draft-ietf-dime-mip6-integrated-01.txt   draft-ietf-dime-mip6-integrated-02.txt 
Diameter Maintenance and J. Korhonen (ed.) Diameter Maintenance and J. Korhonen (ed.)
Extensions (DIME) TeliaSonera Extensions (DIME) TeliaSonera
Internet-Draft J. Bournelle Internet-Draft J. Bournelle
Intended status: Informational GET/INT Intended status: Standards Track France Telecom R&D
Expires: December 3, 2006 H. Tschofenig Expires: July 27, 2007 H. Tschofenig
Siemens Siemens Networks GmbH & Co KG
C. Perkins C. Perkins
Nokia Nokia Research Center
K. Chowdhury K. Chowdhury
Starent Networks Starent Networks
The NAS - HAAA Interface for MIPv6 Bootstrapping January 23, 2007
draft-ietf-dime-mip6-integrated-01.txt
Diameter Mobile IPv6: NAS <-> HAAA Support
draft-ietf-dime-mip6-integrated-02.txt
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 39 skipping to change at page 1, line 41
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on December 3, 2006. This Internet-Draft will expire on July 27, 2007.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2006). Copyright (C) The IETF Trust (2007).
Abstract Abstract
A Mobile IPv6 node requires a home agent address, a home address, and A Mobile IPv6 node requires a Home Agent address, a home address, and
IPsec security association with its home agent before it can start a security association with its Home Agent before it can start
utilizing Mobile IPv6 service. RFC 3775 requires that some or all of utilizing Mobile IPv6. RFC 3775 requires that some or all of these
these parameters are statically configured. Ongoing Mobile IPv6 parameters are statically configured. Ongoing Mobile IPv6
bootstrapping work aims to make this information dynamically bootstrapping work aims to make this information dynamically
available to the mobile node. An important aspect of the Mobile IPv6 available to the Mobile Node. An important aspect of the Mobile IPv6
bootstrapping solution is to support interworking with existing bootstrapping solution is to support interworking with existing
authentication, authorization and accounting infrastructure. This authentication, authorization and accounting infrastructure. This
document describes the usage of Diameter to facilitate Mobile IPv6 document describes the MIPv6 bootstrapping using the Diameter Network
bootstrapping for the NAS - HAAA interface. Access Server (NAS) <-> home Authentication, Authorization and
Accounting server (HAAA) interface.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4
2. Terminology and Abbreviations . . . . . . . . . . . . . . . . 3 2. Terminology and Abbreviations . . . . . . . . . . . . . . . . 4
3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
4. Commands, AVPs and Advertising Application Support . . . . . . 6 4. Commands, AVPs and Advertising Application Support . . . . . . 7
4.1. Advertising Application Support . . . . . . . . . . . . . 6 4.1. Advertising Application Support . . . . . . . . . . . . . 7
4.2. Command Codes . . . . . . . . . . . . . . . . . . . . . . 6 4.2. Command Codes . . . . . . . . . . . . . . . . . . . . . . 7
4.3. Diameter-EAP-Request (DER) . . . . . . . . . . . . . . . . 7 4.3. Diameter-EAP-Request (DER) . . . . . . . . . . . . . . . . 7
4.4. Diameter-EAP-Answer (DEA) . . . . . . . . . . . . . . . . 7 4.4. Diameter-EAP-Answer (DEA) . . . . . . . . . . . . . . . . 8
4.5. AA-Request (AAR) . . . . . . . . . . . . . . . . . . . . . 8 4.5. AA-Request (AAR) . . . . . . . . . . . . . . . . . . . . . 9
4.6. AA-Answer (AAA) . . . . . . . . . . . . . . . . . . . . . 9 4.6. AA-Answer (AAA) . . . . . . . . . . . . . . . . . . . . . 10
4.7. New AVPs . . . . . . . . . . . . . . . . . . . . . . . . . 10 4.7. Attribute Value Pair Definitions . . . . . . . . . . . . . 11
4.7.1. MIP6-Home-Agent-Address AVP . . . . . . . . . . . . . 10 4.7.1. MIP6-Home-Agent-Address AVP . . . . . . . . . . . . . 11
4.7.2. MIP6-Home-Agent-FQDN AVP . . . . . . . . . . . . . . . 10 4.7.2. MIP6-Home-Agent-FQDN AVP . . . . . . . . . . . . . . . 11
4.7.3. MIP6-Home-Link-Prefix AVP . . . . . . . . . . . . . . 10 4.7.3. MIP6-Home-Link-Prefix AVP . . . . . . . . . . . . . . 12
4.7.4. MIP4-Home-Agent-Address AVP . . . . . . . . . . . . . 11 4.7.4. MIP4-Home-Agent-Address AVP . . . . . . . . . . . . . 12
4.8. Capability Advertisement . . . . . . . . . . . . . . . . . 11 4.7.5. MIP6-Home-Address AVP . . . . . . . . . . . . . . . . 12
4.8. Capability Advertisement . . . . . . . . . . . . . . . . . 12
5. Diameter Client and Server Behavior During MIPv6 5. Diameter Client and Server Behavior During MIPv6
Bootstrapping . . . . . . . . . . . . . . . . . . . . . . . . 11 Bootstrapping . . . . . . . . . . . . . . . . . . . . . . . . 13
5.1. Client (NAS) Behavior . . . . . . . . . . . . . . . . . . 12 5.1. Client (NAS) Behavior . . . . . . . . . . . . . . . . . . 13
5.2. Server Behavior . . . . . . . . . . . . . . . . . . . . . 13 5.2. Server Behavior . . . . . . . . . . . . . . . . . . . . . 14
5.3. Example Message Flows . . . . . . . . . . . . . . . . . . 14 6. Example Message Flows . . . . . . . . . . . . . . . . . . . . 15
6. AVP Occurrence Tables . . . . . . . . . . . . . . . . . . . . 15 6.1. EAP-based authentication . . . . . . . . . . . . . . . . . 15
6.1. DER and DEA Commands AVP Table . . . . . . . . . . . . . . 15 6.2. Integrated scenario and HA allocation in MSP . . . . . . . 16
6.2. AAR and AAA Commands AVP Table . . . . . . . . . . . . . . 16 6.3. Integrated scenario and HA allocation in ASP . . . . . . . 18
7. MIPv6 Bootstrapping NAS - HAAA Interface AVPs . . . . . . . . 16 7. AVP Occurrence Tables . . . . . . . . . . . . . . . . . . . . 19
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 17 7.1. DER and DEA Commands AVP Table . . . . . . . . . . . . . . 19
9. Security Considerations . . . . . . . . . . . . . . . . . . . 17 7.2. AAR and AAA Commands AVP Table . . . . . . . . . . . . . . 20
10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 17 8. MIPv6 Bootstrapping NAS - HAAA Interface AVPs . . . . . . . . 21
11. Revision history . . . . . . . . . . . . . . . . . . . . . . . 18 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 22
12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 18 10. Security Considerations . . . . . . . . . . . . . . . . . . . 22
12.1. Normative References . . . . . . . . . . . . . . . . . . . 18 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 22
12.2. Informative References . . . . . . . . . . . . . . . . . . 19 12. Revision history . . . . . . . . . . . . . . . . . . . . . . . 23
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 19 13. References . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Intellectual Property and Copyright Statements . . . . . . . . . . 21 13.1. Normative References . . . . . . . . . . . . . . . . . . . 23
13.2. Informative References . . . . . . . . . . . . . . . . . . 24
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 25
Intellectual Property and Copyright Statements . . . . . . . . . . 27
1. Introduction 1. Introduction
Mobile IPv6 specification [RFC3775] requires a Mobile Node (MN) to The Mobile IPv6 (MIPv6) specification [RFC3775] requires a Mobile
perform registration with a home agent with information about its Node (MN) to perform registration with a Home Agent (HA) with
current point of attachment (Care-of Address). The home agent information about its current point of attachment (Care-of Address).
creates and maintains binding between the MN's Home Address and the The HA creates and maintains binding between the MN's Home Address
MN's Care-of Address. and the MN's Care-of Address.
In order to register with a home agent, the MN needs to know some In order to register with a HA, the MN needs to know some information
information such as, the Home Link prefix, the home agent Address, such as, the Home Link prefix, the HA address, the Home Address(es),
the Home Address(es), the Home Link prefix Length and security the Home Link prefix Length and security association related
related information in order to later secure the Binding Update. information.
The aforementioned set of information may be statically provisioned The aforementioned set of information may be statically provisioned
in the MN. However, static provisioning of this information has its in the MN. However, static provisioning of this information becomes
drawbacks. It increases provisioning and network maintenance becomes easily provisioning and network administratiOn burden for an
easily burden for an operator. Moreover, static provisioning does operator. Moreover, static provisioning does not address load
not allow load balancing, failover, opportunistic home link balancing, failover, opportunistic home link assignment and assigment
assignment etc. For example, the user may be accessing the network of local home agents in close proximity to the MN. Also the ability
from a location that may be geographically far away from the to react on sudden environmental or topological changes is minimal.
preconfigured home link; the administrative burden to configure the In a light of above issues static provisioning may not be desirable.
