| draft-ietf-dime-pmip6-02.txt | draft-ietf-dime-pmip6-03.txt | |||
|---|---|---|---|---|
| Diameter Maintenance and J. Korhonen, Ed. | Diameter Maintenance and J. Korhonen, Ed. | |||
| Extensions (DIME) Nokia Siemens Network | Extensions (DIME) Nokia Siemens Network | |||
| Internet-Draft J. Bournelle | Internet-Draft J. Bournelle | |||
| Intended status: Standards Track Orange Labs | Intended status: Standards Track Orange Labs | |||
| Expires: October 18, 2009 K. Chowdhury | Expires: February 25, 2010 K. Chowdhury | |||
| Starent Networks | Starent Networks | |||
| A. Muhanna | A. Muhanna | |||
| Nortel | Nortel | |||
| U. Meyer | U. Meyer | |||
| RWTH Aachen | RWTH Aachen | |||
| April 16, 2009 | August 24, 2009 | |||
| Diameter Proxy Mobile IPv6: Mobile Access Gateway and Local Mobility | Diameter Proxy Mobile IPv6: Mobile Access Gateway and Local Mobility | |||
| Anchor Interaction with Diameter Server | Anchor Interaction with Diameter Server | |||
| draft-ietf-dime-pmip6-02.txt | draft-ietf-dime-pmip6-03.txt | |||
| Status of this Memo | Status of this Memo | |||
| This Internet-Draft is submitted to IETF in full conformance with the | This Internet-Draft is submitted to IETF in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF), its areas, and its working groups. Note that | |||
| other groups may also distribute working documents as Internet- | other groups may also distribute working documents as Internet- | |||
| Drafts. | Drafts. | |||
| skipping to change at page 1, line 40 | skipping to change at page 1, line 40 | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| The list of current Internet-Drafts can be accessed at | The list of current Internet-Drafts can be accessed at | |||
| http://www.ietf.org/ietf/1id-abstracts.txt. | http://www.ietf.org/ietf/1id-abstracts.txt. | |||
| The list of Internet-Draft Shadow Directories can be accessed at | The list of Internet-Draft Shadow Directories can be accessed at | |||
| http://www.ietf.org/shadow.html. | http://www.ietf.org/shadow.html. | |||
| This Internet-Draft will expire on October 18, 2009. | This Internet-Draft will expire on February 25, 2010. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2009 IETF Trust and the persons identified as the | Copyright (c) 2009 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents in effect on the date of | Provisions Relating to IETF Documents in effect on the date of | |||
| publication of this document (http://trustee.ietf.org/license-info). | publication of this document (http://trustee.ietf.org/license-info). | |||
| Please review these documents carefully, as they describe your rights | Please review these documents carefully, as they describe your rights | |||
| and restrictions with respect to this document. | and restrictions with respect to this document. | |||
| Abstract | Abstract | |||
| This specification defines the Diameter support for the Proxy Mobile | This specification defines Authentication, Authorization, and | |||
| IPv6 and the corresponding mobility service session setup. The | Accounting interactions between Proxy Mobile IPv6 entities (both | |||
| policy information needed by the Proxy Mobile IPv6 is defined in | Mobile Access Gateway and Local Mobility Anchor) and an | |||
| mobile node's policy profile, which could be downloaded from the | Authentication, Authorization, and Accounting server within a Proxy | |||
| Diameter server to the Mobile Access Gateway once the mobile node | Mobile IPv6 Domain. These Authentication, Authorization, and | |||
| attaches to a Proxy Mobile IPv6 Domain and performs access | Accounting interactions are primarily used to download and update | |||
| authentication. During the binding update exchange between the | mobile node specific policy profile information between Proxy Mobile | |||
| Mobile Access Gateway and the Local Mobility Anchor, the Local | IPv6 entities and a remote policy store. | |||
| Mobility Anchor can interact with the Diameter server in order to | ||||
| update the remote policy store with the mobility session related | ||||
| information. | ||||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 2. Terminology and Abbreviations . . . . . . . . . . . . . . . . 4 | 2. Terminology and Abbreviations . . . . . . . . . . . . . . . . 4 | |||
| 3. Solution Overview . . . . . . . . . . . . . . . . . . . . . . 5 | 3. Solution Overview . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 4. Attribute Value Pair Definitions . . . . . . . . . . . . . . . 7 | 4. Generic Application Support and Command Codes . . . . . . . . 7 | |||
| 4.1. MIP6-Agent-Info AVP . . . . . . . . . . . . . . . . . . . 7 | 4.1. MAG-to-HAAA Interface . . . . . . . . . . . . . . . . . . 7 | |||
| 4.2. PMIP6-IPv4-Home-Address AVP . . . . . . . . . . . . . . . 7 | 4.2. LMA-to-HAAA Interface . . . . . . . . . . . . . . . . . . 7 | |||
| 4.3. MIP6-Home-Link-Prefix AVP . . . . . . . . . . . . . . . . 8 | 5. Attribute Value Pair Definitions . . . . . . . . . . . . . . . 8 | |||
| 4.4. PMIP6-DHCP-Server-Address AVP . . . . . . . . . . . . . . 8 | 5.1. MIP6-Agent-Info AVP . . . . . . . . . . . . . . . . . . . 8 | |||
| 4.5. MIP6-Feature-Vector AVP . . . . . . . . . . . . . . . . . 8 | 5.2. PMIP6-IPv4-Home-Address AVP . . . . . . . . . . . . . . . 9 | |||
| 4.6. Mobile-Node-Identifier AVP . . . . . . . . . . . . . . . . 9 | 5.3. MIP6-Home-Link-Prefix AVP . . . . . . . . . . . . . . . . 9 | |||
| 4.7. Calling-Station-Id AVP . . . . . . . . . . . . . . . . . . 9 | 5.4. PMIP6-DHCP-Server-Address AVP . . . . . . . . . . . . . . 10 | |||
| 4.8. Service-Selection AVP . . . . . . . . . . . . . . . . . . 10 | 5.5. MIP6-Feature-Vector AVP . . . . . . . . . . . . . . . . . 10 | |||
| 4.9. Service-Configuration AVP . . . . . . . . . . . . . . . . 10 | 5.6. Mobile-Node-Identifier AVP . . . . . . . . . . . . . . . . 11 | |||
| 5. Application Support and Command Codes . . . . . . . . . . . . 11 | 5.7. Calling-Station-Id AVP . . . . . . . . . . . . . . . . . . 11 | |||
| 5.1. MAG-to-HAAA Interface . . . . . . . . . . . . . . . . . . 11 | 5.8. Service-Selection AVP . . . . . . . . . . . . . . . . . . 11 | |||
| 5.2. LMA-to-HAAA Interface . . . . . . . . . . . . . . . . . . 11 | 5.9. Service-Configuration AVP . . . . . . . . . . . . . . . . 12 | |||
| 5.2.1. Authorization of the Proxy Binding Update . . . . . . 12 | ||||
| 6. Proxy Mobile IPv6 Session Management . . . . . . . . . . . . . 12 | 6. Proxy Mobile IPv6 Session Management . . . . . . . . . . . . . 12 | |||
| 6.1. Session-Termination-Request . . . . . . . . . . . . . . . 13 | 6.1. Session-Termination-Request . . . . . . . . . . . . . . . 13 | |||
| 6.2. Session-Termination-Answer . . . . . . . . . . . . . . . . 13 | 6.2. Session-Termination-Answer . . . . . . . . . . . . . . . . 13 | |||
| 6.3. Abort-Session-Request . . . . . . . . . . . . . . . . . . 13 | 6.3. Abort-Session-Request . . . . . . . . . . . . . . . . . . 13 | |||
