draft-ietf-mext-rfc3775bis-13.txt   rfc6275.txt 
IETF Mobile IP Working Group C. Perkins (Ed.) Internet Engineering Task Force (IETF) C. Perkins, Ed.
Internet-Draft Tellabs Inc. Request for Comments: 6275 Tellabs, Inc.
Obsoletes: 3775 (if approved) D. Johnson Obsoletes: 3775 D. Johnson
Intended status: Standards Track Rice University Category: Standards Track Rice University
Expires: September 12, 2011 J. Arkko ISSN: 2070-1721 J. Arkko
Ericsson Ericsson
Mar 11, 2011 July 2011
Mobility Support in IPv6 Mobility Support in IPv6
draft-ietf-mext-rfc3775bis-13.txt
Abstract Abstract
This document specifies Mobile IPv6, a protocol which allows nodes to This document specifies Mobile IPv6, a protocol that allows nodes to
remain reachable while moving around in the IPv6 Internet. Each remain reachable while moving around in the IPv6 Internet. Each
mobile node is always identified by its home address, regardless of mobile node is always identified by its home address, regardless of
its current point of attachment to the Internet. While situated away its current point of attachment to the Internet. While situated away
from its home, a mobile node is also associated with a care-of from its home, a mobile node is also associated with a care-of
address, which provides information about the mobile node's current address, which provides information about the mobile node's current
location. IPv6 packets addressed to a mobile node's home address are location. IPv6 packets addressed to a mobile node's home address are
transparently routed to its care-of address. The protocol enables transparently routed to its care-of address. The protocol enables
IPv6 nodes to cache the binding of a mobile node's home address with IPv6 nodes to cache the binding of a mobile node's home address with
its care-of address, and to then send any packets destined for the its care-of address, and to then send any packets destined for the
mobile node directly to it at this care-of address. To support this mobile node directly to it at this care-of address. To support this
operation, Mobile IPv6 defines a new IPv6 protocol and a new operation, Mobile IPv6 defines a new IPv6 protocol and a new
destination option. All IPv6 nodes, whether mobile or stationary, destination option. All IPv6 nodes, whether mobile or stationary,
can communicate with mobile nodes. This document obsoletes RFC 3775. can communicate with mobile nodes. This document obsoletes RFC 3775.
Status of this Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering This is an Internet Standards Track document.
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months This document is a product of the Internet Engineering Task Force
and may be updated, replaced, or obsoleted by other documents at any (IETF). It represents the consensus of the IETF community. It has
time. It is inappropriate to use Internet-Drafts as reference received public review and has been approved for publication by the
material or to cite them other than as "work in progress." Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 5741.
This Internet-Draft will expire on September 12, 2011. Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc6275.
Copyright Notice Copyright Notice
Copyright (c) 2011 IETF Trust and the persons identified as the Copyright (c) 2011 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
skipping to change at page 3, line 7 skipping to change at page 3, line 7
modifications of such material outside the IETF Standards Process. modifications of such material outside the IETF Standards Process.
Without obtaining an adequate license from the person(s) controlling Without obtaining an adequate license from the person(s) controlling
the copyright in such materials, this document may not be modified the copyright in such materials, this document may not be modified
outside the IETF Standards Process, and derivative works of it may outside the IETF Standards Process, and derivative works of it may
not be created outside the IETF Standards Process, except to format not be created outside the IETF Standards Process, except to format
it for publication as an RFC or to translate it into languages other it for publication as an RFC or to translate it into languages other
than English. than English.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 7 1. Introduction ....................................................7
2. Comparison with Mobile IP for IPv4 . . . . . . . . . . . . . 9 2. Comparison with Mobile IP for IPv4 ..............................8
3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 10 3. Terminology .....................................................9
3.1. General Terms . . . . . . . . . . . . . . . . . . . . . 10 3.1. General Terms ..............................................9
3.2. Mobile IPv6 Terms . . . . . . . . . . . . . . . . . . . 12 3.2. Mobile IPv6 Terms .........................................11
4. Overview of Mobile IPv6 . . . . . . . . . . . . . . . . . . . 16 4. Overview of Mobile IPv6 ........................................15
4.1. Basic Operation . . . . . . . . . . . . . . . . . . . . 16 4.1. Basic Operation ...........................................15
4.2. New IPv6 Protocol . . . . . . . . . . . . . . . . . . . 18 4.2. New IPv6 Protocol .........................................17
4.3. New IPv6 Destination Option . . . . . . . . . . . . . . 19 4.3. New IPv6 Destination Option ...............................18
4.4. New IPv6 ICMP Messages . . . . . . . . . . . . . . . . . 19 4.4. New IPv6 ICMP Messages ....................................19
4.5. Conceptual Data Structure Terminology . . . . . . . . . 20 4.5. Conceptual Data Structure Terminology .....................19
4.6. Unique-Local Addressability . . . . . . . . . . . . . . 20 4.6. Unique-Local Addressability ...............................20
5. Overview of Mobile IPv6 Security . . . . . . . . . . . . . . 22 5. Overview of Mobile IPv6 Security ...............................20
5.1. Binding Updates to Home Agents . . . . . . . . . . . . . 22 5.1. Binding Updates to Home Agents ............................21
5.2. Binding Updates to Correspondent Nodes . . . . . . . . . 23 5.2. Binding Updates to Correspondent Nodes ....................22
5.2.1. Node Keys . . . . . . . . . . . . . . . . . . . . . . 23 5.2.1. Node Keys ..........................................22
5.2.2. Nonces . . . . . . . . . . . . . . . . . . . . . . . 24 5.2.2. Nonces .............................................23
5.2.3. Cookies and Tokens . . . . . . . . . . . . . . . . . 24 5.2.3. Cookies and Tokens .................................23
5.2.4. Cryptographic Functions . . . . . . . . . . . . . . . 25 5.2.4. Cryptographic Functions ............................24
5.2.5. Return Routability Procedure . . . . . . . . . . . . 25 5.2.5. Return Routability Procedure .......................24
5.2.6. Authorizing Binding Management Messages . . . . . . . 30 5.2.6. Authorizing Binding Management Messages ............28
5.2.7. Updating Node Keys and Nonces . . . . . . . . . . . . 32 5.2.7. Updating Node Keys and Nonces ......................30
5.2.8. Preventing Replay Attacks . . . . . . . . . . . . . . 33 5.2.8. Preventing Replay Attacks ..........................32
5.2.9. Handling Interruptions to Return Routability . . . . 33 5.2.9. Handling Interruptions to Return Routability .......32
5.3. Dynamic Home Agent Address Discovery . . . . . . . . . . 34 5.3. Dynamic Home Agent Address Discovery ......................33
5.4. Mobile Prefix Discovery . . . . . . . . . . . . . . . . 34 5.4. Mobile Prefix Discovery ...................................33
5.5. Payload Packets . . . . . . . . . . . . . . . . . . . . 34 5.5. Payload Packets ...........................................33
6. New IPv6 Protocol, Message Types, and Destination Option . . 36 6. New IPv6 Protocol, Message Types, and Destination Option .......34
6.1. Mobility Header . . . . . . . . . . . . . . . . . . . . 36 6.1. Mobility Header ...........................................34
6.1.1. Format . . . . . . . . . . . . . . . . . . . . . . . 36 6.1.1. Format .............................................34
6.1.2. Binding Refresh Request Message . . . . . . . . . . . 38 6.1.2. Binding Refresh Request Message ....................36
6.1.3. Home Test Init Message . . . . . . . . . . . . . . . 39 6.1.3. Home Test Init Message .............................37
6.1.4. Care-of Test Init Message . . . . . . . . . . . . . . 40 6.1.4. Care-of Test Init Message ..........................38
6.1.5. Home Test Message . . . . . . . . . . . . . . . . . . 41 6.1.5. Home Test Message ..................................39
6.1.6. Care-of Test Message . . . . . . . . . . . . . . . . 42 6.1.6. Care-of Test Message ...............................41
6.1.7. Binding Update Message . . . . . . . . . . . . . . . 44 6.1.7. Binding Update Message .............................42
6.1.8. Binding Acknowledgement Message . . . . . . . . . . . 46 6.1.8. Binding Acknowledgement Message ....................44
6.1.9. Binding Error Message . . . . . . . . . . . . . . . . 49 6.1.9. Binding Error Message ..............................47
6.2. Mobility Options . . . . . . . . . . . . . . . . . . . . 50 6.2. Mobility Options ..........................................48
6.2.1. Format . . . . . . . . . . . . . . . . . . . . . . . 50 6.2.1. Format .............................................49
6.2.2. Pad1 . . . . . . . . . . . . . . . . . . . . . . . . 51 6.2.2. Pad1 ...............................................49
6.2.3. PadN . . . . . . . . . . . . . . . . . . . . . . . . 52 6.2.3. PadN ...............................................50
6.2.4. Binding Refresh Advice . . . . . . . . . . . . . . . 52 6.2.4. Binding Refresh Advice .............................50
6.2.5. Alternate Care-of Address . . . . . . . . . . . . . . 52 6.2.5. Alternate Care-of Address ..........................51
6.2.6. Nonce Indices . . . . . . . . . . . . . . . . . . . . 53 6.2.6. Nonce Indices ......................................52
6.2.7. Binding Authorization Data . . . . . . . . . . . . . 54 6.2.7. Binding Authorization Data .........................52
6.3. Home Address Option . . . . . . . . . . . . . . . . . . 55 6.3. Home Address Option .......................................54
6.4. Type 2 Routing Header . . . . . . . . . . . . . . . . . 57 6.4. Type 2 Routing Header .....................................55
6.4.1. Format . . . . . . . . . . . . . . . . . . . . . . . 57 6.4.1. Format .............................................56
6.5. ICMP Home Agent Address Discovery Request Message . . . 59 6.5. ICMP Home Agent Address Discovery Request Message .........57
6.6. ICMP Home Agent Address Discovery Reply Message . . . . 60 6.6. ICMP Home Agent Address Discovery Reply Message ...........58
6.7. ICMP Mobile Prefix Solicitation Message Format . . . . . 61 6.7. ICMP Mobile Prefix Solicitation Message Format ............60
6.8. ICMP Mobile Prefix Advertisement Message Format . . . . 62 6.8. ICMP Mobile Prefix Advertisement Message Format ...........61
7. Modifications to IPv6 Neighbor Discovery . . . . . . . . . . 66 7. Modifications to IPv6 Neighbor Discovery .......................64
7.1. Modified Router Advertisement Message Format . . . . . . 66 7.1. Modified Router Advertisement Message Format ..............64
7.2. Modified Prefix Information Option Format . . . . . . . 66 7.2. Modified Prefix Information Option Format .................65
7.3. New Advertisement Interval Option Format . . . . . . . . 68 7.3. New Advertisement Interval Option Format ..................66
7.4. New Home Agent Information Option Format . . . . . . . . 69 7.4. New Home Agent Information Option Format ..................67
7.5. Changes to Sending Router Advertisements . . . . . . . . 71 7.5. Changes to Sending Router Advertisements ..................69
8. Requirements for Types of IPv6 Nodes . . . . . . . . . . . . 73 8. Requirements for Types of IPv6 Nodes ...........................71
8.1. All IPv6 Nodes . . . . . . . . . . . . . . . . . . . . . 73 8.1. All IPv6 Nodes ............................................71
8.2. IPv6 Nodes with Support for Route Optimization . . . . . 73 8.2. IPv6 Nodes with Support for Route Optimization ............72
8.3. All IPv6 Routers . . . . . . . . . . . . . . . . . . . . 75 8.3. All IPv6 Routers ..........................................73
8.4. IPv6 Home Agents . . . . . . . . . . . . . . . . . . . . 75 8.4. IPv6 Home Agents ..........................................74
8.5. IPv6 Mobile Nodes . . . . . . . . . . . . . . . . . . . 77 8.5. IPv6 Mobile Nodes .........................................75
9. Correspondent Node Operation . . . . . . . . . . . . . . . . 79 9. Correspondent Node Operation ...................................76
9.1. Conceptual Data Structures . . . . . . . . . . . . . . . 79 9.1. Conceptual Data Structures ................................76
9.2. Processing Mobility Headers . . . . . . . . . . . . . . 80 9.2. Processing Mobility Headers ...............................78
9.3. Packet Processing . . . . . . . . . . . . . . . . . . . 80 9.3. Packet Processing .........................................78
9.3.1. Receiving Packets with Home Address Option . . . . . 80 9.3.1. Receiving Packets with Home Address Option .........78
9.3.2. Sending Packets to a Mobile Node . . . . . . . . . . 81 9.3.2. Sending Packets to a Mobile Node ...................79
9.3.3. Sending Binding Error Messages . . . . . . . . . . . 83 9.3.3. Sending Binding Error Messages .....................81
9.3.4. Receiving ICMP Error Messages . . . . . . . . . . . . 83 9.3.4. Receiving ICMP Error Messages ......................81
9.4. Return Routability Procedure . . . . . . . . . . . . . . 84 9.4. Return Routability Procedure ..............................82
9.4.1. Receiving Home Test Init Messages . . . . . . . . . . 84 9.4.1. Receiving Home Test Init Messages ..................82
9.4.2. Receiving Care-of Test Init Messages . . . . . . . . 84 9.4.2. Receiving Care-of Test Init Messages ...............82
9.4.3. Sending Home Test Messages . . . . . . . . . . . . . 85 9.4.3. Sending Home Test Messages .........................83
9.4.4. Sending Care-of Test Messages . . . . . . . . . . . . 85 9.4.4. Sending Care-of Test Messages ......................83
9.5. Processing Bindings . . . . . . . . . . . . . . . . . . 85 9.5. Processing Bindings .......................................83
9.5.1. Receiving Binding Updates . . . . . . . . . . . . . . 85 9.5.1. Receiving Binding Updates ..........................83
9.5.2. Requests to Cache a Binding . . . . . . . . . . . . . 88 9.5.2. Requests to Cache a Binding ........................86
9.5.3. Requests to Delete a Binding . . . . . . . . . . . . 88 9.5.3. Requests to Delete a Binding .......................86
9.5.4. Sending Binding Acknowledgements . . . . . . . . . . 89 9.5.4. Sending Binding Acknowledgements ...................87
9.5.5. Sending Binding Refresh Requests . . . . . . . . . . 90 9.5.5. Sending Binding Refresh Requests ...................88
9.6. Cache Replacement Policy . . . . . . . . . . . . . . . . 90 9.6. Cache Replacement Policy ..................................88
10. Home Agent Operation . . . . . . . . . . . . . . . . . . . . 92 10. Home Agent Operation ..........................................89
10.1. Conceptual Data Structures . . . . . . . . . . . . . . . 92 10.1. Conceptual Data Structures ...............................89
10.2. Processing Mobility Headers . . . . . . . . . . . . . . 93 10.2. Processing Mobility Headers ..............................90
10.3. Processing Bindings . . . . . . . . . . . . . . . . . . 93 10.3. Processing Bindings ......................................90
10.3.1. Primary Care-of Address Registration . . . . . . . . 93 10.3.1. Primary Care-of Address Registration ..............90
10.3.2. Primary Care-of Address De-Registration . . . . . . . 97 10.3.2. Primary Care-of Address De-Registration ...........94
10.4. Packet Processing . . . . . . . . . . . . . . . . . . . 98 10.4. Packet Processing ........................................96
10.4.1. Intercepting Packets for a Mobile Node . . . . . . . 98 10.4.1. Intercepting Packets for a Mobile Node ............96