MNs with the respective addresses is large and the ability to react
on environmental changes is minimal. In these situations static
provisioning may not be desirable.
Dynamic assignment of Mobile IPv6 home registration information is a Dynamic assignment of MIPv6 home registration information is a
desirable feature for ease of deployment and network maintenance. desirable feature for ease of deployment and network maintenance.
For this purpose, the Diameter infrastructure, which is used for For this purpose, the AAA infrastructure, which is used for access
access authentication, can be leveraged to assign some or all of the authentication, can be leveraged to assign some or all of the
necessary parameters. The Diameter server in Access Service necessary parameters. The Diameter server in Access Service
Provider's (ASP) or in Mobility Service Provider's (MSP) network may Provider's (ASP) or in Mobility Service Provider's (MSP) network may
return these parameters to the AAA client. Regarding the return these parameters to the AAA client. Regarding the
bootstrapping procedures, the AAA client might either be the NAS, in bootstrapping procedures, the AAA client might either be the NAS, in
case of the integrated scenario, or the home agent, in case of the case of the integrated scenario, or the HA, in case of the split
split scenario [I-D.ietf-mip6-bootstrapping-split]. The terms scenario [I-D.ietf-mip6-bootstrapping-split]. The terms integrated
integrated and split are described in the terminology section and and split are described in the terminology section and were
were introduced in [RFC4640] and [I-D.ietf-mip6-aaa-ha-goals]. introduced in [RFC4640] and [I-D.ietf-mip6-aaa-ha-goals].
2. Terminology and Abbreviations 2. Terminology and Abbreviations
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC2119 [RFC2119]. document are to be interpreted as described in RFC2119 [RFC2119].
General mobility terminology can be found in [RFC3753]. The General mobility terminology can be found in [RFC3753]. The
following additional terms, as defined in [RFC4640], are used in this following additional terms, as defined in [RFC4640], are used in this
document: document:
Access Service Authorizer (ASA): Access Service Authorizer (ASA):
A network operator that authenticates a mobile node and A network operator that authenticates a MN and establishes the
establishes the mobile node's authorization to receive Internet MN's authorization to receive Internet service.
service.
Access Service Provider (ASP): Access Service Provider (ASP):
A network operator that provides direct IP packet forwarding to A network operator that provides direct IP packet forwarding to
and from the mobile node. and from the MN.
Mobility Service Authorizer (MSA): Mobility Service Authorizer (MSA):
A service provider that authorizes Mobile IPv6 service. A service provider that authorizes MIPv6 service.
Mobility Service Provider (MSP): Mobility Service Provider (MSP):
A service provider that provides Mobile IPv6 service. In order to A service provider that provides MIPv6 service. In order to
obtain such service, the mobile node must be authenticated and obtain such service, the MN must be authenticated and authorized
authorized to obtain the Mobile IPv6 service. to obtain the MIPv6 service.
Split scenario: Split scenario:
A scenario where the mobility service and the network access A scenario where the mobility service and the network access
service are authorized by different entities. service are authorized by different entities.
Integrated Scenario: Integrated Scenario:
A scenario where the mobility service and the network access A scenario where the mobility service and the network access
service are authorized by the same entity. service are authorized by the same entity.
skipping to change at page 4, line 49 skipping to change at page 5, line 48
Home AAA (HAAA): Home AAA (HAAA):
An authentication, authorization and accounting server located in An authentication, authorization and accounting server located in
user's home network. user's home network.
3. Overview 3. Overview
This document addresses the authentication, authorization and This document addresses the authentication, authorization and
accounting functionality required by for the MIPv6 bootstrapping as accounting functionality required by for the MIPv6 bootstrapping as
outlined in the MIPv6 bootstrapping problem statement document (see outlined in the MIPv6 bootstrapping problem statement document
[RFC4640]). This document focuses on the AAA functionality for the [RFC4640]. This document focuses on the Diameter based AAA
NAS - HAAA interface. functionality for the NAS - HAAA interface.
The subsequent text outlines the AAA interaction between the In the integrated scenario MIPv6 bootstrapping is provided as part of
participating entities in the integrated scenario. In the integrated the network access authentication procedure. Figure 1 shows the
scenario MIPv6 bootstrapping is provided as part of the network participating entities. This document, however, only concentrates on
access authentication procedure. Figure 1 shows the participating the NAS, possible local Diameter proxies and the home Diameter
entities. This document, however, only concentrates on the NAS, server.
possible local Diameter proxies and the home Diameter server.
+---------------------------+ +-----------------+ +---------------------------+ +-----------------+
|Access Service Provider | |ASA/MSA/(MSP) | |Access Service Provider | |ASA/MSA/(MSP) |
|(Mobility Service Provider)| | | |(Mobility Service Provider)| | |
| | | | | | | |
| +--------+ | | +--------+ | | +--------+ | | +--------+ |
| |Local | Diameter | | |Home | | | |Local | Diameter | | |Home | |
| |Diameter|<---------------------->|Diameter| | | |Diameter|<---------------------->|Diameter| |
| |Proxy | | | |Server | | | |Proxy | | | |Server | |
| +--------+ | | +--------+ | | +--------+ | | +--------+ |
| ^ | | ^ | | ^ ^ | | ^ |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| |Diameter | | v | | Diameter | | v |
| | +-------+ | | +-------+ | | | | +-------+ | | +-------+ |
| | |Home | | | |Home | | | | | |Home | | | |Home | |
| | +---->|Agent | | | |Agent | | | | +-------->|Agent | | | |Agent | |
| | | |in ASP | | | |in MSP | | | | |in ASP | | | |in MSP | |
| v v +-------+ | | +-------+ | | v +-------+ | | +-------+ |
+-------+ IEEE | +-----------+ +-------+ | +-----------------+ +-------+ IEEE | +-----------+ +-------+ | +-----------------+
|Mobile | 802.1X | |NAS/Relay | |DHCPv6 | | |Mobile | 802.1X | |NAS/Relay | |DHCPv6 | |
|Node |----------+-|Diameter |---|Server | | |Node |------------|Diameter |---|Server | |
| | PANA,... | |Client | | | | | | PANA,... | |Client | | | |
+-------+ DHCP | +-----------+ +-------+ | +-------+ DHCP | +-----------+ +-------+ |
+---------------------------+ +---------------------------+
Figure 1: Mobile IPv6 Bootstrapping in the Integrated Scenario Figure 1: Mobile IPv6 Bootstrapping in the Integrated Scenario
In a typical Mobile IPv6 access scenario, as shown above, the MN is In a typical MIPv6 access scenario the MN is attached to an ASP's
attached to an ASP's network. During the network attachment network. During the network attachment procedure, the NAS/Diameter
procedure, the NAS/Diameter client interacts with the mobile node. client interacts with the MN.
As shown in Figure 1, the authentication and authorization happens
via the Diameter infrastructure.
At the time of authentication the user for the network access, the During the time of authentication the Diameter server in the MSA
Diameter server in the MSA detects that the user is also authorized detects that the user is also authorized for MIPv6 access. Based on
for Mobile IPv6 access. Based on the MSA's policy, the Diameter the MSA's policy, the Diameter server may return several MIPv6
server may allocate several parameters to the MN for use during the bootstrapping related parameters.
subsequent Mobile IPv6 protocol interaction with the home agent.
Depending on the details of the solution interaction with the DHCPv6 Depending on the details of the bootstrapping solution interaction
server may be required, as described in with the DHCPv6 server may be required, as described in
[I-D.ietf-mip6-bootstrapping-integrated-dhc]. However, the solution [I-D.ietf-mip6-bootstrapping-integrated-dhc]. However, the Diameter
described in this document is not dependant on the DHCPv6 as the only based NAS - HAAA interface described in this document is not tied to
possible MIPv6 bootstrapping method. DHCPv6 as the only possible MIPv6 bootstrapping method.
4. Commands, AVPs and Advertising Application Support 4. Commands, AVPs and Advertising Application Support
This section describes command codes, defines AVPs and advertised This section describes command codes, defines AVPs and advertised
application identifiers for the Diameter MIPv6 bootstrapping in the application identifiers for the Diameter MIPv6 bootstrapping in the
NAS - HAAA interface. NAS - HAAA interface.
4.1. Advertising Application Support 4.1. Advertising Application Support
Diameter nodes conforming to this specification SHOULD include the Diameter nodes conforming to this specification SHOULD include the
value of 1 (NASREQ application) or 5 (EAP application) in the Auth- value of 1 (NASREQ application) or 5 (EAP application) in the Auth-
Application-Id or the Acct-Application-Id AVP of the Capabilities- Application-Id or the Acct-Application-Id AVP in the Capabilities-
Exchange-Request and Capabilities-Exchange-Answer commands [RFC3588]. Exchange-Request and Capabilities-Exchange-Answer commands [RFC3588].
The value of zero (0) SHOULD be used as the Application-Id in all
STR/STA, ACR/ACA, ASR/ASA, and RAR/RAA commands, because these
commands are defined in the Diameter base protocol and no additional
mandatory AVPs for those commands are defined in this document.
