draft-ietf-dime-mip6-integrated-05.txt   draft-ietf-dime-mip6-integrated-06.txt 
Diameter Maintenance and J. Korhonen (ed.) Diameter Maintenance and J. Korhonen, Ed.
Extensions (DIME) TeliaSonera Extensions (DIME) TeliaSonera
Internet-Draft J. Bournelle Internet-Draft J. Bournelle
Intended status: Standards Track France Telecom R&D Intended status: Standards Track France Telecom R&D
Expires: January 10, 2008 H. Tschofenig Expires: May 9, 2008 H. Tschofenig
C. Perkins C. Perkins
Nokia Siemens Networks Nokia Siemens Networks
K. Chowdhury K. Chowdhury
Starent Networks Starent Networks
July 9, 2007 November 6, 2007
Diameter Mobile IPv6: Support for Network Access Server to Diameter Diameter Mobile IPv6: Support for Network Access Server to Diameter
Server Interaction Server Interaction
draft-ietf-dime-mip6-integrated-05.txt draft-ietf-dime-mip6-integrated-06.txt
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 41 skipping to change at page 1, line 41
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on January 10, 2008. This Internet-Draft will expire on May 9, 2008.
Copyright Notice Copyright Notice
Copyright (C) The IETF Trust (2007). Copyright (C) The IETF Trust (2007).
Abstract Abstract
A Mobile IPv6 node requires a Home Agent address, a home address, and A Mobile IPv6 node requires a Home Agent address, a home address, and
a security association with its Home Agent before it can start a security association with its Home Agent before it can start
utilizing Mobile IPv6. RFC 3775 requires that some or all of these utilizing Mobile IPv6. RFC 3775 requires that some or all of these
skipping to change at page 2, line 32 skipping to change at page 2, line 32
4.2. Command Codes . . . . . . . . . . . . . . . . . . . . . . 6 4.2. Command Codes . . . . . . . . . . . . . . . . . . . . . . 6
4.3. Diameter-EAP-Request (DER) . . . . . . . . . . . . . . . . 7 4.3. Diameter-EAP-Request (DER) . . . . . . . . . . . . . . . . 7
4.4. Diameter-EAP-Answer (DEA) . . . . . . . . . . . . . . . . 7 4.4. Diameter-EAP-Answer (DEA) . . . . . . . . . . . . . . . . 7
4.5. AA-Request (AAR) . . . . . . . . . . . . . . . . . . . . . 8 4.5. AA-Request (AAR) . . . . . . . . . . . . . . . . . . . . . 8
4.6. AA-Answer (AAA) . . . . . . . . . . . . . . . . . . . . . 8 4.6. AA-Answer (AAA) . . . . . . . . . . . . . . . . . . . . . 8
4.7. Attribute Value Pair Definitions . . . . . . . . . . . . . 9 4.7. Attribute Value Pair Definitions . . . . . . . . . . . . . 9
4.7.1. MIP6-Agent-Info . . . . . . . . . . . . . . . . . . . 9 4.7.1. MIP6-Agent-Info . . . . . . . . . . . . . . . . . . . 9
4.7.2. MIP-Home-Agent-Address AVP . . . . . . . . . . . . . . 9 4.7.2. MIP-Home-Agent-Address AVP . . . . . . . . . . . . . . 9
4.7.3. MIP-Home-Agent-Host AVP . . . . . . . . . . . . . . . 10 4.7.3. MIP-Home-Agent-Host AVP . . . . . . . . . . . . . . . 10
4.7.4. MIP6-Feature-Vector AVP . . . . . . . . . . . . . . . 10 4.7.4. MIP6-Feature-Vector AVP . . . . . . . . . . . . . . . 10
5. Example Message Flows . . . . . . . . . . . . . . . . . . . . 11 5. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
5.1. EAP-based Authentication . . . . . . . . . . . . . . . . . 11 5.1. Home Agent Assignment by the NAS . . . . . . . . . . . . . 11
5.2. Integrated Scenario and HA Allocation in MSP . . . . . . . 12 5.2. Home Agent Assignment by the Diameter Server . . . . . . . 12
5.3. Integrated Scenario and HA Allocation in ASP . . . . . . . 13 5.3. Home Agent Assignment by NAS or Diameter Server . . . . . 13
6. AVP Occurrence Tables . . . . . . . . . . . . . . . . . . . . 14 6. AVP Occurrence Tables . . . . . . . . . . . . . . . . . . . . 14
6.1. AAR, AAA, DER and DEA Commands AVP Table . . . . . . . . . 14 6.1. AAR, AAA, DER and DEA Commands AVP Table . . . . . . . . . 14
7. MIPv6 Bootstrapping NAS to HAAA Interface AVPs . . . . . . . . 15 7. MIPv6 Bootstrapping NAS to HAAA Interface AVPs . . . . . . . . 15
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15
8.1. Registration of new AVPs . . . . . . . . . . . . . . . . . 15 8.1. Registration of new AVPs . . . . . . . . . . . . . . . . . 16
8.2. New Registry: Mobility Capability . . . . . . . . . . . . 15 8.2. New Registry: Mobility Capability . . . . . . . . . . . . 16
9. Security Considerations . . . . . . . . . . . . . . . . . . . 16 9. Security Considerations . . . . . . . . . . . . . . . . . . . 16
10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 16 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 16
11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 17 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 17
11.1. Normative References . . . . . . . . . . . . . . . . . . . 17 11.1. Normative References . . . . . . . . . . . . . . . . . . . 17
11.2. Informative References . . . . . . . . . . . . . . . . . . 17 11.2. Informative References . . . . . . . . . . . . . . . . . . 17
