4 Diameter-EAP-Answer (DEA) 4.4. Diameter-EAP-Answer (DEA)
The Diameter-EAP-Answer (DEA) message define in [RFC4072], indicated The Diameter-EAP-Answer (DEA) message define in [RFC4072], indicated
by the Command- Code field set to 268 and 'R' bit cleared in the by the Command- Code field set to 268 and 'R' bit cleared in the
Command Flags field is sent in response to the Diameter-EAP-Request Command Flags field is sent in response to the Diameter-EAP-Request
message (DER). If the mobility service is successfully authorized message (DER). If the network access was successfully authenticated
and the Diameter server was able to fulfill the bootstrapping request then the response SHOULD include the MIP6-Home-Agent-Address AVP,
(if needed) then the response SHOULD include the MIP6-Home-Agent- MIP6-Home-Link-Prefix, MIP6-Home-Agent-FQDN and MIP4-Home-Agent-
Address AVP, MIP6-Home-Agent-FQDN and MIP4-Home-Agent-address AVPs. address AVPs.
The message format is the same as defined in [RFC4072] with an The message format is the same as defined in [RFC4072] with an
addition of MIPv6 Bootstrapping Integrated application AVPs. The addition of MIPv6 bootstrapping NAS - HAAA interface AVPs:
figure below shows the DEA message used with the MIPv6 Bootstrapping
Integrated application:
<Diameter-EAP-Answer> ::= < Diameter Header: 268, PXY > <Diameter-EAP-Answer> ::= < Diameter Header: 268, PXY >
< Session-Id > < Session-Id >
{ Auth-Application-Id } { Auth-Application-Id }
{ Auth-Request-Type } { Auth-Request-Type }
{ Result-Code } { Result-Code }
{ Origin-Host } { Origin-Host }
{ Origin-Realm } { Origin-Realm }
[ MIP6-Home-Agent-Address ] [ MIP6-Home-Agent-Address ]
[ MIP6-Home-Agent-FQDN ] [ MIP6-Home-Agent-FQDN ]
[ MIP4-Home-Agent-address ] [ MIP6-Home-Link-Prefix ]
[ MIP4-Home-Agent-Address ]
[ User-Name ] [ User-Name ]
... ...
* [ AVP ] * [ AVP ]
Figure 4: Diameter EAP Answer Command Figure 4: Diameter EAP Answer Command
4.5 AA-Request (AAR) 4.5. AA-Request (AAR)
The AA-Request (AAR) message, indicated by the Command-Code field set The AA-Request (AAR) message, indicated by the Command-Code field set
to 265 and 'R' bit set in the Command Flags field, may be sent by to 265 and 'R' bit set in the Command Flags field, may be sent by the
the NAS to the Diameter server providing network access configuration NAS to the Diameter server providing network access configuration
services. At the same time with the network access configuration the services. At the same time with the network access configuration the
NAS MAY request home agent assignment, to authorize for mobility NAS MAY request home agent assignment, to authorize for mobility
service usage and optionally to indicate the support of possible service usage and optionally to indicate the support of possible
local home agent assignment. The NAS indicates the support for MIPv6 local home agent assignment.
Bootstrapping Integrated application by setting the
Auth-Application-Id to value of (TBD). The AAR command MAY also
carry the DNS Update Mobility Option and the MIPv6 Bootstrapping
Feature attribute.
The message format is the same as defined in [RFC4005] with an The message format is the same as defined in [RFC4005] with an
addition of MIPv6 Bootstrapping Integrated application AVPs. The addition of MIPv6 bootstrapping NAS - HAAA interface AVPs:
figure below shows the AAR message used with the MIPv6 Bootstrapping
Integrated application:
<AA-Request> ::= < Diameter Header: 265, REQ, PXY > <AA-Request> ::= < Diameter Header: 265, REQ, PXY >
< Session-Id > < Session-Id >
{ Auth-Application-Id } { Auth-Application-Id }
{ Origin-Host } { Origin-Host }
{ Origin-Realm } { Origin-Realm }
{ Destination-Realm } { Destination-Realm }
{ Auth-Request-Type } { Auth-Request-Type }
[ MIPv6-Bootstrapping-Feature ] [ MIP6-Home-Agent-Address ]
[ MIP6-Home-Agent-FQDN ]
[ MIP6-Home-Link-Prefix ]
[ MIP4-Home-Agent-Address ]
[ Destination-Host ] [ Destination-Host ]
... ...
* [ AVP ] * [ AVP ]
Figure 5: AA Request Command Figure 5: AA Request Command
4.6 AA-Answer (AAA) 4.6. AA-Answer (AAA)
The AA-Answer (AAA) message, indicated by the Command-Code field set The AA-Answer (AAA) message, indicated by the Command-Code field set
to 265 and 'R' bit cleared in the Command Flags field is sent in to 265 and 'R' bit cleared in the Command Flags field is sent in
response to the AA-Request (AAR) message for confirmation of the response to the AA-Request (AAR) message for confirmation of the
result of MIPv6 HA bootstrapping. If the mobility service is result of MIPv6 HA bootstrapping. If the network access was
successfully authorized and the Diameter server was able to fulfill successfully authenticated then the response SHOULD include the MIP6-
the bootstrapping request (if needed) then the response SHOULD Home-Agent-Address AVP, MIP6-Home-Link-Prefix, MIP6-Home-Agent-FQDN
include the MIP6-Home-Agent-Address AVP, MIP6-Home-Agent-FQDN and and MIP4-Home-Agent-address AVPs.