10.4.2. Processing Intercepted Packets . . . . . . . . . . . 100 10.4.2. Processing Intercepted Packets ....................98
10.4.3. Multicast Membership Control . . . . . . . . . . . . 101 10.4.3. Multicast Membership Control ......................99
10.4.4. Stateful Address Autoconfiguration . . . . . . . . . 102 10.4.4. Stateful Address Autoconfiguration ...............100
10.4.5. Handling Reverse Tunneled Packets . . . . . . . . . . 103 10.4.5. Handling Reverse-Tunneled Packets ................100
10.4.6. Protecting Return Routability Packets . . . . . . . . 103 10.4.6. Protecting Return Routability Packets ............101
10.5. Dynamic Home Agent Address Discovery . . . . . . . . . . 104 10.5. Dynamic Home Agent Address Discovery ....................102
10.5.1. Receiving Router Advertisement Messages . . . . . . . 104 10.5.1. Receiving Router Advertisement Messages ..........102
10.6. Sending Prefix Information to the Mobile Node . . . . . 107 10.6. Sending Prefix Information to the Mobile Node ...........104
10.6.1. List of Home Network Prefixes . . . . . . . . . . . . 107 10.6.1. List of Home Network Prefixes ....................104
10.6.2. Scheduling Prefix Deliveries . . . . . . . . . . . . 107 10.6.2. Scheduling Prefix Deliveries .....................105
10.6.3. Sending Advertisements . . . . . . . . . . . . . . . 109 10.6.3. Sending Advertisements ...........................107
10.6.4. Lifetimes for Changed Prefixes . . . . . . . . . . . 110 10.6.4. Lifetimes for Changed Prefixes ...................108
11. Mobile Node Operation . . . . . . . . . . . . . . . . . . . . 111 11. Mobile Node Operation ........................................108
11.1. Conceptual Data Structures . . . . . . . . . . . . . . . 111 11.1. Conceptual Data Structures ..............................108
11.2. Processing Mobility Headers . . . . . . . . . . . . . . 112 11.2. Processing Mobility Headers .............................110
11.3. Packet Processing . . . . . . . . . . . . . . . . . . . 113 11.3. Packet Processing .......................................110
11.3.1. Sending Packets While Away from Home . . . . . . . . 113 11.3.1. Sending Packets While Away from Home .............110
11.3.2. Interaction with Outbound IPsec Processing . . . . . 116 11.3.2. Interaction with Outbound IPsec Processing .......113
11.3.3. Receiving Packets While Away from Home . . . . . . . 118 11.3.3. Receiving Packets While Away from Home ...........115
11.3.4. Routing Multicast Packets . . . . . . . . . . . . . . 119 11.3.4. Routing Multicast Packets ........................117
11.3.5. Receiving ICMP Error Messages . . . . . . . . . . . . 121 11.3.5. Receiving ICMP Error Messages ....................118
11.3.6. Receiving Binding Error Messages . . . . . . . . . . 121 11.3.6. Receiving Binding Error Messages .................119
11.4. Home Agent and Prefix Management . . . . . . . . . . . . 122 11.4. Home Agent and Prefix Management ........................120
11.4.1. Dynamic Home Agent Address Discovery . . . . . . . . 122 11.4.1. Dynamic Home Agent Address Discovery .............120
11.4.2. Sending Mobile Prefix Solicitations . . . . . . . . . 123 11.4.2. Sending Mobile Prefix Solicitations ..............121
11.4.3. Receiving Mobile Prefix Advertisements . . . . . . . 124 11.4.3. Receiving Mobile Prefix Advertisements ...........121
11.5. Movement . . . . . . . . . . . . . . . . . . . . . . . . 125 11.5. Movement ................................................123
11.5.1. Movement Detection . . . . . . . . . . . . . . . . . 125 11.5.1. Movement Detection ...............................123
11.5.2. Home Link Detection . . . . . . . . . . . . . . . . . 128 11.5.2. Home Link Detection ..............................125
11.5.3. Forming New Care-of Addresses . . . . . . . . . . . . 128 11.5.3. Forming New Care-of Addresses ....................126
11.5.4. Using Multiple Care-of Addresses . . . . . . . . . . 129 11.5.4. Using Multiple Care-of Addresses .................127
11.5.5. Returning Home . . . . . . . . . . . . . . . . . . . 130 11.5.5. Returning Home ...................................127
11.6. Return Routability Procedure . . . . . . . . . . . . . . 132 11.6. Return Routability Procedure ............................130
11.6.1. Sending Test Init Messages . . . . . . . . . . . . . 132 11.6.1. Sending Test Init Messages .......................130
11.6.2. Receiving Test Messages . . . . . . . . . . . . . . . 133 11.6.2. Receiving Test Messages ..........................131
11.6.3. Protecting Return Routability Packets . . . . . . . . 134 11.6.3. Protecting Return Routability Packets ............132
11.7. Processing Bindings . . . . . . . . . . . . . . . . . . 134 11.7. Processing Bindings .....................................132
11.7.1. Sending Binding Updates to the Home Agent . . . . . . 134 11.7.1. Sending Binding Updates to the Home Agent ........132
11.7.2. Correspondent Registration . . . . . . . . . . . . . 137 11.7.2. Correspondent Registration .......................135
11.7.3. Receiving Binding Acknowledgements . . . . . . . . . 140 11.7.3. Receiving Binding Acknowledgements ...............138
11.7.4. Receiving Binding Refresh Requests . . . . . . . . . 142 11.7.4. Receiving Binding Refresh Requests ...............140
11.8. Retransmissions and Rate Limiting . . . . . . . . . . . 143 11.8. Retransmissions and Rate Limiting .......................141
12. Protocol Constants . . . . . . . . . . . . . . . . . . . . . 145 12. Protocol Constants ...........................................142
13. Protocol Configuration Variables . . . . . . . . . . . . . . 146 13. Protocol Configuration Variables .............................142
14. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 147 14. IANA Considerations ..........................................143
15. Security Considerations . . . . . . . . . . . . . . . . . . . 150 15. Security Considerations ......................................146
15.1. Threats . . . . . . . . . . . . . . . . . . . . . . . . 150 15.1. Threats .................................................146
15.2. Features . . . . . . . . . . . . . . . . . . . . . . . . 152 15.2. Features ................................................148
15.3. Binding Updates to Home Agent . . . . . . . . . . . . . 154 15.3. Binding Updates to Home Agent ...........................150
15.4. Binding Updates to Correspondent Nodes . . . . . . . . . 156 15.4. Binding Updates to Correspondent Nodes ..................152
15.4.1. Overview . . . . . . . . . . . . . . . . . . . . . . 156 15.4.1. Overview .........................................153
15.4.2. Achieved Security Properties . . . . . . . . . . . . 157 15.4.2. Achieved Security Properties .....................153
15.4.3. Comparison to Regular IPv6 Communications . . . . . . 158 15.4.3. Comparison to Regular IPv6 Communications ........154
15.4.4. Replay Attacks . . . . . . . . . . . . . . . . . . . 160 15.4.4. Replay Attacks ...................................156
15.4.5. Denial-of-Service Attacks . . . . . . . . . . . . . . 160 15.4.5. Denial-of-Service Attacks ........................156
15.4.6. Key Lengths . . . . . . . . . . . . . . . . . . . . . 161 15.4.6. Key Lengths ......................................157
15.5. Dynamic Home Agent Address Discovery . . . . . . . . . . 162 15.5. Dynamic Home Agent Address Discovery ....................158
15.6. Mobile Prefix Discovery . . . . . . . . . . . . . . . . 163 15.6. Mobile Prefix Discovery .................................159
15.7. Tunneling via the Home Agent . . . . . . . . . . . . . . 163 15.7. Tunneling via the Home Agent ............................159
15.8. Home Address Option . . . . . . . . . . . . . . . . . . 164 15.8. Home Address Option .....................................160
15.9. Type 2 Routing Header . . . . . . . . . . . . . . . . . 164 15.9. Type 2 Routing Header ...................................161
15.10. SHA-1 Secure Enough for Mobile IPv6 Control Messages . . 165 15.10. SHA-1 Secure Enough for Mobile IPv6 Control Messages ...161
16. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 166 16. Contributors .................................................162
17. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 167 17. Acknowledgements .............................................162
18. References . . . . . . . . . . . . . . . . . . . . . . . . . 168 18. References ...................................................162
18.1. Normative References . . . . . . . . . . . . . . . . . . 168 18.1. Normative References ....................................162
18.2. Informative References . . . . . . . . . . . . . . . . . 169 18.2. Informative References ..................................164
Appendix A. Future Extensions . . . . . . . . . . . . . . . . . 172 Appendix A. Future Extensions ....................................166
A.1. Piggybacking . . . . . . . . . . . . . . . . . . . . . . 172 A.1. Piggybacking .............................................166
A.2. Triangular Routing . . . . . . . . . . . . . . . . . . . 172 A.2. Triangular Routing .......................................166
A.3. New Authorization Methods . . . . . . . . . . . . . . . 172 A.3. New Authorization Methods ................................166
A.4. Neighbor Discovery Extensions . . . . . . . . . . . . . 172 A.4. Neighbor Discovery Extensions ............................166
Appendix B. Changes since RFC 3775 . . . . . . . . . . . . . . . 174 Appendix B. Changes since RFC 3775 ...............................167
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 177
1. Introduction 1. Introduction
This document specifies a protocol which allows nodes to remain This document specifies a protocol that allows nodes to remain
reachable while moving around in the IPv6 Internet. Without specific reachable while moving around in the IPv6 Internet. Without specific
support for mobility in IPv6 [6], packets destined to a mobile node support for mobility in IPv6 [6], packets destined to a mobile node
would not be able to reach it while the mobile node is away from its would not be able to reach it while the mobile node is away from its
home link. In order to continue communication in spite of its home link. In order to continue communication in spite of its
movement, a mobile node could change its IP address each time it movement, a mobile node could change its IP address each time it
moves to a new link, but the mobile node would then not be able to moves to a new link, but the mobile node would then not be able to
maintain transport and higher-layer connections when it changes maintain transport and higher-layer connections when it changes
location. Mobility support in IPv6 is particularly important, as location. Mobility support in IPv6 is particularly important, as
mobile computers are likely to account for a majority or at least a mobile computers are likely to account for a majority or at least a
substantial fraction of the population of the Internet during the substantial fraction of the population of the Internet during the
skipping to change at page 8, line 14 skipping to change at page 8, line 14
o Access control on a link being visited by a mobile node. o Access control on a link being visited by a mobile node.
o Local or hierarchical forms of mobility management (similar to o Local or hierarchical forms of mobility management (similar to
many current link-layer mobility management solutions). many current link-layer mobility management solutions).
o Assistance for adaptive applications. o Assistance for adaptive applications.
o Mobile routers. o Mobile routers.
o Service Discovery. o Service discovery.
o Distinguishing between packets lost due to bit errors vs. network o Distinguishing between packets lost due to bit errors versus
congestion. network congestion.
This document obsoletes RFC 3775. Issues with the original document This document obsoletes RFC 3775. Issues with the original document
have been observed during integration, testing and deployment of RFC have been observed during the integration, testing, and deployment of
3775. A more detailed list of the changes since RFC 3775 may be RFC 3775. A more detailed list of the changes since RFC 3775 may be
found in Appendix B. found in Appendix B.
2. Comparison with Mobile IP for IPv4 2. Comparison with Mobile IP for IPv4
The design of Mobile IP support in IPv6 (Mobile IPv6) benefits both The design of Mobile IP support in IPv6 (Mobile IPv6) benefits both
from the experiences gained from the development of Mobile IP support from the experiences gained from the development of Mobile IP support
in IPv4 (Mobile IPv4) [31] [25] [26], and from the opportunities in IPv4 (Mobile IPv4) [32] [25] [26], and from the opportunities
provided by IPv6. Mobile IPv6 thus shares many features with Mobile provided by IPv6. Mobile IPv6 thus shares many features with Mobile
IPv4, but is integrated into IPv6 and offers many other improvements. IPv4, but is integrated into IPv6 and offers many other improvements.
This section summarizes the major differences between Mobile IPv4 and This section summarizes the major differences between Mobile IPv4 and
Mobile IPv6: Mobile IPv6:
o There is no need to deploy special routers as "foreign agents", as o There is no need to deploy special routers as "foreign agents", as
in Mobile IPv4. Mobile IPv6 operates in any location without any in Mobile IPv4. Mobile IPv6 operates in any location without any
special support required from the local router. special support required from the local router.
o Support for route optimization is a fundamental part of the o Support for route optimization is a fundamental part of the
skipping to change at page 9, line 31 skipping to change at page 8, line 50
o Mobile IPv6 route optimization can operate securely even without o Mobile IPv6 route optimization can operate securely even without
pre-arranged security associations. It is expected that route pre-arranged security associations. It is expected that route
optimization can be deployed on a global scale between all mobile optimization can be deployed on a global scale between all mobile
nodes and correspondent nodes. nodes and correspondent nodes.
o Support is also integrated into Mobile IPv6 for allowing route o Support is also integrated into Mobile IPv6 for allowing route
optimization to coexist efficiently with routers that perform optimization to coexist efficiently with routers that perform
"ingress filtering" [27]. "ingress filtering" [27].
o The IPv6 Neighbor Unreachability Detection assures symmetric o The IPv6 Neighbor Unreachability Detection ensures symmetric
reachability between the mobile node and its default router in the reachability between the mobile node and its default router in the
current location. current location.
o Most packets sent to a mobile node while away from home in Mobile o Most packets sent to a mobile node while away from home in Mobile
IPv6 are sent using an IPv6 routing header rather than IP IPv6 are sent using an IPv6 routing header rather than IP
encapsulation, reducing the amount of resulting overhead compared encapsulation, reducing the amount of resulting overhead compared
to Mobile IPv4. to Mobile IPv4.
o Mobile IPv6 is decoupled from any particular link layer, as it o Mobile IPv6 is decoupled from any particular link layer, as it
uses IPv6 Neighbor Discovery [18] instead of ARP. This also uses IPv6 Neighbor Discovery [18] instead of the Address
improves the robustness of the protocol. Resolution Protocol (ARP). This also improves the robustness of
the protocol.
o The use of IPv6 encapsulation (and the routing header) removes the o The use of IPv6 encapsulation (and the routing header) removes the
need in Mobile IPv6 to manage "tunnel soft state". need in Mobile IPv6 to manage "tunnel soft state".
o The dynamic home agent address discovery mechanism in Mobile IPv6 o The dynamic home agent address discovery mechanism in Mobile IPv6
returns a single reply to the mobile node. The directed broadcast returns a single reply to the mobile node. The directed broadcast
approach used in IPv4 returns separate replies from each home approach used in IPv4 returns separate replies from each home
agent. agent.