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 17 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 18
Intellectual Property and Copyright Statements . . . . . . . . . . 20 Intellectual Property and Copyright Statements . . . . . . . . . . 20
1. Introduction 1. Introduction
The Mobile IPv6 (MIPv6) specification [1] requires a Mobile Node (MN) The Mobile IPv6 (MIPv6) specification [1] requires a Mobile Node (MN)
to perform registration with a Home Agent (HA) with information about to perform registration with a Home Agent (HA) with information about
its current point of attachment (Care-of Address). The HA creates its current point of attachment (care-of address). The HA creates
and maintains binding between the MN's Home Address and the MN's and maintains binding between the MN's Home Address and the MN's
Care-of Address. Care-of Address.
In order to register with a HA, the MN needs to know some information In order to register with a HA, the MN needs to know some information
such as the Home Link prefix, the HA address, the Home Address(es), such as the Home Link prefix, the HA address, the Home Address(es),
the Home Link prefix Length and security association related the Home Link prefix length and security association related
information. information.
The aforementioned set of information may be statically provisioned The aforementioned information may be statically. However, static
in the MN. However, static provisioning of this information becomes provisioning of this information becomes an administrative burden for
an administrative burden for an operator. Moreover, static an operator. Moreover, it does not address load balancing, failover,
provisioning does not address load balancing, failover, opportunistic opportunistic home link assignment and assignment of local home
home link assignment and assignment of local home agents in close agents in close proximity to the MN. Also the ability to react on
proximity to the MN. Also the ability to react on sudden sudden environmental or topological changes is minimal. Static
environmental or topological changes is minimal. Static provisioning provisioning may not be desirable, in light of the mentioned
may not be desirable, in light of the mentioned limitations. limitations.
Dynamic assignment of MIPv6 home registration information is a Dynamic assignment of MIPv6 home registration information is a
desirable feature for ease of deployment and network maintenance. desirable feature for ease of deployment and network maintenance.
For this purpose, the AAA infrastructure, which is used for access For this purpose, the AAA infrastructure, which is used for access
authentication, can be leveraged to assign some or all of the authentication, can be leveraged to assign some or all of the
necessary parameters. The Diameter server in Access Service necessary parameters. The Diameter server in Access Service
Provider's (ASP) or in Mobility Service Provider's (MSP) network may Provider's (ASP) or in Mobility Service Provider's (MSP) network may
return these parameters to the AAA client. Regarding the return these parameters to the AAA client. Regarding the
bootstrapping procedures, the AAA client might either be the NAS, in bootstrapping procedures, the AAA client might either be the NAS, in
case of the integrated scenario, or the HA, in case of the split case of the integrated scenario, or the HA, in case of the split
skipping to change at page 5, line 42 skipping to change at page 5, line 42
| | PANA,... | |Client | | | | | | PANA,... | |Client | | | |
+-------+ DHCP | +-----------+ +-------+ | +-------+ DHCP | +-----------+ +-------+ |
+---------------------------+ +---------------------------+
Figure 1: Mobile IPv6 Bootstrapping in the Integrated Scenario Figure 1: Mobile IPv6 Bootstrapping in the Integrated Scenario
In a typical MIPv6 access scenario the MN is attached to an ASP's In a typical MIPv6 access scenario the MN is attached to an ASP's
network. During the network attachment procedure, the NAS/Diameter network. During the network attachment procedure, the NAS/Diameter
client interacts with the MN. client interacts with the MN.
During the time of authentication the Diameter server in the MSA During the time of authentication the Diameter server in the ASA/MSA
detects that the user is also authorized for MIPv6 access. Based on detects that the user is also authorized for MIPv6 access. Based on
the MSA's policy, the Diameter server may return several MIPv6 the MSA's policy, the Diameter server may return several MIPv6
bootstrapping related parameters. bootstrapping related parameters.
Depending on the details of the bootstrapping solution interaction Depending on the details of the bootstrapping solution interaction
with the DHCPv6 server may be required, as described in [11]. with the DHCPv6 server may be required, as described in [11].