4.2. Command Codes 4.2. Command Codes
This document re-uses the Diameter Base protocol [RFC3588], Diameter This document re-uses the Diameter NASREQ application [RFC4072] and
NASREQ application [RFC4072] and EAP commands . The following the EAP application commands [RFC4005]. The following commands are
commands are used to carry MIPv6 related bootstrapping AVPs: used to carry MIPv6 related bootstrapping AVPs:
Command-Name Abbrev. Code Reference Application Command-Name Abbrev. Code Reference Application
Diameter-EAP-Request DER 268 RFC 4072 EAP Diameter-EAP-Request DER 268 RFC 4072 EAP
Diameter-EAP-Answer DEA 268 RFC 4072 EAP Diameter-EAP-Answer DEA 268 RFC 4072 EAP
AA-Request AAR 265 RFC 4005 NASREQ AA-Request AAR 265 RFC 4005 NASREQ
AA-Answer AAA 265 RFC 4005 NASREQ AA-Answer AAA 265 RFC 4005 NASREQ
Figure 2: MIPv6 Bootstrapping NAS - HAAA Interface Command Codes Figure 2: MIPv6 Bootstrapping NAS - HAAA Interface Command Codes
When the Re-Auth-Request (RAR), Re-Auth-Answer (RAA), Session- When the Re-Auth-Request (RAR), Re-Auth-Answer (RAA), Session-
Termination-Request (STR), Session-Termination-Answer (STA), Abort- Termination-Request (STR), Session-Termination-Answer (STA), Abort-
Session-Request (ASR), Abort-Session-Answer (ASA), Accounting-Request Session-Request (ASR), Abort-Session-Answer (ASA), Accounting-Request
(ACR), and Accounting-Answer (ACA) commands are used together with (ACR), and Accounting-Answer (ACA) commands are used together with
the Diameter MIPv6 bootstrapping NAS - HAAA interface, they follow the MIPv6 bootstrapping NAS - HAAA interface, they follow the rules
the rules in the Diameter NASREQ [RFC4005], EAP [RFC4072] and BASE in the Diameter NASREQ [RFC4005], EAP [RFC4072] and RFC 3588
[RFC3588] applications. The accounting commands use Application [RFC3588] applications. The accounting commands use the Application
Identifier value of 3 (Diameter Base Accounting); the others use 0 Identifier value of 3 (Diameter Base Accounting); the others use 0
(Diameter Common Messages). (Diameter Common Messages).
4.3. Diameter-EAP-Request (DER) 4.3. Diameter-EAP-Request (DER)
The Diameter-EAP-Request (DER) command [RFC4072], indicated by the The Diameter-EAP-Request (DER) command [RFC4072], indicated by the
Command-Code field set to 268 and the 'R' bit set in the Command Command-Code field set to 268 and the 'R' bit set in the Command
Flags field, may be sent by the NAS to the Diameter server providing Flags field, may be sent by the NAS to the Diameter server providing
network access authentication and authorization services. At the network access authentication and authorization services. At the
same time with the network access authentication and authorization same time with the network access authentication and authorization
the NAS MAY indicate the access network capability of MIPv6 the NAS MAY indicate the access network capability of MIPv6
bootstrapping and optionally also the capability of a local home bootstrapping and optionally also the capability of a local HA
agent assignment. assignment.
The message format is the same as defined in [RFC4072] with an The message format is the same as defined in [RFC4072] with an
addition of possible MIPv6 bootstrapping NAS - HAAA interface AVPs to addition of optional MIPv6 bootstrapping NAS - HAAA interface AVPs to
indicate capabilities of the NAS and ASP: indicate capabilities of the NAS and the ASP:
<Diameter-EAP-Request> ::= < Diameter Header: 268, REQ, PXY > <Diameter-EAP-Request> ::= < Diameter Header: 268, REQ, PXY >
< Session-Id > < Session-Id >
{ Auth-Application-Id } { Auth-Application-Id }
{ Origin-Host } { Origin-Host }
{ Origin-Realm } { Origin-Realm }
{ Destination-Realm } { Destination-Realm }
{ Auth-Request-Type } { Auth-Request-Type }
[ MIP6-Home-Agent-Address ] [ MIP6-Home-Agent-Address ]
[ MIP6-Home-Agent-FQDN ] [ MIP6-Home-Agent-FQDN ]
[ MIP6-Home-Link-Prefix ] [ MIP6-Home-Link-Prefix ]
[ MIP6-Home-Address ]
[ MIP4-Home-Agent-Address ] [ MIP4-Home-Agent-Address ]
[ Destination-Host ] [ Destination-Host ]
... ...
* [ AVP ] * [ AVP ]
Figure 3: Diameter EAP Request Command Figure 3: Diameter EAP Request Command
4.4. Diameter-EAP-Answer (DEA) 4.4. Diameter-EAP-Answer (DEA)
The Diameter-EAP-Answer (DEA) message define in [RFC4072], indicated The Diameter-EAP-Answer (DEA) message define in [RFC4072], indicated
by the Command-Code field set to 268 and 'R' bit cleared in the by the Command-Code field set to 268 and 'R' bit cleared in the
Command Flags field is sent in response to the Diameter-EAP-Request Command Flags field is sent in response to the Diameter-EAP-Request
message (DER). If the network access was successfully authenticated message (DER). If the network access authentication procedure was
then the response SHOULD include the MIP6-Home-Agent-Address AVP, successful then the response MAY include any set of MIP6-Home-Agent-
MIP6-Home-Link-Prefix, MIP6-Home-Agent-FQDN and MIP4-Home-Agent- Address AVP, MIP6-Home-Link-Prefix, MIP6-Home-Agent-FQDN, MIP6-Home-
address AVPs. Address and MIP4-Home-Agent-address AVPs.
The message format is the same as defined in [RFC4072] with an The message format is the same as defined in [RFC4072] with an
addition of MIPv6 bootstrapping NAS - HAAA interface AVPs: addition of optional MIPv6 bootstrapping NAS - HAAA AVPs:
<Diameter-EAP-Answer> ::= < Diameter Header: 268, PXY > <Diameter-EAP-Answer> ::= < Diameter Header: 268, PXY >
< Session-Id > < Session-Id >
{ Auth-Application-Id } { Auth-Application-Id }
{ Auth-Request-Type } { Auth-Request-Type }
{ Result-Code } { Result-Code }
{ Origin-Host } { Origin-Host }
{ Origin-Realm } { Origin-Realm }
[ MIP6-Home-Agent-Address ] [ MIP6-Home-Agent-Address ]
[ MIP6-Home-Agent-FQDN ] [ MIP6-Home-Agent-FQDN ]
[ MIP6-Home-Link-Prefix ] [ MIP6-Home-Link-Prefix ]
[ MIP6-Home-Address ]
[ MIP4-Home-Agent-Address ] [ MIP4-Home-Agent-Address ]
[ User-Name ] [ User-Name ]
... ...
* [ AVP ] * [ AVP ]
Figure 4: Diameter EAP Answer Command Figure 4: Diameter EAP Answer Command
4.5. AA-Request (AAR) 4.5. AA-Request (AAR)
The AA-Request (AAR) message, indicated by the Command-Code field set The AA-Request (AAR) message, indicated by the Command-Code field set
to 265 and 'R' bit set in the Command Flags field, may be sent by the to 265 and 'R' bit set in the Command Flags field, may be sent by the
NAS to the Diameter server providing network access configuration NAS to the Diameter server providing network access configuration
services. At the same time with the network access configuration the services. At the same time with the network access configuration the
NAS MAY request home agent assignment, to authorize for mobility NAS MAY request HA assignment, to authorize for mobility service
service usage and optionally to indicate the support of possible usage and optionally to indicate the support of possible local HA
local home agent assignment. assignment.
The message format is the same as defined in [RFC4005] with an The message format is the same as defined in [RFC4005] with an
addition of MIPv6 bootstrapping NAS - HAAA interface AVPs: addition of optional MIPv6 bootstrapping NAS - HAAA AVPs:
<AA-Request> ::= < Diameter Header: 265, REQ, PXY > <AA-Request> ::= < Diameter Header: 265, REQ, PXY >
< Session-Id > < Session-Id >
{ Auth-Application-Id } { Auth-Application-Id }
{ Origin-Host } { Origin-Host }
{ Origin-Realm } { Origin-Realm }
{ Destination-Realm } { Destination-Realm }
{ Auth-Request-Type } { Auth-Request-Type }
[ MIP6-Home-Agent-Address ] [ MIP6-Home-Agent-Address ]
[ MIP6-Home-Agent-FQDN ] [ MIP6-Home-Agent-FQDN ]
[ MIP6-Home-Link-Prefix ] [ MIP6-Home-Link-Prefix ]
[ MIP6-Home-Address ]
[ MIP4-Home-Agent-Address ] [ MIP4-Home-Agent-Address ]
[ Destination-Host ] [ Destination-Host ]
... ...
