draft-ietf-dime-mip6-split-14.txt   draft-ietf-dime-mip6-split-15.txt 
Diameter Maintenance and J. Korhonen, Ed. Diameter Maintenance and J. Korhonen, Ed.
Extensions (DIME) H. Tschofenig Extensions (DIME) H. Tschofenig
Internet-Draft Nokia Siemens Networks Internet-Draft Nokia Siemens Networks
Intended status: Standards Track J. Bournelle Intended status: Standards Track J. Bournelle
Expires: June 25, 2009 Orange Labs Expires: June 26, 2009 Orange Labs
G. Giaretta G. Giaretta
Qualcomm Qualcomm
M. Nakhjiri M. Nakhjiri
Motorola Motorola
December 22, 2008 December 23, 2008
Diameter Mobile IPv6: Support for Home Agent to Diameter Server Diameter Mobile IPv6: Support for Home Agent to Diameter Server
Interaction Interaction
draft-ietf-dime-mip6-split-14.txt draft-ietf-dime-mip6-split-15.txt
Status of this Memo Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
skipping to change at page 1, line 39 skipping to change at page 1, line 39
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on June 25, 2009. This Internet-Draft will expire on June 26, 2009.
Copyright Notice Copyright Notice
Copyright (c) 2008 IETF Trust and the persons identified as the Copyright (c) 2008 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. to this document.
Abstract Abstract
Mobile IPv6 deployments may want to bootstrap their operations Mobile IPv6 deployments may want to bootstrap their operations
dynamically based on an interaction between the Home Agent and the dynamically based on an interaction between the Home Agent and the
Diameter server of the Mobile Service Provider. This document Diameter server of the Mobile Service Provider (MSP). This document
specifies the interaction between a Mobile IP Home Agent and that specifies the interaction between a Mobile IP Home Agent and that
Diameter server. Diameter server.
Several different mechanisms for authenticating a Mobile Node are Several different mechanisms for authenticating a Mobile Node are
supported. The usage of the Internet Key Exchange v2 protocol allows supported. The usage of the Internet Key Exchange v2 (IKEv2)
different mechanisms, such as the Extensible Authentication Protocol, protocol allows different mechanisms, such as the Extensible
certificates and pre-shared secrets to be used. Furthermore, another Authentication Protocol (EAP), certificates and pre-shared secrets to
method makes use of the Mobile IPv6 Authentication Protocol. In be used. Furthermore, another method makes use of the Mobile IPv6
addition to authentication and authorization, the configuration of Authentication Protocol. In addition to authentication and
Mobile IPv6 specific parameters and accounting is specified in this authorization, the configuration of Mobile IPv6 specific parameters
document. and accounting is specified in this document.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 6 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 6
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 9 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 9
3. Application Identifiers . . . . . . . . . . . . . . . . . . . 10 3. Application Identifiers . . . . . . . . . . . . . . . . . . . 10
4. Protocol Description . . . . . . . . . . . . . . . . . . . . . 11 4. Protocol Description . . . . . . . . . . . . . . . . . . . . . 11
4.1. Support for Mobile IPv6 with IKEv2 and EAP . . . . . . . . 11 4.1. Support for Mobile IPv6 with IKEv2 and EAP . . . . . . . . 11
4.2. Support for the Mobile IPv6 Authentication Protocol . . . 14 4.2. Support for the Mobile IPv6 Authentication Protocol . . . 14
4.3. Mobile IPv6 Session Management . . . . . . . . . . . . . . 15 4.3. Mobile IPv6 Session Management . . . . . . . . . . . . . . 15
skipping to change at page 4, line 35 skipping to change at page 4, line 35
5.2. Command Codes for Mobile IPv6 Authentication Protocol 5.2. Command Codes for Mobile IPv6 Authentication Protocol
Support . . . . . . . . . . . . . . . . . . . . . . . . . 20 Support . . . . . . . . . . . . . . . . . . . . . . . . . 20
5.2.1. MIP6-Request . . . . . . . . . . . . . . . . . . . . . 21 5.2.1. MIP6-Request . . . . . . . . . . . . . . . . . . . . . 21
5.2.2. MIP6-Answer . . . . . . . . . . . . . . . . . . . . . 22 5.2.2. MIP6-Answer . . . . . . . . . . . . . . . . . . . . . 22
6. AVPs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 6. AVPs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
6.1. User-Name AVP . . . . . . . . . . . . . . . . . . . . . . 26 6.1. User-Name AVP . . . . . . . . . . . . . . . . . . . . . . 26
6.2. Service-Selection AVP . . . . . . . . . . . . . . . . . . 26 6.2. Service-Selection AVP . . . . . . . . . . . . . . . . . . 26
6.3. MIP-MN-AAA-SPI AVP . . . . . . . . . . . . . . . . . . . . 27 6.3. MIP-MN-AAA-SPI AVP . . . . . . . . . . . . . . . . . . . . 27
6.4. MIP-MN-HA-SPI AVP . . . . . . . . . . . . . . . . . . . . 27 6.4. MIP-MN-HA-SPI AVP . . . . . . . . . . . . . . . . . . . . 27
6.5. MIP-Mobile-Node-Address AVP . . . . . . . . . . . . . . . 27 6.5. MIP-Mobile-Node-Address AVP . . . . . . . . . . . . . . . 27