However, the Diameter based NAS to HAAA interface described in this However, the Diameter based NAS to HAAA interface described in this
document is not tied to DHCPv6 as the only possible MIPv6 document is not tied to DHCPv6 as the only possible way to convey
bootstrapping method. MIPv6 related configuration parameters from the Diameter client to
the mobile node.
4. Commands, AVPs and Advertising Application Support 4. Commands, AVPs and Advertising Application Support
This section describes command codes, defines AVPs and advertised This section describes command codes, defines AVPs and advertised
application identifiers for the Diameter MIPv6 bootstrapping in the application identifiers for the Diameter MIPv6 bootstrapping in the
NAS to HAAA interface. NAS to HAAA interface.
4.1. Advertising Application Support 4.1. Advertising Application Support
Diameter nodes conforming to this specification MUST include the Diameter nodes conforming to this specification MUST include the
skipping to change at page 6, line 44 skipping to change at page 6, line 45
When the Re-Auth-Request (RAR), Re-Auth-Answer (RAA), Session- When the Re-Auth-Request (RAR), Re-Auth-Answer (RAA), Session-
Termination-Request (STR), Session-Termination-Answer (STA), Abort- Termination-Request (STR), Session-Termination-Answer (STA), Abort-
Session-Request (ASR), Abort-Session-Answer (ASA), Accounting-Request Session-Request (ASR), Abort-Session-Answer (ASA), Accounting-Request
(ACR), and Accounting-Answer (ACA) commands are used together with (ACR), and Accounting-Answer (ACA) commands are used together with
the MIPv6 bootstrapping NAS to HAAA interface, they follow the rules the MIPv6 bootstrapping NAS to HAAA interface, they follow the rules
in the Diameter NASREQ [4], EAP [5] and RFC 3588 [3] applications. in the Diameter NASREQ [4], EAP [5] and RFC 3588 [3] applications.
The accounting commands use the Application Identifier value of 3 The accounting commands use the Application Identifier value of 3
(Diameter Base Accounting); the others use 0 (Diameter Common (Diameter Base Accounting); the others use 0 (Diameter Common
Messages). Messages).
All request messages SHOULD contain User-Name AVP containing the All request messages SHOULD contain the User-Name AVP containing the
identity of the MN in NAI format. It is out of scope how the NAS identity of the MN in NAI format. It is out of scope how the NAS
finds out the MN identity However, for example, the NAS could use the finds out the MN identity However, for example, the NAS could use the
MN identity provided by the network access authentication mechanism. MN identity provided by the network access authentication mechanism.
4.3. Diameter-EAP-Request (DER) 4.3. Diameter-EAP-Request (DER)
The Diameter-EAP-Request (DER) message [5], indicated by the Command- The Diameter-EAP-Request (DER) message [5], indicated by the Command-
Code field set to 268 and the 'R' bit set in the Command Flags field, Code field set to 268 and the 'R' bit set in the Command Flags field,
is sent by the NAS to the Diameter server to initiate a network is sent by the NAS to the Diameter server to initiate a network
access authentication and authorization procedure. The DER message access authentication and authorization procedure. The DER message
skipping to change at page 9, line 29 skipping to change at page 9, line 29
[ User-Name ] [ User-Name ]
... ...
* [ AVP ] * [ AVP ]
4.7. Attribute Value Pair Definitions 4.7. Attribute Value Pair Definitions
4.7.1. MIP6-Agent-Info 4.7.1. MIP6-Agent-Info
The MIP6-Agent-Info AVP (AVP code TBD) is type of Grouped and The MIP6-Agent-Info AVP (AVP code TBD) is type of Grouped and
contains necessary information to assign a HA to the MN. When the contains necessary information to assign a HA to the MN. When the
MIP6-Agent-Info AVP is present in a message, it MUST contain either a MIP6-Agent-Info AVP is present in a message, it MUST contain either
MIP-Home-Agent-Address AVP or a MIP-Home-Agent-Host AVP, but not the MIP-Home-Agent-Address AVP or the MIP-Home-Agent-Host AVP, or
both. The grouped AVP has the following grammar: both AVPs. The grouped AVP has the following grammar:
<MIP6-Agent-Info> ::= < AVP Header: TBD > <MIP6-Agent-Info> ::= < AVP Header: TBD >
[ MIP-Home-Agent-Address ] [ MIP-Home-Agent-Address ]
[ MIP-Home-Agent-Host ] [ MIP-Home-Agent-Host ]
* [ AVP ] * [ AVP ]
4.7.2. MIP-Home-Agent-Address AVP 4.7.2. MIP-Home-Agent-Address AVP
The MIP-Home-Agent-Address AVP (AVP Code 334 [6]) is of type Address The MIP-Home-Agent-Address AVP (AVP Code 334 [6]) is of type Address
and contains the HA address. The Diameter server MAY decide to and contains the HA address. The Diameter server MAY decide to
assign a HA to the MN that is in close proximity to the point of assign a HA to the MN that is in close proximity to the point of
attachment (e.g., determined by the NAS-Identifier AVP). There may attachment (e.g., determined by the NAS-Identifier AVP). There may
be other reasons for dynamically assigning HAs to the MN, for example be other reasons for dynamically assigning HAs to the MN, for example
to share the traffic load. to share the traffic load.