* [ AVP ] * [ AVP ]
Figure 5: AA Request Command Figure 5: AA Request Command
4.6. AA-Answer (AAA) 4.6. AA-Answer (AAA)
The AA-Answer (AAA) message, indicated by the Command-Code field set The AA-Answer (AAA) message, indicated by the Command-Code field set
to 265 and 'R' bit cleared in the Command Flags field is sent in to 265 and 'R' bit cleared in the Command Flags field is sent in
response to the AA-Request (AAR) message for confirmation of the response to the AA-Request (AAR) message for confirmation of the
result of MIPv6 HA bootstrapping. If the network access was result of MIPv6 HA bootstrapping. If the network access
successfully authenticated then the response SHOULD include the MIP6- authentication procedure was successful then the response MAY include
Home-Agent-Address AVP, MIP6-Home-Link-Prefix, MIP6-Home-Agent-FQDN any set of MIP6-Home-Agent-Address AVP, MIP6-Home-Link-Prefix, MIP6-
and MIP4-Home-Agent-address AVPs. Home-Agent-FQDN, MIP6-Home-Address and MIP4-Home-Agent-address AVPs.
The message format is the same as defined in [RFC4005] with an The message format is the same as defined in [RFC4005] with an
addition of MIPv6 bootstrapping NAS - HAAA interface AVPs: addition of optional MIPv6 bootstrapping NAS - HAAA interface AVPs:
<AA-Answer> ::= < Diameter Header: 265, PXY > <AA-Answer> ::= < Diameter Header: 265, PXY >
< Session-Id > < Session-Id >
{ Auth-Application-Id } { Auth-Application-Id }
{ Auth-Request-Type } { Auth-Request-Type }
{ Result-Code } { Result-Code }
{ Origin-Host } { Origin-Host }
{ Origin-Realm } { Origin-Realm }
[ MIP6-Home-Agent-Address ] [ MIP6-Home-Agent-Address ]
[ MIP6-Home-Agent-FQDN ] [ MIP6-Home-Agent-FQDN ]
[ MIP6-Home-Link-Prefix] [ MIP6-Home-Link-Prefix]
[ MIP6-Home-Address ]
[ MIP4-Home-Agent-address ] [ MIP4-Home-Agent-address ]
[ User-Name ] [ User-Name ]
... ...
* [ AVP ] * [ AVP ]
Figure 6: AA Answer Command Figure 6: AA Answer Command
4.7. New AVPs 4.7. Attribute Value Pair Definitions
4.7.1. MIP6-Home-Agent-Address AVP 4.7.1. MIP6-Home-Agent-Address AVP
The MIP6-Home-Agent-Address AVP (AVP Code TBD) is of type OctetString The MIP6-Home-Agent-Address AVP (AVP Code TBD) is of type OctetString
and contains the Mobile IPv6 home agent address and the prefix length and contains the MIPv6 HA address and the prefix length of the said
of the said address. The AVP is a discriminated union, representing address. The AVP is a discriminated union, representing IPv6 address
IPv6 address in network byte order. The first two octets of this AVP in network byte order. The first two octets of this AVP represents
represents the home link prefix length followed by 16 octets of the the home link prefix length followed by 16 octets of the IPv6
IPv6 address. address.
The Diameter server MAY decide to assign a MIPv6 home agent to the MN The Diameter server MAY decide to assign a MIPv6 HA to the MN that is
that is in close proximity to the point of attachment (e.g. in close proximity to the point of attachment (e.g. determined by the
determined by the NAS-Identifier). There may be other reasons for NAS-Identifier). There may be other reasons for dynamically
dynamically assigning home agents to the MN, for example to share the assigning HAs to the MN, for example to share the traffic load. The
traffic load. The AVP also contains the prefix length so that the MN AVP also contains the prefix length so that the MN can easily infer
can easily infer one of the possible Home Link prefixes from the home one of the possible Home Link prefixes from the HA address.
agent address.
This AVP MAY also be sent by the NAS to the Diameter server in a
request message as a hint to suggest a dynamic HA may be assigned to
the MN. Based on local policy information the Diameter server may
decide to follow the hint or to override this suggestion with its
preferred HA IP address.
4.7.2. MIP6-Home-Agent-FQDN AVP 4.7.2. MIP6-Home-Agent-FQDN AVP
The MIP6-Home-Agent-FQDN AVP (AVP Code TBD) is of type UTF8String and The MIP6-Home-Agent-FQDN AVP (AVP Code TBD) is of type UTF8String and
contains the FQDN of a Mobile IPv6 home agent. contains the FQDN of a MIPv6 HA. The usage of this AVP is equivalent
to the MIP6-Home-Agent-Address AVP except that the host using the
FQDN needs to perform a DNS query in order to discover the HA
address.
4.7.3. MIP6-Home-Link-Prefix AVP 4.7.3. MIP6-Home-Link-Prefix AVP
The MIP6-Home-Link-Prefix AVP (AVP Code TBD) is of type OctetString The MIP6-Home-Link-Prefix AVP (AVP Code TBD) is of type OctetString
and contains the Mobile IPv6 home link prefix. There may be reasons and contains the MIPv6 home link prefix. There may be reasons for
for the Diameter server to dynamically assigning home link prefix to the Diameter server to dynamically assigning home link prefix to the
the MN, for example one that is in close proximity to the point of MN, for example one that is in close proximity to the point of
attachment. attachment.
The MN can perform RFC 3775 [RFC3775] specific procedures to discover
other information for MIPv6 registration.
4.7.4. MIP4-Home-Agent-Address AVP 4.7.4. MIP4-Home-Agent-Address AVP
The MIP4-Home-Agent-Address AVP (AVP Code TBD) is of type OctetString The MIP4-Home-Agent-Address AVP (AVP Code TBD) is of type OctetString
and contains the IPv4 home agent address and the prefix length of the and contains the IPv4 HA address and the prefix length of the said
said address. The AVP is a discriminated union, representing IPv4 address. The AVP is a discriminated union, representing IPv4 address
address in network byte order. The first two octets of this AVP in network byte order. The first two octets of this AVP represents
represents the home link prefix length followed by 4 octets of the the home link prefix length followed by 4 octets of the IPv4 address.
IPv4 address.
The Diameter server MAY decide to assign a MIPv4 home agent to the MN The Diameter server MAY decide to assign a MIPv4 HA to the MN in a
in a case where dual stack Mobile IP is supported case where dual stack Mobile IP is supported
[I-D.ietf-mip6-nemo-v4traversal]. [I-D.ietf-mip6-nemo-v4traversal].
4.7.5. MIP6-Home-Address AVP
The MIP6-Home-Address AVP (AVP Code TBD) is of type OctetString and
contains the MIPv6 Home Address and the prefix length of the said
address. The AVP is a discriminated union, representing IPv6 address
in network byte order. The first two octets of this AVP represents
the Home Address prefix length followed by 16 octets of the IPv6
address.
The Diameter server MAY assign a home address to the MN. This allows
the network operator to support MNs that are not configured with
static addresses. The attribute also contains the prefix length so
that the MN can easily infer the home link prefix from the HA
address.
4.8. Capability Advertisement 4.8. Capability Advertisement
The NAS/ASP may include any MIPv6 bootstrapping AVPs in the Diameter The NAS/ASP may include any MIPv6 bootstrapping AVPs in the DER or
EAP or NASREQ application request messages to advertise its MIPv6 AAR messages in order to advertise its MIPv6 bootstrapping
bootstrapping capabilities to the Diameter server. The use of capabilities to the Diameter server. This capability advertisement
capability advertisement is optional. may also be used to propose locally allocated mobility agents,
locally allocated prefix or home address to the Diameter server. As
an example the MIP6-Home-Agent-Address AVP could contain the IP
address of the locally allocated HA.
The capability advertisement may also be used as an explicit hint to If the MIP6-Home-Agent-Address AVP is only used as a MIPv6
the Diameter server about locally allocated mobility agents or home bootstrapping capability indicator then the IP address MUST be set to
links. In this case e.g. the MIP6-Home-Agent-Address AVP would unspecified address (::/128). The MIP6-Home-Agent-FQDN AVP SHOULD
contain the IP address of the locally allocated home agent. If the NOT be used for the capability advertisement if it does not name a
NAS/ASP does not have any specific home agent to offer during the locally allocated HA.
access authentication time the IP address in the respective
bootstrapping AVPs MUST be set to unspecified address (::/128). The
MIP6-Home-Agent-FQDN SHOULD NOT be used for the capability
advertisement if it does not already name a locally allocated Home
Agent.
5. Diameter Client and Server Behavior During MIPv6 Bootstrapping 5. Diameter Client and Server Behavior During MIPv6 Bootstrapping
This section describes the Diameter server and client behavior in This section describes the Diameter server and client behavior in
case of the MIPv6 bootstrapping in the integrated scenario. The text case of the MIPv6 bootstrapping in the integrated scenario. The text
does several assumptions for brevity. makes several assumptions.
o The Diameter server is assumed to support at least the Diameter o The Diameter server supports at least the Diameter BASE, EAP and
NASREQ applications.
o The Diameter client (i.e., the NAS) supports at least the Diameter
BASE, EAP and NASREQ applications. BASE, EAP and NASREQ applications.
o The Diameter client (i.e. the NAS) is assumed to support at least
the Diameter BASE, EAP and NASREQ applications.
o The MN uses such network access authentication method and o The MN uses such network access authentication method and
credentials that are supported by the NAS/ASP and ASA/MSA. credentials that are supported by the NAS/ASP and ASA/MSA.
o The MN has been provisioned with a Mobile IPv6 service. o The MN has been provisioned with a MIPv6 service.
o The capability exchange has already completed, thus the NAS and
the Diameter server share the knowledge of mutually supported
applications. Cases where the ASA/MSA do not support MIPv6
bootstrapping are not discussed. In these cases the NAS has no
other choice than to carry out the network access authentication
as defined in the Diameter EAP or NASREQ applications.