MIP4-Home-Agent-address AVPs.
The message format is the same as defined in [RFC4005] with an The message format is the same as defined in [RFC4005] with an
addition of MIPv6 Bootstrapping Integrated application AVPs. The addition of MIPv6 bootstrapping NAS - HAAA interface AVPs:
figure below shows the DEA message used with the MIPv6 Bootstrapping
Integrated application:
<AA-Answer> ::= < Diameter Header: 265, PXY > <AA-Answer> ::= < Diameter Header: 265, PXY >
< Session-Id > < Session-Id >
{ Auth-Application-Id } { Auth-Application-Id }
{ Auth-Request-Type } { Auth-Request-Type }
{ Result-Code } { Result-Code }
{ Origin-Host } { Origin-Host }
{ Origin-Realm } { Origin-Realm }
[ MIP6-Home-Agent-Address ] [ MIP6-Home-Agent-Address ]
[ MIP6-Home-Agent-FQDN ] [ MIP6-Home-Agent-FQDN ]
[ MIP6-Home-Link-Prefix]
[ MIP4-Home-Agent-address ] [ MIP4-Home-Agent-address ]
[ User-Name ] [ User-Name ]
... ...
* [ AVP ] * [ AVP ]
Figure 6: AA Answer Command Figure 6: AA Answer Command
4.7 New AVPs 4.7. New AVPs
4.7.1 MIP6-Home-Agent-Address AVP 4.7.1. MIP6-Home-Agent-Address AVP
The MIP6-Home-Agent-Address AVP (AVP Code TBD) is of type OctetString The MIP6-Home-Agent-Address AVP (AVP Code TBD) is of type OctetString
and contains the Mobile IPv6 home agent address and the prefix length and contains the Mobile IPv6 home agent address and the prefix length
of the said address. The AVP is a discriminated union, representing of the said address. The AVP is a discriminated union, representing
IPv6 address in network byte order. The first two octets of this AVP IPv6 address in network byte order. The first two octets of this AVP
represents the home link prefix length followed by 16 octets of the represents the home link prefix length followed by 16 octets of the
IPv6 address. IPv6 address.
The Diameter server MAY decide to assign a MIPv6 home agent to the MN The Diameter server MAY decide to assign a MIPv6 home agent to the MN
that is in close proximity to the point of attachment (e.g. that is in close proximity to the point of attachment (e.g.
determined by the NAS-Identifier). There may be other reasons for determined by the NAS-Identifier). There may be other reasons for
dynamically assigning home agents to the MN, for example to share the dynamically assigning home agents to the MN, for example to share the
traffic load. The AVP also contains the prefix length so that the MN traffic load. The AVP also contains the prefix length so that the MN
can easily infer one of the possible Home Link prefixes from the home can easily infer one of the possible Home Link prefixes from the home
agent address. agent address.
4.7.2 MIP6-Home-Agent-FQDN AVP 4.7.2. MIP6-Home-Agent-FQDN AVP
The MIP6-Home-Agent-FQDN AVP (AVP Code TBD) is of type UTF8String and The MIP6-Home-Agent-FQDN AVP (AVP Code TBD) is of type UTF8String and
contains the FQDN of a Mobile IPv6 home agent. contains the FQDN of a Mobile IPv6 home agent.
4.7.3 MIP4-Home-Agent-Address AVP 4.7.3. MIP6-Home-Link-Prefix AVP
The MIP6-Home-Link-Prefix AVP (AVP Code TBD) is of type OctetString
and contains the Mobile IPv6 home link prefix. There may be reasons
for the Diameter server to dynamically assigning home link prefix to
the MN, for example one that is in close proximity to the point of
attachment.
4.7.4. MIP4-Home-Agent-Address AVP
The MIP4-Home-Agent-Address AVP (AVP Code TBD) is of type OctetString The MIP4-Home-Agent-Address AVP (AVP Code TBD) is of type OctetString
and contains the IPv4 home agent address and the prefix length of the and contains the IPv4 home agent address and the prefix length of the
said address. The AVP is a discriminated union, representing IPv4 said address. The AVP is a discriminated union, representing IPv4
address in network byte order. The first two octets of this AVP address in network byte order. The first two octets of this AVP
represents the home link prefix length followed by 4 octets of the represents the home link prefix length followed by 4 octets of the
IPv4 address. IPv4 address.
The Diameter server MAY decide to assign a MIPv4 home agent to the MN The Diameter server MAY decide to assign a MIPv4 home agent to the MN
in a case where dual stack Mobile IP is supported [I-D.ietf-mip6- in a case where dual stack Mobile IP is supported
nemo-v4traversal]. [I-D.ietf-mip6-nemo-v4traversal].
4.7.4 MIPv6-Bootstrapping-Feature AVP
The MIPv6-Bootstrapping-Feature AVP (AVP Code TBD) is of type
Unsigned32 and contains a 32 bits flags field of supported features
by the NAS and the ASP.
By using this payload the NAS indicates to the Diameter server 4.8. Capability Advertisement
certain capabilities and features. For example, the NAS might want
to indicate that local home agent assignment can be provided.
