draft-ietf-dime-mip6-integrated-03.txt   draft-ietf-dime-mip6-integrated-04.txt 
Diameter Maintenance and J. Korhonen (ed.) Diameter Maintenance and J. Korhonen (ed.)
Extensions (DIME) TeliaSonera Extensions (DIME) TeliaSonera
Internet-Draft J. Bournelle Internet-Draft J. Bournelle
Intended status: Standards Track France Telecom R&D Intended status: Standards Track France Telecom R&D
Expires: August 16, 2007 H. Tschofenig Expires: December 2, 2007 H. Tschofenig
Siemens Networks GmbH & Co KG
C. Perkins C. Perkins
Nokia Research Center Nokia Siemens Networks
K. Chowdhury K. Chowdhury
Starent Networks Starent Networks
February 12, 2007 May 31, 2007
Diameter Mobile IPv6: NAS <-> HAAA Support Diameter Mobile IPv6: Support for Network Access Server to Diameter
draft-ietf-dime-mip6-integrated-03.txt Server Interaction
draft-ietf-dime-mip6-integrated-04.txt
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 41 skipping to change at page 1, line 41
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on August 16, 2007. This Internet-Draft will expire on December 2, 2007.
Copyright Notice Copyright Notice
Copyright (C) The IETF Trust (2007). Copyright (C) The IETF Trust (2007).
Abstract Abstract
A Mobile IPv6 node requires a Home Agent address, a home address, and A Mobile IPv6 node requires a Home Agent address, a home address, and
a security association with its Home Agent before it can start a security association with its Home Agent before it can start
utilizing Mobile IPv6. RFC 3775 requires that some or all of these utilizing Mobile IPv6. RFC 3775 requires that some or all of these
parameters are statically configured. Ongoing Mobile IPv6 parameters are statically configured. Mobile IPv6 bootstrapping work
bootstrapping work aims to make this information dynamically aims to make this information dynamically available to the Mobile
available to the Mobile Node. An important aspect of the Mobile IPv6 Node. An important aspect of the Mobile IPv6 bootstrapping solution
bootstrapping solution is to support interworking with existing is to support interworking with existing authentication,
authentication, authorization and accounting infrastructure. This authorization and accounting infrastructure. This document describes
document describes the MIPv6 bootstrapping using the Diameter Network the MIPv6 bootstrapping using the Diameter Network Access Server
Access Server (NAS) <-> home Authentication, Authorization and (NAS) to home Authentication, Authorization and Accounting server
Accounting server (HAAA) interface. (HAAA) interface.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology and Abbreviations . . . . . . . . . . . . . . . . 4 2. Terminology and Abbreviations . . . . . . . . . . . . . . . . 3
3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
4. Commands, AVPs and Advertising Application Support . . . . . . 7 4. Commands, AVPs and Advertising Application Support . . . . . . 6
4.1. Advertising Application Support . . . . . . . . . . . . . 7 4.1. Advertising Application Support . . . . . . . . . . . . . 6
4.2. Command Codes . . . . . . . . . . . . . . . . . . . . . . 7 4.2. Command Codes . . . . . . . . . . . . . . . . . . . . . . 6
4.3. Diameter-EAP-Request (DER) . . . . . . . . . . . . . . . . 7 4.3. Diameter-EAP-Request (DER) . . . . . . . . . . . . . . . . 6
4.4. Diameter-EAP-Answer (DEA) . . . . . . . . . . . . . . . . 8 4.4. Diameter-EAP-Answer (DEA) . . . . . . . . . . . . . . . . 7
4.5. AA-Request (AAR) . . . . . . . . . . . . . . . . . . . . . 9 4.5. AA-Request (AAR) . . . . . . . . . . . . . . . . . . . . . 7
4.6. AA-Answer (AAA) . . . . . . . . . . . . . . . . . . . . . 10 4.6. AA-Answer (AAA) . . . . . . . . . . . . . . . . . . . . . 8
4.7. Attribute Value Pair Definitions . . . . . . . . . . . . . 11 4.7. Attribute Value Pair Definitions . . . . . . . . . . . . . 9
4.7.1. MIP6-Home-Agent-Address AVP . . . . . . . . . . . . . 11 4.7.1. Mobility-Agent-Info . . . . . . . . . . . . . . . . . 9
4.7.2. MIP6-Home-Agent-FQDN AVP . . . . . . . . . . . . . . . 11 4.7.2. MIP6-Home-Agent-Address AVP . . . . . . . . . . . . . 9
4.7.3. MIP6-Home-Link-Prefix AVP . . . . . . . . . . . . . . 12 4.7.3. MIP6-Home-Agent-FQDN AVP . . . . . . . . . . . . . . . 9
4.7.4. MIP4-Home-Agent-Address AVP . . . . . . . . . . . . . 12 4.7.4. Mobility-Capability AVP . . . . . . . . . . . . . . . 9
4.7.5. MIP6-Home-Address AVP . . . . . . . . . . . . . . . . 12 5. Example Message Flows . . . . . . . . . . . . . . . . . . . . 10
4.8. Capability Advertisement . . . . . . . . . . . . . . . . . 12 5.1. EAP-based Authentication . . . . . . . . . . . . . . . . . 10
5. Diameter Client and Server Behavior During MIPv6 5.2. Integrated Scenario and HA Allocation in MSP . . . . . . . 11
Bootstrapping . . . . . . . . . . . . . . . . . . . . . . . . 13 5.3. Integrated Scenario and HA Allocation in ASP . . . . . . . 13
5.1. Client (NAS) Behavior . . . . . . . . . . . . . . . . . . 13 6. AVP Occurrence Tables . . . . . . . . . . . . . . . . . . . . 14
5.2. Server Behavior . . . . . . . . . . . . . . . . . . . . . 14 6.1. AAR, AAA, DER and DEA Commands AVP Table . . . . . . . . . 14
6. Example Message Flows . . . . . . . . . . . . . . . . . . . . 15 7. MIPv6 Bootstrapping NAS to HAAA Interface AVPs . . . . . . . . 14
6.1. EAP-based authentication . . . . . . . . . . . . . . . . . 15 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15
6.2. Integrated scenario and HA allocation in MSP . . . . . . . 16 8.1. Registration of new AVPs . . . . . . . . . . . . . . . . . 15
6.3. Integrated scenario and HA allocation in ASP . . . . . . . 18 8.2. New Registry: Mobility Capability . . . . . . . . . . . . 15
7. AVP Occurrence Tables . . . . . . . . . . . . . . . . . . . . 19 9. Security Considerations . . . . . . . . . . . . . . . . . . . 16
7.1. DER and DEA Commands AVP Table . . . . . . . . . . . . . . 19 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 16
7.2. AAR and AAA Commands AVP Table . . . . . . . . . . . . . . 20 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 16
8. MIPv6 Bootstrapping NAS - HAAA Interface AVPs . . . . . . . . 21 11.1. Normative References . . . . . . . . . . . . . . . . . . . 16
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 22 11.2. Informative References . . . . . . . . . . . . . . . . . . 17
10. Security Considerations . . . . . . . . . . . . . . . . . . . 22 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 17
11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 22 Intellectual Property and Copyright Statements . . . . . . . . . . 19
12. Revision history . . . . . . . . . . . . . . . . . . . . . . . 23
13. References . . . . . . . . . . . . . . . . . . . . . . . . . . 24
13.1. Normative References . . . . . . . . . . . . . . . . . . . 24
13.2. Informative References . . . . . . . . . . . . . . . . . . 24
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 25
Intellectual Property and Copyright Statements . . . . . . . . . . 27
1. Introduction 1. Introduction
The Mobile IPv6 (MIPv6) specification [RFC3775] requires a Mobile The Mobile IPv6 (MIPv6) specification [1] requires a Mobile Node (MN)
Node (MN) to perform registration with a Home Agent (HA) with to perform registration with a Home Agent (HA) with information about
information about its current point of attachment (Care-of Address). its current point of attachment (Care-of Address). The HA creates
The HA creates and maintains binding between the MN's Home Address and maintains binding between the MN's Home Address and the MN's
and the MN's Care-of Address. Care-of Address.
In order to register with a HA, the MN needs to know some information In order to register with a HA, the MN needs to know some information
such as, the Home Link prefix, the HA address, the Home Address(es), such as the Home Link prefix, the HA address, the Home Address(es),
the Home Link prefix Length and security association related the Home Link prefix Length and security association related
information. information.