6.6. MIP6-Agent-Info AVP . . . . . . . . . . . . . . . . . . . 28 6.6. MIP6-Agent-Info AVP . . . . . . . . . . . . . . . . . . . 27
6.7. MIP-Careof-Address AVP . . . . . . . . . . . . . . . . . . 28 6.7. MIP-Careof-Address AVP . . . . . . . . . . . . . . . . . . 28
6.8. MIP-Authenticator AVP . . . . . . . . . . . . . . . . . . 28 6.8. MIP-Authenticator AVP . . . . . . . . . . . . . . . . . . 28
6.9. MIP-MAC-Mobility-Data AVP . . . . . . . . . . . . . . . . 28 6.9. MIP-MAC-Mobility-Data AVP . . . . . . . . . . . . . . . . 28
6.10. MIP-Session-Key AVP . . . . . . . . . . . . . . . . . . . 29 6.10. MIP-Session-Key AVP . . . . . . . . . . . . . . . . . . . 28
6.11. MIP-MSA-Lifetime AVP . . . . . . . . . . . . . . . . . . . 29 6.11. MIP-MSA-Lifetime AVP . . . . . . . . . . . . . . . . . . . 29
6.12. MIP-MN-HA-MSA AVP . . . . . . . . . . . . . . . . . . . . 29 6.12. MIP-MN-HA-MSA AVP . . . . . . . . . . . . . . . . . . . . 29
6.13. MIP-Algorithm-Type AVP . . . . . . . . . . . . . . . . . . 29 6.13. MIP-Algorithm-Type AVP . . . . . . . . . . . . . . . . . . 29
6.14. MIP-Replay-Mode AVP . . . . . . . . . . . . . . . . . . . 30 6.14. MIP-Replay-Mode AVP . . . . . . . . . . . . . . . . . . . 29
6.15. MIP6-Feature-Vector AVP . . . . . . . . . . . . . . . . . 30 6.15. MIP6-Feature-Vector AVP . . . . . . . . . . . . . . . . . 30
6.16. MIP-Timestamp AVP . . . . . . . . . . . . . . . . . . . . 30 6.16. MIP-Timestamp AVP . . . . . . . . . . . . . . . . . . . . 30
6.17. QoS-Capability AVP . . . . . . . . . . . . . . . . . . . . 30 6.17. QoS-Capability AVP . . . . . . . . . . . . . . . . . . . . 30
6.18. QoS-Resources AVP . . . . . . . . . . . . . . . . . . . . 30 6.18. QoS-Resources AVP . . . . . . . . . . . . . . . . . . . . 30
6.19. Chargeable-User-Identity AVP . . . . . . . . . . . . . . . 31 6.19. Chargeable-User-Identity AVP . . . . . . . . . . . . . . . 30
6.20. MIP6-Auth-Mode AVP . . . . . . . . . . . . . . . . . . . . 31 6.20. MIP6-Auth-Mode AVP . . . . . . . . . . . . . . . . . . . . 30
6.21. Accounting AVPs . . . . . . . . . . . . . . . . . . . . . 31 6.21. Accounting AVPs . . . . . . . . . . . . . . . . . . . . . 31
7. Result-Code AVP Values . . . . . . . . . . . . . . . . . . . . 33 7. Result-Code AVP Values . . . . . . . . . . . . . . . . . . . . 33
7.1. Success . . . . . . . . . . . . . . . . . . . . . . . . . 33 7.1. Success . . . . . . . . . . . . . . . . . . . . . . . . . 33
7.2. Permanent Failures . . . . . . . . . . . . . . . . . . . . 33 7.2. Permanent Failures . . . . . . . . . . . . . . . . . . . . 33
8. AVP Occurrence Tables . . . . . . . . . . . . . . . . . . . . 34 8. AVP Occurrence Tables . . . . . . . . . . . . . . . . . . . . 34
8.1. DER, DEA, MIR and MIA AVP/Command-Code Table . . . . . . . 34 8.1. DER, DEA, MIR and MIA AVP/Command-Code Table . . . . . . . 34
8.2. Coupled Accounting Model AVP Table . . . . . . . . . . . . 35 8.2. Coupled Accounting Model AVP Table . . . . . . . . . . . . 35
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 37 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 37
9.1. Command Codes . . . . . . . . . . . . . . . . . . . . . . 37 9.1. Command Codes . . . . . . . . . . . . . . . . . . . . . . 37
9.2. AVP Codes . . . . . . . . . . . . . . . . . . . . . . . . 37 9.2. AVP Codes . . . . . . . . . . . . . . . . . . . . . . . . 37
skipping to change at page 7, line 42 skipping to change at page 7, line 42
| Node |<-------------------->|Diameter Client| | Node |<-------------------->|Diameter Client|
+---------+ IKEv2 or RFC 4285 +---------------+ +---------+ IKEv2 or RFC 4285 +---------------+
Figure 1: Architecture Overview Figure 1: Architecture Overview
Mobile IPv6 signaling between the MN and the HA can be protected Mobile IPv6 signaling between the MN and the HA can be protected
using two different mechanisms, namely using IPsec or the using two different mechanisms, namely using IPsec or the
Authentication Protocol for Mobile IPv6 [RFC4285]. For these two Authentication Protocol for Mobile IPv6 [RFC4285]. For these two
approaches several different authentication and key exchange approaches several different authentication and key exchange
solutions are available. When IPsec is used to protect Mobile IPv6 solutions are available. When IPsec is used to protect Mobile IPv6
signaling messages, Internet Key Exchange v2 (IKEv2) is used signaling messages, IKEv2 is used [RFC4877] for the setup of the
[RFC4877] for the setup of the IPsec SAs. IKEv2 supports Extensible IPsecf SAs. IKEv2 supports EAP-based initiator authentication,
Authentication Protocol (EAP) based initiator authentication,
certificates and pre-shared secrets. Alternatively, the certificates and pre-shared secrets. Alternatively, the
Authentication Protocol for Mobile IPv6 uses a mechanism that is very Authentication Protocol for Mobile IPv6 uses a mechanism that is very
similar to the one used for protecting Mobile IPv4 signaling similar to the one used for protecting Mobile IPv4 signaling
messages. messages.