5.1. Client (NAS) Behavior 5.1. Client (NAS) Behavior
If the ASP/NAS does not support MIPv6 integrated scenario If the ASP/NAS does not support MIPv6 integrated scenario
bootstrapping then the NAS either selects the basic Diameter NASREQ bootstrapping then the NAS either selects the basic Diameter NASREQ
or EAP application depending on which authentication method gets or EAP application depending on which authentication method gets
used. Naturally after a successful or a failed authentication the used. Naturally after a successful or a failed authentication the
NAS does not have to carry out any MIPv6 bootstrapping related NAS does not have to carry out any MIPv6 bootstrapping related
procedures. procedures.
Next we describe two different scenarios for the network access Next, we describe two different scenarios for the network access
authentication when the ASP/NAS supports MIPv6 integrated scenario authentication when the ASP/NAS supports MIPv6 integrated scenario
bootstrapping. bootstrapping.
1) The MN uses some EAP-based method (e.g. 802.11i/802.1X) to 1) The MN uses some EAP-based method for network access
authenticate to the network. In this scenario the NAS uses authentication. In this scenario the NAS uses commands originally
commands originally defined for the EAP application. defined for the EAP application.
2) The MN uses some other than EAP-based method to authenticate to 2) The MN uses a non-EAP-based network access authentication
the network. In this scenario the NAS uses the Diameter NASREQ procedure. In this scenario the NAS uses the Diameter NASREQ
application commands. application commands.
The NAS may include the MIPv6 NAS - HAAA AVPs in the DER or in the The NAS may include the MIPv6 NAS - HAAA AVPs in the DER or in the
AAR messages. This serves two purposes. Firstly the NAS/ASP may AAR messages. This serves two purposes. Firstly the NAS/ASP may
advertise its MIPv6 bootstrapping capability to the Diameter server. advertise its MIPv6 bootstrapping capability to the Diameter server.
Secondly the NAS/ASP may suggest locally allocated home agents to the
Diameter server. Whether the locally allocated home agents are Secondly the NAS/ASP may suggest locally allocated HAs to the
allowed for the forthcoming MIPv6 session depends on the MN's Diameter server. Whether the locally allocated HAs are allowed for
subscription and the ASA/MSA(/MSP) policies. If the NAS/ASP only the forthcoming MIPv6 session depends on the MN's subscription and
wants to advertise its capability for local agent allocation but does the ASA/MSA(/MSP) policies. If the NAS/ASP only wants to advertise
not want to provide any specific agent at this point of time (e.g. its capability for local agent allocation but does not want to
that is left for later steps during the actual Mobile IP provide any specific agent at this point of time (e.g. that is left
registration) the AVPs MUST contain values described in Section 4.8. for later steps during the actual Mobile IP registration) the AVPs
MUST contain values described in Section 4.8.
If the network access authentication failed the NAS receives If the network access authentication failed the NAS receives
appropriate error codes as defined for the Diameter EAP or NASREQ appropriate error codes as defined for the Diameter EAP or NASREQ
applications. The NAS does not allow the MN to access the network applications. The NAS does not allow the MN to access the network
and does not do any MIPv6 bootstrapping related procedures. and does not do any MIPv6 bootstrapping related procedures.
If the network access authentication completed successfully, the NAS If the network access authentication completed successfully, the NAS
looks for home agent defining AVPs in the reply messages (either DEA looks for HA defining AVPs in the reply messages (either DEA or AAA
or AAA depending on the used authentication method). The NAS depending on the used authentication method). The NAS associates the
associates the received bootstrapping information to the MN that received bootstrapping information to the MN that initiated the
initiated the access authentication and stores the information access authentication and stores the information internally (storing
internally (storing time is determined by the ASP policy). The time is determined by the ASP policy). The stored bootstrapping
stored bootstrapping information is then available for the NAS and information is then available for the NAS and the DHCP relay for
the DHCP relay for later step during the MN bootstrapping process. later step during the MN bootstrapping process.
The actual bootstrapping from the MN point of view takes place after The actual bootstrapping from the MN point of view takes place after
the network access authentication has completed. The bootstrapping the network access authentication has completed. The bootstrapping
may be realized e.g. using DHCP as defined in may be realized e.g. using DHCP as defined in
[I-D.ietf-mip6-bootstrapping-integrated-dhc] and [RFC2132]. [I-D.ietf-mip6-bootstrapping-integrated-dhc] and [RFC2132].
The MN has no consistent way of indicating to the NAS that it The MN has no consistent way of indicating to the NAS that it
supports MIPv6 integrated scenario way of bootstrapping during the supports MIPv6 integrated scenario way of bootstrapping during the
network access authentication. Subsequently the NAS has no network access authentication. Subsequently the NAS has no
possibilities to find out whether the terminal attempting to possibilities to find out whether the terminal attempting to
authenticate is actually a MN with MIPv6 bootstrapping functionality authenticate is actually a MN with MIPv6 bootstrapping functionality
prior the network access authentication has completed. Thus it is prior the network access authentication has completed. Thus, it is
possible that the NAS initiates MIPv6 integrated scenario possible that the NAS initiates MIPv6 integrated scenario
bootstrapping configuration even if the MN is not able to make any bootstrapping configuration even if the MN is not able to make any
use of it later. The Diameter server in the ASA/MSA might be able to use of it later. The Diameter server in the ASA/MSA might be able to
detect this situation during the authentication phase based on MN's detect this situation during the authentication phase based on the
identity -- assuming the ASA is able to verify from the MSA(/MSP) information in the subscriber database assuming the ASA is able to
whether the MN has been provisioned with a MIPv6 service. verify whether the MN has been provisioned with a MIPv6 service (from
the MSA/MSP).
5.2. Server Behavior 5.2. Server Behavior
If the NAS/ASP does not support MIPv6 integrated scenario If the NAS/ASP does not support MIPv6 integrated scenario
bootstrapping then the NAS either selects the Diameter NASREQ or EAP bootstrapping then the NAS either selects the Diameter NASREQ or EAP
application depending on which access authentication method the MN application depending on which access authentication method the MN
has to use to authenticate. In this case the NAS does not either has to use to authenticate. In this case the NAS does not either
include any MIPv6 NAS - HAAA interface AVPs as a hint of the include any MIPv6 NAS - HAAA interface AVPs as a hint of the
bootstrapping capability in the NAS/ASP. The Diameter server in the bootstrapping capability in the NAS/ASP. The Diameter server in the
ASA/MSA(/MSP) detects this case (based on AVPs that serve as a ASA/MSA(/MSP) detects this case (based on AVPs that serve as a
skipping to change at page 14, line 7 skipping to change at page 15, line 20
optional hint, the Diameter server should not entirely rely on the optional hint, the Diameter server should not entirely rely on the
received capability hints but also base its working logic on received capability hints but also base its working logic on
subscription information and general MSA(/MSP) policies. subscription information and general MSA(/MSP) policies.
Next we describe two different scenarios for the network access Next we describe two different scenarios for the network access
authentication when the NAS/ASP supports MIPv6 integrated scenario authentication when the NAS/ASP supports MIPv6 integrated scenario
bootstrapping. bootstrapping.
1) The MN uses some EAP-based method to authenticate to the network 1) The MN uses some EAP-based method to authenticate to the network
and the NAS uses Diameter EAP application commands. Depending on and the NAS uses Diameter EAP application commands. Depending on
the ASA/MSA(/MSP) policy the Diameter server SHOULD assign a the ASA/MSA(/MSP) policy the Diameter server SHOULD assign a MIPv6
Mobile IPv6 home agent to the MN and include corresponding MIP6- HA to the MN and include corresponding MIP6-Home-Agent-Address,
Home-Agent-Address, the MIP6-Home-Agent-FQDN AVPs and the MIP6- the MIP6-Home-Agent-FQDN AVPs and the MIP6-Home-Link-Prefix in the
Home-Link-Prefix in the final DEA message. final DEA message.
2) The MN uses some other than EAP-based method to authenticate to 2) The MN uses some other than EAP-based method to authenticate to
the network and the NAS uses Diameter NASREQ application commands. the network and the NAS uses Diameter NASREQ application commands.
Depending on the ASA/MSA(/MSP) policy the Diameter server SHOULD Depending on the ASA/MSA(/MSP) policy the Diameter server SHOULD
assign a Mobile IPv6 home agent to the MN and include assign a MIPv6 HA to the MN and include corresponding MIP6-Home-
corresponding MIP6-Home-Agent-Address, the MIP6-Home-Agent-FQDN Agent-Address, the MIP6-Home-Agent-FQDN AVPs and the MIP6-Home-
AVPs and the MIP6-Home-Link-Prefix in the final AAA message. Link-Prefix in the final AAA message.