The aforementioned set of information may be statically provisioned The aforementioned set of information may be statically provisioned
in the MN. However, static provisioning of this information becomes in the MN. However, static provisioning of this information becomes
easily provisioning and network administratiOn burden for an an administrative burden for an operator. Moreover, static
operator. Moreover, static provisioning does not address load provisioning does not address load balancing, failover, opportunistic
balancing, failover, opportunistic home link assignment and assigment home link assignment and assignment of local home agents in close
of local home agents in close proximity to the MN. Also the ability proximity to the MN. Also the ability to react on sudden
to react on sudden environmental or topological changes is minimal. environmental or topological changes is minimal. Static provisioning
In a light of above issues static provisioning may not be desirable. may not be desirable, in light of the mentioned limitations.
Dynamic assignment of MIPv6 home registration information is a Dynamic assignment of MIPv6 home registration information is a
desirable feature for ease of deployment and network maintenance. desirable feature for ease of deployment and network maintenance.
For this purpose, the AAA infrastructure, which is used for access For this purpose, the AAA infrastructure, which is used for access
authentication, can be leveraged to assign some or all of the authentication, can be leveraged to assign some or all of the
necessary parameters. The Diameter server in Access Service necessary parameters. The Diameter server in Access Service
Provider's (ASP) or in Mobility Service Provider's (MSP) network may Provider's (ASP) or in Mobility Service Provider's (MSP) network may
return these parameters to the AAA client. Regarding the return these parameters to the AAA client. Regarding the
bootstrapping procedures, the AAA client might either be the NAS, in bootstrapping procedures, the AAA client might either be the NAS, in
case of the integrated scenario, or the HA, in case of the split case of the integrated scenario, or the HA, in case of the split
scenario [I-D.ietf-mip6-bootstrapping-split]. The terms integrated scenario [6]. The terms integrated and split are described in the
and split are described in the terminology section and were terminology section and were introduced in [7] and [8].
introduced in [RFC4640] and [I-D.ietf-mip6-aaa-ha-goals].
2. Terminology and Abbreviations 2. Terminology and Abbreviations
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC2119 [RFC2119]. document are to be interpreted as described in RFC2119 [2].
General mobility terminology can be found in [RFC3753]. The General mobility terminology can be found in [9]. The following
following additional terms, as defined in [RFC4640], are used in this additional terms, as defined in [7], are used in this document:
document:
Access Service Authorizer (ASA): Access Service Authorizer (ASA):
A network operator that authenticates a MN and establishes the A network operator that authenticates a MN and establishes the
MN's authorization to receive Internet service. MN's authorization to receive Internet service.
Access Service Provider (ASP): Access Service Provider (ASP):
A network operator that provides direct IP packet forwarding to A network operator that provides direct IP packet forwarding to
and from the MN. and from the MN.
skipping to change at page 5, line 48 skipping to change at page 4, line 48
Home AAA (HAAA): Home AAA (HAAA):
An authentication, authorization and accounting server located in An authentication, authorization and accounting server located in
user's home network. user's home network.
3. Overview 3. Overview
This document addresses the authentication, authorization and This document addresses the authentication, authorization and
accounting functionality required by for the MIPv6 bootstrapping as accounting functionality required by for the MIPv6 bootstrapping as
outlined in the MIPv6 bootstrapping problem statement document outlined in the MIPv6 bootstrapping problem statement document [7].
[RFC4640]. This document focuses on the Diameter based AAA This document focuses on the Diameter based AAA functionality for the
functionality for the NAS - HAAA interface. NAS to HAAA interface.
In the integrated scenario MIPv6 bootstrapping is provided as part of In the integrated scenario MIPv6 bootstrapping is provided as part of
the network access authentication procedure. Figure 1 shows the the network access authentication procedure. Figure 1 shows the
participating entities. This document, however, only concentrates on participating entities. This document, however, only concentrates on
the NAS, possible local Diameter proxies and the home Diameter the NAS, possible local Diameter proxies and the home Diameter
server. server.
+---------------------------+ +-----------------+ +---------------------------+ +-----------------+
|Access Service Provider | |ASA/MSA/(MSP) | |Access Service Provider | |ASA/MSA/(MSP) |
|(Mobility Service Provider)| | | |(Mobility Service Provider)| | |
skipping to change at page 6, line 48 skipping to change at page 5, line 48
In a typical MIPv6 access scenario the MN is attached to an ASP's In a typical MIPv6 access scenario the MN is attached to an ASP's
network. During the network attachment procedure, the NAS/Diameter network. During the network attachment procedure, the NAS/Diameter
client interacts with the MN. client interacts with the MN.
During the time of authentication the Diameter server in the MSA During the time of authentication the Diameter server in the MSA
detects that the user is also authorized for MIPv6 access. Based on detects that the user is also authorized for MIPv6 access. Based on
the MSA's policy, the Diameter server may return several MIPv6 the MSA's policy, the Diameter server may return several MIPv6
bootstrapping related parameters. bootstrapping related parameters.
Depending on the details of the bootstrapping solution interaction Depending on the details of the bootstrapping solution interaction
with the DHCPv6 server may be required, as described in with the DHCPv6 server may be required, as described in [10].
[I-D.ietf-mip6-bootstrapping-integrated-dhc]. However, the Diameter However, the Diameter based NAS to HAAA interface described in this
based NAS - HAAA interface described in this document is not tied to document is not tied to DHCPv6 as the only possible MIPv6
DHCPv6 as the only possible MIPv6 bootstrapping method. bootstrapping method.
4. Commands, AVPs and Advertising Application Support 4. Commands, AVPs and Advertising Application Support
This section describes command codes, defines AVPs and advertised This section describes command codes, defines AVPs and advertised
application identifiers for the Diameter MIPv6 bootstrapping in the application identifiers for the Diameter MIPv6 bootstrapping in the
NAS - HAAA interface. NAS to HAAA interface.
4.1. Advertising Application Support 4.1. Advertising Application Support
Diameter nodes conforming to this specification SHOULD include the Diameter nodes conforming to this specification MUST include the
value of 1 (NASREQ application) or 5 (EAP application) in the Auth- value of 1 (NASREQ application) or 5 (EAP application) in the Auth-
Application-Id or the Acct-Application-Id AVP in the Capabilities- Application-Id and the Acct-Application-Id AVP of the Capabilities-
Exchange-Request and Capabilities-Exchange-Answer commands [RFC3588]. Exchange-Request / Capabilities-Exchange-Answer commands [3].
4.2. Command Codes 4.2. Command Codes
This document re-uses the Diameter NASREQ application [RFC4072] and This document re-uses the Diameter NASREQ application [4] and the EAP
the EAP application commands [RFC4005]. The following commands are application commands [5]. The following commands are used to carry
used to carry MIPv6 related bootstrapping AVPs: MIPv6 related bootstrapping AVPs:
Command-Name Abbrev. Code Reference Application Command-Name Abbrev. Code Reference Application
Diameter-EAP-Request DER 268 RFC 4072 EAP Diameter-EAP-Request DER 268 RFC 4072 EAP
Diameter-EAP-Answer DEA 268 RFC 4072 EAP Diameter-EAP-Answer DEA 268 RFC 4072 EAP
AA-Request AAR 265 RFC 4005 NASREQ AA-Request AAR 265 RFC 4005 NASREQ
AA-Answer AAA 265 RFC 4005 NASREQ AA-Answer AAA 265 RFC 4005 NASREQ
Figure 2: MIPv6 Bootstrapping NAS - HAAA Interface Command Codes Figure 2: MIPv6 Bootstrapping NAS to HAAA Interface Command Codes
When the Re-Auth-Request (RAR), Re-Auth-Answer (RAA), Session- When the Re-Auth-Request (RAR), Re-Auth-Answer (RAA), Session-
Termination-Request (STR), Session-Termination-Answer (STA), Abort- Termination-Request (STR), Session-Termination-Answer (STA), Abort-
Session-Request (ASR), Abort-Session-Answer (ASA), Accounting-Request Session-Request (ASR), Abort-Session-Answer (ASA), Accounting-Request
(ACR), and Accounting-Answer (ACA) commands are used together with (ACR), and Accounting-Answer (ACA) commands are used together with
the MIPv6 bootstrapping NAS - HAAA interface, they follow the rules the MIPv6 bootstrapping NAS to HAAA interface, they follow the rules
in the Diameter NASREQ [RFC4005], EAP [RFC4072] and RFC 3588 in the Diameter NASREQ [5], EAP [4] and RFC 3588 [3] applications.