The ability to use different credentials and methods to authenticate The ability to use different credentials and methods to authenticate
the MN has an impact on the AAA interactions between the HA (acting the MN has an impact on the AAA interactions between the HA (acting
as a Diameter client) and the Diameter Server. This specification is as a Diameter client) and the Diameter Server. This specification is
only limited to the following MN authentication methods: only limited to the following MN authentication methods:
skipping to change at page 15, line 32 skipping to change at page 15, line 32
Figure 3: Mobile IPv6 Bootstrapping using the Mobile IPv6 Figure 3: Mobile IPv6 Bootstrapping using the Mobile IPv6
Authentication Protocol Authentication Protocol
4.3. Mobile IPv6 Session Management 4.3. Mobile IPv6 Session Management
The Diameter server may maintain state or may be stateless. This is The Diameter server may maintain state or may be stateless. This is
indicated in the Auth-Session-State AVP (or its absence). The HA indicated in the Auth-Session-State AVP (or its absence). The HA
MUST support the Authorization Session State Machine defined in MUST support the Authorization Session State Machine defined in
[RFC3588]. [RFC3588].
This specification makes an assumption that each SA created between This specification makes an assumption that the MN to the HA SA
the MN and the HA as a result of a successful IKEv2 negotiation or a created as a result of a successful the IKE SA negotiation or a
Mobile IPv6 Authentication Protocol exchange correspond to one Mobile IPv6 Authentication Protocol exchange correspond to one
Diameter session. Diameter session. Moreover, the following four commands may be
exchanged between the HA and the Diameter server.
4.3.1. Session-Termination-Request 4.3.1. Session-Termination-Request
The Session-Termination-Request (STR) message [RFC3588] is sent by The Session-Termination-Request (STR) message [RFC3588] is sent by
the HA to inform the Diameter server that an authorized session is the HA to inform the Diameter server that an authorized session is
being terminated. This means that the HA MUST terminate the being terminated. This means that the HA MUST terminate the
corresponding Mobile IPv6 binding and also terminate the corresponding Mobile IPv6 binding and also terminate the
corresponding SA. corresponding MN to the HA SA.
4.3.2. Session-Termination-Answer 4.3.2. Session-Termination-Answer
The Session-Termination-Answer (STA) message [RFC3588] is sent by the The Session-Termination-Answer (STA) message [RFC3588] is sent by the
Diameter server to acknowledge the notification that the session has Diameter server to acknowledge the notification that the session has
been terminated. been terminated.
4.3.3. Abort-Session-Request 4.3.3. Abort-Session-Request
The Abort-Session-Request (ASR) message [RFC3588] is sent by the The Abort-Session-Request (ASR) message [RFC3588] is sent by the
Diameter server to the HA to terminate the authorized session. This Diameter server to the HA to terminate the authorized session. This
fulfills one of the requirement described in fulfills one of the requirement described in
[I-D.ietf-mext-aaa-ha-goals]. When the HA receives the ASR message, [I-D.ietf-mext-aaa-ha-goals]. When the HA receives the ASR message,
it MUST terminate the corresponding SA. Subsequently, the HA MUST it MUST terminate the corresponding MN to the HA SA. Subsequently,
take further actions to terminate the corresponding Mobile IPv6 the HA MUST take further actions to terminate the corresponding
binding. Mobile IPv6 binding.
4.3.4. Abort-Session-Answer 4.3.4. Abort-Session-Answer
The Abort-Session-Answer (ASA) message [RFC3588] is sent by the Home The Abort-Session-Answer (ASA) message [RFC3588] is sent by the Home
Agent in response to an ASR message. Agent in response to an ASR message.