Local-Home-Agent-Assignment 1 The NAS/ASP may include any MIPv6 bootstrapping AVPs in the Diameter
This flag is set when the NAS knows that a local home agent EAP or NASREQ application request messages to advertise its MIPv6
located in the ASP can be provided for the MN. bootstrapping capabilities to the Diameter server. The use of
capability advertisement is optional.
Dual-Stack-MIP-supported 2 The capability advertisement may also be used as an explicit hint to
This flag is set when the NAS and the local access network the Diameter server about locally allocated mobility agents or home
supports dual stack Mobile IP as defined in [I-D.ietf-mip6-nemo- links. In this case e.g. the MIP6-Home-Agent-Address AVP would
v4traversal] and bootstrapping functionality can also be provided contain the IP address of the locally allocated home agent. If the
for the Mobile IPv4 Home Address. NAS/ASP does not have any specific home agent to offer during the
access authentication time the IP address in the respective
bootstrapping AVPs MUST be set to unspecified address (::/128). The
MIP6-Home-Agent-FQDN SHOULD NOT be used for the capability
advertisement if it does not already name a locally allocated Home
Agent.
5. Diameter Client and Server Behavior During MIPv6 Bootstrapping 5. Diameter Client and Server Behavior During MIPv6 Bootstrapping
This section describes the Diameter server and client behavior in This section describes the Diameter server and client behavior in
case of the MIPv6 bootstrapping in the integrated scenario. The text case of the MIPv6 bootstrapping in the integrated scenario. The text
does several assumptions for brevity. does several assumptions for brevity.
o The Diameter server is assumed to support at least the Diameter o The Diameter server is assumed to support at least the Diameter
BASE, EAP and NAS applications. BASE, EAP and NASREQ applications.
o The Diameter client (i.e. the NAS) is assumed to support at least o The Diameter client (i.e. the NAS) is assumed to support at least
the Diameter BASE, EAP and NAS applications. the Diameter BASE, EAP and NASREQ applications.
o The MN uses such network access authentication method and o The MN uses such network access authentication method and
credentials that are supported by the NAS/ASP and ASA/MSA. credentials that are supported by the NAS/ASP and ASA/MSA.
o The MN has been provisioned with a Mobile IPv6 service.
o The MN has been provisioned with Mobile IPv6 service.
o The capability exchange has already completed, thus the NAS and o The capability exchange has already completed, thus the NAS and
the Diameter server share the knowledge of mutually supported the Diameter server share the knowledge of mutually supported
applications. Cases where the ASA/MSA do not support MIPv6 applications. Cases where the ASA/MSA do not support MIPv6
bootstrapping are not discussed. In these cases the NAS has no bootstrapping are not discussed. In these cases the NAS has no
other choice than to carry out the network access authentication other choice than to carry out the network access authentication
as defined in the Diameter EAP or NAS applications. as defined in the Diameter EAP or NASREQ applications.
5.1 Client (NAS) Behavior 5.1. Client (NAS) Behavior
If the ASP/NAS does not support MIPv6 integrated scenario If the ASP/NAS does not support MIPv6 integrated scenario
bootstrapping and/or the corresponding application then the NAS bootstrapping then the NAS either selects the basic Diameter NASREQ
either selects the Diameter NAS or EAP application depending on which or EAP application depending on which authentication method gets
authentication method the MN has to use to authenticate itself. used. Naturally after a successful or a failed authentication the
Naturally after a successful or a failed authentication the NAS does NAS does not have to carry out any MIPv6 bootstrapping related
not have to do any MIPv6 bootstrapping related procedures. procedures.
Next we describe two different scenarios for the network access Next we describe two different scenarios for the network access
authentication when the ASP/NAS supports MIPv6 integrated scenario authentication when the ASP/NAS supports MIPv6 integrated scenario
bootstrapping and the corresponding application. bootstrapping.
1) The MN uses some EAP-based method (e.g. 802.11i/802.1X) to 1) The MN uses some EAP-based method (e.g. 802.11i/802.1X) to
authenticate to the network. In this scenario the NAS uses authenticate to the network. In this scenario the NAS uses
commands originally defined for the EAP application. However, the commands originally defined for the EAP application.
Application IDs included in messages are set to the value of (TBD)
indicating the MIP6BSTI application. Depending on the ASP
capabilities the NAS may include the MIPv6-Bootstrapping-Feature
AVP in the first DER message. This AVP indicates whether it is
possible to allocate home agents locally and whether Mobile IPv4
bootstrapping is also supported.
2) The MN uses some other than EAP-based method to authenticate to 2) The MN uses some other than EAP-based method to authenticate to
the network. In this scenario the NAS uses commands originally the network. In this scenario the NAS uses the Diameter NASREQ
defined for the Diameter NAS application. However, the application commands.