3. Terminology 3. Terminology
skipping to change at page 10, line 30 skipping to change at page 9, line 48
router router
A node that forwards IP packets not explicitly addressed to A node that forwards IP packets not explicitly addressed to
itself. itself.
unicast routable address unicast routable address
An identifier for a single interface such that a packet sent to it An identifier for a single interface such that a packet sent to it
from another IPv6 subnet is delivered to the interface identified from another IPv6 subnet is delivered to the interface identified
by that address. Accordingly, a unicast routable address must by that address. Accordingly, a unicast routable address must be
either be global IPv6 address or a unique local IPv6 address. either a global IPv6 address or a unique local IPv6 address.
host host
Any node that is not a router. Any node that is not a router.
link link
A communication facility or medium over which nodes can A communication facility or medium over which nodes can
communicate at the link layer, such as an Ethernet (simple or communicate at the link layer, such as an Ethernet (simple or
bridged). A link is the layer immediately below IP. bridged). A link is the layer immediately below IP.
skipping to change at page 12, line 8 skipping to change at page 11, line 26
A routing header may be present as an IPv6 header extension, and A routing header may be present as an IPv6 header extension, and
indicates that the payload has to be delivered to a destination indicates that the payload has to be delivered to a destination
IPv6 address in some way that is different from what would be IPv6 address in some way that is different from what would be
carried out by standard Internet routing. In this document, use carried out by standard Internet routing. In this document, use
of the term "routing header" typically refers to use of a type 2 of the term "routing header" typically refers to use of a type 2
routing header, as specified in Section 6.4. routing header, as specified in Section 6.4.
"|" (concatenation) "|" (concatenation)
Some formulas in this specification use the symbol "|" to indicate Some formulas in this specification use the symbol "|" to indicate
bytewise concatenation, as in A | B. This concatenation requires bytewise concatenation, as in A | B. This concatenation requires
that all of the octets of the datum A appear first in the result, that all of the octets of the datum A appear first in the result,
followed by all of the octets of the datum B. followed by all of the octets of the datum B.
First (size, input) First (size, input)
Some formulas in this specification use a functional form "First Some formulas in this specification use a functional form "First
(size, input)" to indicate truncation of the "input" data so that (size, input)" to indicate truncation of the "input" data so that
only the first "size" bits remain to be used. only the first "size" bits remain to be used.
3.2. Mobile IPv6 Terms 3.2. Mobile IPv6 Terms
These terms are intended to be compatible with the definitions given These terms are intended to be compatible with the definitions given
in RFC 3753[39]. However, if there is any conflict, the definitions in RFC 3753 [40]. However, if there is any conflict, the definitions
given here should be considered to supersede those in RFC 3753. given here should be considered to supersede those in RFC 3753.
home address home address
A unicast routable address assigned to a mobile node, used as the A unicast routable address assigned to a mobile node, used as the
permanent address of the mobile node. This address is within the permanent address of the mobile node. This address is within the
mobile node's home link. Standard IP routing mechanisms will mobile node's home link. Standard IP routing mechanisms will
deliver packets destined for a mobile node's home address to its deliver packets destined for a mobile node's home address to its
home link. Mobile nodes can have multiple home addresses, for home link. Mobile nodes can have multiple home addresses, for
instance when there are multiple home prefixes on the home link. instance, when there are multiple home prefixes on the home link.
home subnet prefix home subnet prefix
The IP subnet prefix corresponding to a mobile node's home The IP subnet prefix corresponding to a mobile node's home
address. address.
home link home link
The link on which a mobile node's home subnet prefix is defined. The link on which a mobile node's home subnet prefix is defined.
skipping to change at page 13, line 5 skipping to change at page 12, line 26
A node that can change its point of attachment from one link to A node that can change its point of attachment from one link to
another, while still being reachable via its home address. another, while still being reachable via its home address.
movement movement
A change in a mobile node's point of attachment to the Internet A change in a mobile node's point of attachment to the Internet
such that it is no longer connected to the same link as it was such that it is no longer connected to the same link as it was
previously. If a mobile node is not currently attached to its previously. If a mobile node is not currently attached to its
home link, the mobile node is said to be "away from home". home link, the mobile node is said to be "away from home".
L2 handover Layer 2 (L2) handover
A process by which the mobile node changes from one link-layer A process by which the mobile node changes from one link-layer
connection to another. For example, a change of wireless access connection to another. For example, a change of wireless access
point is a L2 handover. point is an L2 handover.
L3 handover Layer 3 (L3) handover
Subsequent to a L2 handover, a mobile node detects a change in an Subsequent to an L2 handover, a mobile node detects a change in an
on-link subnet prefix that would require a change in the primary on-link subnet prefix that would require a change in the primary
care-of address. For example, a change of access router care-of address. For example, a change of access router
subsequent to a change of wireless access point typically results subsequent to a change of wireless access point typically results
in an L3 handover. in an L3 handover.
correspondent node correspondent node
A peer node with which a mobile node is communicating. The A peer node with which a mobile node is communicating. The
correspondent node may be either mobile or stationary. correspondent node may be either mobile or stationary.
skipping to change at page 17, line 45 skipping to change at page 17, line 26
packet's IPv6 header to its current care-of addresses. The mobile packet's IPv6 header to its current care-of addresses. The mobile
node adds a new IPv6 "Home Address" destination option (see node adds a new IPv6 "Home Address" destination option (see
Section 6.3) to carry its home address. The inclusion of home Section 6.3) to carry its home address. The inclusion of home
addresses in these packets makes the use of the care-of address addresses in these packets makes the use of the care-of address
transparent above the network layer (e.g., at the transport layer). transparent above the network layer (e.g., at the transport layer).
Mobile IPv6 also provides support for multiple home agents, and a Mobile IPv6 also provides support for multiple home agents, and a
limited support for the reconfiguration of the home network. In limited support for the reconfiguration of the home network. In
these cases, the mobile node may not know the IP address of its own these cases, the mobile node may not know the IP address of its own
home agent, and even the home subnet prefixes may change over time. home agent, and even the home subnet prefixes may change over time.
A mechanism, known as "dynamic home agent address discovery" allows a A mechanism known as "dynamic home agent address discovery" allows a
mobile node to dynamically discover the IP address of a home agent on mobile node to dynamically discover the IP address of a home agent on
its home link, even when the mobile node is away from home. Mobile its home link, even when the mobile node is away from home. Mobile
nodes can also learn new information about home subnet prefixes nodes can also learn new information about home subnet prefixes
through the "mobile prefix discovery" mechanism. These mechanisms through the "mobile prefix discovery" mechanism. These mechanisms
are described starting from Section 6.5. are described starting in Section 6.5.
This document is written under the assumption that the mobile node is This document is written under the assumption that the mobile node is
configured with the home prefix for the mobile node to be able to configured with the home prefix for the mobile node to be able to
discover a home agent and configure a home address. This might be discover a home agent and configure a home address. This might be
limiting in deployments where the home agent and the home address for limiting in deployments where the home agent and the home address for
the mobile node needs to be assigned dynamically. Additional the mobile node need to be assigned dynamically. Additional
mechanisms have been specified for the mobile node to dynamically mechanisms have been specified for the mobile node to dynamically
configure a home agent, a home address and the home prefix. These configure a home agent, a home address, and the home prefix. These
mechanisms are described in "Mobile IPv6 Bootstrapping in Split mechanisms are described in "Mobile IPv6 Bootstrapping in Split
Scenario" [22] and "MIP6 bootstrapping for the Integrated Scenario" Scenario" [22] and "MIP6-bootstrapping for the Integrated Scenario"
[35]. [36].
4.2. New IPv6 Protocol 4.2. New IPv6 Protocol
Mobile IPv6 defines a new IPv6 protocol, using the Mobility Header Mobile IPv6 defines a new IPv6 protocol, using the Mobility Header
(see Section 6.1). This Header is used to carry the following (see Section 6.1). This header is used to carry the following
messages: messages:
Home Test Init Home Test Init
Home Test Home Test
Care-of Test Init Care-of Test Init
Care-of Test Care-of Test
These four messages are used to perform the return routability These four messages are used to perform the return routability
procedure from the mobile node to a correspondent node. This procedure from the mobile node to a correspondent node. This
ensures authorization of subsequent Binding Updates, as described ensures authorization of subsequent Binding Updates, as described
in Section 5.2.5. in Section 5.2.5.
Binding Update Binding Update
skipping to change at page 19, line 20 skipping to change at page 18, line 43
cached binding is in active use but the binding's lifetime is cached binding is in active use but the binding's lifetime is
close to expiration. The correspondent node may use, for close to expiration. The correspondent node may use, for
instance, recent traffic and open transport layer connections as instance, recent traffic and open transport layer connections as
an indication of active use. an indication of active use.
Binding Error Binding Error
The Binding Error is used by the correspondent node to signal an The Binding Error is used by the correspondent node to signal an
error related to mobility, such as an inappropriate attempt to use error related to mobility, such as an inappropriate attempt to use
the Home Address destination option without an existing binding. the Home Address destination option without an existing binding.
The Binding Error message is also used by the Home Agent to signal The Binding Error message is also used by the home agent to signal
an error to the mobile node, if it receives an unrecognized an error to the mobile node, if it receives an unrecognized
Mobility Header Message Type from the mobile node. Mobility Header Message Type from the mobile node.
4.3. New IPv6 Destination Option 4.3. New IPv6 Destination Option
Mobile IPv6 defines a new IPv6 destination option, the Home Address Mobile IPv6 defines a new IPv6 destination option, the Home Address
destination option. This option is described in detail in destination option. This option is described in detail in
Section 6.3. Section 6.3.
4.4. New IPv6 ICMP Messages 4.4. New IPv6 ICMP Messages
Mobile IPv6 also introduces four new ICMP message types, two for use Mobile IPv6 also introduces four new ICMP message types, two for use
in the dynamic home agent address discovery mechanism, and two for in the dynamic home agent address discovery mechanism, and two for
renumbering and mobile configuration mechanisms. As described in renumbering and mobile configuration mechanisms. As described in
Section 10.5 and Section 11.4.1, the following two new ICMP message Sections 10.5 and 11.4.1, the following two new ICMP message types
types are used for home agent address discovery: are used for home agent address discovery:
o Home Agent Address Discovery Request, described in Section 6.5. o Home Agent Address Discovery Request, described in Section 6.5.
o Home Agent Address Discovery Reply, described in Section 6.6. o Home Agent Address Discovery Reply, described in Section 6.6.
The next two message types are used for network renumbering and The next two message types are used for network renumbering and
address configuration on the mobile node, as described in address configuration on the mobile node, as described in
Section 10.6: Section 10.6:
o Mobile Prefix Solicitation, described in Section 6.7. o Mobile Prefix Solicitation, described in Section 6.7.
skipping to change at page 20, line 38 skipping to change at page 20, line 17
Home agents need to know which other home agents are on the same Home agents need to know which other home agents are on the same
link. This information is stored in the Home Agents List, as link. This information is stored in the Home Agents List, as
described in more detail in Section 10.1. The list is used for described in more detail in Section 10.1. The list is used for
informing mobile nodes during dynamic home agent address informing mobile nodes during dynamic home agent address
discovery. discovery.
4.6. Unique-Local Addressability 4.6. Unique-Local Addressability
This specification requires that home and care-of addresses MUST be This specification requires that home and care-of addresses MUST be
unicast routable addresses. Unique-local IPv6 unicast addresses unicast routable addresses. Unique-local IPv6 unicast addresses
(ULAs) RFC4193 [15] may be usable on networks that use such non- (ULAs, RFC 4193 [15]) may be usable on networks that use such non-
globally routable addresses but this specification does not define globally routable addresses, but this specification does not define
when such usage is safe and when it is not. Mobile nodes may not be when such usage is safe and when it is not. Mobile nodes may not be
able to distinguish between their home site and the site at which able to distinguish between their home site and the site at which
they are currently located. This can make it hard to prevent they are currently located. This can make it hard to prevent
accidental attachment to other sites, because the mobile node might accidental attachment to other sites, because the mobile node might
use the ULA at another site, which could not be used to successfully use the ULA at another site, which could not be used to successfully
send packets to the mobile node's HA. This would result in send packets to the mobile node's home agent (HA). This would result
unreachability between the MN and the HA, when unique-local IPv6 in unreachability between the mobile node (MN) and the HA, when
routable addresses are used as care-of addresses. Similarly, CNs unique-local IPv6 routable addresses are used as care-of addresses.
outside the MN's own site will not be reachable when ULAs are used as Similarly, CNs outside the MN's own site will not be reachable when
home addresses. Therefore, unique-local IPv6 unicast addresses ULAs are used as home addresses. Therefore, unique-local IPv6
SHOULD NOT be used as home or care-of addresses when other address unicast addresses SHOULD NOT be used as home or care-of addresses
choices are available. If such addresses are used, however, when other address choices are available. If such addresses are
according to RFC4193 [15], they are treated as any global unicast used, however, according to RFC 4193 [15], they are treated as any
IPv6 address so, for the remainder of this specification, use of global unicast IPv6 address so, for the remainder of this
unique-local IPv6 unicast addresses is not differentiated from other specification, use of unique-local IPv6 unicast addresses is not
globally unique IPv6 addresses. differentiated from other globally unique IPv6 addresses.
5. Overview of Mobile IPv6 Security 5. Overview of Mobile IPv6 Security
This specification provides a number of security features. These This specification provides a number of security features. These
include the protection of Binding Updates both to home agents and include the protection of Binding Updates both to home agents and
correspondent nodes, the protection of mobile prefix discovery, and correspondent nodes, the protection of mobile prefix discovery, and
the protection of the mechanisms that Mobile IPv6 uses for the protection of the mechanisms that Mobile IPv6 uses for
transporting data packets. transporting data packets.
Binding Updates are protected by the use of IPsec extension headers, Binding Updates are protected by the use of IPsec extension headers,
or by the use of the Binding Authorization Data option. This option or by the use of the Binding Authorization Data option. This option
employs a binding management key, Kbm, which can be established employs a binding management key, Kbm, which can be established
through the return routability procedure. Mobile prefix discovery is through the return routability procedure. Mobile prefix discovery is
protected through the use of IPsec extension headers. Mechanisms protected through the use of IPsec extension headers. Mechanisms
related to transporting payload packets - such as the Home Address related to transporting payload packets -- such as the Home Address
destination option and type 2 routing header - have been specified in destination option and type 2 routing header -- have been specified
a manner which restricts their use in attacks. in a manner that restricts their use in attacks.