4.4. Accounting for Mobile IPv6 services 4.4. Accounting for Mobile IPv6 services
The HA MUST be able act as a Diameter client collecting accounting The HA MUST be able act as a Diameter client collecting accounting
records needed for service control and charging. The HA MUST support records needed for service control and charging. The HA MUST support
skipping to change at page 18, line 15 skipping to change at page 18, line 15
5. Command Codes 5. Command Codes
5.1. Command Code for Mobile IPv6 with IKEv2 and EAP 5.1. Command Code for Mobile IPv6 with IKEv2 and EAP
For the use of Mobile IPv6 with IKEv2 and EAP this document reuses For the use of Mobile IPv6 with IKEv2 and EAP this document reuses
the Diameter EAP application [RFC4072] commands: Diameter-EAP-Request the Diameter EAP application [RFC4072] commands: Diameter-EAP-Request
(DER) and Diameter-EAP-Answer (DEA). This specification extends the (DER) and Diameter-EAP-Answer (DEA). This specification extends the
existing DER and DEA command ABNFs with a number AVPs to support existing DER and DEA command ABNFs with a number AVPs to support
Mobile IPv6 split scenario bootstrapping. Other than new additional Mobile IPv6 split scenario bootstrapping. Other than new additional
AVPs and the corresponding additions to the command ABNFs, the AVPs and the corresponding additions to the command ABNFs, the
Diameter EAP application command ABNFs remain unchanged. The ABNF Diameter EAP application command ABNFs remain unchanged.
language is defined in [RFC3588].
Command-Name Abbrev. Code Reference Application Command-Name Abbrev. Code Reference Application
--------------------------------------------------------------------- ---------------------------------------------------------------------
Diameter-EAP-Request DER 268 RFC 4072 Diameter Mobile IPv6 IKE Diameter-EAP-Request DER 268 RFC 4072 Diameter Mobile IPv6 IKE
Diameter-EAP-Answer DEA 268 RFC 4072 Diameter Mobile IPv6 IKE Diameter-EAP-Answer DEA 268 RFC 4072 Diameter Mobile IPv6 IKE
Figure 4: Command Codes Figure 4: Command Codes
5.1.1. Diameter-EAP-Request 5.1.1. Diameter-EAP-Request
skipping to change at page 19, line 38 skipping to change at page 19, line 38
... ...
* [ AVP ] * [ AVP ]
Mobile IPv6 bootstrapping AVPs are only included in the first DER Mobile IPv6 bootstrapping AVPs are only included in the first DER
message send by the HA. The subsequent DER messages required by the message send by the HA. The subsequent DER messages required by the
EAP-method do not need to include any Mobile IPv6 bootstrapping AVPs. EAP-method do not need to include any Mobile IPv6 bootstrapping AVPs.
The MN is both authenticated and authorized for the mobility service The MN is both authenticated and authorized for the mobility service
during the EAP authentication. Thus, the Auth-Request-Type AVP MUST during the EAP authentication. Thus, the Auth-Request-Type AVP MUST
be set to the value AUTHORIZE_AUTHENTICATE. be set to the value AUTHORIZE_AUTHENTICATE.
It should be noted that the IKE SA created after a successful EAP-
based authentication and authorization is mapped to the created
Diameter session identifier. The lifetime of the MN to the HA SA
corresponds to the lifetime of the IKE SA lifetime. The lifetime of
the IKE SA and the MN to the HA SA might be longer than the Mobile
IPv6 binding lifetime.
5.1.2. Diameter-EAP-Answer 5.1.2. Diameter-EAP-Answer
The Diameter-EAP-Answer (DEA) message, indicated by the Command-Code The Diameter-EAP-Answer (DEA) message, indicated by the Command-Code
field set to 268 and 'R' bit cleared in the Command Flags field, is field set to 268 and 'R' bit cleared in the Command Flags field, is
sent in response to the Diameter-EAP-Request message (DER). The sent in response to the Diameter-EAP-Request message (DER). The
Application-Id field in the Diameter message header MUST be set to Application-Id field in the Diameter message header MUST be set to
the Diameter Mobile IPv6 IKE Application-Id (value of TBD). If the the Diameter Mobile IPv6 IKE Application-Id (value of TBD). If the
Mobile IPv6 authentication procedure was successful then the response Mobile IPv6 authentication procedure was successful then the response
MAY include any set of bootstrapping AVPs. MAY include any set of bootstrapping AVPs.
skipping to change at page 24, line 12 skipping to change at page 24, line 12
* [ Failed-AVP ] * [ Failed-AVP ]
* [ AVP ] * [ AVP ]
6. AVPs 6. AVPs
To provide support for RFC 4285 [RFC4285] and for RFC 4877 [RFC4877] To provide support for RFC 4285 [RFC4285] and for RFC 4877 [RFC4877]
the AVPs in the following subsections are needed. RFC 3588, RFC 4004 the AVPs in the following subsections are needed. RFC 3588, RFC 4004
and RFC 4005 [RFC4005] defined AVPs are reused whenever possible and RFC 4005 [RFC4005] defined AVPs are reused whenever possible
without changing the existing semantics of those AVPs. without changing the existing semantics of those AVPs.