| 6.4. Abort-Session-Answer . . . . . . . . . . . . . . . . . . . 13 | 6.4. Abort-Session-Answer . . . . . . . . . . . . . . . . . . . 13 | |||
| 7. Attribute Value Pair Occurrence Tables . . . . . . . . . . . . 13 | 7. Attribute Value Pair Occurrence Tables . . . . . . . . . . . . 13 | |||
| 7.1. MAG-to-HAAA Interface . . . . . . . . . . . . . . . . . . 14 | 7.1. MAG-to-HAAA Interface . . . . . . . . . . . . . . . . . . 14 | |||
| 7.2. LMA-to-HAAA Interface . . . . . . . . . . . . . . . . . . 14 | 7.2. LMA-to-HAAA Interface . . . . . . . . . . . . . . . . . . 14 | |||
| 8. Example Signaling Flows . . . . . . . . . . . . . . . . . . . 14 | 8. Example Signaling Flows . . . . . . . . . . . . . . . . . . . 14 | |||
| 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 16 | 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 16 | |||
| 9.1. Attribute Value Pair Codes . . . . . . . . . . . . . . . . 16 | 9.1. Attribute Value Pair Codes . . . . . . . . . . . . . . . . 16 | |||
| 9.2. Namespaces . . . . . . . . . . . . . . . . . . . . . . . . 16 | 9.2. Namespaces . . . . . . . . . . . . . . . . . . . . . . . . 17 | |||
| 9.3. Result-Code AVP Values . . . . . . . . . . . . . . . . . . 16 | 9.3. Result-Code AVP Values . . . . . . . . . . . . . . . . . . 17 | |||
| 10. Security Considerations . . . . . . . . . . . . . . . . . . . 16 | 10. Security Considerations . . . . . . . . . . . . . . . . . . . 17 | |||
| 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 17 | 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 17 | |||
| 12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 17 | 12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 17 | |||
| 12.1. Normative References . . . . . . . . . . . . . . . . . . . 17 | 12.1. Normative References . . . . . . . . . . . . . . . . . . . 17 | |||
| 12.2. Informative References . . . . . . . . . . . . . . . . . . 17 | 12.2. Informative References . . . . . . . . . . . . . . . . . . 18 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 18 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 19 | |||
| 1. Introduction | 1. Introduction | |||
| In the Proxy Mobile IPv6 (PMIPv6) protocol [RFC5213] and IPv4 support | This specification defines Authentication, Authorization, and | |||
| for Proxy Mobile IPv6 [I-D.ietf-netlmm-pmip6-ipv4-support] a Mobile | Accounting (AAA) interactions between a Mobile Access Gateway (MAG) | |||
| Access Gateway (MAG) performs a proxy registration with a Local | and an AAA server, and between a Local Mobility Anchor (LMA) and an | |||
| Mobility Anchor (LMA) on behalf of the mobile node (MN). In order to | AAA server within a Proxy Mobile IPv6 (PMIPv6) Domain [RFC5213]. | |||
| perform the proxy registration the MAG needs the IP address of the | These AAA interactions are primarily used to download and update | |||
| LMA, possibly MN's Home Network Prefix(es) (MN-HNP), MN's IPv4 home | mobile node (MN) specific policy profile information between PMIPv6 | |||
| address (IPv4-MN-HoA), DHCP server address and other PMIPv6 specific | entities (a MAG and a LMA) and a remote policy store. | |||
| information such as the allowed address configuration modes and | ||||
| roaming related policies. All this information is defined in MN's | ||||
| policy profile that gets downloaded from the Diameter server to the | ||||
| MAG once the MN attaches to the MAG's Proxy Mobile IPv6 Domain | ||||
| (PMIPv6 Domain) and performs the access authentication. | ||||
| Dynamic assignment and downloading of PMIPv6 policy profile | Dynamic assignment and downloading of MN's policy profile information | |||
| information is a desirable feature to ease the deployment and network | to a MAG from a remote policy store is a desirable feature to ease | |||
| maintenance of larger PMIPv6 deployments. For this purpose, the | the deployment and network maintenance of larger PMIPv6 domains. For | |||
| Authentication, Authorization, and Accounting (AAA) infrastructure, | this purpose, the same AAA infrastructure that is used for | |||
| which is used for access authentication, can be leveraged to assign | authenticating and authorizing the MN for a network access, can be | |||
| some or all of the necessary parameters. The Diameter server in the | leveraged to download some or all of the necessary policy profile | |||
| Mobility Service authorizer's (MSA) network may return these | information to the MAG. | |||
| parameters to the Network Access Server (NAS). | ||||
| Once the MN authenticates to the network the MAG sends a Proxy | Once the network has authenticated the MN, the MAG sends a Proxy | |||
| Binding Update (PBU) towards the LMA on behalf of the MN. When the | Binding Update (PBU) to the LMA in order to setup a mobility session | |||
| LMA receives the PBU, the LMA may need to update the remote policy | on behalf of the MN. When the LMA receives the PBU, the LMA may need | |||
| store located in the MSA with the MN's mobility session related | to authorize the received PBU against the AAA infrastructure. The | |||
| information. | same AAA infrastructure that can be used for the authorization of the | |||
| PBU, is also used to update the remote policy store with the LMA | ||||
| provided MN specific mobility session related information. | ||||
| This specification defines the Diameter support for PMIPv6. In the | In the context of this specification the home AAA server (HAAA) | |||
| context of this specification the location of the subscriber policy | functionality is co-located with the remote policy store. The NAS | |||
| profile equals to the home Diameter server, which is also referred as | functionality may be co-located with the MAG function in the network | |||
| the home AAA server (HAAA). The NAS functionality of the MAG may be | access router. Diameter [RFC3588] is the used AAA protocol. | |||
| co-located or an integral part of the MAG. | ||||
| 2. Terminology and Abbreviations | 2. Terminology and Abbreviations | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | |||
| document are to be interpreted as described in RFC2119 [RFC2119]. | document are to be interpreted as described in RFC2119 [RFC2119]. | |||
| The general terminology used in this document can be found in | The general terminology used in this document can be found in | |||
| [RFC5213] and [I-D.ietf-netlmm-pmip6-ipv4-support]. The following | [RFC5213] and [I-D.ietf-netlmm-pmip6-ipv4-support]. The following | |||
| additional or clarified terms are also used in this document: | additional or clarified terms are also used in this document: | |||
| skipping to change at page 5, line 27 | skipping to change at page 5, line 21 | |||
| 3. Solution Overview | 3. Solution Overview | |||
| This document addresses the AAA interactions and AAA-based session | This document addresses the AAA interactions and AAA-based session | |||