5.1. Binding Updates to Home Agents 5.1. Binding Updates to Home Agents
The mobile node and the home agent MUST use an IPsec security The mobile node and the home agent MUST use an IPsec security
association to protect the integrity and authenticity of the Binding association to protect the integrity and authenticity of the Binding
Updates and Acknowledgements. Both the mobile nodes and the home Updates and Acknowledgements. Both the mobile nodes and the home
agents MUST support and SHOULD use the Encapsulating Security Payload agents MUST support and SHOULD use the Encapsulating Security Payload
(ESP) [5] header in transport mode and MUST use a non-NULL payload (ESP) [5] header in transport mode and MUST use a non-NULL payload
authentication algorithm to provide data origin authentication, authentication algorithm to provide data origin authentication,
connectionless integrity and optional anti-replay protection. Note connectionless integrity, and optional anti-replay protection. Note
that Authentication Header (AH) [4] is also possible but for brevity that Authentication Header (AH) [4] is also possible but for brevity
not discussed in this specification. not discussed in this specification.
In order to protect messages exchanged between the mobile node and In order to protect messages exchanged between the mobile node and
the home agent with IPsec, appropriate security policy database the home agent with IPsec, appropriate security policy database
entries must be created. A mobile node must be prevented from using entries must be created. A mobile node must be prevented from using
its security association to send a Binding Update on behalf of its security association to send a Binding Update on behalf of
another mobile node using the same home agent. This MUST be achieved another mobile node using the same home agent. This MUST be achieved
by having the home agent check that the given home address has been by having the home agent check that the given home address has been
used with the right security association. Such a check is provided used with the right security association. Such a check is provided
skipping to change at page 23, line 5 skipping to change at page 21, line 37
agent. In order to make this possible, it is necessary that the home agent. In order to make this possible, it is necessary that the home
address of the mobile node is visible in the Binding Updates and address of the mobile node is visible in the Binding Updates and
Acknowledgements. The home address is used in these packets as a Acknowledgements. The home address is used in these packets as a
source or destination, or in the Home Address destination option or source or destination, or in the Home Address destination option or
the type 2 routing header. the type 2 routing header.
As with all IPsec security associations in this specification, manual As with all IPsec security associations in this specification, manual
configuration of security associations MUST be supported. The shared configuration of security associations MUST be supported. The shared
secrets used MUST be random and unique for different mobile nodes, secrets used MUST be random and unique for different mobile nodes,
and MUST be distributed off-line to the mobile nodes. Automatic key and MUST be distributed off-line to the mobile nodes. Automatic key
management with IKEv2 [24] MAY be supported as described in [20]. management with the Internet Key Exchange Protocol version 2 (IKEv2)
[24] MAY be supported as described in [20].
Section 11.3.2 discusses how IKEv2 connections to the home agent need Section 11.3.2 discusses how IKEv2 connections to the home agent need
a careful treatment of the addresses used for transporting IKEv2. a careful treatment of the addresses used for transporting IKEv2.
This is necessary to ensure that a Binding Update is not needed This is necessary to ensure that a Binding Update is not needed
before the IKEv2 exchange which is needed for securing the Binding before the IKEv2 exchange that is needed for securing the Binding
Update. Update.
More detailed descriptions and examples using IPsec to protect More detailed descriptions and examples using IPsec to protect
communications between the mobile node and the home agent have been communications between the mobile node and the home agent have been
published [12][20]. published [12][20].
5.2. Binding Updates to Correspondent Nodes 5.2. Binding Updates to Correspondent Nodes
The protection of Binding Updates sent to correspondent nodes does The protection of Binding Updates sent to correspondent nodes does
not require the configuration of security associations or the not require the configuration of security associations or the
existence of an authentication infrastructure between the mobile existence of an authentication infrastructure between the mobile
nodes and correspondent nodes. Instead, a method called the return nodes and correspondent nodes. Instead, a method called the return
routability procedure is used to assure that the right mobile node is routability procedure is used to ensure that the right mobile node is
sending the message. This method does not protect against attackers sending the message. This method does not protect against attackers
who are on the path between the home network and the correspondent who are on the path between the home network and the correspondent
node. However, attackers in such a location are capable of node. However, attackers in such a location are capable of
performing the same attacks even without Mobile IPv6. The main performing the same attacks even without Mobile IPv6. The main
advantage of the return routability procedure is that it limits the advantage of the return routability procedure is that it limits the
potential attackers to those having an access to one specific path in potential attackers to those having an access to one specific path in
the Internet, and avoids forged Binding Updates from anywhere else in the Internet, and avoids forged Binding Updates from anywhere else in
the Internet. For a more in depth explanation of the security the Internet. For a more in-depth explanation of the security
properties of the return routability procedure, see Section 15. properties of the return routability procedure, see Section 15.
Also, consult [42] Also, consult [43].
The integrity and authenticity of the Binding Update messages to The integrity and authenticity of the Binding Update messages to
correspondent nodes is protected by using a keyed-hash algorithm. correspondent nodes are protected by using a keyed-hash algorithm.
The binding management key, Kbm, is used to key the hash algorithm The binding management key, Kbm, is used to key the hash algorithm
for this purpose. Kbm is established using data exchanged during the for this purpose. Kbm is established using data exchanged during the
return routability procedure. The data exchange is accomplished by return routability procedure. The data exchange is accomplished by
use of node keys, nonces, cookies, tokens, and certain cryptographic use of node keys, nonces, cookies, tokens, and certain cryptographic
functions. Section 5.2.5 outlines the basic return routability functions. Section 5.2.5 outlines the basic return routability
procedure. Section 5.2.6 shows how the results of this procedure are procedure. Section 5.2.6 shows how the results of this procedure are
used to authorize a Binding Update to a correspondent node. used to authorize a Binding Update to a correspondent node.
5.2.1. Node Keys 5.2.1. Node Keys
skipping to change at page 24, line 16 skipping to change at page 23, line 10
A correspondent node MAY generate a fresh node key at any time; this A correspondent node MAY generate a fresh node key at any time; this
avoids the need for secure persistent key storage. Procedures for avoids the need for secure persistent key storage. Procedures for
optionally updating the node key are discussed later in optionally updating the node key are discussed later in
Section 5.2.7. Section 5.2.7.
5.2.2. Nonces 5.2.2. Nonces
Each correspondent node also generates nonces at regular intervals. Each correspondent node also generates nonces at regular intervals.
The nonces should be generated by using a random number generator The nonces should be generated by using a random number generator
that is known to have good randomness properties [14]. A that is known to have good randomness properties [14]. A
correspondent node may use the same Kcn and nonce with all the correspondent node may use the same Kcn and nonce with all the mobile
mobiles it is in communication with. nodes with which it is in communication.
Each nonce is identified by a nonce index. When a new nonce is Each nonce is identified by a nonce index. When a new nonce is
generated, it must be associated with a new nonce index; this may be generated, it must be associated with a new nonce index; this may be
done, for example, by incrementing the value of the previous nonce done, for example, by incrementing the value of the previous nonce
index, if the nonce index is used as an array pointer into a linear index, if the nonce index is used as an array pointer into a linear
array of nonces. However, there is no requirement that nonces be array of nonces. However, there is no requirement that nonces be
stored that way, or that the values of subsequent nonce indices have stored that way, or that the values of subsequent nonce indices have
any particular relationship to each other. The index value is any particular relationship to each other. The index value is
communicated in the protocol, so that if a nonce is replaced by new communicated in the protocol, so that if a nonce is replaced by a new
nonce during the run of a protocol, the correspondent node can nonce during the run of a protocol, the correspondent node can
distinguish messages that should be checked against the old nonce distinguish messages that should be checked against the old nonce
from messages that should be checked against the new nonce. Strictly from messages that should be checked against the new nonce. Strictly
speaking, indices are not necessary in the authentication, but allow speaking, indices are not necessary in the authentication, but allow
the correspondent node to efficiently find the nonce value that it the correspondent node to efficiently find the nonce value that it
used in creating a keygen token. used in creating a keygen token.
Correspondent nodes keep both the current nonce and a small set of Correspondent nodes keep both the current nonce and a small set of
valid previous nonces whose lifetime has not yet expired. Expired valid previous nonces whose lifetime has not yet expired. Expired
values MUST be discarded, and messages using stale or unknown indices values MUST be discarded, and messages using stale or unknown indices
skipping to change at page 25, line 5 skipping to change at page 23, line 47
A nonce is an octet string of any length. The recommended length is A nonce is an octet string of any length. The recommended length is
64 bits. 64 bits.
5.2.3. Cookies and Tokens 5.2.3. Cookies and Tokens
The return routability address test procedure uses cookies and keygen The return routability address test procedure uses cookies and keygen
tokens as opaque values within the test init and test messages, tokens as opaque values within the test init and test messages,
respectively. respectively.
o The "home init cookie" and "care-of init cookie" are 64 bit values o The "home init cookie" and "care-of init cookie" are 64-bit values
sent to the correspondent node from the mobile node, and later sent to the correspondent node from the mobile node, and later
returned to the mobile node. The home init cookie is sent in the returned to the mobile node. The home init cookie is sent in the
Home Test Init message, and returned in the Home Test message. Home Test Init message, and returned in the Home Test message.
The care-of init cookie is sent in the Care-of Test Init message, The care-of init cookie is sent in the Care-of Test Init message,
and returned in the Care-of Test message. and returned in the Care-of Test message.
o The "home keygen token" and "care-of keygen token" are 64-bit o The "home keygen token" and "care-of keygen token" are 64-bit
values sent by the correspondent node to the mobile node via the values sent by the correspondent node to the mobile node via the
home agent (via the Home Test message) and the care-of address (by home agent (via the Home Test message) and the care-of address (by
the Care-of Test message), respectively. the Care-of Test message), respectively.
skipping to change at page 25, line 41 skipping to change at page 24, line 34
By default in this specification, the function used to compute hash By default in this specification, the function used to compute hash
values is SHA-1 [11], which is considered to offer sufficient values is SHA-1 [11], which is considered to offer sufficient
protection for Mobile IPv6 control messages (see Section 15.10). protection for Mobile IPv6 control messages (see Section 15.10).
Message Authentication Codes (MACs) are then computed using HMAC_SHA1 Message Authentication Codes (MACs) are then computed using HMAC_SHA1
[1][11]. HMAC_SHA1(K,m) denotes such a MAC computed on message m [1][11]. HMAC_SHA1(K,m) denotes such a MAC computed on message m
with key K. with key K.
5.2.5. Return Routability Procedure 5.2.5. Return Routability Procedure
The Return Routability Procedure enables the correspondent node to The return routability procedure enables the correspondent node to
obtain some reasonable assurance that the mobile node is in fact obtain some reasonable assurance that the mobile node is in fact
addressable at its claimed care-of address as well as at its home addressable at its claimed care-of address as well as at its home
address. Only with this assurance is the correspondent node able to address. Only with this assurance is the correspondent node able to
accept Binding Updates from the mobile node which would then instruct accept Binding Updates from the mobile node, which would then
the correspondent node to direct that mobile node's data traffic to instruct the correspondent node to direct that mobile node's data
its claimed care-of address. traffic to its claimed care-of address.
This is done by testing whether packets addressed to the two claimed This is done by testing whether packets addressed to the two claimed
addresses are routed to the mobile node. The mobile node can pass addresses are routed to the mobile node. The mobile node can pass
the test only if it is able to supply proof that it received certain the test only if it is able to supply proof that it received certain
data (the "keygen tokens") which the correspondent node sends to data (the "keygen tokens") that the correspondent node sends to those
those addresses. These data are combined by the mobile node into a addresses. These data are combined by the mobile node into a binding
binding management key, denoted Kbm. management key, denoted Kbm.
The figure below shows the message flow for the return routability The figure below shows the message flow for the return routability
procedure. procedure.
Mobile node Home agent Correspondent node Mobile node Home agent Correspondent node
| | | |
| Home Test Init (HoTI) | | | Home Test Init (HoTI) | |
|------------------------->|------------------------->| |------------------------->|------------------------->|
| | | | | |
| Care-of Test Init (CoTI) | | Care-of Test Init (CoTI) |
skipping to change at page 28, line 11 skipping to change at page 26, line 50
+ home keygen token + home keygen token
+ home nonce index + home nonce index
When the correspondent node receives the Home Test Init message, When the correspondent node receives the Home Test Init message,
it generates a home keygen token as follows: it generates a home keygen token as follows:
home keygen token := home keygen token :=
First (64, HMAC_SHA1 (Kcn, (home address | nonce | 0))) First (64, HMAC_SHA1 (Kcn, (home address | nonce | 0)))
where | denotes concatenation. The final "0" inside the HMAC_SHA1 where | denotes concatenation. The final "0" inside the HMAC_SHA1
function is a single zero octet, used to distinguish home and function is a single zero octet, used to distinguish home and care-of
care-of cookies from each other. cookies from each other.
The home keygen token is formed from the first 64 bits of the MAC. The home keygen token is formed from the first 64 bits of the MAC.
The home keygen token tests that the mobile node can receive The home keygen token tests that the mobile node can receive messages
messages sent to its home address. Kcn is used in the production sent to its home address. Kcn is used in the production of home
of home keygen token in order to allow the correspondent node to keygen token in order to allow the correspondent node to verify that
verify that it generated the home and care-of nonces, without it generated the home and care-of nonces, without forcing the
forcing the correspondent node to remember a list of all tokens it correspondent node to remember a list of all tokens it has handed
has handed out. out.
The Home Test message is sent to the mobile node via the home The Home Test message is sent to the mobile node via the home
network, where it is presumed that the home agent will tunnel the network, where it is presumed that the home agent will tunnel the
message to the mobile node. This means that the mobile node needs message to the mobile node. This means that the mobile node needs to
to already have sent a Binding Update to the home agent, so that already have sent a Binding Update to the home agent, so that the
the home agent will have received and authorized the new care-of home agent will have received and authorized the new care-of address
address for the mobile node before the return routability for the mobile node before the return routability procedure. For
procedure. For improved security, the data passed between the improved security, the data passed between the home agent and the
home agent and the mobile node is made immune to inspection and mobile node is made immune to inspection and passive attacks. Such
passive attacks. Such protection is gained by encrypting the home protection is gained by encrypting the home keygen token as it is
keygen token as it is tunneled from the home agent to the mobile tunneled from the home agent to the mobile node as specified in
node as specified in Section 10.4.6. The security properties of Section 10.4.6. The security properties of this additional security
this additional security are discussed in Section 15.4.1. are discussed in Section 15.4.1.
The home init cookie from the mobile node is returned in the Home The home init cookie from the mobile node is returned in the Home
Test message, to ensure that the message comes from a node on the Test message, to ensure that the message comes from a node on the
route between the home agent and the correspondent node. route between the home agent and the correspondent node.
The home nonce index is delivered to the mobile node to later The home nonce index is delivered to the mobile node to later allow
allow the correspondent node to efficiently find the nonce value the correspondent node to efficiently find the nonce value that it
that it used in creating the home keygen token. used in creating the home keygen token.