Application IDs included in messages are set to the value of (TBD)
indicating the MIP6BSTI application. Depending on the ASP The NAS may include the MIPv6 NAS - HAAA AVPs in the DER or in the
capabilities the NAS may include the MIPv6-Bootstrapping-Feature AAR messages. This serves two purposes. Firstly the NAS/ASP may
AVP in the first DER message. This AVP indicates whether it is advertise its MIPv6 bootstrapping capability to the Diameter server.
possible to allocate home agents locally and whether Mobile IPv4 Secondly the NAS/ASP may suggest locally allocated home agents to the
bootstrapping is also supported. Diameter server. Whether the locally allocated home agents are
allowed for the forthcoming MIPv6 session depends on the MN's
subscription and the ASA/MSA(/MSP) policies. If the NAS/ASP only
wants to advertise its capability for local agent allocation but does
not want to provide any specific agent at this point of time (e.g.
that is left for later steps during the actual Mobile IP
registration) the AVPs MUST contain values described in Section 4.8.
If the network access authentication failed the NAS receives If the network access authentication failed the NAS receives
appropriate error codes as defined for the Diameter EAP or NAS appropriate error codes as defined for the Diameter EAP or NASREQ
applications. The NAS does not allow the MN to access the network applications. The NAS does not allow the MN to access the network
and does not do any MIPv6 bootstrapping related procedures. and does not do any MIPv6 bootstrapping related procedures.
If the network access authentication completed successfully, the NAS If the network access authentication completed successfully, the NAS
looks for home agent defining AVPs in the reply messages (either DEA looks for home agent defining AVPs in the reply messages (either DEA
or AAA depending on the used authentication method). The NAS or AAA depending on the used authentication method). The NAS
associates the received bootstrapping information to the MN that associates the received bootstrapping information to the MN that
initiated the access authentication and stores the information initiated the access authentication and stores the information
internally (storing time is determined by the ASP policy). The internally (storing time is determined by the ASP policy). The
stored bootstrapping information is then available for the NAS and stored bootstrapping information is then available for the NAS and
the DHCP relay for later step during the MN bootstrapping process. the DHCP relay for later step during the MN bootstrapping process.
The actual bootstrapping from the MN point of view takes place after The actual bootstrapping from the MN point of view takes place after
the network access authentication has completed. The bootstrapping the network access authentication has completed. The bootstrapping
may be realized e.g. using DHCP as defined in [I-D.ietf-mip6- may be realized e.g. using DHCP as defined in
bootstrapping-integrated-dhc] and [RFC2132]. [I-D.ietf-mip6-bootstrapping-integrated-dhc] and [RFC2132].
The MN has actually no consistent way of indicating to the NAS that The MN has no consistent way of indicating to the NAS that it
it supports MIPv6 integrated scenario way of bootstrapping during the supports MIPv6 integrated scenario way of bootstrapping during the
network access authentication. Subsequently the NAS has no network access authentication. Subsequently the NAS has no
possibilities to find out whether the terminal attempting to possibilities to find out whether the terminal attempting to
authenticate is actually a MN with MIPv6 bootstrapping functionality authenticate is actually a MN with MIPv6 bootstrapping functionality
prior the network access authentication has completed. Thus it is prior the network access authentication has completed. Thus it is
possible that the NAS initiates MIPv6 integrated scenario possible that the NAS initiates MIPv6 integrated scenario
bootstrapping configuration even if the MN is not able to make any bootstrapping configuration even if the MN is not able to make any
use of it later. The Diameter server in the ASA/MSA might be able to use of it later. The Diameter server in the ASA/MSA might be able to
detect this situation during the authentication phase based on MN's detect this situation during the authentication phase based on MN's
identity -- assuming the ASA is able to verify from the MSA whether identity -- assuming the ASA is able to verify from the MSA(/MSP)
the MN has been provisioned with a MIPv6 service. whether the MN has been provisioned with a MIPv6 service.
5.2 Server Behavior 5.2. Server Behavior
If the ASP/NAS does not support MIPv6 integrated scenario If the NAS/ASP does not support MIPv6 integrated scenario
bootstrapping and/or the corresponding application then the NAS bootstrapping then the NAS either selects the Diameter NASREQ or EAP
either selects the Diameter NAS or EAP application depending on which application depending on which access authentication method the MN
access authentication method the MN has to use to authenticate. The has to use to authenticate. In this case the NAS does not either
Diameter server in the ASA/MSA is able to detect this case (based on include any MIPv6 NAS - HAAA interface AVPs as a hint of the
used Application IDs) and does not have to do any MIPv6 bootstrapping bootstrapping capability in the NAS/ASP. The Diameter server in the
related procedures. ASA/MSA(/MSP) detects this case (based on AVPs that serve as a
capability hint) and does not have to carry out any MIPv6
bootstrapping related procedures. However, as the capability
advertisement mechanism described in this document serves only as an
optional hint, the Diameter server should not entirely rely on the
received capability hints but also base its working logic on
subscription information and general MSA(/MSP) policies.
Next we describe two different scenarios for the network access Next we describe two different scenarios for the network access
authentication using the MIPv6 integrated scenario bootstrapping and authentication when the NAS/ASP supports MIPv6 integrated scenario
the corresponding MIP6BSTI application. bootstrapping.
1) The MN uses some EAP-based method to authenticate to the network.