This AVP MAY also be attached by the NAS when sent to the Diameter This AVP MAY also be attached by the NAS or by the intermediate local
server in a request message as a hint of a locally assigned HA Diameter proxy when sent to the Diameter server in a request message
address. as a hint of a locally assigned HA.
4.7.3. MIP-Home-Agent-Host AVP 4.7.3. MIP-Home-Agent-Host AVP
The MIP-Home-Agent-Host AVP (AVP Code 348 [6]) is of type Grouped and The MIP-Home-Agent-Host AVP (AVP Code 348 [6]) is of type Grouped and
contains the identity of the assigned HA. Both the FQDN and the contains the identity of the assigned HA. Both the Destination-Realm
Realm of the HA are included in the grouped AVP. The usage of this and the Destination-Host AVP of the HA are included in the grouped
AVP is equivalent to the MIP-Home-Agent-Address AVP but offers an AVP. The usage of this AVP is equivalent to the MIP-Home-Agent-
additional level of indirection via the DNS infrastructure. Address AVP but offers an additional level of indirection via the DNS
infrastructure.
This AVP MAY also be attached by the NAS or by the intermediate local
Diameter proxy when sent to the Diameter server in a request message
as a hint of a locally assigned HA.
4.7.4. MIP6-Feature-Vector AVP 4.7.4. MIP6-Feature-Vector AVP
The MIP6-Feature-Vector AVP (AVP Code TBD) is of type Unsigned64 and The MIP6-Feature-Vector AVP (AVP Code TBD) is of type Unsigned64 and
contains a 64 bits flags field of supported capabilities of the NAS/ contains a 64 bits flags field of supported capabilities of the NAS/
ASP. Sending and receiving the MIP6-Feature-Vector AVP with value 0 ASP. Sending and receiving the MIP6-Feature-Vector AVP with value 0
MUST be supported, although that does not provide much guidance about MUST be supported, although that does not provide much guidance about
specific needs of bootstrapping. specific needs of bootstrapping.
The NAS MAY include this AVP to indicate capabilities of the NAS/ASP The NAS MAY include this AVP to indicate capabilities of the NAS/ASP
skipping to change at page 10, line 34 skipping to change at page 10, line 39
include this AVP to inform the NAS/ASP about which of the NAS/ASP include this AVP to inform the NAS/ASP about which of the NAS/ASP
indicated capabilities are supported or authorized by the ASA/MSA(/ indicated capabilities are supported or authorized by the ASA/MSA(/
MSP). MSP).
The following capabilities are defined in this document: The following capabilities are defined in this document:
MOBILITY_CAPABILITY (0x0000000000000000) MOBILITY_CAPABILITY (0x0000000000000000)
The MIP6-Feature-Vector AVP MAY contain value 0 (zero) with the The MIP6-Feature-Vector AVP MAY contain value 0 (zero) with the
semantics that Mobile IPv6 bootstrapping is generally supported. semantics that Mobile IPv6 bootstrapping is generally supported.
This 'zero' flag is always implicitly set when the MIP6-Feature- This value represents the default when the MIP6-Feature-Vector AVP
Vector AVP is used. is included in a message.
MIP6_INTEGRATED (0x0000000000000001) MIP6_INTEGRATED (0x0000000000000001)
This flag is set by the NAS/ASP when Mobile IPv6 integrated The entity that sets the flag has an impact on the semantic. When
scenario bootstrapping functionality is supported. This flag is this flag is set by the NAS then it means that the Mobile IPv6
set by the ASA/MSA(/MSP) when Mobile IPv6 integrated scenario integrated scenario bootstrapping functionality is supported by
bootstrapping is supported and authorized to be used. the NAS. When this flag is set by the Diameter server then the
Mobile IPv6 integrated scenario bootstrapping is supported by the
Diameter server.
LOCAL_HOME_AGENT_ASSIGNMENT (0x0000000000000002) LOCAL_HOME_AGENT_ASSIGNMENT (0x0000000000000002)
This flag is set by the NAS/ASP when a local home agent can be The entity that sets the flag has an impact on the semantic. When
assigned to the MN. This flag is set by the ASA/MSA(/MSP) when this flag is set by the NAS then a local home agent can be
the use of a local HA is authorized. assigned to the MN. When this flag is set by the Diameter server
then the assignment of location HAs is authorized by the Diameter
server.