+-------------------------+ +---------------------------+
| AVP Flag rules | | AVP Flag rules |
+----+----+----+-----+----+ +-----+-----+----+-----+----+
AVP Defined | | |SHLD| MUST|MAY | AVP Defined | | |SHLD| MUST|MAY |
Attribute Name Code in Value Type |MUST| MAY| NOT| NOT|Encr| Attribute Name Code in Value Type |MUST| MAY| NOT| NOT|Encr|
+-----------------------------------------+----+----+----+-----+----+ +-----------------------------------------+-----+-----+----+-----+----+
|MIP6-Feature- TBD Note 1 Unsigned64 | M | P | | V | Y | |MIP6-Feature- TBD Note 1 Unsigned64 | M | P | | V | Y |
| Vector | | | | | | | Vector | | | | | |
+-----------------------------------------+----+----+----+-----+----+ +-----------------------------------------+-----+-----+----+-----+----+
|MIP-Mobile- | M | P | | V | Y | |MIP-Mobile- | M | P | | V | Y |
| Node-Address 334 RFC4004 Address | | | | | | | Node-Address 334 RFC4004 Address | | | | | |
+-----------------------------------------+----+----+----+-----+----+ +-----------------------------------------+-----+-----+----+-----+----+
|MIP6-Agent-Info TBD Note 3 Grouped | M | P | | V | Y | |MIP6-Agent-Info TBD Note 3 Grouped | M | P | | V | Y |
+-----------------------------------------+----+----+----+-----+----+ +-----------------------------------------+-----+-----+----+-----+----+
|User-Name 1 RFC3588 UTF8String | M | P | | V | Y | |User-Name 1 RFC3588 UTF8String | M | P | | V | Y |
+-----------------------------------------+----+----+----+-----+----+ +-----------------------------------------+-----+-----+----+-----+----+
|Service- TBD 6.2 UTF8String | M | P | | V | Y | |Service- TBD 6.2 UTF8String | M | P | | V | Y |
| Selection | | | | | | | Selection | | | | | |
+-----------------------------------------+----+----+----+-----+----+ +-----------------------------------------+-----+-----+----+-----+----+
|QoS-Capability TBD Note 2 Grouped | M | P | | V | Y | |QoS-Capability TBD Note 2 Grouped | M | P | | V | Y |
+-----------------------------------------+----+----+----+-----+----+ +-----------------------------------------+-----+-----+----+-----+----+
|QoS-Resources TBD Note 2 Grouped | M | P | | V | Y | |QoS-Resources TBD Note 2 Grouped | M | P | | V | Y |
+-----------------------------------------+----+----+----+-----+----+ +-----------------------------------------+-----+-----+----+-----+----+
|MIP-MN-HA-MSA TBD 6.12 Grouped | M | P | | V | Y | |MIP-MN-HA-MSA TBD 6.12 Grouped | M | P | | V | Y |
+-----------------------------------------+----+----+----+-----+----+ +-----------------------------------------+-----+-----+----+-----+----+
|Chargeable-User- OctetString| M | P | | V | Y | |Chargeable-User- OctetString| M | P | | V | Y |
| Identity 89 6.19 | | | | | | | Identity 89 6.19 | | | | | |
+-----------------------------------------+----+----+----+-----+----+ +-----------------------------------------+-----+-----+----+-----+----+
AVPs for Mobile IPv6 IKE Application AVPs for Mobile IPv6 IKE Application
Note 1: The MIP6-Feature-Vector AVP is defined in Section 4.7.4 of Note 1: The MIP6-Feature-Vector AVP is defined in Section 4.7.4 of
[I-D.ietf-dime-mip6-integrated]. [I-D.ietf-dime-mip6-integrated].
Note 2: The QoS-Capability and the QoS-Resource AVPs are defined in Note 2: The QoS-Capability and the QoS-Resource AVPs are defined in
Sections 4.1 and 4.3 of [I-D.ietf-dime-qos-attributes]. Sections 4.1 and 4.3 of [I-D.ietf-dime-qos-attributes].
Note 3: The MIP6-Agent-Info AVP is defined in Section 4.5.1 of Note 3: The MIP6-Agent-Info AVP is defined in Section 4.5.1 of
[I-D.ietf-dime-mip6-integrated]. [I-D.ietf-dime-mip6-integrated].
+-------------------------+ +---------------------------+
| AVP Flag rules | | AVP Flag rules |
+----+----+----+-----+----+ +-----+-----+----+-----+----+
AVP Section | | |SHLD| MUST|MAY | AVP Section | | |SHLD| MUST|MAY |
Attribute Name Code Defined Value Type |MUST| MAY| NOT| NOT|Encr| Attribute Name Code Defined Value Type |MUST| MAY| NOT| NOT|Encr|
+-----------------------------------------+----+----+----+-----+----+ +-----------------------------------------+-----+-----+----+-----+----+
|MIP6-Feature- TBD Note 1 Unsigned64 | M | P | | V | Y | |MIP6-Feature- TBD Note 1 Unsigned64 | M | P | | V | Y |
| Vector | | | | | | | Vector | | | | | |
+-----------------------------------------+----+----+----+-----+----+ +-----------------------------------------+-----+-----+----+-----+----+
|User-Name 1 RFC3588 UTF8String | M | P | | V | Y | |User-Name 1 RFC3588 UTF8String | M | P | | V | Y |
+-----------------------------------------+----+----+----+-----+----+ +-----------------------------------------+-----+-----+----+-----+----+
|Service- TBD 6.2 UTF8String | M | P | | V | Y | |Service- TBD 6.2 UTF8String | M | P | | V | Y |
| Selection | | | | | | | Selection | | | | | |
+-----------------------------------------+----+----+----+-----+----+ +-----------------------------------------+-----+-----+----+-----+----+
|MIP-MN-AAA-SPI 341 RFC4004 Unsigned32 | M | P | | V | Y | |MIP-MN-AAA-SPI 341 RFC4004 Unsigned32 | M | P | | V | Y |