| management functionality needed in the PMIPv6 Domain. This document | management functionality needed in the PMIPv6 Domain. This document | |||
| defines Diameter based AAA interactions between the MAG and the HAAA, | defines Diameter based AAA interactions between the MAG and the HAAA, | |||
| and between the LMA and the HAAA. | and between the LMA and the HAAA. | |||
| The policy profile is downloaded from the HAAA to the MAG during the | The policy profile is downloaded from the HAAA to the MAG during the | |||
| MN attachment to the PMIPv6 Domain. Figure 1 shows the participating | MN attachment to the PMIPv6 Domain. Figure 1 shows the participating | |||
| network entities. This document, however, concentrates on the MAG, | network entities. This document, however, concentrates on the MAG, | |||
| LMA, and the home Diameter server. | LMA, and the HAAA (the home Diameter server). | |||
| +--------+ | +--------+ | |||
| | HAAA & | Diameter +-----+ | | HAAA & | Diameter +-----+ | |||
| | Policy |<---(2)-->| LMA | | | Policy |<---(2)-->| LMA | | |||
| | Profile| +-----+ | | Store | +-----+ | |||
| +--------+ | <--- LMA-Address | +--------+ | <--- LMA-Address | |||
| ^ | | ^ | | |||
| | // \\ | | // \\ | |||
| +---|------------- //---\\----------------+ | +---|------------- //---\\----------------+ | |||
| ( | IPv4/IPv6 // \\ ) | ( | IPv4/IPv6 // \\ ) | |||
| ( | Network // \\ ) | ( | Network // \\ ) | |||
| +---|-----------//---------\\-------------+ | +---|-----------//---------\\-------------+ | |||
| | // \\ | | // \\ | |||
| Diameter // <- Tunnel1 \\ <- Tunnel2 | Diameter // <- Tunnel1 \\ <- Tunnel2 | |||
| (1) // \\ | (1) // \\ | |||
| skipping to change at page 7, line 7 | skipping to change at page 7, line 7 | |||
| access authentication answer to the MAG. | access authentication answer to the MAG. | |||
| After the MN has been successfully authenticated, the MAG sends a PBU | After the MN has been successfully authenticated, the MAG sends a PBU | |||
| to the LMA based on the MN's policy profile information. Upon | to the LMA based on the MN's policy profile information. Upon | |||
| receiving the PBU the LMA interacts with the HAAA and fetches the | receiving the PBU the LMA interacts with the HAAA and fetches the | |||
| relevant parts of the subscriber policy profile and authorization | relevant parts of the subscriber policy profile and authorization | |||
| information related to the mobility service session. In this | information related to the mobility service session. In this | |||
| specification, the HAAA has the role of the PMIPv6 remote policy | specification, the HAAA has the role of the PMIPv6 remote policy | |||
| store. | store. | |||
| 4. Attribute Value Pair Definitions | 4. Generic Application Support and Command Codes | |||
| This specification does not define new Application-IDs or Command | ||||
| Codes for the MAG-to-HAAA or for the LMA-to-HAAA Diameter | ||||
| connections. Rather, this specification is generic to any Diameter | ||||
| application (and their commands) that is suitable for a network | ||||
| access authentication and authorization. Example applications | ||||
| include NASREQ [RFC4005] and EAP [RFC4072]. | ||||
| 4.1. MAG-to-HAAA Interface | ||||
| The MAG-to-HAAA interactions are primarily used for bootstrapping | ||||
| PMIPv6 mobility service session when a MN attaches and authenticates | ||||
| to a PMIPv6 Domain. This includes the bootstrapping of PMIPv6 | ||||
| session related information. The same interface may also be used for | ||||
| accounting. The MAG acts as a Diameter client. | ||||
| Whenever the MAG sends a Diameter request message to the HAAA, the | ||||
| User-Name AVP SHOULD contain the MN's identity unless the identity is | ||||
| being suppressed for policy reasons - for example, when identity | ||||
| hiding is in effect. The MN identity, if available, MUST be in | ||||
| Network Access Identifier (NAI) [RFC4282] format. At minimum the | ||||
| home realm of the MN MUST be available at the MAG when the network | ||||
| access authentication takes place. Otherwise the MAG is not able to | ||||
| route the Diameter request messages towards the correct HAAA. The MN | ||||
| identity used on the MAG-to-HAAA interface and in the User-Name AVP | ||||
| MAY entirely be related to the network access authentication, and | ||||
| therefore not suitable to be used as the MN-ID mobility option value | ||||
| in the subsequent PBU/PBA messages. See the related discussion on | ||||
| MN's identities in Section 5.6 and in Section 4.2. | ||||
| For the session management and service authorization purposes, | ||||
| session state SHOULD be maintained on the MAG-to-HAAA interface. See | ||||
| the discussion in Section 5.8. | ||||
| 4.2. LMA-to-HAAA Interface | ||||
| The-LMA-to HAAA interface may be used for multiple purposes. These | ||||
| include the authorization of the incoming PBU, updating the LMA | ||||
| address to the HAAA, delegating the assignment of the HNP or the | ||||
| IPv4-HoA to the HAAA, and for accounting and PMIPv6 session | ||||
| management. | ||||
| Whenever the LMA sends a Diameter request message to the HAAA, the | ||||
| User-Name AVP SHOULD contain the MN's identity. The LMA MAY retrieve | ||||
| the MN's identity information from the PBU MN-ID [RFC4283][RFC5213] | ||||
| mobility option. The identity SHOULD be the same as used on the MAG- | ||||
| to-HAAA interface, but in the case those identities differ the HAAA | ||||
| MUST have a mechanism of mapping the MN identity used on the MAG-to- | ||||
| HAAA interface to the identity used on the LMA-to-HAAA interface. | ||||
| If the PBU contains the MN Link-Layer Identifier option, the Calling- | ||||
| Station-Id AVP SHOULD be included in the request message containing | ||||
| the received Link-Layer Identifier. Furthermore, if the PBU contains | ||||
| the Service Selection mobility option [RFC5149], the Service- | ||||
| Selection AVP SHOULD be included in the request message containing | ||||
| the received service identifier. | ||||
| The LMA and the HAAA use the MIP6-Home-Link-Prefix AVP to exchange | ||||
| the MN-HNP when appropriate. Similarly, the LMA and the HAAA use the | ||||
| PMIP6-IPv4-Home-Address AVP to exchange the IPv4-MN-HoA when | ||||
| appropriate. Note that these AVPs are encapsulated inside the MIP6- | ||||
| Agent-Info AVP. Which entity is actually responsible for the address | ||||
| management is a deployment specific within the PMIPv6 Domain and MUST | ||||
| be pre-agreed on per deployment basis. | ||||
| The Auth-Request-Type AVP MUST be set to the value AUTHORIZE_ONLY. | ||||
| If the HAAA is not able to authorize the subscriber's mobility | ||||
| service session, then the reply message to the LMA MUST have the | ||||
| Result-Code AVP set to value DIAMETER_PMIP6_AUTHORIZATION_FAILED | ||||
| (TBD5) indicating a permanent failure. | ||||