[RFC3588] applications. The accounting commands use the Application The accounting commands use the Application Identifier value of 3
Identifier value of 3 (Diameter Base Accounting); the others use 0 (Diameter Base Accounting); the others use 0 (Diameter Common
(Diameter Common Messages). Messages).
4.3. Diameter-EAP-Request (DER) 4.3. Diameter-EAP-Request (DER)
The Diameter-EAP-Request (DER) command [RFC4072], indicated by the The Diameter-EAP-Request (DER) message [4], indicated by the Command-
Command-Code field set to 268 and the 'R' bit set in the Command Code field set to 268 and the 'R' bit set in the Command Flags field,
Flags field, may be sent by the NAS to the Diameter server providing is sent by the NAS to the Diameter server to initiate a network
network access authentication and authorization services. At the access authentication and authorization procedure. The DER message
same time with the network access authentication and authorization format is the same as defined in [4]. The message MAY include
the NAS MAY indicate the access network capability of MIPv6 optional MIPv6 bootstrapping AVPs:
bootstrapping and optionally also the capability of a local HA
assignment.
The message format is the same as defined in [RFC4072] with an
addition of optional MIPv6 bootstrapping NAS - HAAA interface AVPs to
indicate capabilities of the NAS and the ASP:
<Diameter-EAP-Request> ::= < Diameter Header: 268, REQ, PXY > <Diameter-EAP-Request> ::= < Diameter Header: 268, REQ, PXY >
< Session-Id > < Session-Id >
{ Auth-Application-Id } { Auth-Application-Id }
{ Origin-Host } { Origin-Host }
{ Origin-Realm } { Origin-Realm }
{ Destination-Realm } { Destination-Realm }
{ Auth-Request-Type } { Auth-Request-Type }
[ MIP6-Home-Agent-Address ] * [ Mobility-Agent-Info ]
[ MIP6-Home-Agent-FQDN ] [ Mobility-Capability ]
[ MIP6-Home-Link-Prefix ]
[ MIP6-Home-Address ]
[ MIP4-Home-Agent-Address ]
[ Destination-Host ] [ Destination-Host ]
... ...
* [ AVP ] * [ AVP ]
Figure 3: Diameter EAP Request Command
4.4. Diameter-EAP-Answer (DEA) 4.4. Diameter-EAP-Answer (DEA)
The Diameter-EAP-Answer (DEA) message define in [RFC4072], indicated The Diameter-EAP-Answer (DEA) message defined in [4], indicated by
by the Command-Code field set to 268 and 'R' bit cleared in the the Command-Code field set to 268 and 'R' bit cleared in the Command
Command Flags field is sent in response to the Diameter-EAP-Request Flags field, is sent in response to the Diameter-EAP-Request message
message (DER). If the network access authentication procedure was (DER). If the network access authentication procedure was successful
successful then the response MAY include any set of MIP6-Home-Agent- then the response MAY include any set of bootstrapping AVPs.
Address AVP, MIP6-Home-Link-Prefix, MIP6-Home-Agent-FQDN, MIP6-Home-
Address and MIP4-Home-Agent-address AVPs.
The message format is the same as defined in [RFC4072] with an The DEA message format is the same as defined in [4] with an addition
addition of optional MIPv6 bootstrapping NAS - HAAA AVPs: of optional MIPv6 bootstrapping AVPs:
<Diameter-EAP-Answer> ::= < Diameter Header: 268, PXY > <Diameter-EAP-Answer> ::= < Diameter Header: 268, PXY >
< Session-Id > < Session-Id >
{ Auth-Application-Id } { Auth-Application-Id }
{ Auth-Request-Type } { Auth-Request-Type }
{ Result-Code } { Result-Code }
{ Origin-Host } { Origin-Host }
{ Origin-Realm } { Origin-Realm }
[ MIP6-Home-Agent-Address ] * [ Mobility-Agent-Info ]
[ MIP6-Home-Agent-FQDN ] [ Mobility-Capability ]
[ MIP6-Home-Link-Prefix ]
[ MIP6-Home-Address ]
[ MIP4-Home-Agent-Address ]
[ User-Name ] [ User-Name ]
... ...
* [ AVP ] * [ AVP ]
Figure 4: Diameter EAP Answer Command
4.5. AA-Request (AAR) 4.5. AA-Request (AAR)
The AA-Request (AAR) message, indicated by the Command-Code field set The AA-Request (AAR) message [5], indicated by the Command-Code field
to 265 and 'R' bit set in the Command Flags field, may be sent by the set to 265 and 'R' bit set in the Command Flags field, is sent by the
NAS to the Diameter server providing network access configuration NAS to the Diameter server to initiate a network access
services. At the same time with the network access configuration the authentication and authorization procedure. The AAR message format
NAS MAY request HA assignment, to authorize for mobility service is the same as defined in [5]. The message MAY include optional
usage and optionally to indicate the support of possible local HA MIPv6 bootstrapping AVPs:
assignment.
The message format is the same as defined in [RFC4005] with an
addition of optional MIPv6 bootstrapping NAS - HAAA AVPs:
<AA-Request> ::= < Diameter Header: 265, REQ, PXY > <AA-Request> ::= < Diameter Header: 265, REQ, PXY >
< Session-Id > < Session-Id >
{ Auth-Application-Id } { Auth-Application-Id }
{ Origin-Host } { Origin-Host }
{ Origin-Realm } { Origin-Realm }
{ Destination-Realm } { Destination-Realm }
{ Auth-Request-Type } { Auth-Request-Type }
[ MIP6-Home-Agent-Address ] * [ Mobility-Agent-Info ]
[ MIP6-Home-Agent-FQDN ] [ Mobility-Capability ]
[ MIP6-Home-Link-Prefix ]
[ MIP6-Home-Address ]
[ MIP4-Home-Agent-Address ]
[ Destination-Host ] [ Destination-Host ]
... ...
* [ AVP ] * [ AVP ]
Figure 5: AA Request Command
4.6. AA-Answer (AAA) 4.6. AA-Answer (AAA)
The AA-Answer (AAA) message, indicated by the Command-Code field set The AA-Answer (AAA) message, indicated by the Command-Code field set
to 265 and 'R' bit cleared in the Command Flags field is sent in to 265 and 'R' bit cleared in the Command Flags field is sent in
response to the AA-Request (AAR) message for confirmation of the response to the AA-Request (AAR) message for confirmation of the
result of MIPv6 HA bootstrapping. If the network access result of MIPv6 HA bootstrapping. If the network access
authentication procedure was successful then the response MAY include authentication procedure was successful then the response MAY include
any set of MIP6-Home-Agent-Address AVP, MIP6-Home-Link-Prefix, MIP6- any set of bootstrapping AVPs.
Home-Agent-FQDN, MIP6-Home-Address and MIP4-Home-Agent-address AVPs.
The message format is the same as defined in [RFC4005] with an The AAA message format is the same as defined in [5] with an addition
addition of optional MIPv6 bootstrapping NAS - HAAA interface AVPs: of optional MIPv6 bootstrapping AVPs:
<AA-Answer> ::= < Diameter Header: 265, PXY > <AA-Answer> ::= < Diameter Header: 265, PXY >
< Session-Id > < Session-Id >
{ Auth-Application-Id } { Auth-Application-Id }
{ Auth-Request-Type } { Auth-Request-Type }
{ Result-Code } { Result-Code }
{ Origin-Host } { Origin-Host }
{ Origin-Realm } { Origin-Realm }
[ MIP6-Home-Agent-Address ] * [ Mobility-Agent-Info ]
[ MIP6-Home-Agent-FQDN ] [ Mobility-Capability ]
[ MIP6-Home-Link-Prefix]
[ MIP6-Home-Address ]
[ MIP4-Home-Agent-address ]
[ User-Name ] [ User-Name ]
... ...