If the Diameter request message contained any MIPv6 NAS -HAAA If the Diameter request message contained any MIPv6 NAS -HAAA
interface AVPs the Diameter server should regard them as a hint of interface AVPs the Diameter server should regard them as a hint of
the MIPv6 bootstrapping capability in the NAS/ASP. Any of these AVPs the MIPv6 bootstrapping capability in the NAS/ASP. Any of these AVPs
may contain values as described in Section 4.8 which indicate the may contain values as described in Section 4.8 which indicate the
NAS/ASP would like to locally allocate a home agent or a home link to NAS/ASP would like to locally allocate a HA or a home link to the MN.
the MN. The Diameter server may or may not honor the NAS/ASP hint The Diameter server may or may not honor the NAS/ASP hint based on
based on the MN's subscription and ASA/MAS(/MSP) policies. the MN's subscription and ASA/MAS(/MSP) policies.
5.3. Example Message Flows 6. Example Message Flows
6.1. EAP-based authentication
This section shows basic message flows of MIPv6 integrated scenario This section shows basic message flows of MIPv6 integrated scenario
bootstrapping and dynamic home agent assignment. In the Figure 7 bootstrapping and dynamic HA assignment. In the Figure 7 network
network access authentication is based on EAP (e.g. 802.11i/802.1X). access authentication is based on EAP (e.g. 802.11i/802.1X). The NAS
The NAS informs the home Diameter server that home agent assignment informs the home Diameter server that HA assignment in the foreign
in the foreign network is possible. The Diameter server assigns the network is possible. The Diameter server assigns the MN a HA either
MN a home agent either in the home MSP or in the ASP. The assignment in the home MSP or in the ASP. The assignment procedure is out of
procedure is out of scope of this document. The Diameter server then scope of this document. The Diameter server then replies to the NAS
replies to the NAS with home agent related bootstrapping information. with HA related bootstrapping information.
NAS Local proxy Home server NAS Local proxy Home server
| | | | | |
| Diameter-EAP-Request | | | Diameter-EAP-Request | |
| MIP6-Home-Agent-Address(IPv6 address) | | MIP6-Home-Agent-Address(IPv6 address) |
| MIP6-Home-Agent-FQDN=visited_ha6.example.com | | MIP6-Home-Agent-FQDN=visited_ha6.example.com |
| MIP4-Home-Agent-Address(IPv4 address) | | MIP4-Home-Agent-Address(IPv4 address) |
| MIP6-Home-Link-Prefix=(IPv6 prefix) | | MIP6-Home-Link-Prefix(IPv6 prefix) |
| MIP6-Home-Address(IPv6 address) |
| Auth-Request-Type=AUTHORIZE_AUTHENTICATE | | Auth-Request-Type=AUTHORIZE_AUTHENTICATE |
| EAP-Payload(EAP Start) | | | EAP-Payload(EAP Start) | |
|------------------------------->|------------------------------->| |------------------------------->|------------------------------->|
| | | | | |
| : | | : |
: ...more EAP Request/Response pairs... : : ...more EAP Request/Response pairs... :
| : | | : |
| | | | | |
| | Diameter-EAP-Answer | | | Diameter-EAP-Answer |
| MIP6-Home-Agent-Address(IPv6 address) | | MIP6-Home-Agent-Address(IPv6 address) |
| MIP6-Home-Agent-FQDN=ha.example.com | | MIP6-Home-Agent-FQDN=ha.example.com |
| MIP6-Home-Address(IPv6 address) |
| | Result-Code=DIAMETER_SUCCESS | | | Result-Code=DIAMETER_SUCCESS |
| | EAP-Payload(EAP Success) | | | EAP-Payload(EAP Success) |
| | EAP-Master-Session-Key | | | EAP-Master-Session-Key |
| | (authorization AVPs) | | | (authorization AVPs) |
| | ... | | | ... |
|<-------------------------------|<-------------------------------| |<-------------------------------|<-------------------------------|
| | | | | |
Figure 7: MIPv6 integrated scenario bootstrapping and NAS - HAAA Figure 7: MIPv6 integrated scenario bootstrapping and NAS - HAAA
interface example when EAP is used for access authentication interface example when EAP is used for access authentication
6. AVP Occurrence Tables 6.2. Integrated scenario and HA allocation in MSP
6.1. DER and DEA Commands AVP Table Diameter is used to authenticate and authorize the MN for the
mobility service, and to send information about the allocated HA to
the NAS. In this example scenario the MN uses DHCP for its IP
address configuration.
|
--------------ASP------>|<--ASA/MSA/(MSP)--
|
+----+ +--------+ +-------+ +--------+
| | |Diameter| | | | |
| | | Client | | | | |
| MN | | NAS/ | | DHCP | | Home |
| | | DHCP | | Server| |Diameter|
| | | Relay | | | | Server |
+-+--+ +----+---+ +---+---+ +--------+
| | | |
| 1 | 2 | |
|<------------->|<----------------------->|
| | | |
| | | |
| 3 | | |
|-------------->| | |
| | | |
| | 4 | |
| |------------>| |
| | | |
| | 5 | |
| |<------------| |
| | | |
| 6 | | |
|<--------------| | |
| | | |
Figure 8: HA allocation in MSP
1) The MN executes the normal network access authentication procedure
(IEEE 802.11i/802.1X, PANA, ...) with the NAS. The NAS acts as an
authenticator in "pass-through" mode. The other endpoint of the
authentication dialogue is the MN's home Diameter server. This is
a typical scenario for e.g. EAP-based authentication methods.
The NAS includes at least one of the NAS-HAAA interface AVPs in
the DER or in the AAR messages to indicate MIPv6 bootstrapping
capability. For example the NAS could include MIP6-Home-Agent-
Address AVP with 0::/128 as the HA address (the NAS has no
particular HA to propose to the Diameter server).
2) Depending on the Diameter server configuration and the
subscription profile, the MIP6-Home-Agent-Address AVP or the MIP6-
Home-Agent-FQDN AVP may be appended to the DEA or to the AAA
message, assuming the home Diameter server knows or has allocated
a HA to the MN. In case the MIP6-Home-Agent-FQDN AVP was returned
the MN ultimately needs to perform a DNS query in order to
discover the HA address. For example the home Diameter server
could return the following AVPs:
o MIP6-Home-Agent-Address = 2001:2001:6000:302::1/64
o MIP6-Home-Address = 2001:2001:6000:302::dead:beef/64
o MIP6-Home-Link-Prefix = 2001:2001:6000:302::/64
3) the MN sends a DHCPv6 Information Request message to
all_DHCP_Relay_Agents_and_Servers address. In the OPTION_ORO,
Option Code for the Home Network Identifier Option shall be
included in that message
[I-D.ietf-mip6-bootstrapping-integrated-dhc]. The Home Network
Identifier Option should have id-type of 1, the message is a
request to discover home network information that pertains to the
given realm, i.e., the user's home domain (identified by the NAI
of the MN). The OPTION_CLIENTID is set by the MN to identify
itself to the DHCP server.
Steps 4 to 6 are not relevant in NAS-HAAA Diameter interface point of
view and are not described in this document. Refer
[I-D.ietf-mip6-bootstrapping-integrated-dhc] for detailed information
about the rest of the integrated scenario bootstrapping procedure.
6.3. Integrated scenario and HA allocation in ASP
This scenario is similar to the one described in Section 6.2 and
illustrated in Figure 8. There are slight differences in steps 2)
and 3).
2) The NAS/ASP has allocated a local HA (e.g. with IP address 2001:
788:1:c020::1/64) and a local prefix, and proposes those to MN's
home Diameter server. For example the NAS includes following AVPs
in the DER or in the AAR messages:
o MIP6-Home-Agent-Address = 2001:788:1:c020::1/64
o MIP6-Home-Link-Prefix = 2001:788:1:c020::/64
Depending on the Diameter server configuration and the
subscription profile, the Diameter server either accepts or
rejects the HA IP address (or FQDN) proposed by the NAS/ASP. If
the Diameter server accepts the proposed HA the AVP containing the
HA information is returned as is back to the NAS. In this example
the returned IP6-Home-Agent-Address AVP would contain the same
2001:788:1:c020::1/64 IP address value. On the orher hand if the
Diameter server does not accept the proposed HA, the Diameter
server overwrites the MIP6-Home-Agent-Address AVP value with an IP
address of the preferred HA (e.g. 2001:2001:6000::1/64) and
returns the new IP address back to the NAS/ASP (the MIP6-Home-
Agent-FQDN AVP is handled in the same way when present). This is
also an indication to the NAS/ASP that locally allocated HAs are
not to be used. In a case when the home Diameter server accepted
the NAS/ASP proposed local HA the home Diameter server would
return e.g. the following AVPs:
o MIP6-Home-Agent-Address = 2001:788:1:c020::1/64
o MIP6-Home-Link-Prefix = 2001:788:1:c020::/64
3) The type-id field in the Home Network Identifier Option is set to
zero, indicating that a HA is requested in the ASP instead of in
the MSP. Depending on the result of the phase 2) the DHCP relay
agent places in the OPTION_MIP6-RELAY-Option either the locally
allocated HA information or the HA information that was returned
(overwritten) by home Diameter server.