| The LMA-to-HAAA interface can also be used to update the selected LMA | ||||
| address to the HAAA and the remote policy store during the | ||||
| authorization step. This applies to the case where the MAG, for | ||||
| example, discovered the LMA address using the DNS. | ||||
| 5. Attribute Value Pair Definitions | ||||
| This section describes Attribute Value Pairs (AVPs) defined by this | This section describes Attribute Value Pairs (AVPs) defined by this | |||
| specification or re-used from existing specifications in a PMIPv6 | specification or re-used from existing specifications in a PMIPv6 | |||
| specific way. | specific way. Derived Diameter AVP Data Formats such as Address and | |||
| UTF8String are defined in Section 4.3 of RFC 3588. Grouped AVP | ||||
| values are defined in Section 4.4 of RFC 3588. | ||||
| 4.1. MIP6-Agent-Info AVP | 5.1. MIP6-Agent-Info AVP | |||
| The MIP6-Agent-Info grouped AVP (AVP Code 486) is defined in | The MIP6-Agent-Info grouped AVP (AVP Code 486) is defined in | |||
| [RFC5447]. The AVP is used to carry LMA addressing related | [RFC5447]. The AVP is used to carry LMA addressing related | |||
| information and a MN-HNP. This specification extends the MIP6-Agent- | information and a MN-HNP. This specification extends the MIP6-Agent- | |||
| Info with the PMIP6-IPv4-Home-Address AVP using the Diameter | Info with the PMIP6-IPv4-Home-Address AVP using the Diameter | |||
| extensibility rules defined in [RFC3588]. The PMIP6-IPv4-Home- | extensibility rules defined in [RFC3588]. The PMIP6-IPv4-Home- | |||
| Address AVP contains the IPv4-MN-HoA. | Address AVP contains the IPv4-MN-HoA. | |||
| The extended MIP6-Agent-Info AVP results to the following grouped | The extended MIP6-Agent-Info AVP results to the following grouped | |||
| AVP: | AVP: | |||
| MIP6-Agent-Info ::= < AVP-Header: 486 > | MIP6-Agent-Info ::= < AVP-Header: 486 > | |||
| *2[ MIP-Home-Agent-Address ] | *2[ MIP-Home-Agent-Address ] | |||
| [ MIP-Home-Agent-Host ] | [ MIP-Home-Agent-Host ] | |||
| [ MIP6-Home-Link-Prefix ] | [ MIP6-Home-Link-Prefix ] | |||
| [ PMIP6-IPv4-Home-Address ] | [ PMIP6-IPv4-Home-Address ] | |||
| * [ AVP ] | * [ AVP ] | |||
| 4.2. PMIP6-IPv4-Home-Address AVP | 5.2. PMIP6-IPv4-Home-Address AVP | |||
| The PMIP6-IPv4-Home-Address AVP (AVP Code TBD2) is of type Address | The PMIP6-IPv4-Home-Address AVP (AVP Code TBD2) is of type Address | |||
| and contains an IPv4 address. This AVP is used to carry the IPv4-MN- | and contains an IPv4 address. This AVP is used to carry the IPv4-MN- | |||
| HoA, if available, from the HAAA to the MAG. This AVP SHOULD only be | HoA, if available, from the HAAA to the MAG. This AVP SHOULD only be | |||
| present when the MN is statically provisioned with the IPv4-MN-HoA. | present when the MN is statically provisioned with the IPv4-MN-HoA. | |||
| Note that proactive dynamic assignment of the IPv4-MN-HoA by the HAAA | Note that proactive dynamic assignment of the IPv4-MN-HoA by the HAAA | |||
| may result in unnecessary reservation of IPv4 address resources, | may result in unnecessary reservation of IPv4 address resources, | |||
| because the MN may considerably delay or completely bypass its IPv4 | because the MN may considerably delay or completely bypass its IPv4 | |||
| address configuration. | address configuration. | |||
| The PMIP6-IPv4-Home-Address AVP is also used on the LMA-to-HAAA | The PMIP6-IPv4-Home-Address AVP is also used on the LMA-to-HAAA | |||
| interface. The AVP contains the IPv4-MN-HoA assigned to the MN. If | interface. The AVP contains the IPv4-MN-HoA assigned to the MN. If | |||
| the LMA delegates the assignment of the IPv4-MN-HoA to the HAAA, the | the LMA delegates the assignment of the IPv4-MN-HoA to the HAAA, the | |||
| AVP MUST contain all zeroes IPv4 address (i.e., 0.0.0.0) in the | AVP MUST contain all zeroes IPv4 address (i.e., 0.0.0.0) in the | |||
| request message. If the LMA delegated the IPv4-MN-HoA assignment to | request message. If the LMA delegated the IPv4-MN-HoA assignment to | |||
| the HAAA, then the AVP contains the HAAA assigned IPv4-MN-HoA in the | the HAAA, then the AVP contains the HAAA assigned IPv4-MN-HoA in the | |||
| response message. | response message. | |||
| 4.3. MIP6-Home-Link-Prefix AVP | 5.3. MIP6-Home-Link-Prefix AVP | |||
| The MIP6-Home-Link-Prefix AVP (AVP Code 125) is defined in [RFC5447]. | The MIP6-Home-Link-Prefix AVP (AVP Code 125) is defined in [RFC5447]. | |||
| This AVP is used to carry the MN-HNP, if available, from the HAAA to | This AVP is used to carry the MN-HNP, if available, from the HAAA to | |||
| the MAG. The low 64 bits of the prefix MUST be all zeroes. | the MAG. The low 64 bits of the prefix MUST be all zeroes. | |||
| The MIP6-Home-Link-Prefix AVP is also used on the LMA-to-HAAA | The MIP6-Home-Link-Prefix AVP is also used on the LMA-to-HAAA | |||
| interface. The AVP contains the prefix assigned to the MN. If the | interface. The AVP contains the prefix assigned to the MN. If the | |||
| LMA delegates the assignment of the MN-HNP to the HAAA, the AVP MUST | LMA delegates the assignment of the MN-HNP to the HAAA, the AVP MUST | |||
| contain all zeroes address (i.e., 0::0) in the request message. If | contain all zeroes address (i.e., 0::0) in the request message. If | |||
| the LMA delegated the MN-HNP assignment to the HAAA, then the AVP | the LMA delegated the MN-HNP assignment to the HAAA, then the AVP | |||
| contains the HAAA assigned MNM-HNP in the response message. | contains the HAAA assigned MNM-HNP in the response message. | |||
| 4.4. PMIP6-DHCP-Server-Address AVP | 5.4. PMIP6-DHCP-Server-Address AVP | |||
| The PMIP6-DHCP-Server-Address AVP (AVP Code TBD1) is of type Address | The PMIP6-DHCP-Server-Address AVP (AVP Code TBD1) is of type Address | |||
| and contains the IP address of the DHCPv4 and/or DHCPv6 server | and contains the IP address of the Dynamic Host Configuration | |||
| assigned to the MAG serving the newly attached MN. If the AVP | Protocol (DHCP) server assigned to the MAG serving the newly attached | |||
| contains a DHCPv4 server address, then the Address type MUST be IPv4. | MN. If the AVP contains a DHCPv4 [RFC2131] server address, then the | |||
| If the AVP contains a DHCPv6 server address, then the Address type | Address type MUST be IPv4. If the AVP contains a DHCPv6 [RFC3315] | |||
| MUST be IPv6. The HAAA MAY assign a DHCP server to the MAG in | server address, then the Address type MUST be IPv6. The HAAA MAY | |||
| deployments where the MAG acts as a DHCP Relay | assign a DHCP server to the MAG in deployments where the MAG acts as | |||
| [I-D.ietf-netlmm-pmip6-ipv4-support]. | a DHCP Relay [I-D.ietf-netlmm-pmip6-ipv4-support]. | |||
| 4.5. MIP6-Feature-Vector AVP | 5.5. MIP6-Feature-Vector AVP | |||
| The MIP6-Feature-Vector AVP is originally defined in [RFC5447]. This | The MIP6-Feature-Vector AVP is originally defined in [RFC5447]. This | |||