+-----------------------------------------+----+----+----+-----+----+ +-----------------------------------------+-----+-----+----+-----+----+
|MIP-MN-HA-SPI TBD 6.4 Unsigned32 | M | P | | V | Y | |MIP-MN-HA-SPI TBD 6.4 Unsigned32 | M | P | | V | Y |
+-----------------------------------------+----+----+----+-----+----+ +-----------------------------------------+-----+-----+----+-----+----+
|MIP-Mobile- 333 RFC4004 Address | M | P | | V | Y | |MIP-Mobile- 333 RFC4004 Address | M | P | | V | Y |
| Node-Address | | | | | | | Node-Address | | | | | |
+-----------------------------------------+----+----+----+-----+----+ +-----------------------------------------+-----+-----+----+-----+----+
|MIP6-Agent-Info TBD Note 3 Grouped | M | P | | V | Y | |MIP6-Agent-Info TBD Note 3 Grouped | M | P | | V | Y |
+-----------------------------------------+----+----+----+-----+----+ +-----------------------------------------+-----+-----+----+-----+----+
|MIP-Careof- TBD 6.7 Address | M | P | | V | Y | |MIP-Careof- TBD 6.7 Address | M | P | | V | Y |
| Address | | | | | | | Address | | | | | |
+-----------------------------------------+----+----+----+-----+----+ +-----------------------------------------+-----+-----+----+-----+----+
|MIP- TBD 6.8 OctetString| M | P | | V | Y | |MIP- TBD 6.8 OctetString| M | P | | V | Y |
| Authenticator | | | | | | | Authenticator | | | | | |
+-----------------------------------------+----+----+----+-----+----+ +-----------------------------------------+-----+-----+----+-----+----+
|MIP-MAC- TBD 6.9 OctetString| M | P | | V | Y | |MIP-MAC- TBD 6.9 OctetString| M | P | | V | Y |
| Mobility-Data | | | | | | | Mobility-Data | | | | | |
+-----------------------------------------+----+----+----+-----+----+ +-----------------------------------------+-----+-----+----+-----+----+
|MIP-Session-Key 343 6.10 OctetString| M | P | | V | Y | |MIP-Session-Key 343 6.10 OctetString| M | P | | V | Y |
+-----------------------------------------+----+----+----+-----+----+ +-----------------------------------------+-----+-----+----+-----+----+
|MIP-MSA- 367 RFC4004 Unsigned32 | M | P | | V | Y | |MIP-MSA- 367 RFC4004 Unsigned32 | M | P | | V | Y |
| Lifetime | | | | | | | Lifetime | | | | | |
+-----------------------------------------+----+----+----+-----+----+ +-----------------------------------------+-----+-----+----+-----+----+
|MIP-MN-HA-MSA TBD 6.12 Grouped | M | P | | V | Y | |MIP-MN-HA-MSA TBD 6.12 Grouped | M | P | | V | Y |
+-----------------------------------------+----+----+----+-----+----+ +-----------------------------------------+-----+-----+----+-----+----+
|MIP-Algorithm- 345 6.13 Enumerated | M | P | | V | Y | |MIP-Algorithm- 345 6.13 Enumerated | M | P | | V | Y |
| Type | | | | | | | Type | | | | | |
+-----------------------------------------+----+----+----+-----+----+ +-----------------------------------------+-----+-----+----+-----+----+
|MIP-Replay-Mode 346 6.14 Enumerated | M | P | | V | Y | |MIP-Replay-Mode 346 6.14 Enumerated | M | P | | V | Y |
+-----------------------------------------+----+----+----+-----+----+ +-----------------------------------------+-----+-----+----+-----+----+
|MIP-Timestamp TBD 6.16 Time | M | P | | V | Y | |MIP-Timestamp TBD 6.16 Time | M | P | | V | Y |
+-----------------------------------------+----+----+----+-----+----+ +-----------------------------------------+-----+-----+----+-----+----+
|QoS-Capability TBD Note 2 Grouped | M | P | | M | Y | |QoS-Capability TBD Note 2 Grouped | M | P | | M | Y |
+-----------------------------------------+----+----+----+-----+----+ +-----------------------------------------+-----+-----+----+-----+----+
|QoS-Resources TBD Note 2 Grouped | M | P | | V | Y | |QoS-Resources TBD Note 2 Grouped | M | P | | V | Y |
+-----------------------------------------+----+----+----+-----+----+ +-----------------------------------------+-----+-----+----+-----+----+
|Chargeable-User- OctetString| M | P | | V | Y | |Chargeable-User- OctetString| M | P | | V | Y |
| Identity 89 6.19 | | | | | | | Identity 89 6.19 | | | | | |
+-----------------------------------------+----+----+----+-----+----+ +-----------------------------------------+-----+-----+----+-----+----+
|MIP6-Auth-Mode TBD 6.20 Enumerated | M | P | | V | Y | |MIP6-Auth-Mode TBD 6.20 Enumerated | M | P | | V | Y |
+-----------------------------------------+----+----+----+-----+----+ +-----------------------------------------+-----+-----+----+-----+----+
|Rest of the AVPs RFC3588 | M | P | | V | Y | |Rest of the AVPs RFC3588 | M | P | | V | Y |
|in the MIR & MIA RFC4005 | | | | | | |in the MIR & MIA RFC4005 | | | | | |
|excluding *[AVP] | | | | | | |excluding *[AVP] | | | | | |
+-----------------------------------------+----+----+----+-----+----+ +-----------------------------------------+-----+-----+----+-----+----+
AVPs for the Mobile IPv6 Auth Application AVPs for the Mobile IPv6 Auth Application
Note 1: The MIP6-Feature-Vector AVP is defined in Section 4.7.4 of Note 1: The MIP6-Feature-Vector AVP is defined in Section 4.7.4 of
[I-D.ietf-dime-mip6-integrated]. [I-D.ietf-dime-mip6-integrated].