Care-of Test Care-of Test
This message is sent in response to a Care-of Test Init message. This message is sent in response to a Care-of Test Init message.
This message is not sent via the home agent, it is sent directly This message is not sent via the home agent; it is sent directly
to the mobile node. The contents of the message are: to the mobile node. The contents of the message are:
* Source Address = correspondent * Source Address = correspondent
* Destination Address = care-of address * Destination Address = care-of address
* Parameters: * Parameters:
+ care-of init cookie + care-of init cookie
+ care-of keygen token + care-of keygen token
+ care-of nonce index + care-of nonce index
When the correspondent node receives the Care-of Test Init When the correspondent node receives the Care-of Test Init
message, it generates a care-of keygen token as follows: message, it generates a care-of keygen token as follows:
care-of keygen token := care-of keygen token :=
First (64, HMAC_SHA1 (Kcn, (care-of address | nonce | 1))) First (64, HMAC_SHA1 (Kcn, (care-of address | nonce | 1)))
Here, the final "1" inside the HMAC_SHA1 function is a single Here, the final "1" inside the HMAC_SHA1 function is a single octet
octet containing the hex value 0x01, and is used to distinguish containing the hex value 0x01, and is used to distinguish home and
home and care-of cookies from each other. The keygen token is care-of cookies from each other. The keygen token is formed from the
formed from the first 64 bits of the MAC, and sent directly to the first 64 bits of the MAC, and sent directly to the mobile node at its
mobile node at its care-of address. The care-of init cookie from care-of address. The care-of init cookie from the Care-of Test Init
the Care-of Test Init message is returned to ensure that the message is returned to ensure that the message comes from a node on
message comes from a node on the route to the correspondent node. the route to the correspondent node.
The care-of nonce index is provided to identify the nonce used for The care-of nonce index is provided to identify the nonce used for
the care-of keygen token. The home and care-of nonce indices MAY the care-of keygen token. The home and care-of nonce indices MAY be
be the same, or different, in the Home and Care-of Test messages. the same, or different, in the Home and Care-of Test messages.
When the mobile node has received both the Home and Care-of Test When the mobile node has received both the Home and Care-of Test
messages, the return routability procedure is complete. As a result messages, the return routability procedure is complete. As a result
of the procedure, the mobile node has the data it needs to send a of the procedure, the mobile node has the data it needs to send a
Binding Update to the correspondent node. The mobile node hashes the Binding Update to the correspondent node. The mobile node hashes the
tokens together to form a 20 octet binding key Kbm: tokens together to form a 20-octet binding key Kbm:
Kbm = SHA-1 (home keygen token | care-of keygen token) Kbm = SHA-1 (home keygen token | care-of keygen token)
A Binding Update may also be used to delete a previously established A Binding Update may also be used to delete a previously established
binding (Section 6.1.7). In this case, the care-of keygen token is binding (Section 6.1.7). In this case, the care-of keygen token is
not used. Instead, the binding management key is generated as not used. Instead, the binding management key is generated as
follows: follows:
Kbm = SHA-1(home keygen token) Kbm = SHA-1(home keygen token)
Note that the correspondent node does not create any state specific Note that the correspondent node does not create any state specific
to the mobile node, until it receives the Binding Update from that to the mobile node, until it receives the Binding Update from that
mobile node. The correspondent node does not maintain the value for mobile node. The correspondent node does not maintain the value for
the binding management key Kbm; it creates Kbm when given the nonce the binding management key Kbm; it creates Kbm when given the nonce
indices and the mobile node's addresses. indices and the mobile node's addresses.
5.2.6. Authorizing Binding Management Messages 5.2.6. Authorizing Binding Management Messages
After the mobile node has created the binding management key (Kbm), After the mobile node has created the binding management key (Kbm),
it can supply a verifiable Binding Update to the correspondent node. it can supply a verifiable Binding Update to the correspondent node.
This section provides an overview of this registration. The below This section provides an overview of this registration. The figure
figure shows the message flow. below shows the message flow.
Mobile node Correspondent node Mobile node Correspondent node
| | | |
| Binding Update (BU) | | Binding Update (BU) |
|---------------------------------------------->| |---------------------------------------------->|
| (MAC, seq#, nonce indices, care-of address) | | (MAC, seq#, nonce indices, care-of address) |
| | | |
| | | |
| Binding Acknowledgement (BA) (if sent) | | Binding Acknowledgement (BA) (if sent) |
|<----------------------------------------------| |<----------------------------------------------|
skipping to change at page 31, line 10 skipping to change at page 29, line 46
+ care-of nonce index (within the Nonce Indices option) + care-of nonce index (within the Nonce Indices option)
+ First (96, HMAC_SHA1 (Kbm, (care-of address | correspondent + First (96, HMAC_SHA1 (Kbm, (care-of address | correspondent
| BU))) | BU)))
The Binding Update contains a Nonce Indices option, indicating to The Binding Update contains a Nonce Indices option, indicating to
the correspondent node which home and care-of nonces to use to the correspondent node which home and care-of nonces to use to
recompute Kbm, the binding management key. The MAC is computed as recompute Kbm, the binding management key. The MAC is computed as
described in Section 6.2.7, using the correspondent node's address described in Section 6.2.7, using the correspondent node's address
as the destination address and the Binding Update message itself as the destination address and the Binding Update message itself
("BU" above) as the MH Data. ("BU" above) as the Mobility Header (MH) Data.
Once the correspondent node has verified the MAC, it can create a Once the correspondent node has verified the MAC, it can create a
Binding Cache entry for the mobile. Binding Cache entry for the mobile.
Binding Acknowledgement Binding Acknowledgement
The Binding Update is in some cases acknowledged by the The Binding Update is in some cases acknowledged by the
correspondent node. The contents of the message are as follows: correspondent node. The contents of the message are as follows:
* Source Address = correspondent * Source Address = correspondent
skipping to change at page 31, line 42 skipping to change at page 30, line 32
the Binding Update. The MAC is computed as described in the Binding Update. The MAC is computed as described in
Section 6.2.7, using the correspondent node's address as the Section 6.2.7, using the correspondent node's address as the
destination address and the message itself ("BA" above) as the MH destination address and the message itself ("BA" above) as the MH
Data. Data.
Bindings established with correspondent nodes using keys created by Bindings established with correspondent nodes using keys created by
way of the return routability procedure MUST NOT exceed way of the return routability procedure MUST NOT exceed
MAX_RR_BINDING_LIFETIME seconds (see Section 12). MAX_RR_BINDING_LIFETIME seconds (see Section 12).
The value in the Source Address field in the IPv6 header carrying the The value in the Source Address field in the IPv6 header carrying the
Binding Update is normally also the care-of address which is used in Binding Update is normally also the care-of address that is used in
the binding. However, a different care-of address MAY be specified the binding. However, a different care-of address MAY be specified
by including an Alternate Care-of Address mobility option in the by including an Alternate Care-of Address mobility option in the
Binding Update (see Section 6.2.5). When such a message is sent to Binding Update (see Section 6.2.5). When such a message is sent to
the correspondent node and the return routability procedure is used the correspondent node and the return routability procedure is used
as the authorization method, the Care-of Test Init and Care-of Test as the authorization method, the Care-of Test Init and Care-of Test
messages MUST have been performed for the address in the Alternate messages MUST have been performed for the address in the Alternate
Care-of Address option (not the Source Address). The nonce indices Care-of Address option (not the Source Address). The nonce indices
and MAC value MUST be based on information gained in this test. and MAC value MUST be based on information gained in this test.
Binding Updates may also be sent to delete a previously established Binding Updates may also be sent to delete a previously established
skipping to change at page 32, line 25 skipping to change at page 31, line 13
after it has been first used in constructing a return routability after it has been first used in constructing a return routability
message response. However, the correspondent node MUST NOT accept message response. However, the correspondent node MUST NOT accept
nonces beyond MAX_NONCE_LIFETIME seconds (see Section 12) after the nonces beyond MAX_NONCE_LIFETIME seconds (see Section 12) after the
first use. As the difference between these two constants is 30 first use. As the difference between these two constants is 30
seconds, a convenient way to enforce the above lifetimes is to seconds, a convenient way to enforce the above lifetimes is to
generate a new nonce every 30 seconds. The node can then continue to generate a new nonce every 30 seconds. The node can then continue to
accept tokens that have been based on the last 8 (MAX_NONCE_LIFETIME accept tokens that have been based on the last 8 (MAX_NONCE_LIFETIME
/ 30) nonces. This results in tokens being acceptable / 30) nonces. This results in tokens being acceptable
MAX_TOKEN_LIFETIME to MAX_NONCE_LIFETIME seconds after they have been MAX_TOKEN_LIFETIME to MAX_NONCE_LIFETIME seconds after they have been
sent to the mobile node, depending on whether the token was sent at sent to the mobile node, depending on whether the token was sent at
the beginning or end of the first 30 second period. Note that the the beginning or end of the first 30-second period. Note that the
correspondent node may also attempt to generate new nonces on demand, correspondent node may also attempt to generate new nonces on demand,
or only if the old nonces have been used. This is possible, as long or only if the old nonces have been used. This is possible, as long
as the correspondent node keeps track of how long a time ago the as the correspondent node keeps track of how long a time ago the
nonces were used for the first time, and does not generate new nonces nonces were used for the first time, and does not generate new nonces
on every return routability request. on every return routability request.
Due to resource limitations, rapid deletion of bindings, or reboots Due to resource limitations, rapid deletion of bindings, or reboots
the correspondent node may not in all cases recognize the nonces that the correspondent node may not in all cases recognize the nonces that
the tokens were based on. If a nonce index is unrecognized, the the tokens were based on. If a nonce index is unrecognized, the
correspondent node replies with an error code in the Binding correspondent node replies with an error code in the Binding
skipping to change at page 33, line 10 skipping to change at page 31, line 47
use the tokens. A fast moving mobile node MAY reuse a recent home use the tokens. A fast moving mobile node MAY reuse a recent home
keygen token from a correspondent node when moving to a new location, keygen token from a correspondent node when moving to a new location,
and just acquire a new care-of keygen token to show routability in and just acquire a new care-of keygen token to show routability in
the new location. the new location.
While this does not save the number of round-trips due to the While this does not save the number of round-trips due to the
simultaneous processing of home and care-of return routability tests, simultaneous processing of home and care-of return routability tests,
there are fewer messages being exchanged, and a potentially long there are fewer messages being exchanged, and a potentially long
round-trip through the home agent is avoided. Consequently, this round-trip through the home agent is avoided. Consequently, this
optimization is often useful. A mobile node that has multiple home optimization is often useful. A mobile node that has multiple home
addresses, MAY also use the same care-of keygen token for Binding addresses MAY also use the same care-of keygen token for Binding
Updates concerning all of these addresses. Updates concerning all of these addresses.
5.2.8. Preventing Replay Attacks 5.2.8. Preventing Replay Attacks
The return routability procedure also protects the participants The return routability procedure also protects the participants
against replayed Binding Updates through the use of the sequence against replayed Binding Updates through the use of the sequence
number and a MAC. Care must be taken when removing bindings at the number and a MAC. Care must be taken when removing bindings at the
correspondent node, however. Correspondent nodes must retain correspondent node, however. Correspondent nodes must retain
bindings and the associated sequence number information at least as bindings and the associated sequence number information at least as
long as the nonces used in the authorization of the binding are still long as the nonces used in the authorization of the binding are still
skipping to change at page 33, line 36 skipping to change at page 32, line 28
This alternative is therefore recommended only as a last measure. This alternative is therefore recommended only as a last measure.
5.2.9. Handling Interruptions to Return Routability 5.2.9. Handling Interruptions to Return Routability
In some scenarios, such as simultaneous mobility, where both In some scenarios, such as simultaneous mobility, where both
correspondent host and mobile host move at the same time, or in the correspondent host and mobile host move at the same time, or in the
case where the correspondent node reboots and loses data, route case where the correspondent node reboots and loses data, route
optimization may not complete, or relevant data in the binding cache optimization may not complete, or relevant data in the binding cache
might be lost. might be lost.
o Return Routability signalling MUST be sent to the correspondent o Return Routability signaling MUST be sent to the correspondent
node's home address if it has one (i.e. not to the correspondent node's home address if it has one (i.e., not to the correspondent
nodes care-of address if the correspondent node is also mobile). nodes care-of address if the correspondent node is also mobile).
o If Return Routability signalling timed out after MAX_RO_FAILURE o If Return Routability signaling timed out after MAX_RO_FAILURE
attempts, the mobile node MUST revert to sending packets to the attempts, the mobile node MUST revert to sending packets to the
correspondent node's home address through its home agent. correspondent node's home address through its home agent.
The mobile node may run the bidirectional tunnelling in parallel with The mobile node may run the bidirectional tunneling in parallel with
the return routability procedure until it is successful. Exponential the return routability procedure until it is successful. Exponential
backoff SHOULD be used for retransmission of return routability backoff SHOULD be used for retransmission of return routability
messages. messages.
The return routability procedure may be triggered by movement of the The return routability procedure may be triggered by movement of the
mobile node or by sustained loss of end-to-end communication with a mobile node or by sustained loss of end-to-end communication with a
correspondent node (e.g. based on indications from upper-layers) that correspondent node (e.g., based on indications from upper layers)
has been using a route optimised connection to the mobile node. If that has been using a route optimized connection to the mobile node.
such indications are received, the mobile node MAY revert to bi- If such indications are received, the mobile node MAY revert to
directional tunnelling while re-starting the return routability bidirectional tunneling while restarting the return routability
procedure. procedure.
5.3. Dynamic Home Agent Address Discovery 5.3. Dynamic Home Agent Address Discovery
Dynamic home agent address discovery has been designed for use in Dynamic home agent address discovery has been designed for use in
deployments where security is not needed. For this reason, no deployments where security is not needed. For this reason, no
security solution is provided in this document for dynamic home agent security solution is provided in this document for dynamic home agent
address discovery. address discovery.
5.4. Mobile Prefix Discovery 5.4. Mobile Prefix Discovery
The mobile node and the home agent SHOULD use an IPsec security The mobile node and the home agent SHOULD use an IPsec security
association to protect the integrity and authenticity of the Mobile association to protect the integrity and authenticity of the Mobile
Prefix Solicitations and Advertisements. Both the mobile nodes and Prefix Solicitations and Advertisements. Both the mobile nodes and
the home agents MUST support and SHOULD use the Encapsulating the home agents MUST support and SHOULD use the Encapsulating
Security Payload (ESP) header in transport mode with a non-NULL Security Payload (ESP) header in transport mode with a non-NULL
payload authentication algorithm to provide data origin payload authentication algorithm to provide data origin
authentication, connectionless integrity and optional anti-replay authentication, connectionless integrity, and optional anti-replay
protection. protection.
5.5. Payload Packets 5.5. Payload Packets
Payload packets exchanged with mobile nodes can be protected in the Payload packets exchanged with mobile nodes can be protected in the
usual manner, in the same way as stationary hosts can protect them. usual manner, in the same way as stationary hosts can protect them.