| document defines new capability flag bits according to the rules in | document defines new capability flag bits according to the IANA rules | |||
| [RFC5447]. | in RFC 5447. | |||
| PMIP6_SUPPORTED (0x0000010000000000) | PMIP6_SUPPORTED (0x0000010000000000) | |||
| When the MAG/NAS sets this bit in the MIP6-Feature-Vector AVP, it | When the MAG/NAS sets this bit in the MIP6-Feature-Vector AVP, it | |||
| is an indication to the HAAA that the NAS supports PMIPv6. When | is an indication to the HAAA that the NAS supports PMIPv6. When | |||
| the HAAA sets this bit in the response MIP6-Feature-Vector AVP, it | the HAAA sets this bit in the response MIP6-Feature-Vector AVP, it | |||
| indicates that the HAAA also has PMIPv6 support. This capability | indicates that the HAAA also has PMIPv6 support. This capability | |||
| bit can also be used to allow PMIPv6 mobility support in a | bit can also be used to allow PMIPv6 mobility support in a | |||
| subscription granularity. | subscription granularity. | |||
| skipping to change at page 9, line 14 | skipping to change at page 10, line 50 | |||
| HAAA does not authorize the configuration of IPv4 address. | HAAA does not authorize the configuration of IPv4 address. | |||
| LOCAL_MAG_ROUTING_SUPPORTED (0x0000040000000000) | LOCAL_MAG_ROUTING_SUPPORTED (0x0000040000000000) | |||
| Direct routing of IP packets between MNs anchored to the same MAG | Direct routing of IP packets between MNs anchored to the same MAG | |||
| is supported. When a MAG sets this bit in the MIP6-Feature- | is supported. When a MAG sets this bit in the MIP6-Feature- | |||
| Vector, it indicates that routing IP packets between MNs anchored | Vector, it indicates that routing IP packets between MNs anchored | |||
| to the same MAG is supported, without reverse tunneling packets | to the same MAG is supported, without reverse tunneling packets | |||
| via the LMA or requiring any Route Optimization related signaling | via the LMA or requiring any Route Optimization related signaling | |||
| (e.g. the Return Routability Procedure in [RFC3775]) prior direct | (e.g. the Return Routability Procedure in [RFC3775]) prior direct | |||
| routing. If this bit is unset in the returned MIP6-Feature-Vector | routing. If this bit is cleared in the returned MIP6-Feature- | |||
| AVP, the HAAA does not authorize direct routing of packets between | Vector AVP, the HAAA does not authorize direct routing of packets | |||
| MNs anchored to the same MAG. This policy feature SHOULD be | between MNs anchored to the same MAG. The MAG SHOULD support this | |||
| supported per MN and subscription basis. | policy feature per-MN and per-subscription basis. | |||
| The MIP6-Feature-Vector AVP is also used on the LMA to HAAA | The MIP6-Feature-Vector AVP is also used on the LMA to HAAA | |||
| interface. Using the capability announcement AVP it is possible to | interface. Using the capability announcement AVP it is possible to | |||
| perform a simple capability negotiation between the LMA and the HAAA. | perform a simple capability negotiation between the LMA and the HAAA. | |||
| Those capabilities that are announced by both parties are also known | Those capabilities that are announced by both parties are also known | |||
| to be mutually supported. The capabilities listed in earlier are | to be mutually supported. The capabilities listed in earlier are | |||
| also supported in the LMA to HAAA interface. The LMA to HAAA | also supported in the LMA to HAAA interface. The LMA to HAAA | |||
| interface does not define any new capability values. | interface does not define any new capability values. | |||
| 4.6. Mobile-Node-Identifier AVP | 5.6. Mobile-Node-Identifier AVP | |||
| The Mobile-Node-Identifier AVP (AVP Code TBD3) is of type UTF8String | The Mobile-Node-Identifier AVP (AVP Code TBD3) is of type UTF8String | |||
| and contains the mobile node identifier (MN-Identifier, see | and contains the mobile node identifier (MN-Identifier, see | |||
| [RFC5213]) in the NAI [RFC4282] format. This AVP is used on the MAG- | [RFC5213]) in the NAI [RFC4282] format. This AVP is used on the MAG- | |||
| to-HAAA interface. The Mobile-Node-Identifier AV is designed for | to-HAAA interface. The Mobile-Node-Identifier AV is designed for | |||
| deployments where the MAG does not have a way to find out such MN | deployments where the MAG does not have a way to find out such MN | |||
| identity that could be used in subsequent PBU/PBA exchanges (e.g., | identity that could be used in subsequent PBU/PBA exchanges (e.g., | |||
| due to identity hiding during the network access authentication) or | due to identity hiding during the network access authentication) or | |||
| the HAAA wants to assign periodically changing identities to the MN. | the HAAA wants to assign periodically changing identities to the MN. | |||
| The Mobile-Node-Identifier AVP is returned in the answer message that | The Mobile-Node-Identifier AVP is returned in the answer message that | |||
| ends a successful authentication (and possibly an authorization) | ends a successful authentication (and possibly an authorization) | |||
| exchange between the MAG and the HAAA, assuming the HAAA is also able | exchange between the MAG and the HAAA, assuming the HAAA is also able | |||
| to provide the MAG with the MN-Identifier in the first place. The | to provide the MAG with the MN-Identifier in the first place. The | |||
| MAG MUST use the received MN-Identifier, if it has not been able to | MAG MUST use the received MN-Identifier, if it has not been able to | |||
| get the mobile node identifier through other means. If the MAG | get the mobile node identifier through other means. If the MAG | |||
| already has a valid mobile node identifier, then the MAG MUST | already has a valid mobile node identifier, then the MAG MUST | |||
| silently discard the received MN-identifier. | silently discard the received MN-identifier. | |||
| 4.7. Calling-Station-Id AVP | 5.7. Calling-Station-Id AVP | |||
| The Calling-Station-Id AVP (AVP Code 31) is of type UTF8String and | The Calling-Station-Id AVP (AVP Code 31) is of type UTF8String and | |||
| contains a Link-Layer Identifier of the MN. This identifier | contains a Link-Layer Identifier of the MN. This identifier | |||
| corresponds to the Link-Layer Identifier as defined in RFC 5213 | corresponds to the Link-Layer Identifier as defined in RFC 5213 | |||
| Section 2.2. and 8.6. | Section 2.2. and 8.6. | |||
| 4.8. Service-Selection AVP | 5.8. Service-Selection AVP | |||
| The Service-Selection AVP (AVP Code TBD) is of type UTF8String and | The Service-Selection AVP (AVP Code 493) is of type UTF8String and | |||
| contains a LMA provided service identifier on the LMA-to-HAAA | contains a LMA provided service identifier on the LMA-to-HAAA | |||