5. Example Message Flows 5. Examples
5.1. EAP-based Authentication 5.1. Home Agent Assignment by the NAS
This section shows basic message flows of MIPv6 integrated scenario In this scenario we consider the case where the NAS wishes to
bootstrapping and dynamic HA assignment. In Figure 3 network access allocate a local HA to the MN. The NAS will also inform the Diameter
authentication is based on EAP (e.g., 802.11i/802.1X). The NAS server about the HA address it has assigned to the visiting MN (e.g.,
informs the home Diameter server that it wishes to provide a locally 2001:db8:1:c020::1). The Diameter-EAP-Request message therefore has
assigned HA to the visiting MN. The Diameter server assigns the MN a the MIP6-Feature-Vector with the LOCAL_HOME_AGENT_ASSIGNMENT and the
HA in the home MSP but also authorizes the assignment of local HA for MIP6_INTEGRATED set. The MIP6-Agent-Info AVP contains the MIP-Home-
the ASP. The Diameter server then replies to the NAS with HA related Agent-Address AVP with the address of the proposed HA.
bootstrapping information. Whether the NAS/ASP then offers a locally
assigned HA or the MSP assigned HA to the MN is based on the local
ASP policy.
NAS Home server Diameter
NAS Server
| | | |
| Diameter-EAP-Request | | Diameter-EAP-Request |
| MIP6-Feature-Vector=(LOCAL_HOME_AGENT_ASSIGNMENT | | MIP6-Feature-Vector=(LOCAL_HOME_AGENT_ASSIGNMENT |
| | MIP6_INTEGRATED) | | | MIP6_INTEGRATED) |
| MIP6-Agent-Info{ |
| MIP-Home-Agent-Address(2001:db8:1:c020::1)} |
| } |
| Auth-Request-Type=AUTHORIZE_AUTHENTICATE | | Auth-Request-Type=AUTHORIZE_AUTHENTICATE |
| EAP-Payload(EAP Start) | | EAP-Payload(EAP Start) |
|---------------------------------------------------------------->| |---------------------------------------------------------------->|
| | | |
| | | |
: ...more EAP Request/Response pairs... : : ...more EAP Request/Response pairs... :
| | | |
| | | |
| Diameter-EAP-Answer | | Diameter-EAP-Answer |
| MIP6-Agent-Info{ |
| MIP-Home-Agent-Address(IPv6 address)} |
| MIP6-Feature-Vector=(LOCAL_HOME_AGENT_ASSIGNMENT | | MIP6-Feature-Vector=(LOCAL_HOME_AGENT_ASSIGNMENT |
| | MIP6_INTEGRATED) | | | MIP6_INTEGRATED) |
| Result-Code=DIAMETER_SUCCESS | | Result-Code=DIAMETER_SUCCESS |
| EAP-Payload(EAP Success) | | EAP-Payload(EAP Success) |
| EAP-Master-Session-Key | | EAP-Master-Session-Key |
| (authorization AVPs) | | (authorization AVPs) |
| ... | | ... |
|<----------------------------------------------------------------| |<----------------------------------------------------------------|
| | | |
Figure 3: Diameter EAP Application with MIPv6 bootstrapping Figure 3: Home Agent Assignment by NAS
5.2. Integrated Scenario and HA Allocation in MSP
Diameter is used to authenticate and authorize the MN for the
mobility service, and to send information about the allocated HA to
the NAS. In this example scenario the MN uses DHCP for its IP
address configuration.
|
--------------ASP------>|<--ASA/MSA/(MSP)--
|
+----+ +--------+ +-------+ +--------+
| | |Diameter| | | | |
| | | Client | | | | |
| MN | | NAS/ | | DHCP | | Home |
| | | DHCP | | Server| |Diameter|
| | | Relay | | | | Server |
+-+--+ +----+---+ +---+---+ +--------+
| | | |
| 1 | 2 | |
|<------------->|<----------------------->|
| | | |
| | | |
| 3 | | |
|-------------->| | |
| | | |
| | 4 | |
| |------------>| |
| | | |
| | 5 | |
| |<------------| |
| | | |
| 6 | | |
|<--------------| | |
| | | |
Figure 4: Mobile IPv6 Integrated Scenario Bootstrapping and the
allocation of HAs either in the ASP or in the MSP
1) The MN executes the normal network access authentication procedure
(IEEE 802.11i/802.1X, PANA, ...) with the NAS. The NAS acts as an
authenticator in "pass-through" mode. The other endpoint of the
authentication dialogue is the MN's home Diameter server. This is
a typical scenario for network access authentication using EAP
methods. The NAS includes at least one of the NAS to HAAA
interface AVPs in the DER or in the AAR messages to indicate MIPv6
bootstrapping capability. For example, the NAS should include the
MIP6-Feature-Vector AVP with a value 0x0000000000000001.