* [ AVP ] * [ AVP ]
Figure 6: AA Answer Command
4.7. Attribute Value Pair Definitions 4.7. Attribute Value Pair Definitions
4.7.1. MIP6-Home-Agent-Address AVP 4.7.1. Mobility-Agent-Info
The MIP6-Home-Agent-Address AVP (AVP Code TBD) is of type OctetString
and contains the MIPv6 HA address and the prefix length of the said
address. The AVP is a discriminated union, representing IPv6 address
in network byte order. The first two octets of this AVP represents
the home link prefix length followed by 16 octets of the IPv6
address.
The Diameter server MAY decide to assign a MIPv6 HA to the MN that is
in close proximity to the point of attachment (e.g. determined by the
NAS-Identifier). There may be other reasons for dynamically
assigning HAs to the MN, for example to share the traffic load. The
AVP also contains the prefix length so that the MN can easily infer
one of the possible Home Link prefixes from the HA address.
This AVP MAY also be sent by the NAS to the Diameter server in a
request message as a hint to suggest a dynamic HA may be assigned to
the MN. Based on local policy information the Diameter server may
decide to follow the hint or to override this suggestion with its
preferred HA IP address.
4.7.2. MIP6-Home-Agent-FQDN AVP
The MIP6-Home-Agent-FQDN AVP (AVP Code TBD) is of type UTF8String and
contains the FQDN of a MIPv6 HA. The usage of this AVP is equivalent
to the MIP6-Home-Agent-Address AVP except that the host using the
FQDN needs to perform a DNS query in order to discover the HA
address.
4.7.3. MIP6-Home-Link-Prefix AVP
The MIP6-Home-Link-Prefix AVP (AVP Code TBD) is of type OctetString
and contains the MIPv6 home link prefix. There may be reasons for
the Diameter server to dynamically assigning home link prefix to the
MN, for example one that is in close proximity to the point of
attachment.
The MN can perform RFC 3775 [RFC3775] specific procedures to discover
other information for MIPv6 registration.
4.7.4. MIP4-Home-Agent-Address AVP
The MIP4-Home-Agent-Address AVP (AVP Code TBD) is of type OctetString The Mobility-Agent-Info AVP (AVP code TBD) is type of Grouped and
and contains the IPv4 HA address and the prefix length of the said contains necessary information to assign a HA to the MN. When the
address. The AVP is a discriminated union, representing IPv4 address Mobility-Agent-Info AVP is present in a message, it MUST contain
in network byte order. The first two octets of this AVP represents either a MIP6-Home-Agent-Address AVP or a MIP6-Home-Agent-FQDN AVP,
the home link prefix length followed by 4 octets of the IPv4 address. but not both. The grouped AVP has the following grammar:
The Diameter server MAY decide to assign a MIPv4 HA to the MN in a <Mobility-Agent-Info> ::= < AVP Header: TBD >
case where dual stack Mobile IP is supported [ MIP6-Home-Agent-Address ]
[I-D.ietf-mip6-nemo-v4traversal]. [ MIP6-Home-Agent-FQDN ]
* [ AVP ]
4.7.5. MIP6-Home-Address AVP 4.7.2. MIP6-Home-Agent-Address AVP
The MIP6-Home-Address AVP (AVP Code TBD) is of type OctetString and The MIP6-Home-Agent-Address AVP (AVP Code TBD) is of type Address
contains the MIPv6 Home Address and the prefix length of the said (see Section 4.3 in [3]) and contains the HA address. The Diameter
address. The AVP is a discriminated union, representing IPv6 address server MAY decide to assign a HA to the MN that is in close proximity
in network byte order. The first two octets of this AVP represents to the point of attachment (e.g., determined by the NAS-Identifier
the Home Address prefix length followed by 16 octets of the IPv6 AVP). There may be other reasons for dynamically assigning HAs to
address. the MN, for example to share the traffic load.
The Diameter server MAY assign a home address to the MN. This allows This AVP MAY also be attached by the NAS when sent to the Diameter
the network operator to support MNs that are not configured with server in a request message as a hint of a locally assigned HA
static addresses. The attribute also contains the prefix length so
that the MN can easily infer the home link prefix from the HA
address. address.
4.8. Capability Advertisement 4.7.3. MIP6-Home-Agent-FQDN AVP
The NAS/ASP may include any MIPv6 bootstrapping AVPs in the DER or
AAR messages in order to advertise its MIPv6 bootstrapping
capabilities to the Diameter server. This capability advertisement
may also be used to propose locally allocated mobility agents,
locally allocated prefix or home address to the Diameter server. As
an example the MIP6-Home-Agent-Address AVP could contain the IP
address of the locally allocated HA.
If the MIP6-Home-Agent-Address AVP is only used as a MIPv6
bootstrapping capability indicator then the IP address MUST be set to
unspecified address (::/128). The MIP6-Home-Agent-FQDN AVP SHOULD
NOT be used for the capability advertisement if it does not name a
locally allocated HA.
5. Diameter Client and Server Behavior During MIPv6 Bootstrapping
This section describes the Diameter server and client behavior in
case of the MIPv6 bootstrapping in the integrated scenario. The text
makes several assumptions.
o The Diameter server supports at least the Diameter BASE, EAP and
NASREQ applications.
o The Diameter client (i.e., the NAS) supports at least the Diameter
BASE, EAP and NASREQ applications.
o The MN uses such network access authentication method and
credentials that are supported by the NAS/ASP and ASA/MSA.
o The MN has been provisioned with a MIPv6 service.
5.1. Client (NAS) Behavior
If the ASP/NAS does not support MIPv6 integrated scenario
bootstrapping then the NAS either selects the basic Diameter NASREQ
or EAP application depending on which authentication method gets
used. Naturally after a successful or a failed authentication the
NAS does not have to carry out any MIPv6 bootstrapping related
procedures.
Next, we describe two different scenarios for the network access
authentication when the ASP/NAS supports MIPv6 integrated scenario
bootstrapping.
1) The MN uses some EAP-based method for network access
authentication. In this scenario the NAS uses commands originally
defined for the EAP application.
2) The MN uses a non-EAP-based network access authentication
procedure. In this scenario the NAS uses the Diameter NASREQ
application commands.
The NAS may include the MIPv6 NAS - HAAA AVPs in the DER or in the
AAR messages. This serves two purposes. Firstly the NAS/ASP may
advertise its MIPv6 bootstrapping capability to the Diameter server.
Secondly the NAS/ASP may suggest locally allocated HAs to the
Diameter server. Whether the locally allocated HAs are allowed for
the forthcoming MIPv6 session depends on the MN's subscription and
the ASA/MSA(/MSP) policies. If the NAS/ASP only wants to advertise
its capability for local agent allocation but does not want to
provide any specific agent at this point of time (e.g. that is left
for later steps during the actual Mobile IP registration) the AVPs
MUST contain values described in Section 4.8.
If the network access authentication failed the NAS receives The MIP6-Home-Agent-FQDN AVP (AVP Code TBD) is of type UTF8String and
appropriate error codes as defined for the Diameter EAP or NASREQ contains the FQDN of a HA. The usage of this AVP is equivalent to
applications. The NAS does not allow the MN to access the network the MIP6-Home-Agent-Address AVP but offers an additional level of
and does not do any MIPv6 bootstrapping related procedures. indirection via the DNS infrastructure.
If the network access authentication completed successfully, the NAS 4.7.4. Mobility-Capability AVP
looks for HA defining AVPs in the reply messages (either DEA or AAA
depending on the used authentication method). The NAS associates the
received bootstrapping information to the MN that initiated the
access authentication and stores the information internally (storing
time is determined by the ASP policy). The stored bootstrapping
information is then available for the NAS and the DHCP relay for
later step during the MN bootstrapping process.
The actual bootstrapping from the MN point of view takes place after The Mobility-Capability AVP (AVP Code TBD) is of type Unsigned64 and
the network access authentication has completed. The bootstrapping contains a 64 bits flags field of supported capabilities of the NAS/
may be realized e.g. using DHCP as defined in ASP. Sending and receiving the Mobility-Capability AVP with value 0
[I-D.ietf-mip6-bootstrapping-integrated-dhc] and [RFC2132]. MUST be supported.