However, Mobile IPv6 introduces the Home Address destination option, However, Mobile IPv6 introduces the Home Address destination option,
a routing header, and tunneling headers in the payload packets. In a routing header, and tunneling headers in the payload packets. In
the following we define the security measures taken to protect these, the following we define the security measures taken to protect these,
and to prevent their use in attacks against other parties. and to prevent their use in attacks against other parties.
This specification limits the use of the Home Address destination This specification limits the use of the Home Address destination
option to the situation where the correspondent node already has a option to the situation where the correspondent node already has a
Binding Cache entry for the given home address. This avoids the use Binding Cache entry for the given home address. This avoids the use
of the Home Address option in attacks described in Section 15.1. of the Home Address option in attacks described in Section 15.1.
Mobile IPv6 uses a type of routing header specific to Mobile IPv6. Mobile IPv6 uses a type of routing header specific to Mobile IPv6.
This type provides the necessary functionality but does not open This type provides the necessary functionality but does not open
vulnerabilities discussed in Section 15.1 and RFC 5095 [44]. vulnerabilities discussed in Section 15.1 and RFC 5095 [45].
Tunnels between the mobile node and the home agent are protected by Tunnels between the mobile node and the home agent are protected by
ensuring proper use of source addresses, and optional cryptographic ensuring proper use of source addresses, and optional cryptographic
protection. The mobile node verifies that the outer IP address protection. The mobile node verifies that the outer IP address
corresponds to its home agent. The home agent verifies that the corresponds to its home agent. The home agent verifies that the
outer IP address corresponds to the current location of the mobile outer IP address corresponds to the current location of the mobile
node (Binding Updates sent to the home agents are secure). The home node (Binding Updates sent to the home agents are secure). The home
agent identifies the mobile node through the source address of the agent identifies the mobile node through the source address of the
inner packet. (Typically, this is the home address of the mobile inner packet. (Typically, this is the home address of the mobile
node, but it can also be a link-local address, as discussed in node, but it can also be a link-local address, as discussed in
skipping to change at page 36, line 18 skipping to change at page 34, line 26
The Mobility Header is an extension header used by mobile nodes, The Mobility Header is an extension header used by mobile nodes,
correspondent nodes, and home agents in all messaging related to the correspondent nodes, and home agents in all messaging related to the
creation and management of bindings. The subsections within this creation and management of bindings. The subsections within this
section describe the message types that may be sent using the section describe the message types that may be sent using the
Mobility Header. Mobility Header.
Mobility Header messages MUST NOT be sent with a type 2 routing Mobility Header messages MUST NOT be sent with a type 2 routing
header, except as described in Section 9.5.4 for Binding header, except as described in Section 9.5.4 for Binding
Acknowledgement. Mobility Header messages also MUST NOT be used with Acknowledgement. Mobility Header messages also MUST NOT be used with
a Home Address destination option, except as described in a Home Address destination option, except as described in Sections
Section 11.7.1 and Section 11.7.2 for Binding Update. Binding Update 11.7.1 and 11.7.2 for Binding Update. Binding Update List or Binding
List or Binding Cache information (when present) for the destination Cache information (when present) for the destination MUST NOT be used
MUST NOT be used in sending Mobility Header messages. That is, in sending Mobility Header messages. That is, Mobility Header
Mobility Header messages bypass both the Binding Cache check messages bypass both the Binding Cache check described in
described in Section 9.3.2 and the Binding Update List check Section 9.3.2 and the Binding Update List check described in
described in Section 11.3.1 which are normally performed for all Section 11.3.1 that are normally performed for all packets. This
packets. This applies even to messages sent to or from a applies even to messages sent to or from a correspondent node that is
correspondent node which is itself a mobile node. itself a mobile node.
6.1.1. Format 6.1.1. Format
The Mobility Header is identified by a Next Header value of 135 in The Mobility Header is identified by a Next Header value of 135 in
the immediately preceding header, and has the following format: the immediately preceding header, and has the following format:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Payload Proto | Header Len | MH Type | Reserved | | Payload Proto | Header Len | MH Type | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Checksum | | | Checksum | |
skipping to change at page 37, line 43 skipping to change at page 36, line 5
Header starting with the Payload Proto field. The checksum is the Header starting with the Payload Proto field. The checksum is the
16-bit one's complement of the one's complement sum of this 16-bit one's complement of the one's complement sum of this
string. string.
The pseudo-header contains IPv6 header fields, as specified in The pseudo-header contains IPv6 header fields, as specified in
Section 8.1 of RFC 2460 [6]. The Next Header value used in the Section 8.1 of RFC 2460 [6]. The Next Header value used in the
pseudo-header is 135. The addresses used in the pseudo-header are pseudo-header is 135. The addresses used in the pseudo-header are
the addresses that appear in the Source and Destination Address the addresses that appear in the Source and Destination Address
fields in the IPv6 packet carrying the Mobility Header. fields in the IPv6 packet carrying the Mobility Header.
Note that the procedures of calculating upper layer checksums Note that the procedures of calculating upper-layer checksums
while away from home described in Section 11.3.1 apply even for while away from home described in Section 11.3.1 apply even for
the Mobility Header. If a mobility message has a Home Address the Mobility Header. If a mobility message has a Home Address
destination option, then the checksum calculation uses the home destination option, then the checksum calculation uses the home
address in this option as the value of the IPv6 Source Address address in this option as the value of the IPv6 Source Address
field. The type 2 routing header is treated as explained in [6]. field. The type 2 routing header is treated as explained in [6].
The Mobility Header is considered as the upper layer protocol for The Mobility Header is considered as the upper-layer protocol for
the purposes of calculating the pseudo-header. The Upper-Layer the purposes of calculating the pseudo-header. The Upper-Layer
Packet Length field in the pseudo-header MUST be set to the total Packet Length field in the pseudo-header MUST be set to the total
length of the Mobility Header. length of the Mobility Header.
For computing the checksum, the checksum field is set to zero. For computing the checksum, the checksum field is set to zero.
Message Data Message Data
A variable length field containing the data specific to the A variable-length field containing the data specific to the
indicated Mobility Header type. indicated Mobility Header type.
Mobile IPv6 also defines a number of "mobility options" for use Mobile IPv6 also defines a number of "mobility options" for use
within these messages; if included, any options MUST appear after the within these messages; if included, any options MUST appear after the
fixed portion of the message data specified in this document. The fixed portion of the message data specified in this document. The
presence of such options will be indicated by the Header Len field presence of such options will be indicated by the Header Len field
within the message. When the Header Len value is greater than the within the message. When the Header Len value is greater than the
length required for the message specified here, the remaining octets length required for the message specified here, the remaining octets
are interpreted as mobility options. These options include padding are interpreted as mobility options. These options include padding
options that can be used to ensure that other options are aligned options that can be used to ensure that other options are aligned
properly, and that the total length of the message is divisible by 8. properly, and that the total length of the message is divisible by 8.
The encoding and format of defined options are described in The encoding and format of defined options are described in
Section 6.2. Section 6.2.
Alignment requirements for the Mobility Header are the same as for Alignment requirements for the Mobility Header are the same as for
any IPv6 protocol Header. That is, they MUST be aligned on an any IPv6 protocol header. That is, they MUST be aligned on an
8-octet boundary. 8-octet boundary.
6.1.2. Binding Refresh Request Message 6.1.2. Binding Refresh Request Message
The Binding Refresh Request (BRR) message requests a mobile node to The Binding Refresh Request (BRR) message requests a mobile node to
update its mobility binding. This message is sent by correspondent update its mobility binding. This message is sent by correspondent
nodes according to the rules in Section 9.5.5. When a mobile node nodes according to the rules in Section 9.5.5. When a mobile node
receives a packet containing a Binding Refresh Request message it receives a packet containing a Binding Refresh Request message it
processes the message according to the rules in Section 11.7.4. processes the message according to the rules in Section 11.7.4.
The Binding Refresh Request message uses the MH Type value 0. When The Binding Refresh Request message uses the MH Type value 0. When
this value is indicated in the MH Type field, the format of the this value is indicated in the MH Type field, the format of the
Message Data field in the Mobility Header is as follows: Message Data field in the Mobility Header is as follows:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Reserved | | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
. . . .
. Mobility options . . Mobility Options .
. . . .
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Reserved Reserved
16-bit field reserved for future use. The value MUST be 16-bit field reserved for future use. The value MUST be
initialized to zero by the sender, and MUST be ignored by the initialized to zero by the sender, and MUST be ignored by the
receiver. receiver.
Mobility Options Mobility Options
Variable-length field of such length that the complete Mobility Variable-length field of such length that the complete Mobility
Header is an integer multiple of 8 octets long. This field Header is an integer multiple of 8 octets long. This field
contains zero or more TLV-encoded mobility options. The encoding contains zero or more TLV-encoded mobility options. The encoding
and format of defined options are described in Section 6.2. The and format of defined options are described in Section 6.2. The
receiver MUST ignore and skip any options which it does not receiver MUST ignore and skip any options that it does not
understand. understand.
There MAY be additional information, associated with this Binding There MAY be additional information, associated with this Binding
Refresh Request message that need not be present in all Binding Refresh Request message that need not be present in all Binding
Refresh Request messages sent. Mobility options allow future Refresh Request messages sent. Mobility options allow future
extensions to the format of the Binding Refresh Request message to extensions to the format of the Binding Refresh Request message to
be defined. This specification does not define any options valid be defined. This specification does not define any options valid
for the Binding Refresh Request message. for the Binding Refresh Request message.
If no actual options are present in this message, no padding is If no actual options are present in this message, no padding is
skipping to change at page 40, line 13 skipping to change at page 38, line 27
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Reserved Reserved
16-bit field reserved for future use. This value MUST be 16-bit field reserved for future use. This value MUST be
initialized to zero by the sender, and MUST be ignored by the initialized to zero by the sender, and MUST be ignored by the
receiver. receiver.
Home Init Cookie Home Init Cookie
64-bit field which contains a random value, the home init cookie. 64-bit field that contains a random value, the home init cookie.
Mobility Options Mobility Options
Variable-length field of such length that the complete Mobility Variable-length field of such length that the complete Mobility
Header is an integer multiple of 8 octets long. This field Header is an integer multiple of 8 octets long. This field
contains zero or more TLV-encoded mobility options. The receiver contains zero or more TLV-encoded mobility options. The receiver
MUST ignore and skip any options which it does not understand. MUST ignore and skip any options that it does not understand.
This specification does not define any options valid for the Home This specification does not define any options valid for the Home
Test Init message. Test Init message.
If no actual options are present in this message, no padding is If no actual options are present in this message, no padding is
necessary and the Header Len field will be set to 1. necessary and the Header Len field will be set to 1.
This message is tunneled through the home agent when the mobile node This message is tunneled through the home agent when the mobile node
is away from home. Such tunneling SHOULD employ IPsec ESP in tunnel is away from home. Such tunneling SHOULD employ IPsec ESP in tunnel
mode between the home agent and the mobile node. This protection is mode between the home agent and the mobile node. This protection is
indicated by the IPsec security policy database. The protection of indicated by the IPsec security policy database. The protection of
skipping to change at page 41, line 27 skipping to change at page 39, line 30
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Reserved Reserved
16-bit field reserved for future use. The value MUST be 16-bit field reserved for future use. The value MUST be
initialized to zero by the sender, and MUST be ignored by the initialized to zero by the sender, and MUST be ignored by the
receiver. receiver.
Care-of Init Cookie Care-of Init Cookie
64-bit field which contains a random value, the care-of init 64-bit field that contains a random value, the care-of init
cookie. cookie.
Mobility Options Mobility Options
Variable-length field of such length that the complete Mobility Variable-length field of such length that the complete Mobility
Header is an integer multiple of 8 octets long. This field Header is an integer multiple of 8 octets long. This field
contains zero or more TLV-encoded mobility options. The receiver contains zero or more TLV-encoded mobility options. The receiver
MUST ignore and skip any options which it does not understand. MUST ignore and skip any options that it does not understand.
This specification does not define any options valid for the This specification does not define any options valid for the
Care-of Test Init message. Care-of Test Init message.
If no actual options are present in this message, no padding is If no actual options are present in this message, no padding is
necessary and the Header Len field will be set to 1. necessary and the Header Len field will be set to 1.
6.1.5. Home Test Message 6.1.5. Home Test Message
The Home Test (HoT) message is a response to the Home Test Init The Home Test (HoT) message is a response to the Home Test Init
message, and is sent from the correspondent node to the mobile node message, and is sent from the correspondent node to the mobile node
skipping to change at page 42, line 18 skipping to change at page 40, line 18
| | | |
+ Home Init Cookie + + Home Init Cookie +
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
+ Home Keygen Token + + Home Keygen Token +
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
. . . .
. Mobility options . . Mobility Options .
. . . .
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Home Nonce Index Home Nonce Index
This field will be echoed back by the mobile node to the This field will be echoed back by the mobile node to the
correspondent node in a subsequent Binding Update. correspondent node in a subsequent Binding Update.
Home Init Cookie Home Init Cookie
64-bit field which contains the home init cookie. 64-bit field that contains the home init cookie.
Home Keygen Token Home Keygen Token
This field contains the 64 bit home keygen token used in the This field contains the 64-bit home keygen token used in the
return routability procedure. return routability procedure.
Mobility Options Mobility Options
Variable-length field of such length that the complete Mobility Variable-length field of such length that the complete Mobility
Header is an integer multiple of 8 octets long. This field Header is an integer multiple of 8 octets long. This field
contains zero or more TLV-encoded mobility options. The receiver contains zero or more TLV-encoded mobility options. The receiver
MUST ignore and skip any options which it does not understand. MUST ignore and skip any options that it does not understand.
This specification does not define any options valid for the Home This specification does not define any options valid for the Home
Test message. Test message.
If no actual options are present in this message, no padding is If no actual options are present in this message, no padding is
necessary and the Header Len field will be set to 2. necessary and the Header Len field will be set to 2.
6.1.6. Care-of Test Message 6.1.6. Care-of Test Message
The Care-of Test (CoT) message is a response to the Care-of Test Init The Care-of Test (CoT) message is a response to the Care-of Test Init
message, and is sent from the correspondent node to the mobile node message, and is sent from the correspondent node to the mobile node
skipping to change at page 43, line 34 skipping to change at page 41, line 39
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Care-of Nonce Index Care-of Nonce Index
This value will be echoed back by the mobile node to the This value will be echoed back by the mobile node to the
correspondent node in a subsequent Binding Update. correspondent node in a subsequent Binding Update.
Care-of Init Cookie Care-of Init Cookie
64-bit field which contains the care-of init cookie. 64-bit field that contains the care-of init cookie.
Care-of Keygen Token Care-of Keygen Token
This field contains the 64 bit care-of keygen token used in the This field contains the 64-bit care-of keygen token used in the
return routability procedure. return routability procedure.