| interface. This AVP is re-used from [I-D.ietf-dime-mip6-split]. The | interface. This AVP is re-used from [I-D.ietf-dime-mip6-split]. The | |||
| service identifier may be used to assist the PBU authorization and | service identifier may be used to assist the PBU authorization and | |||
| the assignment of the MN-HNP and the IPv4-MN-HoA as described in RFC | the assignment of the MN-HNP and the IPv4-MN-HoA as described in RFC | |||
| 5149 [RFC5149]. The identifier MUST be unique within the PMIPv6 | 5149 [RFC5149]. The identifier MUST be unique within the PMIPv6 | |||
| Domain. In the absence of the Service-Selection AVP in the request | Domain. In the absence of the Service-Selection AVP in the request | |||
| message, the HAAA may want to inform the LMA of the default service | message, the HAAA may want to inform the LMA of the default service | |||
| provisioned to the MN and include the Service-Selection AVP in the | provisioned to the MN and include the Service-Selection AVP in the | |||
| response message. | response message. | |||
| It is also possible that the MAG receives the service selection | It is also possible that the MAG receives the service selection | |||
| information from the MN, for example, via some lower layer mechanism. | information from the MN, for example, via some lower layer mechanism. | |||
| In this case the MAG SHOULD include the Service-Selection AVP also in | In this case the MAG MUST include the Service-Selection AVP also in | |||
| the MAG-to-HAAA request messages. In absence of the Service- | the MAG-to-HAAA request messages. In absence of the Service- | |||
| Selection AVP in the MAG-to-HAAA request messages, the HAAA may want | Selection AVP in the MAG-to-HAAA request messages, the HAAA may want | |||
| to inform the MAG of the default service provisioned to the MN and | to inform the MAG of the default service provisioned to the MN and | |||
| include the Service-Selection AVP in the response message. | include the Service-Selection AVP in the response message. | |||
| Whenever the Service-Selection AVP is included either in a request | Whenever the Service-Selection AVP is included either in a request | |||
| message or in a response message, and the AAA interaction with HAAA | message or in a response message, and the AAA interaction with HAAA | |||
| completes successfully, it is an indication that the HAAA also | completes successfully, it is an indication that the HAAA also | |||
| authorized the MN to some service. This should be taken into account | authorized the MN to some service. This should be taken into account | |||
| when considering what to include in the Auth-Request-Type AVP. | when considering what to include in the Auth-Request-Type AVP. | |||
| The service selection concept supports signaling one service at time. | The service selection concept supports signaling one service at time. | |||
| However, the MN policy profile MAY support multiple services being | However, the MN policy profile MAY support multiple services being | |||
| used simultaneously. For this purpose, the HAAA MAY return multiple | used simultaneously. For this purpose, the HAAA MAY return multiple | |||
| LMA and service pairs (see Section 4.9) to the MAG in a response | LMA and service pairs (see Section 5.9) to the MAG in a response | |||
| message that ends a successful authentication (and possibly an | message that ends a successful authentication (and possibly an | |||
| authorization) exchange between the MAG and the HAAA. Whenever the | authorization) exchange between the MAG and the HAAA. Whenever the | |||
| MN initiates additional mobility session to another service (using a | MN initiates additional mobility session to another service (using a | |||
| link layer or deployment specific method), the provisioned service | link layer or deployment specific method), the provisioned service | |||
| information is already contained in the MAG. Therefore, there is no | information is already contained in the MAG. Therefore, there is no | |||
| need for additional AAA signaling between the MAG and the HAAA. | need for additional AAA signaling between the MAG and the HAAA. | |||
| 4.9. Service-Configuration AVP | 5.9. Service-Configuration AVP | |||
| The Service-Configuration AVP (AVP Code TBD4) is of type Grouped and | The Service-Configuration AVP (AVP Code TBD4) is of type Grouped and | |||
| contains a service and a LMA pair. The HAAA can use this AVP to | contains a service and a LMA pair. The HAAA can use this AVP to | |||
| inform the MAG of MN's subscribed services and LMAs where those | inform the MAG of MN's subscribed services and LMAs where those | |||
| services are hosted in. | services are hosted in. | |||
| Service-Configuration ::= < AVP-Header: TBD4 > | Service-Configuration ::= < AVP-Header: TBD4 > | |||
| [ MIP6-Agent-Info ] | [ MIP6-Agent-Info ] | |||
| [ Service-Selection ] | [ Service-Selection ] | |||
| * [ AVP ] | * [ AVP ] | |||
| 5. Application Support and Command Codes | ||||
| 5.1. MAG-to-HAAA Interface | ||||
| This specification does not define a new Application-ID for the MAG- | ||||
| to-HAAA Diameter connection. Rather, this specification re-uses any | ||||
| Diameter application and their commands that are used to authenticate | ||||
| and authorize the MN for the network access. Example applications | ||||
| include NASREQ [RFC4005] and EAP [RFC4072]. The MAG acts as a | ||||
| Diameter client. | ||||
| The MAG-to-HAAA interactions are primarily used for bootstrapping | ||||
| PMIPv6 mobility service session when a MN attaches and authenticates | ||||
| to a PMIPv6 Domain. This includes the bootstrapping of PMIPv6 | ||||
| session related information. The same interface may also be used for | ||||
| accounting. | ||||
| Whenever the MAG sends a Diameter request message to the HAAA the | ||||
| User-Name AVP SHOULD contain the MN's identity. The MN identity, if | ||||
| available, MUST be in Network Access Identifier (NAI) [RFC4282] | ||||
| format. At minimum the home realm of the MN MUST be available at the | ||||
| MAG when the network access authentication takes place. Otherwise | ||||
| the MAG is not able to route the Diameter request messages towards | ||||
| the correct HAAA. The MN identity used on the MAG-to-HAAA interface | ||||
| and in the User-Name AVP MAY entirely be related to the network | ||||
| access authentication, and therefore not suitable to be used as the | ||||
| MN-ID mobility option value in the subsequent PBU/PBA messages. See | ||||
| the related discussion on MN's identities in Section 4.6 and in | ||||
| Section 5.2.1 | ||||
| For the session management and service authorization purposes, | ||||
| session state SHOULD be maintained on the MAG-to-HAAA interface. See | ||||
| the discussion in Section 4.8. | ||||
| 5.2. LMA-to-HAAA Interface | ||||
| The-LMA-to HAAA interface may be used for multiple purposes. These | ||||