The MN has no consistent way of indicating to the NAS that it The NAS MAY include this AVP to indicate capabilities of the NAS/ASP
supports MIPv6 integrated scenario way of bootstrapping during the to the Diameter server. For example, the NAS may indicate that a
network access authentication. Subsequently the NAS has no local home agent can be provided. Similarly, the Diameter server MAY
possibilities to find out whether the terminal attempting to include this AVP to inform the NAS/ASP about which of the NAS/ASP
authenticate is actually a MN with MIPv6 bootstrapping functionality indicated capabilities are supported or authorized by the ASA/MSA(/
prior the network access authentication has completed. Thus, it is MSP).
possible that the NAS initiates MIPv6 integrated scenario
bootstrapping configuration even if the MN is not able to make any
use of it later. The Diameter server in the ASA/MSA might be able to
detect this situation during the authentication phase based on the
information in the subscriber database assuming the ASA is able to
verify whether the MN has been provisioned with a MIPv6 service (from
the MSA/MSP).
5.2. Server Behavior The following capabilities are defined in this document:
If the NAS/ASP does not support MIPv6 integrated scenario MOBILITY_CAPABILITY (0x0000000000000000)
bootstrapping then the NAS either selects the Diameter NASREQ or EAP
application depending on which access authentication method the MN
has to use to authenticate. In this case the NAS does not either
include any MIPv6 NAS - HAAA interface AVPs as a hint of the
bootstrapping capability in the NAS/ASP. The Diameter server in the
ASA/MSA(/MSP) detects this case (based on AVPs that serve as a
capability hint) and does not have to carry out any MIPv6
bootstrapping related procedures. However, as the capability
advertisement mechanism described in this document serves only as an
optional hint, the Diameter server should not entirely rely on the
received capability hints but also base its working logic on
subscription information and general MSA(/MSP) policies.
Next we describe two different scenarios for the network access The Mobility-Capability AVP MAY contain value 0 (zero) with the
authentication when the NAS/ASP supports MIPv6 integrated scenario semantics that are defined in this document for the Mobile IPv6
bootstrapping. bootstrapping functionality. This 'zero' flag is always
implicitly set when the Mobility-Capability AVP is used.
1) The MN uses some EAP-based method to authenticate to the network LOCAL_HOME_AGENT_ASSIGNMENT (0x0000000000000001)
and the NAS uses Diameter EAP application commands. Depending on
the ASA/MSA(/MSP) policy the Diameter server SHOULD assign a MIPv6
HA to the MN and include corresponding MIP6-Home-Agent-Address,
the MIP6-Home-Agent-FQDN AVPs and the MIP6-Home-Link-Prefix in the
final DEA message.
2) The MN uses some other than EAP-based method to authenticate to
the network and the NAS uses Diameter NASREQ application commands.
Depending on the ASA/MSA(/MSP) policy the Diameter server SHOULD
assign a MIPv6 HA to the MN and include corresponding MIP6-Home-
Agent-Address, the MIP6-Home-Agent-FQDN AVPs and the MIP6-Home-
Link-Prefix in the final AAA message.
If the Diameter request message contained any MIPv6 NAS -HAAA This flag is set by the NAS/ASP when a local home agent can be
interface AVPs the Diameter server should regard them as a hint of assigned to the MN. This flag is set by the ASA/MSA(/MSP) when
the MIPv6 bootstrapping capability in the NAS/ASP. Any of these AVPs the use of a local HA is authorized.
may contain values as described in Section 4.8 which indicate the
NAS/ASP would like to locally allocate a HA or a home link to the MN.
The Diameter server may or may not honor the NAS/ASP hint based on
the MN's subscription and ASA/MAS(/MSP) policies.
6. Example Message Flows 5. Example Message Flows
6.1. EAP-based authentication 5.1. EAP-based Authentication
This section shows basic message flows of MIPv6 integrated scenario This section shows basic message flows of MIPv6 integrated scenario
bootstrapping and dynamic HA assignment. In the Figure 7 network bootstrapping and dynamic HA assignment. In Figure 3 network access
access authentication is based on EAP (e.g. 802.11i/802.1X). The NAS authentication is based on EAP (e.g., 802.11i/802.1X). The NAS
informs the home Diameter server that HA assignment in the foreign informs the home Diameter server that it wishes to provide a locally
network is possible. The Diameter server assigns the MN a HA either assigned HA to the visiting MN. The Diameter server assigns the MN a
in the home MSP or in the ASP. The assignment procedure is out of HA in the home MSP but also authorizes the assignment of local HA for
scope of this document. The Diameter server then replies to the NAS the ASP. The Diameter server then replies to the NAS with HA related
with HA related bootstrapping information. bootstrapping information. Whether the NAS/ASP then offers a locally
assigned HA or the MSP assigned HA to the MN is based on the local
ASP policy.
NAS Local proxy Home server NAS Home server
| | | | |
| Diameter-EAP-Request | | | Diameter-EAP-Request |
| MIP6-Home-Agent-Address(IPv6 address) | | Mobility-Capability=LOCAL_HOME_AGENT_ASSIGNMENT |
| MIP6-Home-Agent-FQDN=visited_ha6.example.com |
| MIP4-Home-Agent-Address(IPv4 address) |
| MIP6-Home-Link-Prefix(IPv6 prefix) |
| MIP6-Home-Address(IPv6 address) |
| Auth-Request-Type=AUTHORIZE_AUTHENTICATE | | Auth-Request-Type=AUTHORIZE_AUTHENTICATE |
| EAP-Payload(EAP Start) | | | EAP-Payload(EAP Start) |
|------------------------------->|------------------------------->| |---------------------------------------------------------------->|
| | | | |
| : | | |
: ...more EAP Request/Response pairs... : : ...more EAP Request/Response pairs... :
| : | | |
| | | | |
| | Diameter-EAP-Answer | | Diameter-EAP-Answer |
| Mobility-Agent-Info{ |
| MIP6-Home-Agent-Address(IPv6 address) | | MIP6-Home-Agent-Address(IPv6 address) |
| MIP6-Home-Agent-FQDN=ha.example.com | | MIP6-Home-Agent-FQDN=ha.example.com } |
| MIP6-Home-Address(IPv6 address) | | Mobility-Capability=LOCAL_HOME_AGENT_ASSIGNMENT |
| | Result-Code=DIAMETER_SUCCESS | | Result-Code=DIAMETER_SUCCESS |
| | EAP-Payload(EAP Success) | | EAP-Payload(EAP Success) |
| | EAP-Master-Session-Key | | EAP-Master-Session-Key |
| | (authorization AVPs) | | (authorization AVPs) |
| | ... | | ... |
|<-------------------------------|<-------------------------------| |<----------------------------------------------------------------|
| | | | |
Figure 7: MIPv6 integrated scenario bootstrapping and NAS - HAAA Figure 3: Diameter EAP Application with MIPv6 bootstrapping
interface example when EAP is used for access authentication
6.2. Integrated scenario and HA allocation in MSP 5.2. Integrated Scenario and HA Allocation in MSP
Diameter is used to authenticate and authorize the MN for the Diameter is used to authenticate and authorize the MN for the
mobility service, and to send information about the allocated HA to mobility service, and to send information about the allocated HA to
the NAS. In this example scenario the MN uses DHCP for its IP the NAS. In this example scenario the MN uses DHCP for its IP
address configuration. address configuration.
| |
--------------ASP------>|<--ASA/MSA/(MSP)-- --------------ASP------>|<--ASA/MSA/(MSP)--
| |
+----+ +--------+ +-------+ +--------+ +----+ +--------+ +-------+ +--------+
skipping to change at page 17, line 33 skipping to change at page 12, line 33
| | 4 | | | | 4 | |
| |------------>| | | |------------>| |
| | | | | | | |
| | 5 | | | | 5 | |
| |<------------| | | |<------------| |
| | | | | | | |
| 6 | | | | 6 | | |
|<--------------| | | |<--------------| | |
| | | | | | | |
Figure 8: HA allocation in MSP Figure 4: Mobile IPv6 Integrated Scenario Bootstrapping and the
allocation of HAs either in the ASP or in the MSP
1) The MN executes the normal network access authentication procedure 1) The MN executes the normal network access authentication procedure
(IEEE 802.11i/802.1X, PANA, ...) with the NAS. The NAS acts as an (IEEE 802.11i/802.1X, PANA, ...) with the NAS. The NAS acts as an
authenticator in "pass-through" mode. The other endpoint of the authenticator in "pass-through" mode. The other endpoint of the
authentication dialogue is the MN's home Diameter server. This is authentication dialogue is the MN's home Diameter server. This is
a typical scenario for e.g. EAP-based authentication methods. a typical scenario for network access authentication using EAP
The NAS includes at least one of the NAS-HAAA interface AVPs in methods. The NAS includes at least one of the NAS to HAAA
the DER or in the AAR messages to indicate MIPv6 bootstrapping interface AVPs in the DER or in the AAR messages to indicate MIPv6
capability. For example the NAS could include MIP6-Home-Agent- bootstrapping capability. For example, the NAS could include the
Address AVP with 0::/128 as the HA address (the NAS has no Mobility-Capability AVP with a value 0.
particular HA to propose to the Diameter server).