Mobility Options Mobility Options
Variable-length field of such length that the complete Mobility Variable-length field of such length that the complete Mobility
Header is an integer multiple of 8 octets long. This field Header is an integer multiple of 8 octets long. This field
contains zero or more TLV-encoded mobility options. The receiver contains zero or more TLV-encoded mobility options. The receiver
MUST ignore and skip any options which it does not understand. MUST ignore and skip any options that it does not understand.
This specification does not define any options valid for the This specification does not define any options valid for the
Care-of Test message. Care-of Test message.
If no actual options are present in this message, no padding is If no actual options are present in this message, no padding is
necessary and the Header Len field will be set to 2. necessary and the Header Len field will be set to 2.
6.1.7. Binding Update Message 6.1.7. Binding Update Message
The Binding Update (BU) message is used by a mobile node to notify The Binding Update (BU) message is used by a mobile node to notify
other nodes of a new care-of address for itself. Binding Updates are other nodes of a new care-of address for itself. Binding Updates are
sent as described in Section 11.7.1 and Section 11.7.2. sent as described in Sections 11.7.1 and 11.7.2.
The Binding Update uses the MH Type value 5. When this value is The Binding Update uses the MH Type value 5. When this value is
indicated in the MH Type field, the format of the Message Data field indicated in the MH Type field, the format of the Message Data field
in the Mobility Header is as follows: in the Mobility Header is as follows:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence # | | Sequence # |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|A|H|L|K| Reserved | Lifetime | |A|H|L|K| Reserved | Lifetime |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
. . . .
. Mobility options . . Mobility Options .
. . . .
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Acknowledge (A) Acknowledge (A)
The Acknowledge (A) bit is set by the sending mobile node to The Acknowledge (A) bit is set by the sending mobile node to
request a Binding Acknowledgement (Section 6.1.8) be returned upon request a Binding Acknowledgement (Section 6.1.8) be returned upon
receipt of the Binding Update. receipt of the Binding Update.
skipping to change at page 45, line 35 skipping to change at page 43, line 42
before the binding MUST be considered expired. A value of zero before the binding MUST be considered expired. A value of zero
indicates that the Binding Cache entry for the mobile node MUST be indicates that the Binding Cache entry for the mobile node MUST be
deleted. One time unit is 4 seconds. deleted. One time unit is 4 seconds.
Mobility Options Mobility Options
Variable-length field of such length that the complete Mobility Variable-length field of such length that the complete Mobility
Header is an integer multiple of 8 octets long. This field Header is an integer multiple of 8 octets long. This field
contains zero or more TLV-encoded mobility options. The encoding contains zero or more TLV-encoded mobility options. The encoding
and format of defined options are described in Section 6.2. The and format of defined options are described in Section 6.2. The
receiver MUST ignore and skip any options which it does not receiver MUST ignore and skip any options that it does not
understand. understand.
The following options are valid in a Binding Update: The following options are valid in a Binding Update:
* Binding Authorization Data option (this option is mandatory in * Binding Authorization Data option (this option is mandatory in
Binding Updates sent to a correspondent node) Binding Updates sent to a correspondent node)
* Nonce Indices option. * Nonce Indices option
* Alternate Care-of Address option * Alternate Care-of Address option
If no options are present in this message, 4 octets of padding are If no options are present in this message, 4 octets of padding are
necessary and the Header Len field will be set to 1. necessary and the Header Len field will be set to 1.
The care-of address is specified either by the Source Address field The care-of address is specified either by the Source Address field
in the IPv6 header or by the Alternate Care-of Address option, if in the IPv6 header or by the Alternate Care-of Address option, if
present. The care-of address MUST be a unicast routable address. present. The care-of address MUST be a unicast routable address.
IPv6 Source Address MUST be a topologically correct source address. IPv6 Source Address MUST be a topologically correct source address.
Binding Updates for a care-of address which is not a unicast routable Binding Updates for a care-of address that is not a unicast routable
address MUST be silently discarded. address MUST be silently discarded.
The deletion of a binding MUST be indicated by setting the Lifetime The deletion of a binding MUST be indicated by setting the Lifetime
field to 0. In deletion, the generation of the binding management field to 0. In deletion, the generation of the binding management
key depends exclusively on the home keygen token, as explained in key depends exclusively on the home keygen token, as explained in
Section 5.2.5. Section 5.2.5.
Correspondent nodes SHOULD NOT delete the Binding Cache entry before Correspondent nodes SHOULD NOT delete the Binding Cache entry before
the lifetime expires, if any application hosted by the correspondent the lifetime expires, if any application hosted by the correspondent
node is still likely to require communication with the mobile node. node is still likely to require communication with the mobile node.
skipping to change at page 46, line 28 skipping to change at page 44, line 34
subsequent packets to be dropped from the mobile node, if they subsequent packets to be dropped from the mobile node, if they
contain the Home Address destination option. This situation is contain the Home Address destination option. This situation is
recoverable, since a Binding Error message is sent to the mobile node recoverable, since a Binding Error message is sent to the mobile node
(see Section 6.1.9); however, it causes unnecessary delay in the (see Section 6.1.9); however, it causes unnecessary delay in the
communications. communications.
6.1.8. Binding Acknowledgement Message 6.1.8. Binding Acknowledgement Message
The Binding Acknowledgement is used to acknowledge receipt of a The Binding Acknowledgement is used to acknowledge receipt of a
Binding Update (Section 6.1.7). This packet is sent as described in Binding Update (Section 6.1.7). This packet is sent as described in
Section 9.5.4 and Section 10.3.1. Sections 9.5.4 and 10.3.1.
The Binding Acknowledgement has the MH Type value 6. When this value The Binding Acknowledgement has the MH Type value 6. When this value
is indicated in the MH Type field, the format of the Message Data is indicated in the MH Type field, the format of the Message Data
field in the Mobility Header is as follows: field in the Mobility Header is as follows:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Status |K| Reserved | | Status |K| Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence # | Lifetime | | Sequence # | Lifetime |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
. . . .
. Mobility options . . Mobility Options .
. . . .
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Status Status
8-bit unsigned integer indicating the disposition of the Binding 8-bit unsigned integer indicating the disposition of the Binding
Update. Values of the Status field less than 128 indicate that Update. Values of the Status field less than 128 indicate that
the Binding Update was accepted by the receiving node. Values the Binding Update was accepted by the receiving node. Values
greater than or equal to 128 indicate that the Binding Update was greater than or equal to 128 indicate that the Binding Update was
skipping to change at page 47, line 35 skipping to change at page 45, line 42
135 Sequence number out of window 135 Sequence number out of window
136 Expired home nonce index 136 Expired home nonce index
137 Expired care-of nonce index 137 Expired care-of nonce index
138 Expired nonces 138 Expired nonces
139 Registration type change disallowed 139 Registration type change disallowed
TBD Invalid Care-of Address 174 Invalid Care-of Address
Up-to-date values of the Status field are to be specified in the Up-to-date values of the Status field are to be specified in the
IANA registry of assigned numbers [29]. IANA registry of assigned numbers [30].
Key Management Mobility Capability (K) Key Management Mobility Capability (K)
If this bit is cleared, the protocol used by the home agent for If this bit is cleared, the protocol used by the home agent for
establishing the IPsec security associations between the mobile establishing the IPsec security associations between the mobile
node and the home agent does not survive movements. It may then node and the home agent does not survive movements. It may then
have to be rerun. (Note that the IPsec security associations have to be rerun. (Note that the IPsec security associations
themselves are expected to survive movements.) themselves are expected to survive movements.)
Correspondent nodes MUST set the K bit to 0. Correspondent nodes MUST set the K bit to 0.
skipping to change at page 48, line 32 skipping to change at page 46, line 42
The value of this field is undefined if the Status field indicates The value of this field is undefined if the Status field indicates
that the Binding Update was rejected. that the Binding Update was rejected.
Mobility Options Mobility Options
Variable-length field of such length that the complete Mobility Variable-length field of such length that the complete Mobility
Header is an integer multiple of 8 octets long. This field Header is an integer multiple of 8 octets long. This field
contains zero or more TLV-encoded mobility options. The encoding contains zero or more TLV-encoded mobility options. The encoding
and format of defined options are described in Section 6.2. The and format of defined options are described in Section 6.2. The
receiver MUST ignore and skip any options which it does not receiver MUST ignore and skip any options that it does not
understand. understand.
There MAY be additional information, associated with this Binding There MAY be additional information associated with this Binding
Acknowledgement that need not be present in all Binding Acknowledgement that need not be present in all Binding
Acknowledgements sent. Mobility options allow future extensions Acknowledgements sent. Mobility options allow future extensions
to the format of the Binding Acknowledgement to be defined. The to the format of the Binding Acknowledgement to be defined. The
following options are valid for the Binding Acknowledgement: following options are valid for the Binding Acknowledgement:
* Binding Authorization Data option (this option is mandatory in * Binding Authorization Data option (this option is mandatory in
Binding Acknowledgements sent by a correspondent node, except Binding Acknowledgements sent by a correspondent node, except
where otherwise noted in Section 9.5.4) where otherwise noted in Section 9.5.4)
* Binding Refresh Advice option * Binding Refresh Advice option
skipping to change at page 49, line 44 skipping to change at page 48, line 7
8-bit unsigned integer indicating the reason for this message. 8-bit unsigned integer indicating the reason for this message.
The following values are currently defined: The following values are currently defined:
1 Unknown binding for Home Address destination option 1 Unknown binding for Home Address destination option
2 Unrecognized MH Type value 2 Unrecognized MH Type value
Reserved Reserved
A 8-bit field reserved for future use. The value MUST be 8-bit field reserved for future use. The value MUST be
initialized to zero by the sender, and MUST be ignored by the initialized to zero by the sender, and MUST be ignored by the
receiver. receiver.
Home Address Home Address
The home address that was contained in the Home Address The home address that was contained in the Home Address
destination option. The mobile node uses this information to destination option. The mobile node uses this information to
determine which binding does not exist, in cases where the mobile determine which binding does not exist, in cases where the mobile
node has several home addresses. node has several home addresses.
Mobility Options Mobility Options
Variable-length field of such length that the complete Mobility Variable-length field of such length that the complete Mobility
Header is an integer multiple of 8 octets long. This field Header is an integer multiple of 8 octets long. This field
contains zero or more TLV-encoded mobility options. The receiver contains zero or more TLV-encoded mobility options. The receiver
MUST ignore and skip any options which it does not understand. MUST ignore and skip any options that it does not understand.
There MAY be additional information associated with this Binding
There MAY be additional information, associated with this Binding
Error message that need not be present in all Binding Error Error message that need not be present in all Binding Error
messages sent. Mobility options allow future extensions to the messages sent. Mobility options allow future extensions to the
format of the Binding Error message to be defined. The encoding format of the Binding Error message to be defined. The encoding
and format of defined options are described in Section 6.2. This and format of defined options are described in Section 6.2. This
specification does not define any options valid for the Binding specification does not define any options valid for the Binding
Error message. Error message.
If no actual options are present in this message, no padding is If no actual options are present in this message, no padding is
necessary and the Header Len field will be set to 2. necessary and the Header Len field will be set to 2.
skipping to change at page 51, line 21 skipping to change at page 49, line 33
options in the message. options in the message.
Option Length Option Length
8-bit unsigned integer, representing the length in octets of the 8-bit unsigned integer, representing the length in octets of the
mobility option, not including the Option Type and Option Length mobility option, not including the Option Type and Option Length
fields. fields.
Option Data Option Data
A variable length field that contains data specific to the option. A variable-length field that contains data specific to the option.
The following subsections specify the Option types which are The following subsections specify the Option types that are currently
currently defined for use in the Mobility Header. defined for use in the Mobility Header.
Implementations MUST silently ignore any mobility options that they Implementations MUST silently ignore any mobility options that they
do not understand. do not understand.
Mobility options may have alignment requirements. Following the Mobility options may have alignment requirements. Following the
convention in IPv6, these options are aligned in a packet so that convention in IPv6, these options are aligned in a packet so that
multi-octet values within the Option Data field of each option fall multi-octet values within the Option Data field of each option fall
on natural boundaries (i.e., fields of width n octets are placed at on natural boundaries (i.e., fields of width n octets are placed at
an integer multiple of n octets from the start of the header, for n = an integer multiple of n octets from the start of the header, for n =
1, 2, 4, or 8) [6]. 1, 2, 4, or 8) [6].
skipping to change at page 51, line 47 skipping to change at page 50, line 11
The Pad1 option does not have any alignment requirements. Its format The Pad1 option does not have any alignment requirements. Its format
is as follows: is as follows:
0 0
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
| Type = 0 | | Type = 0 |
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
NOTE! the format of the Pad1 option is a special case - it has NOTE! the format of the Pad1 option is a special case -- it has
neither Option Length nor Option Data fields. neither Option Length nor Option Data fields.
The Pad1 option is used to insert one octet of padding in the The Pad1 option is used to insert one octet of padding in the
Mobility Options area of a Mobility Header. If more than one octet Mobility Options area of a Mobility Header. If more than one octet
of padding is required, the PadN option, described next, should be of padding is required, the PadN option, described next, should be
used rather than multiple Pad1 options. used rather than multiple Pad1 options.
6.2.3. PadN 6.2.3. PadN
The PadN option does not have any alignment requirements. Its format The PadN option does not have any alignment requirements. Its format
skipping to change at page 52, line 48 skipping to change at page 51, line 12
mobile node's home agent in reply to a home registration. The mobile node's home agent in reply to a home registration. The
Refresh Interval is measured in units of four seconds, and indicates Refresh Interval is measured in units of four seconds, and indicates
remaining time until the mobile node SHOULD send a new home remaining time until the mobile node SHOULD send a new home
registration to the home agent. The Refresh Interval MUST be set to registration to the home agent. The Refresh Interval MUST be set to
indicate a smaller time interval than the Lifetime value of the indicate a smaller time interval than the Lifetime value of the
Binding Acknowledgement. Binding Acknowledgement.
6.2.5. Alternate Care-of Address 6.2.5. Alternate Care-of Address
The Alternate Care-of Address option has an alignment requirement of The Alternate Care-of Address option has an alignment requirement of
8n+6. Its format is as follows: 8n + 6. Its format is as follows:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type = 3 | Length = 16 | | Type = 3 | Length = 16 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
+ + + +
| | | |
+ Alternate Care-of Address + + Alternate Care-of Address +
| | | |
+ + + +
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Normally, a Binding Update specifies the desired care-of address in Normally, a Binding Update specifies the desired care-of address in
the Source Address field of the IPv6 header. However, this is not the Source Address field of the IPv6 header. However, this is not
possible in some cases, such as when the mobile node wishes to possible in some cases, such as when the mobile node wishes to
indicate a care-of address which it cannot use as a topologically indicate a care-of address that it cannot use as a topologically
correct source address (Section 6.1.7 and Section 11.7.2) or when the correct source address (Sections 6.1.7 and 11.7.2) or when the used
used security mechanism does not protect the IPv6 header security mechanism does not protect the IPv6 header (Section 11.7.1).