Note 2: The QoS-Capability and the QoS-Resource AVPs are defined in Note 2: The QoS-Capability and the QoS-Resource AVPs are defined in
Sections 4.1 and 4.3 of [I-D.ietf-dime-qos-attributes]. Sections 4.1 and 4.3 of [I-D.ietf-dime-qos-attributes].
Note 3: The MIP6-Agent-Info AVP is defined in Section 4.5.1 of Note 3: The MIP6-Agent-Info AVP is defined in Section 4.5.1 of
skipping to change at page 26, line 51 skipping to change at page 26, line 51
available in the IKE_AUTH message sent by the IKE initiator. available in the IKE_AUTH message sent by the IKE initiator.
Alternatively, if the Mobile IPv6 Authentication Protocol is used, Alternatively, if the Mobile IPv6 Authentication Protocol is used,
then the Service-Selection AVP contains the string extracted from the then the Service-Selection AVP contains the string extracted from the
Service Selection Mobility Option [RFC5149], if available in the Service Selection Mobility Option [RFC5149], if available in the
received BU. Future specification may define additional ways to received BU. Future specification may define additional ways to
populate the Service-Selection AVP with the required information. populate the Service-Selection AVP with the required information.
The AVP is also available to be used in messages sent from the The AVP is also available to be used in messages sent from the
Diameter server to the Diameter client. For example, if the request Diameter server to the Diameter client. For example, if the request
message did not contain the Service-Selection AVP but the MN was message did not contain the Service-Selection AVP but the MN was
assigned with a default service, the Diameter server MAY return the assigned a default service, the Diameter server MAY return the name
name of the assigned default service to the HA. of the assigned default service to the HA. If the Service-Selection
AVP is present in both the request and the reply messages, it SHOULD
If the Service-Selection AVP is present in both the request and the contain the same service name.
reply messages, it SHOULD contain the same service name. If the
services differ, the HA MAY treat that as authorization failure.
6.3. MIP-MN-AAA-SPI AVP 6.3. MIP-MN-AAA-SPI AVP
The MIP-MN-AAA-SPI AVP (AVP Code 341) is of type Unsigned32 and The MIP-MN-AAA-SPI AVP (AVP Code 341) is of type Unsigned32 and
contains an SPI code extracted from the Mobility Message contains an SPI code extracted from the Mobility Message
Authentication Option included in the received BU message. The HA Authentication Option included in the received BU message. The HA
includes this AVP in the MIR message when the MN-AAA Mobility Message includes this AVP in the MIR message when the MN-AAA Mobility Message
Authentication Option is available in the received BU (and the MIP6- Authentication Option is available in the received BU (and the MIP6-
Auth-Mode AVP is set to value MIP6_AUTH_MN_AAA). Auth-Mode AVP is set to value MIP6_AUTH_MN_AAA).
skipping to change at page 31, line 15 skipping to change at page 31, line 4
6.19. Chargeable-User-Identity AVP 6.19. Chargeable-User-Identity AVP
The Chargeable-User-Identity AVP (AVP code 89) is of type OctetString The Chargeable-User-Identity AVP (AVP code 89) is of type OctetString
and contains an unique temporary handle of the user. The Chargeable- and contains an unique temporary handle of the user. The Chargeable-
User-Identity is defined in RFC 4372 [RFC4372]. User-Identity is defined in RFC 4372 [RFC4372].
6.20. MIP6-Auth-Mode AVP 6.20. MIP6-Auth-Mode AVP
The MIP6-Auth-Mode (AVP Code TBD) is of type Enumerated and contains The MIP6-Auth-Mode (AVP Code TBD) is of type Enumerated and contains
information of the used Mobile IPv6 Authentication Protocol mode. information of the used Mobile IPv6 Authentication Protocol mode.
This specification defines only one value MIP6_AUTH_MN_AAA and the This specification defines only one value MIP6_AUTH_MN_AAA and the
corresponding AAA interactions when MN-AAA security association is corresponding AAA interactions when MN-AAA security association is
used to authenticate the Binding Update. When the MIP6-Auth_Mode AVP used to authenticate the Binding Update. When the MIP6-Auth_Mode AVP
is set to the value of MIP6_AUTH_MN_AAA, the Auth-Request-Type AVP is set to the value of MIP6_AUTH_MN_AAA, the Auth-Request-Type AVP
MUST be set to the value of AUTHORIZE_AUTHENTICATE. MUST be set to the value of AUTHORIZE_AUTHENTICATE.
If the Diameter server does not support the Mobile IPv6 If the Diameter server does not support the Mobile IPv6
Authentication Protocol usage mode proposed by the HA, then the Authentication Protocol usege mode proposed by the HA, then the
Diameter server MUST fail the authentication/authorization and MUST Diameter server MUST fail the authentication/authorization and MUST
set the Result-Code AVP to the value of DIAMETER_ERROR_AUTH_MODE. set the Result-Code AVP to the value of DIAMETER_ERROR_AUTH_MODE.