2) Depending on the Diameter server configuration and the 2) Depending on the Diameter server configuration and the user's
subscription profile, the MIP6-Home-Agent-Address AVP or the MIP6- subscription profile, the Mobility-Agent-Info AVP and/or the
Home-Agent-FQDN AVP may be appended to the DEA or to the AAA Mobility-Capability AVP may be carried in the DEA, assuming the
message, assuming the home Diameter server knows or has allocated home Diameter server has allocated a HA to the MN. In case the
a HA to the MN. In case the MIP6-Home-Agent-FQDN AVP was returned MIP6-Home-Agent-FQDN AVP was returned within the Mobility-Agent-
the MN ultimately needs to perform a DNS query in order to Info grouped AVP the MN ultimately needs to perform a DNS query in
discover the HA address. For example the home Diameter server order to discover the HA's IP address. For example, the home
could return the following AVPs: Diameter server could return the following AVPs:
o MIP6-Home-Agent-Address = 2001:2001:6000:302::1/64 o Mobility-Agent-Info grouped AVP containing:
o MIP6-Home-Address = 2001:2001:6000:302::dead:beef/64 * MIP6-Home-Agent-Address = 2001:db8:6000:302::1/64
o MIP6-Home-Link-Prefix = 2001:2001:6000:302::/64 * MIP6-Home-Agent-FQDN = ha.example.com
3) the MN sends a DHCPv6 Information Request message to 3) the MN sends a DHCPv6 Information Request message to
all_DHCP_Relay_Agents_and_Servers address. In the OPTION_ORO, all_DHCP_Relay_Agents_and_Servers address. In the OPTION_ORO,
Option Code for the Home Network Identifier Option shall be Option Code for the Home Network Identifier Option shall be
included in that message included in that message [10]. The Home Network Identifier Option
[I-D.ietf-mip6-bootstrapping-integrated-dhc]. The Home Network should have id-type of 1, the message is a request to discover
Identifier Option should have id-type of 1, the message is a home network information that pertains to the given realm, i.e.,
request to discover home network information that pertains to the the user's home domain (identified by the NAI of the MN). The
given realm, i.e., the user's home domain (identified by the NAI OPTION_CLIENTID is set by the MN to identify itself to the DHCP
of the MN). The OPTION_CLIENTID is set by the MN to identify server.
itself to the DHCP server.
Steps 4 to 6 are not relevant in NAS-HAAA Diameter interface point of Steps 4 to 6 are not relevant from the NAS to HAAA Diameter interface
view and are not described in this document. Refer point of view and are not described in this document. The reader
[I-D.ietf-mip6-bootstrapping-integrated-dhc] for detailed information should consult [10] for a detailed description about the rest of the
about the rest of the integrated scenario bootstrapping procedure. integrated scenario bootstrapping procedure.
6.3. Integrated scenario and HA allocation in ASP 5.3. Integrated Scenario and HA Allocation in ASP
This scenario is similar to the one described in Section 6.2 and This scenario is similar to the one described in Section 5.2 and
illustrated in Figure 8. There are slight differences in steps 2) illustrated in Figure 4. There are slight differences in steps 2)
and 3). and 3).
2) The NAS/ASP has allocated a local HA (e.g. with IP address 2001: 2) The NAS/ASP wishes to allocate a local HA to the visiting MN. The
788:1:c020::1/64) and a local prefix, and proposes those to MN's NAS/ASP will also inform the Diameter server about the HA address
home Diameter server. For example the NAS includes following AVPs it has assigned to the visiting MN (e.g., 2001:db8:1:c020::1). In
in the DER or in the AAR messages: this case the NAS includes the following AVPs in the DER or in the
AAR messages:
o MIP6-Home-Agent-Address = 2001:788:1:c020::1/64 o Mobility-Capability = LOCAL_HOME_AGENT_ASSIGNMENT
o MIP6-Home-Link-Prefix = 2001:788:1:c020::/64 o Mobility-Agent-Info grouped AVP containing:
* MIP6-Home-Agent-Address = 2001:db8:1:c020::1
Depending on the Diameter server configuration and the Depending on the Diameter server configuration and user's
subscription profile, the Diameter server either accepts or subscription profile, the Diameter server either accepts or
rejects the HA IP address (or FQDN) proposed by the NAS/ASP. If rejects the proposal of locally allocated HA in the NAS/ASP. If
the Diameter server accepts the proposed HA the AVP containing the the Diameter server accepts the proposal then the Mobility-
HA information is returned as is back to the NAS. In this example Capability AVP with LOCAL_HOME_AGENT_ASSIGNMENT bit set is
the returned IP6-Home-Agent-Address AVP would contain the same returned back to the NAS. On the other hand if the Diameter
2001:788:1:c020::1/64 IP address value. On the orher hand if the server does not accept locally assigned HA, the Diameter returns
Diameter server does not accept the proposed HA, the Diameter the Mobility-Capability AVP with LOCAL_HOME_AGENT_ASSIGNMENT bit
server overwrites the MIP6-Home-Agent-Address AVP value with an IP unset. The Diameter server assigns a HA to the MN (e.g., 2001:
address of the preferred HA (e.g. 2001:2001:6000::1/64) and db8:6000::1) in the ASA/MSA/(MSP) and returns the IP address back
returns the new IP address back to the NAS/ASP (the MIP6-Home- to the NAS/ASP. In a case the home Diameter server accepted the
Agent-FQDN AVP is handled in the same way when present). This is NAS/ASP proposal of local HA the home Diameter server would
also an indication to the NAS/ASP that locally allocated HAs are return, for example, the following AVPs:
not to be used. In a case when the home Diameter server accepted
the NAS/ASP proposed local HA the home Diameter server would
return e.g. the following AVPs:
o MIP6-Home-Agent-Address = 2001:788:1:c020::1/64 o Mobility-Capability = LOCAL_HOME_AGENT_ASSIGNMENT
o MIP6-Home-Link-Prefix = 2001:788:1:c020::/64 o Mobility-Agent-Info grouped AVP containing:
* MIP6-Home-Agent-Address = 2001:db8:6000::1
3) The type-id field in the Home Network Identifier Option is set to 3) The type-id field in the Home Network Identifier Option is set to
zero, indicating that a HA is requested in the ASP instead of in zero, indicating that a HA is requested in the ASP instead of in
the MSP. Depending on the result of the phase 2) the DHCP relay the MSP. Depending on the result of the phase 2) the DHCP relay
agent places in the OPTION_MIP6-RELAY-Option either the locally agent places in the OPTION_MIP6-RELAY-Option either the locally
allocated HA information or the HA information that was returned allocated HA information or the HA information that was returned
(overwritten) by home Diameter server. (proposed) by home Diameter server. The selection of local or
home allocated HAs in based on the local policy in the ASP. It is
7. AVP Occurrence Tables also possible that both local and home allocated HAs are available
for the MN. The policy and heuristics when to select the local HA
7.1. DER and DEA Commands AVP Table and when the home HA are outside of this specification.
The following table lists the additional MIPv6 bootstrapping NAS -
HAAA interface AVPs that optionally may be present in the DER and DEA
Commands, as defined in this document and in [RFC4072].
+---------------+
| Command-Code |
|-------+-------+
Attribute Name | DER | DEA |
-------------------------------+-------+-------+
MIP6-Home-Agent-Address [ab] | 0-1 | 0-1 |
MIP6-Home-Agent-FQDN [ab] | 0-1 | 0-1 |
MIP4-Home-Agent-Address | 0-1 | 0-1 |
MIP6-Home-Link-Prefix [cd] | 0-1 | 0-1 |
MIP6-Home-Address [cd] | 0-1 | 0-1 |
+-------+-------+
Notes:
[a] Either MIP6-Home-Agent-Address or MIP6-Home-Agent-FQDN
MAY appear in DER or DEA Commands.