| include the authorization of the incoming PBU, updating the LMA | ||||
| address to the HAAA, accounting and PMIPv6 session management. | ||||
| This specification does not define a new Application-ID for the LMA- | ||||
| to-HAAA Diameter connection. Rather, this specification re-uses any | ||||
| Diameter application and their commands. An example application | ||||
| could be NASREQ [RFC4005]. The LMA acts as a Diameter client. | ||||
| 5.2.1. Authorization of the Proxy Binding Update | ||||
| Whenever the LMA sends a Diameter request message to the HAAA, the | ||||
| User-Name AVP SHOULD contain the MN's identity. The LMA MAY retrieve | ||||
| the MN's identity information from the PBU MN-ID [RFC4283][RFC5213] | ||||
| mobility option. The identity SHOULD be the same as used on the MAG- | ||||
| to-HAAA interface, but in the case those identities differ the HAAA | ||||
| MUST have a mechanism of mapping the MN identity used on the MAG-to- | ||||
| HAAA interface to the identity used on the LMA-to-HAAA interface. | ||||
| If the PBU contains the MN Link-Layer Identifier option, the Calling- | ||||
| Station-Id AVP SHOULD be included in the request message containing | ||||
| the received Link-Layer Identifier. Furthermore, if the PBU contains | ||||
| the Service Selection mobility option [RFC5149], the Service- | ||||
| Selection AVP SHOULD be included in the request message containing | ||||
| the received service identifier. | ||||
| The LMA and the HAAA use the MIP6-Home-Link-Prefix AVP to exchange | ||||
| the MN-HNP when appropriate. Similarly, the LMA and the HAAA use the | ||||
| PMIP6-IPv4-Home-Address AVP to exchange the IPv4-MN-HoA when | ||||
| appropriate. Note that these AVPs are encapsulated inside the MIP6- | ||||
| Agent-Info AVP. Which entity is actually responsible for the address | ||||
| management is a deployment specific within the PMIPv6 Domain and MUST | ||||
| be pre-agreed on per deployment basis. | ||||
| The Auth-Request-Type AVP MUST be set to the value AUTHORIZE_ONLY. | ||||
| If the HAAA is not able to authorize the subscriber's mobility | ||||
| service session, then the reply message to the LMA MUST have the | ||||
| Result-Code AVP set to value DIAMETER_PMIP6_AUTHORIZATION_FAILED | ||||
| (TBD5) indicating a permanent failure. | ||||
| The LMA-to-HAAA interface can also be used to update the selected LMA | ||||
| address to the HAAA and the remote policy store during the | ||||
| authorization step. This applies to the case where the MAG, for | ||||
| example, discovered the LMA address using the DNS. | ||||
| 6. Proxy Mobile IPv6 Session Management | 6. Proxy Mobile IPv6 Session Management | |||
| Concerning a PMIPv6 mobility session, the HAAA, the MAG and the LMA | Concerning a PMIPv6 mobility session, the HAAA, the MAG and the LMA | |||
| Diameter entities SHOULD be stateful and maintain the corresponding | Diameter entities SHOULD be stateful and maintain the corresponding | |||
| Authorization Session State Machine defined in [RFC3588]. If a state | Authorization Session State Machine defined in [RFC3588]. If a state | |||
| is maintained, then a PMIPv6 mobility session that can be identified | is maintained, then a PMIPv6 mobility session that can be identified | |||
| by any of the Binding Cache (BCE) Lookup Keys described in RFC 5213 | by any of the Binding Cache (BCE) Lookup Keys described in RFC 5213 | |||
| (see Sections 5.4.1.1., 5.4.1.2. and 5.4.1.3.) MUST map to a single | (see Sections 5.4.1.1., 5.4.1.2. and 5.4.1.3.) MUST map to a single | |||
| Diameter Session-Id. If the PMIPv6 Domain allows further separation | Diameter Session-Id. If the PMIPv6 Domain allows further separation | |||
| of sessions, for example, identified by the RFC 5213 BCE Lookup Keys | of sessions, for example, identified by the RFC 5213 BCE Lookup Keys | |||
| and the service selection combination (see Section 4.8 and | and the service selection combination (see Section 5.8 and | |||
| [RFC5149]), then a single Diameter Session-Id MUST map to a PMIPv6 | [RFC5149]), then a single Diameter Session-Id MUST map to a PMIPv6 | |||
| mobility session identified by the RFC 5213 BCE Lookup Keys and the | mobility session identified by the RFC 5213 BCE Lookup Keys and the | |||
| selected service. | selected service. | |||
| If both the MAG-to-HAAA and the LMA-to-HAAA interfaces are deployed | If both the MAG-to-HAAA and the LMA-to-HAAA interfaces are deployed | |||
| in a PMIPv6 Domain, and a state is maintained on both interfaces, | in a PMIPv6 Domain, and a state is maintained on both interfaces, | |||
| then one PMIPv6 mobility session would have two distinct Diameter | then one PMIPv6 mobility session would have two distinct Diameter | |||
| sessions on the HAAA. The HAAA needs to be aware of this deployment | sessions on the HAAA. The HAAA needs to be aware of this deployment | |||
| possibility and SHOULD allow multiple Diameter sessions for the same | possibility and SHOULD allow multiple Diameter sessions for the same | |||
| PMIPv6 mobility session. | PMIPv6 mobility session. | |||
| Diameter session termination related commands described in the | Diameter session termination related commands described in the | |||
| following sections may be exchanged between the LMA and the HAAA, or | following sections may be exchanged between the LMA and the HAAA, or | |||
| between the MAG and the HAAA. The actual PMIPv6 session termination | between the MAG and the HAAA. The actual PMIPv6 session termination | |||
| procedures take place at PMIPv6 protocol level and are described in | procedures take place at PMIPv6 protocol level and are described in | |||
| more detail in RFC 5213 and [I-D.ietf-mext-binding-revocation]. | more detail in RFC 5213 and [I-D.ietf-mext-binding-revocation]. | |||
| 6.1. Session-Termination-Request | 6.1. Session-Termination-Request | |||
| The LMA or the MAG MAY send the Session-Termination-Request (STR) | The LMA or the MAG MAY send the Session-Termination-Request (STR) | |||
| command [RFC3588] to the HAAA and inform the termination of an | command [RFC3588] to inform the HAAA that the termination of an | |||
| ongoing PMIPv6 session is in progress. | ongoing PMIPv6 session is in progress. | |||
| 6.2. Session-Termination-Answer | 6.2. Session-Termination-Answer | |||
| The Session-Termination-Answer (STA) [RFC3588] is sent by the HAAA to | The Session-Termination-Answer (STA) [RFC3588] is sent by the HAAA to | |||
| acknowledge the termination of a PMIPv6 session. | acknowledge the termination of a PMIPv6 session. | |||
| 6.3. Abort-Session-Request | 6.3. Abort-Session-Request | |||
| The HAAA MAY send the Abort-Session-Request (ASR) command [RFC3588] | The HAAA MAY send the Abort-Session-Request (ASR) command [RFC3588] | |||
| skipping to change at page 14, line 47 | skipping to change at page 14, line 49 | |||
| User-Name | 0-1 | 0-1 | | User-Name | 0-1 | 0-1 | | |||