2) Depending on the Diameter server configuration and the user's Depending on the Diameter server configuration and user's
subscription profile, the MIP6-Agent-Info AVP and/or the MIP6- subscription profile, the Diameter server either accepts or rejects
Feature-Vector AVP may be carried in the DEA, assuming the home the proposal of locally HA allocated by the NAS will be used. In our
Diameter server has allocated a HA to the MN. In case the MIP- example, the Diameter server accepts the proposal and the the MIP6-
Home-Agent-Host AVP was returned within the MIP6-Agent-Info Feature-Vector AVP with LOCAL_HOME_AGENT_ASSIGNMENT flag (together
grouped AVP the MN ultimately needs to perform a DNS query in with the MIP6_INTEGRATED flag) is set and returned to the NAS.
order to discover the HA's IP address. For example, the home
Diameter server could return the following AVPs:
o MIP6-Feature-Vector = 0x0000000000000001 5.2. Home Agent Assignment by the Diameter Server
o MIP6-Agent-Info grouped AVP containing:
* MIP-Home-Agent-Address = 2001:db8:6000:302::1/64
3) the MN sends a DHCPv6 Information Request message to In this scenario we consider the case where the NAS supports the
all_DHCP_Relay_Agents_and_Servers address. In the OPTION_ORO, Diameter MIPv6 integrated scenario as defined in this document but
Option Code for the Home Network Identifier Option shall be does not offer local home agent assignment. Hence, the MIP6-Feature-
included in that message [11]. The Home Network Identifier Option Vector AVP only has the MIP6_INTEGRATED flag set. The Diameter
should have id-type of 1, the message is a request to discover server allocates a home agent to the mobile node and conveys the
home network information that pertains to the given realm, i.e., address in the MIP-Home-Agent-Address AVP that is encapsulated in the
the user's home domain (identified by the NAI of the MN). The MIP6-Agent-Info AVP. Additionally, the MIP6-Feature-Vector AVP has
OPTION_CLIENTID is set by the MN to identify itself to the DHCP the MIP6_INTEGRATED flag set.
server.
Steps 4 to 6 are not relevant from the NAS to HAAA Diameter interface Diameter
point of view and are not described in this document. The reader NAS Server
should consult [11] for a detailed description about the rest of the | |
integrated scenario bootstrapping procedure. | Diameter-EAP-Request |
| MIP6-Feature-Vector=(MIP6_INTEGRATED) |
| Auth-Request-Type=AUTHORIZE_AUTHENTICATE |
| EAP-Payload(EAP Start) |
|---------------------------------------------------------------->|
| |
| |
: ...more EAP Request/Response pairs... :
| |
| |
| Diameter-EAP-Answer |
| MIP6-Agent-Info{ |
| MIP-Home-Agent-Address(2001:db8:6000:302::1/64) |
| } |
| MIP6-Feature-Vector=(MIP6_INTEGRATED) |
| Result-Code=DIAMETER_SUCCESS |
| EAP-Payload(EAP Success) |
| EAP-Master-Session-Key |
| (authorization AVPs) |
| ... |
|<----------------------------------------------------------------|
| |
5.3. Integrated Scenario and HA Allocation in ASP Figure 4: Home Agent Assignment by Diameter Server
This scenario is similar to the one described in Section 5.2 and 5.3. Home Agent Assignment by NAS or Diameter Server
illustrated in Figure 4. There are slight differences in steps 2)
and 3).
2) The NAS/ASP wishes to allocate a local HA to the visiting MN. The This section shows a message flows for the MIPv6 integrated scenario
NAS/ASP will also inform the Diameter server about the HA address bootstrapping where the NAS informs the Diameter server that it is
it has assigned to the visiting MN (e.g., 2001:db8:1:c020::1). In able to locally assign a HA to the MN. The Diameter server is also
this case the NAS includes the following AVPs in the DER or in the able to provide a HA to the MN but also authorizes the assignment of
AAR messages: local HA. The Diameter server then replies to the NAS with HA
related bootstrapping information.
o MIP6-Feature-Vector = 0x0000000000000003 Whether the NAS/ASP then offers a locally assigned HA or the Diameter
o MIP6-Agent-Info grouped AVP containing: server assigned HA to the MN is, in this example, based on the local
* MIP-Home-Agent-Address = 2001:db8:1:c020::1 ASP policy.