[b] If the Diameter server accepts the NAS suggestion for
the HA, then the Diameter server MUST also include the
values received in these AVPs in the DEA Command.
[c] Either MIP6-Home-Link-Prefix or MIP6-Home-Address MAY
appear in DER or DEA Commands.
[d] If either MIP6-Home-Address or MIP6-Home-Link-Prefix are
present in the DER Command then the corresponding AVP MUST
also be included in the DEA Command. If the Diameter server
accepts the NAS suggestion for the HoA or for the Prefix
then the Diameter server MUST also include values received
in these AVPs in the DEA Command.
Figure 9: DER and DEA Commands AVP Table 6. AVP Occurrence Tables
7.2. AAR and AAA Commands AVP Table 6.1. AAR, AAA, DER and DEA Commands AVP Table
The following table lists the additional MIPv6 bootstrapping NAS - The following table lists the additional MIPv6 bootstrapping NAS to
HAAA interface AVPs that may optionally be present in the AAR and AAA HAAA interface AVPs that may optionally be present in the AAR and AAA
Commands, as defined in this document and in [RFC4005]. Commands [5] or in the DER and DEA Commands [4].
+---------------+ +-----------------------+
| Command-Code | | Command-Code |
|-------+-------+ |-----+-----+-----+-----+
Attribute Name | AAR | AAA | Attribute Name | AAR | AAA | DER | DEA |
-------------------------------|-------+-------| -------------------------------|-----+-----|-----+-----+
MIP6-Home-Agent-Address [ab] | 0-1 | 0-1 | Mobility-Agent-Info | 0+ | 0+ | 0+ | 0+ |
MIP6-Home-Agent-FQDN [ab] | 0-1 | 0-1 | Mobility-Capability | 0-1 | 0-1 | 0-1 | 0-1 |
MIP4-Home-Agent-Address | 0-1 | 0-1 | +-----+-----+-----+-----+
MIP6-Home-Link-Prefix [cd] | 0-1 | 0-1 |
MIP6-Home-Address [cd] | 0-1 | 0-1 |
+-------+-------+
Notes:
[a] Either MIP6-Home-Agent-Address or MIP6-Home-Agent-FQDN
MAY appear in AAR or AAA Commands.
[b] If the Diameter server accepts the NAS suggestion for
the HA, then the Diameter server MUST also include the
values received in these AVPs in the AAA Command.
[c] Either MIP6-Home-Link-Prefix or MIP6-Home-Address MAY
appear in AAR or AAA Commands.
[d] If either MIP6-Home-Address or MIP6-Home-Link-Prefix are
present in the AAR Command then the corresponding AVP MUST
also be included in the AAA Command. If the Diameter server
accepts the NAS suggestion for the HoA or for the Prefix
then the Diameter server MUST also include values received
in these AVPs in the AAA Command.
Figure 10: AAR and AAA Commands AVP Table Figure 5: AAR, AAA, DER and DEA Commands AVP Table
8. MIPv6 Bootstrapping NAS - HAAA Interface AVPs 7. MIPv6 Bootstrapping NAS to HAAA Interface AVPs
This section defines the AVPs that are specific to Diameter MIPv6 This section defines AVPs that are specific to Diameter MIPv6
bootstrapping NAS - HAAA interface and MAY be included in the bootstrapping NAS to HAAA interface and MAY be included in the
Diameter EAP [RFC4072] and the NASREQ [RFC4005] applications messages Diameter EAP [4] and the NASREQ [5] application messages. The
listed in Section 4 of this document. The Diameter AVP rules are Diameter AVP rules are defined in the Diameter Base [3], Section 4.
defined in the Diameter Base [RFC3588], Section 4. These AVP rules These AVP rules are observed in AVPs defined in this section.
are observed in AVPs defined in this section.
The following table describes the Diameter AVPs, their AVP Code The following table describes the Diameter AVPs, their AVP Code
values, types, possible flag values, and whether the AVP MAY be values, types, possible flag values, and whether the AVP MAY be
encrypted. The Diameter base [RFC3588] specifies the AVP Flag rules encrypted. The Diameter base [3] specifies the AVP Flag rules for
for AVPs in section 4.5. AVPs in Section 4.5.
+---------------------+ +---------------------+
| AVP Flag rules | | AVP Flag rules |
+----+-----+----+-----+----+ +----+-----+----+-----+----+
AVP Section | | |SHLD|MUST | | AVP Section | | |SHLD|MUST | |
Attribute Name Code Defined Data Type |MUST| MAY |NOT |NOT |Encr| Attribute Name Code Defined Data Type |MUST| MAY |NOT |NOT |Encr|
-----------------------------------------+----+-----+----+-----+----+ ------------------------------------------+----+-----+----+-----+----+
MIP6-Home-Agent- TBD 4.7.1 OctetString| | P | | M,V | Y | Mobility- | | | | | |
Address | | | | | | Agent-Info TBD 4.7.1 Grouped | | P | | M,V | Y |
MIP6-Home-Agent- TBD 4.7.2 UTF8String | | P | | M,V | Y | MIP6-Home-Agent- | | | | | |
FQDN | | | | | | Address TBD 4.7.2 Address | | P | | M,V | Y |
MIP4-Home-Agent- TBD 4.7.4 OctetString| | P | | M,V | Y | MIP6-Home-Agent- | | | | | |
address | | | | | | FQDN TBD 4.7.3 UTF8String | | P | | M,V | Y |
MIP6-Home-Link- TBD 4.7.3 Unsigned32 | | P | | M,V | Y | Mobility- | | | | | |
Prefix | | | | | | Capability TBD 4.7.4 Unsigned64 | | P | | M,V | Y |
MIP6-Home-Address TBD 4.7.5 OctetString| | P | | M,V | Y | ------------------------------------------+----+-----+----+-----+----+
-----------------------------------------+----+-----+----+-----+----+
Figure 11: AVP Flag Rules Table Figure 6: AVP Flag Rules Table
9. IANA Considerations 8. IANA Considerations
8.1. Registration of new AVPs
This specification defines the following new AVPs: This specification defines the following new AVPs:
Mobility-Agent-Info is set to TBD
MIP6-Home-Agent-Address is set to TBD MIP6-Home-Agent-Address is set to TBD
MIP6-Home-Agent-FQDN is set to TBD MIP6-Home-Agent-FQDN is set to TBD
MIP4-Home-Agent-Address is set to TBD Mobility-Capability is set to TBD
MIP6-Home-Link-Prefix is set to TBD
MIP6-Home-Address is set to TBD
10. Security Considerations 8.2. New Registry: Mobility Capability
IANA is requested to create a new registry for the Mobility
Capability as described in Section 4.7.4.
Token | Value | Description
----------------------------------+----------------------+------------
MOBILITTY_CAPABILITY | 0x0000000000000000 | [RFC TBD]
LOCAL_HOME_AGENT_ASSIGNMENT | 0x0000000000000001 | [RFC TBD]
Available for Assignment via IANA | 2^x |
Allocation rule: Only numeric values that are 2^x (power of two) are
allowed based on the allocation policy described below.
Following the policies outlined in [1] new values with a description
of their semantic for usage with the Mobility-Capability AVP together
with a Token will be assigned after Expert Review initiated by the
O&M Area Directors in consultation with the DIME working group chairs
or the working group chairs of a designated successor working group.
Updates can be provided based on expert approval only. A designated
expert will be appointed by the O&M Area Directors. No mechanism to
mark entries as "deprecated" is envisioned. Based on expert approval
it is possible to delete entries from the registry.
9. Security Considerations
The security considerations for the Diameter interaction required to The security considerations for the Diameter interaction required to
accomplish the integrated scenario are described in accomplish the integrated scenario are described in [10].
[I-D.ietf-mip6-bootstrapping-integrated-dhc] . Additionally, the Additionally, the security considerations of the Diameter base
security considerations of the Diameter base protocol [RFC3588], protocol [3], Diameter NASREQ application [5] / Diameter EAP [4]
Diameter NASREQ application [RFC4005] / Diameter EAP [RFC4072]
application (with respect to network access authentication and the application (with respect to network access authentication and the
transport of keying material) are applicable to this document. transport of keying material) are applicable to this document. This
document does not introduce new security vulnerabilities.