7. AVP Occurrence Tables
7.1. DER and DEA Commands AVP Table
The following table lists the additional MIPv6 bootstrapping NAS - The following table lists the additional MIPv6 bootstrapping NAS -
HAAA interface AVPs that optionally may be present in the DER and DEA HAAA interface AVPs that optionally may be present in the DER and DEA
Commands, as defined in this document and in [RFC4072]. Commands, as defined in this document and in [RFC4072].
+---------------+ +---------------+
| Command-Code | | Command-Code |
|-------+-------+ |-------+-------+
Attribute Name | DER | DEA | Attribute Name | DER | DEA |
-------------------------------+-------+-------+ -------------------------------+-------+-------+
MIP6-Home-Agent-Address | 0-1 | 0-1 | MIP6-Home-Agent-Address [ab] | 0-1 | 0-1 |
MIP6-Home-Agent-FQDN | 0-1 | 0-1 | MIP6-Home-Agent-FQDN [ab] | 0-1 | 0-1 |
MIP4-Home-Agent-Address | 0-1 | 0-1 | MIP4-Home-Agent-Address | 0-1 | 0-1 |
MIP6-Home-Link-Prefix | 0-1 | 0-1 | MIP6-Home-Link-Prefix [cd] | 0-1 | 0-1 |
MIP6-Home-Address [cd] | 0-1 | 0-1 |
+-------+-------+ +-------+-------+
Notes:
[a] Either MIP6-Home-Agent-Address or MIP6-Home-Agent-FQDN
MAY appear in DER or DEA Commands.
Figure 8: DER and DEA Commands AVP table [b] If the Diameter server accepts the NAS suggestion for
the HA, then the Diameter server MUST also include the
values received in these AVPs in the DEA Command.
6.2. AAR and AAA Commands AVP Table [c] Either MIP6-Home-Link-Prefix or MIP6-Home-Address MAY
appear in DER or DEA Commands.
[d] If either MIP6-Home-Agent-Address or MIP6-Home-Agent-FQDN
are present in DER Command then this AVP MUST also be
included in the corresponding DER Command. If the Diameter
server accepts the NAS suggestion for the HA then the
Diameter server MUST also include the value received in
this AVP in the DEA Command.
Figure 9: DER and DEA Commands AVP Table
7.2. AAR and AAA Commands AVP Table
The following table lists the additional MIPv6 bootstrapping NAS - The following table lists the additional MIPv6 bootstrapping NAS -
HAAA interface AVPs that may optionally be present in the AAR and AAA HAAA interface AVPs that may optionally be present in the AAR and AAA
Commands, as defined in this document and in [RFC4005]. Commands, as defined in this document and in [RFC4005].
+---------------+ +---------------+
| Command-Code | | Command-Code |
|-------+-------+ |-------+-------+
Attribute Name | AAR | AAA | Attribute Name | AAR | AAA |
-------------------------------|-------+-------| -------------------------------|-------+-------|
MIP6-Home-Agent-Address | 0-1 | 0-1 | MIP6-Home-Agent-Address [ab] | 0-1 | 0-1 |
MIP6-Home-Agent-FQDN | 0-1 | 0-1 | MIP6-Home-Agent-FQDN [ab] | 0-1 | 0-1 |
MIP4-Home-Agent-Address | 0-1 | 0-1 | MIP4-Home-Agent-Address | 0-1 | 0-1 |
MIP6-Home-Link-Prefix | 0-1 | 0-1 | MIP6-Home-Link-Prefix [cd] | 0-1 | 0-1 |
MIP6-Home-Address [cd] | 0-1 | 0-1 |
+-------+-------+ +-------+-------+
Notes:
[a] Either MIP6-Home-Agent-Address or MIP6-Home-Agent-FQDN
MAY appear in AAR or AAA Commands.
Figure 9: AAR and AAA Commands AVP table [b] If the Diameter server accepts the NAS suggestion for
the HA, then the Diameter server MUST also include the
values received in these AVPs in the AAA Command.
7. MIPv6 Bootstrapping NAS - HAAA Interface AVPs [c] Either MIP6-Home-Link-Prefix or MIP6-Home-Address MAY
appear in AAR or AAA Commands.
[d] If either MIP6-Home-Agent-Address or MIP6-Home-Agent-FQDN
are present in AAR Command then this AVP MUST also be
included in the corresponding AAR Command. If the Diameter
server accepts the NAS suggestion for the HA then the
Diameter server MUST also include the value received in
this AVP in the AAA Command.
Figure 10: AAR and AAA Commands AVP Table
8. MIPv6 Bootstrapping NAS - HAAA Interface AVPs
This section defines the AVPs that are specific to Diameter MIPv6 This section defines the AVPs that are specific to Diameter MIPv6
bootstrapping NAS - HAAA interface and MAY be included in the bootstrapping NAS - HAAA interface and MAY be included in the
Diameter EAP [RFC4072] and the NASREQ [RFC4005] applications messages Diameter EAP [RFC4072] and the NASREQ [RFC4005] applications messages
listed in Section 4 of this document. The Diameter AVP rules are listed in Section 4 of this document. The Diameter AVP rules are
defined in the Diameter Base [RFC3588], Section 4. These AVP rules defined in the Diameter Base [RFC3588], Section 4. These AVP rules
are observed in AVPs defined in this section. are observed in AVPs defined in this section.
The following table describes the Diameter AVPs, their AVP Code The following table describes the Diameter AVPs, their AVP Code
values, types, possible flag values, and whether the AVP MAY be values, types, possible flag values, and whether the AVP MAY be
encrypted. The Diameter base [RFC3588] specifies the AVP Flag rules encrypted. The Diameter base [RFC3588] specifies the AVP Flag rules
for AVPs in section 4.5. for AVPs in section 4.5.
+--------------------+ +---------------------+
| AVP Flag rules | | AVP Flag rules |
+----+-----+----+----+----+ +----+-----+----+-----+----+
AVP Section | | |SHLD|MUST| | AVP Section | | |SHLD|MUST| |
Attribute Name Code Defined Data Type |MUST| MAY | NOT|NOT |Encr| Attribute Name Code Defined Data Type |MUST| MAY | NOT|NOT |Encr|
-----------------------------------------+----+-----+----+----+----+ -----------------------------------------+----+-----+----+-----+----+
MIP6-Home-Agent- TBD 4.7.1 OctetString| M | P | | V | Y | MIP6-Home-Agent- TBD 4.7.1 OctetString| | P | | M,V | Y |
Address | | | | | | Address | | | | | |
MIP6-Home-Agent- TBD 4.7.2 UTF8String | M | P | | V | Y | MIP6-Home-Agent- TBD 4.7.2 UTF8String | | P | | M,V | Y |
FQDN | | | | | | FQDN | | | | | |
MIP4-Home-Agent- TBD 4.7.4 OctetString| M | P | | V | Y | MIP4-Home-Agent- TBD 4.7.4 OctetString| | P | | M,V | Y |
address | | | | | | address | | | | | |
MIP6-Home-Link- TBD 4.7.3 Unsigned32 | M | P | | V | Y | MIP6-Home-Link- TBD 4.7.3 Unsigned32 | | P | | M,V | Y |
Prefix | | | | | | Prefix | | | | | |
-----------------------------------------+----+-----+----+----+----+ MIP6-Home-Address TBD 4.7.5 OctetString| | P | | M,V | Y |
-----------------------------------------+----+-----+----+-----+----+
Figure 10: AVP flag rules table Figure 11: AVP Flag Rules Table
8. IANA Considerations 9. IANA Considerations
This specification defines the following new AVPs: This specification defines the following new AVPs:
MIP6-Home-Agent-Address is set to TBD MIP6-Home-Agent-Address is set to TBD
MIP6-Home-Agent-FQDN is set to TBD MIP6-Home-Agent-FQDN is set to TBD
MIP4-Home-Agent-Address is set to TBD MIP4-Home-Agent-Address is set to TBD
MIP6-Home-Link-Prefix is set to TBD MIP6-Home-Link-Prefix is set to TBD
MIP6-Home-Address is set to TBD
9. Security Considerations 10. Security Considerations
The security considerations for the Diameter interaction required to The security considerations for the Diameter interaction required to
accomplish the integrated scenario are described in accomplish the integrated scenario are described in
[I-D.ietf-mip6-bootstrapping-integrated-dhc] . Additionally, the [I-D.ietf-mip6-bootstrapping-integrated-dhc] . Additionally, the
security considerations of the Diameter base protocol [RFC3588], security considerations of the Diameter base protocol [RFC3588],
Diameter NASREQ application [RFC4005] / Diameter EAP [RFC4072] Diameter NASREQ application [RFC4005] / Diameter EAP [RFC4072]
application (with respect to network access authentication and the application (with respect to network access authentication and the
transport of keying material) are applicable to this document. transport of keying material) are applicable to this document.