In this scenario the NAS uses commands originally defined for the
EAP application. However, the Application IDs included in
messages are set to the value of (TBD) indicating the MIP6BSTI
application. Depending on the ASA/MSA policy the Diameter server
SHOULD assign a Mobile IPv6 home agent to the MN and include
corresponding MIP6-Home-Agent-Address and the MIP6-Home-Agent-FQDN
AVPs in the final DEA message. If the DER message received from
the NAS included MIPv6-Bootstrapping-Feature AVP with Dual-Stack-
MIP-supported flag set, the Diameter server MAY assign the MN with
a Mobile IPv4 home agent and include a corresponding MIP4-Home-
Agent-Address AVP in the final DEA message. If the MIPv6-
Bootstrapping-Feature AVP has the Local-Home-Agent-Assignment flag
set the Diameter server MAY attempt to assign a home agent located
in the ASP network to the MN.
1) The MN uses some EAP-based method to authenticate to the network
and the NAS uses Diameter EAP application commands. Depending on
the ASA/MSA(/MSP) policy the Diameter server SHOULD assign a
Mobile IPv6 home agent to the MN and include corresponding MIP6-
Home-Agent-Address, the MIP6-Home-Agent-FQDN AVPs and the MIP6-
Home-Link-Prefix in the final DEA message.
2) The MN uses some other than EAP-based method to authenticate to 2) The MN uses some other than EAP-based method to authenticate to
the network. In this scenario the NAS uses commands originally the network and the NAS uses Diameter NASREQ application commands.
defined for the Diameter NAS application. However, the Depending on the ASA/MSA(/MSP) policy the Diameter server SHOULD
Application IDs included in messages are set to the value of (TBD) assign a Mobile IPv6 home agent to the MN and include
indicating the MIP6BSTI application. Depending on the ASA/MSA corresponding MIP6-Home-Agent-Address, the MIP6-Home-Agent-FQDN
policy the Diameter server SHOULD assign the MN a Mobile IPv6 home AVPs and the MIP6-Home-Link-Prefix in the final AAA message.
agent and include corresponding MIP6-Home-Agent-Address and the
MIP6-Home-Agent-FQDN AVPs in the final AAA message. If the AAR
message received from the NAS included MIPv6-Bootstrapping-Feature
AVP with Dual-Stack-MIP-supported flag set, the Diameter server
MAY assign the MN a Mobile IPv4 home agent and include a
corresponding MIP4-Home-Agent-Address AVP in the final AAA
message. If the MIPv6-Bootstrapping-Feature AVP has the Local-
Home-Agent-Assignment flag set the Diameter server MAY attempt to
assign a home agent located in the ASP network to the MN.
5.3 Example Message Flows If the Diameter request message contained any MIPv6 NAS -HAAA
interface AVPs the Diameter server should regard them as a hint of
the MIPv6 bootstrapping capability in the NAS/ASP. Any of these AVPs
may contain values as described in Section 4.8 which indicate the
NAS/ASP would like to locally allocate a home agent or a home link to
the MN. The Diameter server may or may not honor the NAS/ASP hint
based on the MN's subscription and ASA/MAS(/MSP) policies.
5.3. Example Message Flows
This section shows basic message flows of MIPv6 integrated scenario This section shows basic message flows of MIPv6 integrated scenario
bootstrapping and dynamic home agent assignment. In the Figure 7 bootstrapping and dynamic home agent assignment. In the Figure 7
network access authentication is based on EAP (e.g. 802.11i/802.1X). network access authentication is based on EAP (e.g. 802.11i/802.1X).
The NAS informs home Diameter server that home agent assignment in The NAS informs the home Diameter server that home agent assignment
the foreign network is possible. The Diameter server assigns the MN in the foreign network is possible. The Diameter server assigns the
a home agent either in the home MSP or in the ASP. The assignment MN a home agent either in the home MSP or in the ASP. The assignment
procedure is out of scope of this document. The Diameter server then procedure is out of scope of this document. The Diameter server then
replies to the NAS with home agent related bootstrapping information. replies to the NAS with home agent related bootstrapping information.
NAS Local proxy Home server NAS Local proxy Home server
| | | | | |
| Diameter-EAP-Request | | | Diameter-EAP-Request | |
| MIPv6-Bootstrapping-Feature=Local-Home-Agent-Assignment | | MIP6-Home-Agent-Address(IPv6 address) |
| MIP6-Home-Agent-FQDN=visited_ha6.example.com |
| MIP4-Home-Agent-Address(IPv4 address) |
| MIP6-Home-Link-Prefix=(IPv6 prefix) |
| Auth-Request-Type=AUTHORIZE_AUTHENTICATE | | Auth-Request-Type=AUTHORIZE_AUTHENTICATE |
| EAP-Payload(EAP Start) | | | EAP-Payload(EAP Start) | |
|------------------------------->|------------------------------->| |------------------------------->|------------------------------->|
| | | | | |
| : | | : |
: ...more EAP Request/Response pairs... : : ...more EAP Request/Response pairs... :
| : | | : |
| | | | | |
| | Diameter-EAP-Answer | | | Diameter-EAP-Answer |
| MIP6-Home-Agent-Address(IPv6 address) | | MIP6-Home-Agent-Address(IPv6 address) |
| MIP6-Home-Agent-FQDN=ha.example.com | | MIP6-Home-Agent-FQDN=ha.example.com |
| | Result-Code=DIAMETER_SUCCESS | | | Result-Code=DIAMETER_SUCCESS |
| | EAP-Payload(EAP Success) | | | EAP-Payload(EAP Success) |
| | EAP-Master-Session-Key | | | EAP-Master-Session-Key |
| | (authorization AVPs) | | | (authorization AVPs) |
| | ... | | | ... |
|<-------------------------------|<-------------------------------| |<-------------------------------|<-------------------------------|
| | | | | |
Figure 7: MIPv6 integrated scenario bootstrapping example when EAP is Figure 7: MIPv6 integrated scenario bootstrapping and NAS - HAAA
used for access authentication interface example when EAP is used for access authentication
6. AVP Occurrence Tables 6. AVP Occurrence Tables
6.1 DER and DEA Commands AVP Table 6.1. DER and DEA Commands AVP Table
The following table lists the additional MIPv6 Bootstrapping The following table lists the additional MIPv6 bootstrapping NAS -
Integrated application (MIP6BSTI) AVPs that may be present in the DER HAAA interface AVPs that optionally may be present in the DER and DEA
and DEA Commands, as defined in this document and in [RFC4072]. Commands, as defined in this document and in [RFC4072].