| +-------+-------+ | +-------+-------+ | |||
| Figure 3: LMA-to-HAAA Interface Generic Diameter Request and Answer | Figure 3: LMA-to-HAAA Interface Generic Diameter Request and Answer | |||
| Commands AVPs | Commands AVPs | |||
| 8. Example Signaling Flows | 8. Example Signaling Flows | |||
| Figure 4 shows a signaling flow example during PMIPv6 bootstrapping | Figure 4 shows a signaling flow example during PMIPv6 bootstrapping | |||
| using the AAA interactions defined in this specification. In step | using the AAA interactions defined in this specification. In step | |||
| (1) of this example, the MN is authenticated to PMIPv6 domain using | (1) of this example, the MN is authenticated to PMIPv6 Domain using | |||
| EAP-based authentication. The MAG to the HAAA signaling uses the | EAP-based authentication. The MAG to the HAAA signaling uses the | |||
| Diameter EAP Application. During step (2), the LMA uses Diameter | Diameter EAP Application. During step (2), the LMA uses Diameter | |||
| NASREQ application to authorize the MN with the HAAA server. | NASREQ application to authorize the MN with the HAAA server. | |||
| The MAG-to-HAAA AVPs, as listed in Section 7.1 are used during step | The MAG-to-HAAA AVPs, as listed in Section 7.1 are used during step | |||
| (1). These AVPs are included only in the DER message which starts | (1). These AVPs are included only in the DER message which starts | |||
| the EAP exchange and in the corresponding DEA message which | the EAP exchange and in the corresponding DEA message which | |||
| successfully completes this EAP exchange. The LMA-to-HAAA AVPs, as | successfully completes this EAP exchange. The LMA-to-HAAA AVPs, as | |||
| listed in Section 7.2, are used during step (2). Step (2) is used to | listed in Section 7.2, are used during step (2). Step (2) is used to | |||
| authorize the MN request for the mobility service and update the HAAA | authorize the MN request for the mobility service and update the HAAA | |||
| skipping to change at page 17, line 15 | skipping to change at page 17, line 47 | |||
| 11. Acknowledgements | 11. Acknowledgements | |||
| Jouni Korhonen would like to thank the TEKES GIGA program MERCoNe- | Jouni Korhonen would like to thank the TEKES GIGA program MERCoNe- | |||
| project for providing funding to work on this document while he was | project for providing funding to work on this document while he was | |||
| with TeliaSonera. | with TeliaSonera. | |||
| 12. References | 12. References | |||
| 12.1. Normative References | 12.1. Normative References | |||
| [I-D.ietf-dime-mip6-split] | ||||
| Korhonen, J., Tschofenig, H., Bournelle, J., Giaretta, G., | ||||
| and M. Nakhjiri, "Diameter Mobile IPv6: Support for Home | ||||
| Agent to Diameter Server Interaction", | ||||
| draft-ietf-dime-mip6-split-17 (work in progress), | ||||
| April 2009. | ||||
| [I-D.ietf-netlmm-pmip6-ipv4-support] | [I-D.ietf-netlmm-pmip6-ipv4-support] | |||
| Wakikawa, R. and S. Gundavelli, "IPv4 Support for Proxy | Wakikawa, R. and S. Gundavelli, "IPv4 Support for Proxy | |||
| Mobile IPv6", draft-ietf-netlmm-pmip6-ipv4-support-11 | Mobile IPv6", draft-ietf-netlmm-pmip6-ipv4-support-15 | |||
| (work in progress), April 2009. | (work in progress), August 2009. | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, March 1997. | Requirement Levels", BCP 14, RFC 2119, March 1997. | |||
| [RFC3588] Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J. | [RFC3588] Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J. | |||
| Arkko, "Diameter Base Protocol", RFC 3588, September 2003. | Arkko, "Diameter Base Protocol", RFC 3588, September 2003. | |||
| [RFC4005] Calhoun, P., Zorn, G., Spence, D., and D. Mitton, | [RFC4005] Calhoun, P., Zorn, G., Spence, D., and D. Mitton, | |||
| "Diameter Network Access Server Application", RFC 4005, | "Diameter Network Access Server Application", RFC 4005, | |||
| August 2005. | August 2005. | |||
| skipping to change at page 17, line 47 | skipping to change at page 18, line 40 | |||
| [RFC5213] Gundavelli, S., Leung, K., Devarapalli, V., Chowdhury, K., | [RFC5213] Gundavelli, S., Leung, K., Devarapalli, V., Chowdhury, K., | |||
| and B. Patil, "Proxy Mobile IPv6", RFC 5213, August 2008. | and B. Patil, "Proxy Mobile IPv6", RFC 5213, August 2008. | |||
| [RFC5447] Korhonen, J., Bournelle, J., Tschofenig, H., Perkins, C., | [RFC5447] Korhonen, J., Bournelle, J., Tschofenig, H., Perkins, C., | |||
| and K. Chowdhury, "Diameter Mobile IPv6: Support for | and K. Chowdhury, "Diameter Mobile IPv6: Support for | |||
| Network Access Server to Diameter Server Interaction", | Network Access Server to Diameter Server Interaction", | |||
| RFC 5447, February 2009. | RFC 5447, February 2009. | |||
| 12.2. Informative References | 12.2. Informative References | |||
| [I-D.ietf-dime-mip6-split] | ||||
| Korhonen, J., Tschofenig, H., Bournelle, J., Giaretta, G., | ||||
| and M. Nakhjiri, "Diameter Mobile IPv6: Support for Home | ||||
| Agent to Diameter Server Interaction", | ||||
| draft-ietf-dime-mip6-split-16 (work in progress), | ||||
| December 2008. | ||||
| [I-D.ietf-mext-binding-revocation] | [I-D.ietf-mext-binding-revocation] | |||
| Muhanna, A., Khalil, M., Gundavelli, S., Chowdhury, K., | Muhanna, A., Khalil, M., Gundavelli, S., Chowdhury, K., | |||
| and P. Yegani, "Binding Revocation for IPv6 Mobility", | and P. Yegani, "Binding Revocation for IPv6 Mobility", | |||
| draft-ietf-mext-binding-revocation-05 (work in progress), | draft-ietf-mext-binding-revocation-10 (work in progress), | |||
| March 2009. | August 2009. | |||
| [RFC2131] Droms, R., "Dynamic Host Configuration Protocol", | ||||
| RFC 2131, March 1997. | ||||
| [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., | ||||
| and M. Carney, "Dynamic Host Configuration Protocol for | ||||
| IPv6 (DHCPv6)", RFC 3315, July 2003. | ||||
| [RFC3748] Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., and H. | [RFC3748] Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., and H. | |||
| Levkowetz, "Extensible Authentication Protocol (EAP)", | Levkowetz, "Extensible Authentication Protocol (EAP)", | |||
| RFC 3748, June 2004. | RFC 3748, June 2004. | |||
| [RFC3775] Johnson, D., Perkins, C., and J. Arkko, "Mobility Support | [RFC3775] Johnson, D., Perkins, C., and J. Arkko, "Mobility Support | |||
| in IPv6", RFC 3775, June 2004. | in IPv6", RFC 3775, June 2004. | |||
| [RFC4283] Patel, A., Leung, K., Khalil, M., Akhtar, H., and K. | [RFC4283] Patel, A., Leung, K., Khalil, M., Akhtar, H., and K. | |||
| Chowdhury, "Mobile Node Identifier Option for Mobile IPv6 | Chowdhury, "Mobile Node Identifier Option for Mobile IPv6 | |||
| End of changes. 39 change blocks. | ||||
| 188 lines changed or deleted | 184 lines changed or added | |||
This html diff was produced by rfcdiff 1.35. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||