10. Acknowledgements 11. Acknowledgements
This document is heavily based on the ongoing work for RADIUS MIPv6 This document is heavily based on the ongoing work for RADIUS MIPv6
interaction. Hence, credits go to respective authors for their work interaction. Hence, credits go to respective authors for their work
with draft-ietf-mip6-radius-00.txt. Furthermore, the author would with draft-ietf-mip6-radius-00.txt. Furthermore, the author would
like to thank the authors of draft-le-aaa-diameter-mobileipv6-04.txt like to thank the authors of draft-le-aaa-diameter-mobileipv6-04.txt
(Franck Le, Basavaraj Patil, Charles E. Perkins, Stefano Faccin) for (Franck Le, Basavaraj Patil, Charles E. Perkins, Stefano Faccin) for
their work in context of MIPv6 Diameter interworking. Their work their work in context of MIPv6 Diameter interworking. Their work
influenced this document. influenced this document. Julien Bournelle would like to thank GET/
INT since he began to work on this document while he was in their
employ.
11. Revision history 12. Revision history
The following changes were made to the -01 version of the draft: The following changes were made to the -01 version of the draft:
o The document title was changed to "The NAS - HAAA Interface for o The document title was changed to "The NAS - HAAA Interface for
MIPv6 Bootstrapping". MIPv6 Bootstrapping".
o Added HAAA and NAS to terminology section". o Added HAAA and NAS to terminology section".
o Changed NAS application to NASREQ application.". o Changed NAS application to NASREQ application.".
o Changed "Integrated Scenario" to NAS-HAAA interface". o Changed "Integrated Scenario" to NAS-HAAA interface".
o The separate Diameter Application-ID for MIPv6 bootstrapping o The separate Diameter Application-ID for MIPv6 bootstrapping
(MIP6BSTI) got removed and all bootstrapping is based on Diameter (MIP6BSTI) got removed and all bootstrapping is based on Diameter
EAP application and Diameter NAS application. EAP application and Diameter NAS application.
o MIPv6-Bootstrapping-Feature AVP was removed and General text o MIPv6-Bootstrapping-Feature AVP was removed and General text
regarding to the capability advertisement based on optional AVPs regarding to the capability advertisement based on optional AVPs
was added. was added.
o The capability exchange was modified so that the NAS may suggest a o The capability exchange was modified so that the NAS may suggest a
specific HA to the AAAH. Original MIPv6-Bootstrapping-Feature AVP specific HA to the AAAH. Original MIPv6-Bootstrapping-Feature AVP
was replaces with a possibility to include any bootstrapping AVP was replaces with a possibility to include any bootstrapping AVP
to the Diameter AAR or DER messages as a capability and local to the Diameter AAR or DER messages as a capability and local
allocation hint. allocation hint.
12. References The following changes were made to the -02 version of the draft:
12.1. Normative References o Section 7 NAS - HAAA Interface AVPs flags were corrected. 'M'
flag was listed as MUST even if it should have been MUST NOT.
o General shortening of the text.
o Addition of the MIP6-Home-Address AVP.
o Checked against draft-ietf-mip6-radius-01.
o Addition of noted & constrains to AVP tables.
o Miscellaneous corrections like Mobile IPv6 -> MIPv6.
o Added signaling examples for HA assignment from MSP, and local HA
assignment.
13. References
13.1. Normative References
[I-D.ietf-mip6-aaa-ha-goals] [I-D.ietf-mip6-aaa-ha-goals]
Giaretta, G., "AAA Goals for Mobile IPv6", Giaretta, G., "AAA Goals for Mobile IPv6",
draft-ietf-mip6-aaa-ha-goals-03 (work in progress), draft-ietf-mip6-aaa-ha-goals-03 (work in progress),
September 2006. September 2006.
[I-D.ietf-mip6-bootstrapping-integrated-dhc] [I-D.ietf-mip6-bootstrapping-integrated-dhc]
Chowdhury, K. and A. Yegin, "MIP6-bootstrapping via DHCPv6 Chowdhury, K. and A. Yegin, "MIP6-bootstrapping via DHCPv6
for the Integrated Scenario", for the Integrated Scenario",
draft-ietf-mip6-bootstrapping-integrated-dhc-01 (work in draft-ietf-mip6-bootstrapping-integrated-dhc-01 (work in
skipping to change at page 19, line 12 skipping to change at page 24, line 25
[RFC3588] Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J. [RFC3588] Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J.
Arkko, "Diameter Base Protocol", RFC 3588, September 2003. Arkko, "Diameter Base Protocol", RFC 3588, September 2003.
[RFC3775] Johnson, D., Perkins, C., and J. Arkko, "Mobility Support [RFC3775] Johnson, D., Perkins, C., and J. Arkko, "Mobility Support
in IPv6", RFC 3775, June 2004. in IPv6", RFC 3775, June 2004.
[RFC4640] Patel, A. and G. Giaretta, "Problem Statement for [RFC4640] Patel, A. and G. Giaretta, "Problem Statement for
bootstrapping Mobile IPv6 (MIPv6)", RFC 4640, bootstrapping Mobile IPv6 (MIPv6)", RFC 4640,
September 2006. September 2006.
12.2. Informative References 13.2. Informative References
[I-D.ietf-mip6-bootstrapping-split] [I-D.ietf-mip6-bootstrapping-split]
Giaretta, G., "Mobile IPv6 bootstrapping in split Giaretta, G., "Mobile IPv6 bootstrapping in split
scenario", draft-ietf-mip6-bootstrapping-split-03 (work in scenario", draft-ietf-mip6-bootstrapping-split-04 (work in
progress), October 2006. progress), December 2006.
[I-D.ietf-mip6-nemo-v4traversal] [I-D.ietf-mip6-nemo-v4traversal]
Soliman, H., "Mobile IPv6 support for dual stack Hosts and Soliman, H., "Mobile IPv6 support for dual stack Hosts and
Routers (DSMIPv6)", draft-ietf-mip6-nemo-v4traversal-02 Routers (DSMIPv6)", draft-ietf-mip6-nemo-v4traversal-03
(work in progress), June 2006. (work in progress), October 2006.
[RFC2132] Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor [RFC2132] Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor
Extensions", RFC 2132, March 1997. Extensions", RFC 2132, March 1997.
[RFC3753] Manner, J. and M. Kojo, "Mobility Related Terminology", [RFC3753] Manner, J. and M. Kojo, "Mobility Related Terminology",
RFC 3753, June 2004. RFC 3753, June 2004.
[RFC4005] Calhoun, P., Zorn, G., Spence, D., and D. Mitton, [RFC4005] Calhoun, P., Zorn, G., Spence, D., and D. Mitton,
"Diameter Network Access Server Application", RFC 4005, "Diameter Network Access Server Application", RFC 4005,
August 2005. August 2005.
skipping to change at page 20, line 4 skipping to change at page 25, line 14
Authors' Addresses Authors' Addresses
Jouni Korhonen Jouni Korhonen
TeliaSonera TeliaSonera
Teollisuuskatu 13 Teollisuuskatu 13
Sonera FIN-00051 Sonera FIN-00051
Finland Finland
Email: jouni.korhonen@teliasonera.com Email: jouni.korhonen@teliasonera.com
Julien Bournelle Julien Bournelle
GET/INT France Telecom R&D
9 rue Charles Fourier 38-4O rue du general Leclerc
Evry 91011 Issy-Les-Moulineaux 92794
France France
Email: julien.bournelle@int-evry.fr Email: julien.bournelle@orange-ftgroup.com
Hannes Tschofenig Hannes Tschofenig
Siemens Siemens Networks GmbH & Co KG
Otto-Hahn-Ring 6 Otto-Hahn-Ring 6
Munich, Bavaria 81739 Munich, Bavaria 81739
Germany Germany
Email: Hannes.Tschofenig@siemens.com Email: Hannes.Tschofenig@siemens.com
URI: http://www.tschofenig.com URI: http://www.tschofenig.com
Charles E. Perkins Charles E. Perkins
Nokia Nokia Research Center
313 Fairchild Drive
Mountain View CA 94043
US
Phone: +1 650 625-2986
Email: charliep@iprg.nokia.com Email: charliep@iprg.nokia.com
Kuntal Chowdhury Kuntal Chowdhury
Starent Networks Starent Networks
30 International Place
Tewksbury MA 01876
US
Phone: +1 214 550 1416
Email: kchowdhury@starentnetworks.com Email: kchowdhury@starentnetworks.com
Full Copyright Statement Full Copyright Statement
Copyright (C) The Internet Society (2006). Copyright (C) The IETF Trust (2007).
This document is subject to the rights, licenses and restrictions This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors contained in BCP 78, and except as set forth therein, the authors
retain all their rights. retain all their rights.
This document and the information contained herein are provided on an This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property Intellectual Property
The IETF takes no position regarding the validity or scope of any The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information made any independent effort to identify any such rights. Information
 End of changes. 114 change blocks. 
284 lines changed or deleted 482 lines changed or added

This html diff was produced by rfcdiff 1.33. The latest version is available from http://tools.ietf.org/tools/rfcdiff/