+---------------+ +---------------+
| Command-Code | | Command-Code |
|-------+-------+ |-------+-------+
Attribute Name | DER | DEA | Attribute Name | DER | DEA |
-------------------------------+-------+-------+ -------------------------------+-------+-------+
MIP6-Home-Agent-Address | 0 | 1 | MIP6-Home-Agent-Address | 0-1 | 0-1 |
MIP6-Home-Agent-FQDN | 0 | 0-1 | MIP6-Home-Agent-FQDN | 0-1 | 0-1 |
MIP4-Home-Agent-address | 0 | 0-1 | MIP4-Home-Agent-Address | 0-1 | 0-1 |
MIPv6-Bootstrapping-Feature | 0-1 | 0 | MIP6-Home-Link-Prefix | 0-1 | 0-1 |
+-------+-------+ +-------+-------+
Figure 8: DER and DEA Commands AVP table Figure 8: DER and DEA Commands AVP table
6.2 AAR and AAA Commands AVP Table 6.2. AAR and AAA Commands AVP Table
The following table lists the additional MIPv6 Bootstrapping The following table lists the additional MIPv6 bootstrapping NAS -
Integrated application (MIP6BSTI) AVPs that may be present in the AAR HAAA interface AVPs that may optionally be present in the AAR and AAA
and AAA Commands, as defined in this document and in [RFC4005]. Commands, as defined in this document and in [RFC4005].
+---------------+ +---------------+
| Command-Code | | Command-Code |
|-------+-------+ |-------+-------+
Attribute Name | AAR | AAA | Attribute Name | AAR | AAA |
-------------------------------|-------+-------| -------------------------------|-------+-------|
MIP6-Home-Agent-Address | 0 | 1 | MIP6-Home-Agent-Address | 0-1 | 0-1 |
MIP6-Home-Agent-FQDN | 0 | 0-1 | MIP6-Home-Agent-FQDN | 0-1 | 0-1 |
MIP4-Home-Agent-address | 0 | 0-1 | MIP4-Home-Agent-Address | 0-1 | 0-1 |
MIPv6-Bootstrapping-Feature | 0-1 | 0 | MIP6-Home-Link-Prefix | 0-1 | 0-1 |
+-------+-------+ +-------+-------+
Figure 9: AAR and AAA Commands AVP table Figure 9: AAR and AAA Commands AVP table
7. MIPv6 Bootstrapping Integrated AVPs 7. MIPv6 Bootstrapping NAS - HAAA Interface AVPs
This section defines the AVPs that are specific to Diameter MIPv6 This section defines the AVPs that are specific to Diameter MIPv6
Bootstrapping Integrated application and that MAY be included in the bootstrapping NAS - HAAA interface and MAY be included in the
Diameter EAP [RFC4072] and the NAS [RFC4005] applications messages Diameter EAP [RFC4072] and the NASREQ [RFC4005] applications messages
listed in Section 4 of this document. The Diameter AVP rules are listed in Section 4 of this document. The Diameter AVP rules are
defined in the Diameter Base [RFC3588], Section 4. These AVP rules defined in the Diameter Base [RFC3588], Section 4. These AVP rules
are observed in AVPs defined in this section. are observed in AVPs defined in this section.
The following table describes the Diameter AVPs defined in the The following table describes the Diameter AVPs, their AVP Code
MIP6BSTI application, their AVP Code values, types, possible flag values, types, possible flag values, and whether the AVP MAY be
values, and whether the AVP MAY be encrypted. The Diameter base encrypted. The Diameter base [RFC3588] specifies the AVP Flag rules
[RFC3588] specifies the AVP Flag rules for AVPs in section 4.5. for AVPs in section 4.5.