Depending on the Diameter server configuration and user's Diameter
subscription profile, the Diameter server either accepts or NAS Server
rejects the proposal of locally allocated HA in the NAS/ASP. If | |
the Diameter server accepts the proposal then the MIP6-Feature- | Diameter-EAP-Request |
Vector AVP with LOCAL_HOME_AGENT_ASSIGNMENT bit set is returned | MIP6-Feature-Vector=(LOCAL_HOME_AGENT_ASSIGNMENT |
back to the NAS. On the other hand if the Diameter server does | | MIP6_INTEGRATED) |
not accept locally assigned HA, the Diameter returns the MIP6- | MIP6-Agent-Info{ |
Feature-Vector AVP with LOCAL_HOME_AGENT_ASSIGNMENT bit unset. | MIP-Home-Agent-Address(2001:db8:1:c020::1)} |
The Diameter server assigns a HA to the MN (e.g., | } |
2001:db8:6000::1) in the ASA/MSA/(MSP) and returns the IP address | Auth-Request-Type=AUTHORIZE_AUTHENTICATE |
back to the NAS/ASP. In a case the home Diameter server accepted | EAP-Payload(EAP Start) |
the NAS/ASP proposal of local HA the home Diameter server would |---------------------------------------------------------------->|
return, for example, the following AVPs: | |
| |
: ...more EAP Request/Response pairs... :
| |
| |
| Diameter-EAP-Answer |
| MIP6-Agent-Info{ |
| MIP-Home-Agent-Address(2001:db8:6000:302::1/64)} |
| MIP6-Feature-Vector=(LOCAL_HOME_AGENT_ASSIGNMENT |
| | MIP6_INTEGRATED) |
| Result-Code=DIAMETER_SUCCESS |
| EAP-Payload(EAP Success) |
| EAP-Master-Session-Key |
| (authorization AVPs) |
| ... |
|<----------------------------------------------------------------|
| |
o MIP6-Feature-Vector = 0x0000000000000003 Figure 5: Home Agent Assignment by NAS or Diameter Server
o MIP6-Agent-Info grouped AVP containing:
* MIP-Home-Agent-Address = 2001:db8:6000::1
3) The type-id field in the Home Network Identifier Option is set to If the Diameter server does not accept locally assigned HA, the
zero, indicating that a HA is requested in the ASP instead of in Diameter returns the MIP6-Feature-Vector AVP with
the MSP. Depending on the result of the phase 2) the DHCP relay LOCAL_HOME_AGENT_ASSIGNMENT bit unset and HA address it plans to
agent places in the OPTION_MIP6-RELAY-Option either the locally allocate for the MN.
allocated HA information or the HA information that was returned
(proposed) by home Diameter server. The selection of local or
home allocated HAs in based on the local policy in the ASP. It is
also possible that both local and home allocated HAs are available
for the MN. The policy and heuristics when to select the local HA
and when the home HA are outside of this specification.
6. AVP Occurrence Tables 6. AVP Occurrence Tables
6.1. AAR, AAA, DER and DEA Commands AVP Table 6.1. AAR, AAA, DER and DEA Commands AVP Table
The following table lists the additional MIPv6 bootstrapping NAS to The following table lists the additional MIPv6 bootstrapping NAS to
HAAA interface AVPs that may optionally be present in the AAR and AAA HAAA interface AVPs that may optionally be present in the AAR and AAA
Commands [4] or in the DER and DEA Commands [5]. Commands [4] or in the DER and DEA Commands [5].
+-----------------------+ +-----------------------+
| Command-Code | | Command-Code |
|-----+-----+-----+-----+ |-----+-----+-----+-----+
Attribute Name | AAR | AAA | DER | DEA | Attribute Name | AAR | AAA | DER | DEA |
-------------------------------|-----+-----|-----+-----+ -------------------------------|-----+-----|-----+-----+
MIP6-Agent-Info | 0+ | 0+ | 0+ | 0+ | MIP6-Agent-Info | 0+ | 0+ | 0+ | 0+ |
MIP6-Feature-Vector | 0-1 | 0-1 | 0-1 | 0-1 | MIP6-Feature-Vector | 0-1 | 0-1 | 0-1 | 0-1 |
+-----+-----+-----+-----+ +-----+-----+-----+-----+
Figure 5: AAR, AAA, DER and DEA Commands AVP Table Figure 6: AAR, AAA, DER and DEA Commands AVP Table
7. MIPv6 Bootstrapping NAS to HAAA Interface AVPs 7. MIPv6 Bootstrapping NAS to HAAA Interface AVPs
This section defines AVPs that are specific to Diameter MIPv6 This section defines AVPs that are specific to Diameter MIPv6
bootstrapping NAS to HAAA interface and MAY be included in the bootstrapping NAS to HAAA interface and MAY be included in the
Diameter EAP [5] and the NASREQ [4] application messages. The Diameter EAP [5] and the NASREQ [4] application messages. The
Diameter AVP rules are defined in the Diameter Base [3], Section 4. Diameter AVP rules are defined in the Diameter Base [3], Section 4.
These AVP rules are observed in AVPs defined in this section. These AVP rules are observed in AVPs defined in this section.
The following table describes the Diameter AVPs, their AVP Code The following table describes the Diameter AVPs, their AVP Code
values, types, possible flag values, and whether the AVP MAY be values, types, possible flag values, and whether the AVP MAY be
encrypted. The Diameter base [3] specifies the AVP Flag rules for encrypted. The Diameter base [3] specifies the AVP Flag rules for
AVPs in Section 4.5. AVPs in Section 4.5.