6.21. Accounting AVPs 6.21. Accounting AVPs
Diameter Mobile IPv6 applications, either MIP6I or MIP6A, are used in Diameter Mobile IPv6 applications, either MIP6I or MIP6A, are used in
the case of the coupled account model. Diameter Mobile IPv4 the case of the coupled account model. Diameter Mobile IPv4
application [RFC4004] accounting AVPs are reused in this document. application [RFC4004] accounting AVPs are reused in this document.
The following AVPs SHOULD be included in the accounting request The following AVPs SHOULD be included in the accounting request
message: message:
skipping to change at page 41, line 43 skipping to change at page 41, line 43
August 2005. August 2005.
[RFC4005] Calhoun, P., Zorn, G., Spence, D., and D. Mitton, [RFC4005] Calhoun, P., Zorn, G., Spence, D., and D. Mitton,
"Diameter Network Access Server Application", RFC 4005, "Diameter Network Access Server Application", RFC 4005,
August 2005. August 2005.
[RFC4072] Eronen, P., Hiller, T., and G. Zorn, "Diameter Extensible [RFC4072] Eronen, P., Hiller, T., and G. Zorn, "Diameter Extensible
Authentication Protocol (EAP) Application", RFC 4072, Authentication Protocol (EAP) Application", RFC 4072,
August 2005. August 2005.
[RFC4283] Patel, A., Leung, K., Khalil, M., Akhtar, H., and K.
Chowdhury, "Mobile Node Identifier Option for Mobile IPv6
(MIPv6)", RFC 4283, November 2005.
[RFC4285] Patel, A., Leung, K., Khalil, M., Akhtar, H., and K.
Chowdhury, "Authentication Protocol for Mobile IPv6",
RFC 4285, January 2006.
[RFC4306] Kaufman, C., "Internet Key Exchange (IKEv2) Protocol", [RFC4306] Kaufman, C., "Internet Key Exchange (IKEv2) Protocol",
RFC 4306, December 2005. RFC 4306, December 2005.
[RFC4372] Adrangi, F., Lior, A., Korhonen, J., and J. Loughney, [RFC4372] Adrangi, F., Lior, A., Korhonen, J., and J. Loughney,
"Chargeable User Identity", RFC 4372, January 2006. "Chargeable User Identity", RFC 4372, January 2006.
[RFC4877] Devarapalli, V. and F. Dupont, "Mobile IPv6 Operation with [RFC4877] Devarapalli, V. and F. Dupont, "Mobile IPv6 Operation with
IKEv2 and the Revised IPsec Architecture", RFC 4877, IKEv2 and the Revised IPsec Architecture", RFC 4877,
April 2007. April 2007.
skipping to change at page 42, line 31 skipping to change at page 42, line 38
Giaretta, G., Guardini, I., Demaria, E., Bournelle, J., Giaretta, G., Guardini, I., Demaria, E., Bournelle, J.,
and R. Lopez, "AAA Goals for Mobile IPv6", and R. Lopez, "AAA Goals for Mobile IPv6",
draft-ietf-mext-aaa-ha-goals-01 (work in progress), draft-ietf-mext-aaa-ha-goals-01 (work in progress),
May 2008. May 2008.
[I-D.ietf-mext-nemo-v4traversal] [I-D.ietf-mext-nemo-v4traversal]
Soliman, H., "Mobile IPv6 Support for Dual Stack Hosts and Soliman, H., "Mobile IPv6 Support for Dual Stack Hosts and
Routers (DSMIPv6)", draft-ietf-mext-nemo-v4traversal-07 Routers (DSMIPv6)", draft-ietf-mext-nemo-v4traversal-07
(work in progress), December 2008. (work in progress), December 2008.
[RFC4283] Patel, A., Leung, K., Khalil, M., Akhtar, H., and K.
Chowdhury, "Mobile Node Identifier Option for Mobile IPv6
(MIPv6)", RFC 4283, November 2005.
[RFC4285] Patel, A., Leung, K., Khalil, M., Akhtar, H., and K.
Chowdhury, "Authentication Protocol for Mobile IPv6",
RFC 4285, January 2006.
[RFC4640] Patel, A. and G. Giaretta, "Problem Statement for [RFC4640] Patel, A. and G. Giaretta, "Problem Statement for
bootstrapping Mobile IPv6 (MIPv6)", RFC 4640, bootstrapping Mobile IPv6 (MIPv6)", RFC 4640,
September 2006. September 2006.
[RFC5149] Korhonen, J., Nilsson, U., and V. Devarapalli, "Service [RFC5149] Korhonen, J., Nilsson, U., and V. Devarapalli, "Service
Selection for Mobile IPv6", RFC 5149, February 2008. Selection for Mobile IPv6", RFC 5149, February 2008.
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", BCP 26, RFC 5226, IANA Considerations Section in RFCs", BCP 26, RFC 5226,
May 2008. May 2008.
 End of changes. 58 change blocks. 
80 lines changed or deleted 85 lines changed or added

This html diff was produced by rfcdiff 1.35. The latest version is available from http://tools.ietf.org/tools/rfcdiff/