+--------------------+ +--------------------+
| AVP Flag rules | | AVP Flag rules |
+----+-----+----+----+----+ +----+-----+----+----+----+
AVP Section | | |SHLD|MUST| | AVP Section | | |SHLD|MUST| |
Attribute Name Code Defined Data Type |MUST| MAY | NOT|NOT |Encr| Attribute Name Code Defined Data Type |MUST| MAY | NOT|NOT |Encr|
-----------------------------------------+----+-----+----+----+----+ -----------------------------------------+----+-----+----+----+----+
MIP6-Home-Agent- TBD x.y OctetString| M | P | | V | Y | MIP6-Home-Agent- TBD 4.7.1 OctetString| M | P | | V | Y |
Address | | | | | | Address | | | | | |
MIP6-Home-Agent- TBD x.y UTF8String | M | P | | V | Y | MIP6-Home-Agent- TBD 4.7.2 UTF8String | M | P | | V | Y |
FQDN | | | | | | FQDN | | | | | |
MIP4-Home-Agent- TBD x.y OctetString| M | P | | V | Y | MIP4-Home-Agent- TBD 4.7.4 OctetString| M | P | | V | Y |
address | | | | | | address | | | | | |
MIPv6- TBD x.y Unsigned32 | M | P | | V | Y | MIP6-Home-Link- TBD 4.7.3 Unsigned32 | M | P | | V | Y |
Bootstrapping-Feature | | | | | | Prefix | | | | | |
-----------------------------------------+----+-----+----+----+----+ -----------------------------------------+----+-----+----+----+----+
Figure 10: AVP flag rules table Figure 10: AVP flag rules table
8. IANA Considerations 8. IANA Considerations
This document defines seven new Diameter AVPs, a new Diameter
application and two new namespaces.
8.1 AVP Codes
This specification defines the following new AVPs: This specification defines the following new AVPs:
MIP6-Home-Agent-Address is set to TBD MIP6-Home-Agent-Address is set to TBD
MIP6-Home-Agent-FQDN is set to TBD MIP6-Home-Agent-FQDN is set to TBD
MIP4-Home-Agent-address is set to TBD MIP4-Home-Agent-Address is set to TBD
MIPv6-Bootstrapping-Feature is set to TBD MIP6-Home-Link-Prefix is set to TBD
8.2 Application Identifier
This specification defines new Diameter application called "MIPv6
Bootstrapping Integrated application" i.e. MIP6BSTI. The
Application Identifier code for this application is set to TBD.
8.3 Namespaces
This specification defines a new namespace for the MIPv6-
Bootstrapping-Feature AVP flag values:
Local-Home-Agent-Assignment is set to 1
Dual-Stack-MIP-supported is set to 2
9. Security Considerations 9. Security Considerations
The security considerations for the Diameter interaction required to The security considerations for the Diameter interaction required to
accomplish the integrated scenario are described in [I-D.ietf-mip6- accomplish the integrated scenario are described in
bootstrapping-integrated-dhc] . Additionally, the security [I-D.ietf-mip6-bootstrapping-integrated-dhc] . Additionally, the
considerations of the Diameter base protocol [RFC3588], Diameter NAS security considerations of the Diameter base protocol [RFC3588],
application [RFC4005] / Diameter EAP [RFC4072] application (with Diameter NASREQ application [RFC4005] / Diameter EAP [RFC4072]
respect to network access authentication and the transport of keying application (with respect to network access authentication and the
material) are applicable to this document. transport of keying material) are applicable to this document.
10. Acknowledgements 10. Acknowledgements
This document is heavily based on the ongoing work for RADIUS MIPv6 This document is heavily based on the ongoing work for RADIUS MIPv6
interaction. Hence, credits go to Kuntal Chowdhury and Avi Lior for interaction. Hence, credits go to respective authors for their work
their work with draft-chowdhury-mip6-radius-00.txt. Furthermore, the with draft-ietf-mip6-radius-00.txt. Furthermore, the author would
author would like to thank the authors of like to thank the authors of draft-le-aaa-diameter-mobileipv6-04.txt
draft-le-aaa-diameter-mobileipv6-04.txt (Franck Le, Basavaraj Patil, (Franck Le, Basavaraj Patil, Charles E. Perkins, Stefano Faccin) for
Charles E. Perkins, Stefano Faccin) for their work in context of their work in context of MIPv6 Diameter interworking. Their work
MIPv6 Diameter interworking. Their work influenced this document. influenced this document.
11. References 11. Revision history
11.1 Normative References The following changes were made to the -01 version of the draft:
[I-D.ietf-mip6-aaa-ha-goals] o The document title was changed to "The NAS - HAAA Interface for
Giaretta, G., "Goals for AAA-HA interface", MIPv6 Bootstrapping".
draft-ietf-mip6-aaa-ha-goals-01 (work in progress), o Added HAAA and NAS to terminology section".
January 2006. o Changed NAS application to NASREQ application.".
o Changed "Integrated Scenario" to NAS-HAAA interface".
o The separate Diameter Application-ID for MIPv6 bootstrapping
(MIP6BSTI) got removed and all bootstrapping is based on Diameter
EAP application and Diameter NAS application.
o MIPv6-Bootstrapping-Feature AVP was removed and General text
regarding to the capability advertisement based on optional AVPs
was added.
o The capability exchange was modified so that the NAS may suggest a
specific HA to the AAAH. Original MIPv6-Bootstrapping-Feature AVP
was replaces with a possibility to include any bootstrapping AVP
to the Diameter AAR or DER messages as a capability and local
allocation hint.
[I-D.ietf-mip6-bootstrap-ps] 12. References
Giaretta, G. and A. Patel, "Problem Statement for
bootstrapping Mobile IPv6", 12.1. Normative References
draft-ietf-mip6-bootstrap-ps-05 (work in progress),
May 2006. [I-D.ietf-mip6-aaa-ha-goals]
Giaretta, G., "AAA Goals for Mobile IPv6",
draft-ietf-mip6-aaa-ha-goals-03 (work in progress),
September 2006.