11. Acknowledgements 10. Acknowledgements
This document is heavily based on the ongoing work for RADIUS MIPv6 This document is heavily based on the ongoing work for RADIUS MIPv6
interaction. Hence, credits go to respective authors for their work interaction. Hence, credits go to respective authors for their work
with draft-ietf-mip6-radius-00.txt. Furthermore, the author would with draft-ietf-mip6-radius. Furthermore, the author would like to
like to thank the authors of draft-le-aaa-diameter-mobileipv6-04.txt thank the authors of draft-le-aaa-diameter-mobileipv6 (Franck Le,
(Franck Le, Basavaraj Patil, Charles E. Perkins, Stefano Faccin) for Basavaraj Patil, Charles E. Perkins, Stefano Faccin) for their work
their work in context of MIPv6 Diameter interworking. Their work in context of MIPv6 Diameter interworking. Their work influenced
influenced this document. Julien Bournelle would like to thank GET/ this document. Julien Bournelle would like to thank GET/INT since he
INT since he began to work on this document while he was in their began to work on this document while he was in their employ. Authors
employ. would also like to acknowledge Raymond Hsu for his valuable feedback
on local HA assignment and Wolfgang Fritsche for his thorough review.
12. Revision history 11. References
The following changes were made to the -01 version of the draft: 11.1. Normative References
o The document title was changed to "The NAS - HAAA Interface for [1] Johnson, D., Perkins, C., and J. Arkko, "Mobility Support in
MIPv6 Bootstrapping". IPv6", RFC 3775, June 2004.
o Added HAAA and NAS to terminology section".
o Changed NAS application to NASREQ application.".
o Changed "Integrated Scenario" to NAS-HAAA interface".
o The separate Diameter Application-ID for MIPv6 bootstrapping
(MIP6BSTI) got removed and all bootstrapping is based on Diameter
EAP application and Diameter NAS application.
o MIPv6-Bootstrapping-Feature AVP was removed and General text
regarding to the capability advertisement based on optional AVPs
was added.
o The capability exchange was modified so that the NAS may suggest a
specific HA to the AAAH. Original MIPv6-Bootstrapping-Feature AVP
was replaces with a possibility to include any bootstrapping AVP
to the Diameter AAR or DER messages as a capability and local
allocation hint.
The following changes were made to the -02 version of the draft: [2] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, March 1997.
o Section 7 NAS - HAAA Interface AVPs flags were corrected. 'M' [3] Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J. Arkko,
flag was listed as MUST even if it should have been MUST NOT. "Diameter Base Protocol", RFC 3588, September 2003.
o General shortening of the text.
o Addition of the MIP6-Home-Address AVP.
o Checked against draft-ietf-mip6-radius-01.
o Addition of noted & constrains to AVP tables.
o Miscellaneous corrections like Mobile IPv6 -> MIPv6.
o Added signaling examples for HA assignment from MSP, and local HA
assignment.
The following changes were made to the -03 version of the draft: [4] Eronen, P., Hiller, T., and G. Zorn, "Diameter Extensible
Authentication Protocol (EAP) Application", RFC 4072,
August 2005.
o Section 7.1 corrected case [d] mixed AVPs. [5] Calhoun, P., Zorn, G., Spence, D., and D. Mitton, "Diameter
o Section 7.2 corrected case [d] mixed AVPs. Network Access Server Application", RFC 4005, August 2005.
13. References 11.2. Informative References
13.1. Normative References [6] Giaretta, G., "Mobile IPv6 bootstrapping in split scenario",
draft-ietf-mip6-bootstrapping-split-04 (work in progress),
December 2006.
[I-D.ietf-mip6-aaa-ha-goals] [7] Patel, A. and G. Giaretta, "Problem Statement for bootstrapping
Giaretta, G., "AAA Goals for Mobile IPv6", Mobile IPv6 (MIPv6)", RFC 4640, September 2006.
[8] Giaretta, G., "AAA Goals for Mobile IPv6",
draft-ietf-mip6-aaa-ha-goals-03 (work in progress), draft-ietf-mip6-aaa-ha-goals-03 (work in progress),
September 2006. September 2006.
[I-D.ietf-mip6-bootstrapping-integrated-dhc] [9] Manner, J. and M. Kojo, "Mobility Related Terminology",
Chowdhury, K. and A. Yegin, "MIP6-bootstrapping for the RFC 3753, June 2004.
[10] Chowdhury, K. and A. Yegin, "MIP6-bootstrapping for the
Integrated Scenario", Integrated Scenario",
draft-ietf-mip6-bootstrapping-integrated-dhc-02 (work in draft-ietf-mip6-bootstrapping-integrated-dhc-02 (work in
progress), February 2007. progress), February 2007.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", March 1997.
[RFC3588] Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J.
Arkko, "Diameter Base Protocol", RFC 3588, September 2003.
[RFC3775] Johnson, D., Perkins, C., and J. Arkko, "Mobility Support
in IPv6", RFC 3775, June 2004.
[RFC4640] Patel, A. and G. Giaretta, "Problem Statement for
bootstrapping Mobile IPv6 (MIPv6)", RFC 4640,
September 2006.
13.2. Informative References
[I-D.ietf-mip6-bootstrapping-split]
Giaretta, G., "Mobile IPv6 bootstrapping in split
scenario", draft-ietf-mip6-bootstrapping-split-04 (work in
progress), December 2006.
[I-D.ietf-mip6-nemo-v4traversal]
Soliman, H., "Mobile IPv6 support for dual stack Hosts and
Routers (DSMIPv6)", draft-ietf-mip6-nemo-v4traversal-03
(work in progress), October 2006.
[RFC2132] Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor
Extensions", RFC 2132, March 1997.
[RFC3753] Manner, J. and M. Kojo, "Mobility Related Terminology",
RFC 3753, June 2004.
[RFC4005] Calhoun, P., Zorn, G., Spence, D., and D. Mitton,
"Diameter Network Access Server Application", RFC 4005,
August 2005.
[RFC4072] Eronen, P., Hiller, T., and G. Zorn, "Diameter Extensible
Authentication Protocol (EAP) Application", RFC 4072,
August 2005.
Authors' Addresses Authors' Addresses
Jouni Korhonen Jouni Korhonen
TeliaSonera TeliaSonera
Teollisuuskatu 13 Teollisuuskatu 13
Sonera FIN-00051 Sonera FIN-00051
Finland Finland
Email: jouni.korhonen@teliasonera.com Email: jouni.korhonen@teliasonera.com
skipping to change at page 25, line 26 skipping to change at page 18, line 4
Email: jouni.korhonen@teliasonera.com Email: jouni.korhonen@teliasonera.com
Julien Bournelle Julien Bournelle
France Telecom R&D France Telecom R&D
38-4O rue du general Leclerc 38-4O rue du general Leclerc
Issy-Les-Moulineaux 92794 Issy-Les-Moulineaux 92794
France France
Email: julien.bournelle@orange-ftgroup.com Email: julien.bournelle@orange-ftgroup.com
Hannes Tschofenig Hannes Tschofenig
Siemens Networks GmbH & Co KG Nokia Siemens Networks
Otto-Hahn-Ring 6 Otto-Hahn-Ring 6
Munich, Bavaria 81739 Munich, Bavaria 81739
Germany Germany
Email: Hannes.Tschofenig@siemens.com Email: Hannes.Tschofenig@nsn.com
URI: http://www.tschofenig.com URI: http://www.tschofenig.com
Charles E. Perkins Charles E. Perkins
Nokia Research Center Nokia Siemens Networks
313 Fairchild Drive 313 Fairchild Drive
Mountain View CA 94043 Mountain View CA 94043
US US
Phone: +1 650 625-2986 Phone: +1 650 625-2986
Email: charliep@iprg.nokia.com Email: charliep@nsn.com
Kuntal Chowdhury Kuntal Chowdhury
Starent Networks Starent Networks
30 International Place 30 International Place
Tewksbury MA 01876 Tewksbury MA 01876
US US
Phone: +1 214 550 1416 Phone: +1 214 550 1416
Email: kchowdhury@starentnetworks.com Email: kchowdhury@starentnetworks.com
Full Copyright Statement Full Copyright Statement
 End of changes. 111 change blocks. 
624 lines changed or deleted 357 lines changed or added

This html diff was produced by rfcdiff 1.33. The latest version is available from http://tools.ietf.org/tools/rfcdiff/