+---------------------+ +---------------------+
| AVP Flag rules | | AVP Flag rules |
+----+-----+----+-----+----+ +----+-----+----+-----+----+
AVP Section | | |SHLD|MUST | | AVP Section | | |SHLD|MUST | |
Attribute Name Code Defined Data Type |MUST| MAY |NOT |NOT |Encr| Attribute Name Code Defined Data Type |MUST| MAY |NOT |NOT |Encr|
------------------------------------------+----+-----+----+-----+----+ ------------------------------------------+----+-----+----+-----+----+
MIP6-Agent-Info TBD 4.7.1 Grouped | | P | | M,V | Y | MIP6-Agent-Info TBD 4.7.1 Grouped | | M,P | | V | Y |
MIP-Home-Agent- | | | | | | MIP-Home-Agent- | | | | | |
Address 334 4.7.2 Address | | P | | M,V | Y | Address 334 4.7.2 Address | | M,P | | V | Y |
MIP-Home-Agent- | | | | | | MIP-Home-Agent- | | | | | |
Host 348 4.7.3 Grouped | | P | | M,V | Y | Host 348 4.7.3 Grouped | | M,P | | V | Y |
MIP6-Feature- | | | | | | MIP6-Feature- | | | | | |
Vector TBD 4.7.4 Unsigned64 | | P | | M,V | Y | Vector TBD 4.7.4 Unsigned64 | | M,P | | V | Y |
------------------------------------------+----+-----+----+-----+----+ ------------------------------------------+----+-----+----+-----+----+
Figure 6: AVP Flag Rules Table Figure 7: AVP Flag Rules Table
8. IANA Considerations 8. IANA Considerations
8.1. Registration of new AVPs 8.1. Registration of new AVPs
This specification defines the following new AVPs: This specification defines the following new AVPs:
MIP6-Agent-Info is set to TBD MIP6-Agent-Info is set to TBD
MIP6-Feature-Vector is set to TBD MIP6-Feature-Vector is set to TBD
skipping to change at page 17, line 31 skipping to change at page 17, line 41
[5] Eronen, P., Hiller, T., and G. Zorn, "Diameter Extensible [5] Eronen, P., Hiller, T., and G. Zorn, "Diameter Extensible
Authentication Protocol (EAP) Application", RFC 4072, Authentication Protocol (EAP) Application", RFC 4072,
August 2005. August 2005.
[6] Calhoun, P., Johansson, T., Perkins, C., Hiller, T., and P. [6] Calhoun, P., Johansson, T., Perkins, C., Hiller, T., and P.
McCann, "Diameter Mobile IPv4 Application", RFC 4004, McCann, "Diameter Mobile IPv4 Application", RFC 4004,
August 2005. August 2005.
11.2. Informative References 11.2. Informative References
[7] Giaretta, G., "Mobile IPv6 bootstrapping in split scenario", [7] Giaretta, G., Kempf, J., and V. Devarapalli, "Mobile IPv6
draft-ietf-mip6-bootstrapping-split-05 (work in progress), Bootstrapping in Split Scenario", RFC 5026, October 2007.
May 2007.
[8] Patel, A. and G. Giaretta, "Problem Statement for bootstrapping [8] Patel, A. and G. Giaretta, "Problem Statement for bootstrapping
Mobile IPv6 (MIPv6)", RFC 4640, September 2006. Mobile IPv6 (MIPv6)", RFC 4640, September 2006.
[9] Giaretta, G., "AAA Goals for Mobile IPv6", [9] Giaretta, G., "AAA Goals for Mobile IPv6",
draft-ietf-mip6-aaa-ha-goals-03 (work in progress), draft-ietf-mip6-aaa-ha-goals-03 (work in progress),
September 2006. September 2006.
[10] Manner, J. and M. Kojo, "Mobility Related Terminology", [10] Manner, J. and M. Kojo, "Mobility Related Terminology",
RFC 3753, June 2004. RFC 3753, June 2004.
[11] Chowdhury, K. and A. Yegin, "MIP6-bootstrapping for the [11] Chowdhury, K. and A. Yegin, "MIP6-bootstrapping for the
Integrated Scenario", Integrated Scenario",
draft-ietf-mip6-bootstrapping-integrated-dhc-04 (work in draft-ietf-mip6-bootstrapping-integrated-dhc-05 (work in
progress), June 2007. progress), July 2007.
Authors' Addresses Authors' Addresses
Jouni Korhonen Jouni Korhonen (editor)
TeliaSonera TeliaSonera
Teollisuuskatu 13 Teollisuuskatu 13
Sonera FIN-00051 Sonera FIN-00051
Finland Finland
Email: jouni.korhonen@teliasonera.com Email: jouni.korhonen@teliasonera.com
Julien Bournelle Julien Bournelle
France Telecom R&D France Telecom R&D
38-4O rue du general Leclerc 38-4O rue du general Leclerc
 End of changes. 47 change blocks. 
183 lines changed or deleted 166 lines changed or added

This html diff was produced by rfcdiff 1.34. The latest version is available from http://tools.ietf.org/tools/rfcdiff/