[I-D.ietf-mip6-bootstrapping-integrated-dhc] [I-D.ietf-mip6-bootstrapping-integrated-dhc]
Chowdhury, K. and A. Yegin, "MIP6-bootstrapping via DHCPv6 Chowdhury, K. and A. Yegin, "MIP6-bootstrapping via DHCPv6
for the Integrated Scenario", for the Integrated Scenario",
draft-ietf-mip6-bootstrapping-integrated-dhc-01 (work in draft-ietf-mip6-bootstrapping-integrated-dhc-01 (work in
progress), June 2006. progress), June 2006.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", March 1997. Requirement Levels", March 1997.
[RFC3588] Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J. [RFC3588] Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J.
Arkko, "Diameter Base Protocol", RFC 3588, September 2003. Arkko, "Diameter Base Protocol", RFC 3588, September 2003.
[RFC3775] Johnson, D., Perkins, C., and J. Arkko, "Mobility Support [RFC3775] Johnson, D., Perkins, C., and J. Arkko, "Mobility Support
in IPv6", RFC 3775, June 2004. in IPv6", RFC 3775, June 2004.
11.2 Informative References [RFC4640] Patel, A. and G. Giaretta, "Problem Statement for
bootstrapping Mobile IPv6 (MIPv6)", RFC 4640,
September 2006.
12.2. Informative References
[I-D.ietf-mip6-bootstrapping-split] [I-D.ietf-mip6-bootstrapping-split]
Giaretta, G., "Mobile IPv6 bootstrapping in split Giaretta, G., "Mobile IPv6 bootstrapping in split
scenario", draft-ietf-mip6-bootstrapping-split-02 (work in scenario", draft-ietf-mip6-bootstrapping-split-03 (work in
progress), March 2006. progress), October 2006.
[I-D.ietf-mip6-nemo-v4traversal] [I-D.ietf-mip6-nemo-v4traversal]
Soliman, H., "Mobile IPv6 support for dual stack Hosts and Soliman, H., "Mobile IPv6 support for dual stack Hosts and
Routers (DSMIPv6)", draft-ietf-mip6-nemo-v4traversal-01 Routers (DSMIPv6)", draft-ietf-mip6-nemo-v4traversal-02
(work in progress), March 2006. (work in progress), June 2006.
[I-D.jang-mip6-hiopt]
Jang, H., "DHCP Option for Home Information Discovery in
MIPv6", draft-jang-mip6-hiopt-00 (work in progress),
June 2006.
[I-D.tschofenig-mip6-aaa-ha-diameter]
Tschofenig, H., "Mobile IPv6 Bootstrapping using
Diameter", draft-tschofenig-mip6-aaa-ha-diameter-01 (work
in progress), October 2005.
[RFC2132] Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor [RFC2132] Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor
Extensions", RFC 2132, March 1997. Extensions", RFC 2132, March 1997.
[RFC3753] Manner, J. and M. Kojo, "Mobility Related Terminology", [RFC3753] Manner, J. and M. Kojo, "Mobility Related Terminology",
RFC 3753, June 2004. RFC 3753, June 2004.
[RFC4005] Calhoun, P., Zorn, G., Spence, D., and D. Mitton, [RFC4005] Calhoun, P., Zorn, G., Spence, D., and D. Mitton,
"Diameter Network Access Server Application", RFC 4005, "Diameter Network Access Server Application", RFC 4005,
August 2005. August 2005.
skipping to change at page 25, line 4 skipping to change at page 20, line 20
Email: julien.bournelle@int-evry.fr Email: julien.bournelle@int-evry.fr
Hannes Tschofenig Hannes Tschofenig
Siemens Siemens
Otto-Hahn-Ring 6 Otto-Hahn-Ring 6
Munich, Bavaria 81739 Munich, Bavaria 81739
Germany Germany
Email: Hannes.Tschofenig@siemens.com Email: Hannes.Tschofenig@siemens.com
URI: http://www.tschofenig.com URI: http://www.tschofenig.com
Charles E. Perkins Charles E. Perkins
Nokia Nokia
Email: charliep@iprg.nokia.com Email: charliep@iprg.nokia.com
Intellectual Property Statement Kuntal Chowdhury
Starent Networks
Email: kchowdhury@starentnetworks.com
Full Copyright Statement
Copyright (C) The Internet Society (2006).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79. found in BCP 78 and BCP 79.
skipping to change at page 26, line 29 skipping to change at page 21, line 45
such proprietary rights by implementers or users of this such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr. http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at this standard. Please address the information to the IETF at
ietf-ipr@ietf.org. ietf-ipr@ietf.org.
Disclaimer of Validity
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Copyright Statement
Copyright (C) The Internet Society (2006). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights.
Acknowledgment Acknowledgment
Funding for the RFC Editor function is currently provided by the Funding for the RFC Editor function is provided by the IETF
Internet Society. Administrative Support Activity (IASA).
 End of changes. 98 change blocks. 
368 lines changed or deleted 329 lines changed or added

This html diff was produced by rfcdiff 1.33. The latest version is available from http://tools.ietf.org/tools/rfcdiff/