(Section 11.7.1).
The Alternate Care-of Address option is provided for these The Alternate Care-of Address option is provided for these
situations. This option is valid only in Binding Update. The situations. This option is valid only in Binding Update. The
Alternate Care-of Address field contains an address to use as the Alternate Care-of Address field contains an address to use as the
care-of address for the binding, rather than using the Source Address care-of address for the binding, rather than using the Source Address
of the packet as the care-of address. of the packet as the care-of address.
6.2.6. Nonce Indices 6.2.6. Nonce Indices
The Nonce Indices option has an alignment requirement of 2n. Its The Nonce Indices option has an alignment requirement of 2n. Its
skipping to change at page 54, line 35 skipping to change at page 53, line 8
+ + + +
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The Binding Authorization Data option is valid in the Binding Update The Binding Authorization Data option is valid in the Binding Update
and Binding Acknowledgement. and Binding Acknowledgement.
The Option Length field contains the length of the authenticator in The Option Length field contains the length of the authenticator in
octets. octets.
The Authenticator field contains a cryptographic value which can be The Authenticator field contains a cryptographic value that can be
used to determine that the message in question comes from the right used to determine that the message in question comes from the right
authority. Rules for calculating this value depends on the used authority. Rules for calculating this value depends on the used
authorization procedure. authorization procedure.
For the return routability procedure, this option can appear in the For the return routability procedure, this option can appear in the
Binding Update and Binding Acknowledgements. Rules for calculating Binding Update and Binding Acknowledgements. Rules for calculating
the Authenticator value are the following: the Authenticator value are the following:
Mobility Data = care-of address | correspondent | MH Data Mobility Data = care-of address | correspondent | MH Data
Authenticator = First (96, HMAC_SHA1 (Kbm, Mobility Data)) Authenticator = First (96, HMAC_SHA1 (Kbm, Mobility Data))
Where | denotes concatenation. "Care-of address" is the care-of Where | denotes concatenation. "Care-of address" is the care-of
address which will be registered for the mobile node if the Binding address that will be registered for the mobile node if the Binding
Update succeeds, or the home address of the mobile node if this Update succeeds, or the home address of the mobile node if this
option is used in de-registration. Note also that this address might option is used in de-registration. Note also that this address might
be different from the source address of the Binding Update message, be different from the source address of the Binding Update message,
if the Alternative Care-of Address mobility option is used, or when if the Alternative Care-of Address mobility option is used, or when
the lifetime of the binding is set to zero. the lifetime of the binding is set to zero.
The "correspondent" is the IPv6 address of the correspondent node. The "correspondent" is the IPv6 address of the correspondent node.
Note that, if the message is sent to a destination which is itself Note that, if the message is sent to a destination that is itself
mobile, the "correspondent" address may not be the address found in mobile, the "correspondent" address may not be the address found in
the Destination Address field of the IPv6 header; instead the home the Destination Address field of the IPv6 header; instead, the home
address from the type 2 Routing header should be used. address from the type 2 Routing header should be used.
"MH Data" is the content of the Mobility Header, excluding the "MH Data" is the content of the Mobility Header, excluding the
Authenticator field itself. The Authenticator value is calculated as Authenticator field itself. The Authenticator value is calculated as
if the Checksum field in the Mobility Header was zero. The Checksum if the Checksum field in the Mobility Header was zero. The Checksum
in the transmitted packet is still calculated in the usual manner, in the transmitted packet is still calculated in the usual manner,
with the calculated Authenticator being a part of the packet with the calculated Authenticator being a part of the packet
protected by the Checksum. Kbm is the binding management key, which protected by the Checksum. Kbm is the binding management key, which
is typically created using nonces provided by the correspondent node is typically created using nonces provided by the correspondent node
(see Section 9.4). Note that while the contents of a potential Home (see Section 9.4). Note that while the contents of a potential Home
skipping to change at page 56, line 20 skipping to change at page 54, line 44
8-bit unsigned integer. Length of the option, in octets, 8-bit unsigned integer. Length of the option, in octets,
excluding the Option Type and Option Length fields. This field excluding the Option Type and Option Length fields. This field
MUST be set to 16. MUST be set to 16.
Home Address Home Address
The home address of the mobile node sending the packet. This The home address of the mobile node sending the packet. This
address MUST be a unicast routable address. address MUST be a unicast routable address.
The alignment requirement [6] for the Home Address option is 8n+6. The alignment requirement [6] for the Home Address option is 8n + 6.
The three highest-order bits of the Option Type field are encoded to The three highest-order bits of the Option Type field are encoded to
indicate specific processing of the option [6]; for the Home Address indicate specific processing of the option [6]; for the Home Address
option, these three bits are set to 110. This indicates the option, these three bits are set to 110. This indicates the
following processing requirements: following processing requirements:
o Any IPv6 node that does not recognize the Option Type must discard o Any IPv6 node that does not recognize the Option Type must discard
the packet, and if the packet's Destination Address was not a the packet, and if the packet's Destination Address was not a
multicast address, return an ICMP Parameter Problem, Code 2, multicast address, return an ICMP Parameter Problem, Code 2,
message to the packet's Source Address. The Pointer field in the message to the packet's Source Address. The Pointer field in the
skipping to change at page 56, line 44 skipping to change at page 55, line 22
o The data within the option cannot change en route to the packet's o The data within the option cannot change en route to the packet's
final destination. final destination.
The Home Address option MUST be placed as follows: The Home Address option MUST be placed as follows:
o After the routing header, if that header is present o After the routing header, if that header is present
o Before the Fragment Header, if that header is present o Before the Fragment Header, if that header is present
o Before the AH Header or ESP Header, if either one of those headers o Before the AH Header or ESP Header, if either one of those headers
are present is present
For each IPv6 packet header, the Home Address Option MUST NOT appear For each IPv6 packet header, the Home Address option MUST NOT appear
more than once. However, an encapsulated packet [7] MAY contain a more than once. However, an encapsulated packet [7] MAY contain a
separate Home Address option associated with each encapsulating IP separate Home Address option associated with each encapsulating IP
header. header.
The inclusion of a Home Address destination option in a packet The inclusion of a Home Address destination option in a packet
affects the receiving node's processing of only this single packet. affects the receiving node's processing of only this single packet.
No state is created or modified in the receiving node as a result of No state is created or modified in the receiving node as a result of
receiving a Home Address option in a packet. In particular, the receiving a Home Address option in a packet. In particular, the
presence of a Home Address option in a received packet MUST NOT alter presence of a Home Address option in a received packet MUST NOT alter
the contents of the receiver's Binding Cache and MUST NOT cause any the contents of the receiver's Binding Cache and MUST NOT cause any
changes in the routing of subsequent packets sent by this receiving changes in the routing of subsequent packets sent by this receiving
node. node.
6.4. Type 2 Routing Header 6.4. Type 2 Routing Header
Mobile IPv6 defines a new routing header variant, the type 2 routing Mobile IPv6 defines a new routing header variant, the type 2 routing
skipping to change at page 57, line 26 skipping to change at page 55, line 52
correspondent to the mobile node's care-of address. The mobile correspondent to the mobile node's care-of address. The mobile
node's care-of address is inserted into the IPv6 Destination Address node's care-of address is inserted into the IPv6 Destination Address
field. Once the packet arrives at the care-of address, the mobile field. Once the packet arrives at the care-of address, the mobile
node retrieves its home address from the routing header, and this is node retrieves its home address from the routing header, and this is
used as the final destination address for the packet. used as the final destination address for the packet.
The new routing header uses a different type than defined for The new routing header uses a different type than defined for
"regular" IPv6 source routing, enabling firewalls to apply different "regular" IPv6 source routing, enabling firewalls to apply different
rules to source routed packets than to Mobile IPv6. This routing rules to source routed packets than to Mobile IPv6. This routing
header type (type 2) is restricted to carry only one IPv6 address. header type (type 2) is restricted to carry only one IPv6 address.
All IPv6 nodes which process this routing header MUST verify that the All IPv6 nodes that process this routing header MUST verify that the
address contained within is the node's own home address in order to address contained within is the node's own home address in order to
prevent packets from being forwarded outside the node. The IP prevent packets from being forwarded outside the node. The IP
address contained in the routing header, since it is the mobile address contained in the routing header, since it is the mobile
node's home address, MUST be a unicast routable address. node's home address, MUST be a unicast routable address.
Furthermore, if the scope of the home address is smaller than the Furthermore, if the scope of the home address is smaller than the
scope of the care-of address, the mobile node MUST discard the packet scope of the care-of address, the mobile node MUST discard the packet
(see Section 4.6). (see Section 4.6).
6.4.1. Format 6.4.1. Format
skipping to change at page 58, line 31 skipping to change at page 57, line 12
1 (8-bit unsigned integer). 1 (8-bit unsigned integer).
Reserved Reserved
32-bit reserved field. The value MUST be initialized to zero by 32-bit reserved field. The value MUST be initialized to zero by
the sender, and MUST be ignored by the receiver. the sender, and MUST be ignored by the receiver.
Home Address Home Address
The Home Address of the destination Mobile Node. The home address of the destination mobile node.
For a type 2 routing header, the Hdr Ext Len MUST be 2. The Segments For a type 2 routing header, the Hdr Ext Len MUST be 2. The Segments
Left value describes the number of route segments remaining; i.e., Left value describes the number of route segments remaining, i.e.,
number of explicitly listed intermediate nodes still to be visited number of explicitly listed intermediate nodes still to be visited
before reaching the final destination. Segments Left MUST be 1. The before reaching the final destination. Segments Left MUST be 1. The
ordering rules for extension headers in an IPv6 packet are described ordering rules for extension headers in an IPv6 packet are described
in Section 4.1 of RFC 2460 [6]. The type 2 routing header defined in Section 4.1 of RFC 2460 [6]. The type 2 routing header defined
for Mobile IPv6 follows the same ordering as other routing headers. for Mobile IPv6 follows the same ordering as other routing headers.
If another routing header is present along with a type 2 routing If another routing header is present along with a type 2 routing
header, the type 2 routing header should follow the other routing header, the type 2 routing header should follow the other routing
header. A packet containing such nested encapsulation should be header. A packet containing such nested encapsulation should be
created as if the inner (type 2) routing header was constructed first created as if the inner (type 2) routing header was constructed first
and then treated as an original packet by header construction process and then treated as an original packet by header construction process
skipping to change at page 59, line 13 skipping to change at page 57, line 43
routing headers. routing headers.
6.5. ICMP Home Agent Address Discovery Request Message 6.5. ICMP Home Agent Address Discovery Request Message
The ICMP Home Agent Address Discovery Request message is used by a The ICMP Home Agent Address Discovery Request message is used by a
mobile node to initiate the dynamic home agent address discovery mobile node to initiate the dynamic home agent address discovery
mechanism, as described in Section 11.4.1. The mobile node sends the mechanism, as described in Section 11.4.1. The mobile node sends the
Home Agent Address Discovery Request message to the Mobile IPv6 Home- Home Agent Address Discovery Request message to the Mobile IPv6 Home-
Agents anycast address [8] for its own home subnet prefix. (Note Agents anycast address [8] for its own home subnet prefix. (Note
that the currently defined anycast addresses may not work with all that the currently defined anycast addresses may not work with all
prefix lengths other than those defined in RFC 4291 [16] [36].) prefix lengths other than those defined in RFC 4291 [16] [37].)
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum | | Type | Code | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identifier | Reserved | | Identifier | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type Type
skipping to change at page 61, line 14 skipping to change at page 60, line 7
Home Agent Addresses Home Agent Addresses
A list of addresses of home agents on the home link for the mobile A list of addresses of home agents on the home link for the mobile
node. The number of addresses presented in the list is indicated node. The number of addresses presented in the list is indicated
by the remaining length of the IPv6 packet carrying the Home Agent by the remaining length of the IPv6 packet carrying the Home Agent
Address Discovery Reply message. Address Discovery Reply message.
6.7. ICMP Mobile Prefix Solicitation Message Format 6.7. ICMP Mobile Prefix Solicitation Message Format
The ICMP Mobile Prefix Solicitation Message is sent by a mobile node The ICMP Mobile Prefix Solicitation message is sent by a mobile node
to its home agent while it is away from home. The purpose of the to its home agent while it is away from home. The purpose of the
message is to solicit a Mobile Prefix Advertisement from the home message is to solicit a Mobile Prefix Advertisement from the home
agent, which will allow the mobile node to gather prefix information agent, which will allow the mobile node to gather prefix information
about its home network. This information can be used to configure about its home network. This information can be used to configure
and update home address(es) according to changes in prefix and update home address(es) according to changes in prefix
information supplied by the home agent. information supplied by the home agent.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 64, line 32 skipping to change at page 63, line 32
(non-address) information. The use of this flag is described in (non-address) information. The use of this flag is described in
[18] [19]. [18] [19].
Reserved Reserved
This field is unused. It MUST be initialized to zero by the This field is unused. It MUST be initialized to zero by the
sender and MUST be ignored by the receiver. sender and MUST be ignored by the receiver.
The Mobile Prefix Advertisement messages may have options. These The Mobile Prefix Advertisement messages may have options. These
options MUST use the option format defined in Neighbor Discovery (RFC options MUST use the option format defined in Neighbor Discovery (RFC
4861 [18]). This document defines one option which may be carried in 4861 [18]). This document defines one option that may be carried in
a Mobile Prefix Advertisement message, but future documents may a Mobile Prefix Advertisement message, but future documents may
define new options. Mobile nodes MUST silently ignore any options define new options. Mobile nodes MUST silently ignore any options
they do not recognize and continue processing the message. they do not recognize and continue processing the message.
Prefix Information Prefix Information
Each message contains one or more Prefix Information options. Each message contains one or more Prefix Information options.
Each option carries the prefix(es) that the mobile node should use Each option carries the prefix(es) that the mobile node should use
to configure its home address(es). Section 10.6 describes which to configure its home address(es). Section 10.6 describes which
prefixes should be advertised to the mobile node. prefixes should be advertised to the mobile node.
skipping to change at page 65, line 9 skipping to change at page 64, line 9
as defined in Section 10.6.1. as defined in Section 10.6.1.
If the Advertisement is sent in response to a Mobile Prefix If the Advertisement is sent in response to a Mobile Prefix
Solicitation, the home agent MUST copy the Identifier value from that Solicitation, the home agent MUST copy the Identifier value from that
message into the Identifier field of the Advertisement. message into the Identifier field of the Advertisement.
The home agent MUST NOT send more than one Mobile Prefix The home agent MUST NOT send more than one Mobile Prefix
Advertisement message per second to any mobile node. Advertisement message per second to any mobile node.
The M and O bits MUST be cleared if the Home Agent DHCPv6 support is The M and O bits MUST be cleared if the Home Agent DHCPv6 support is
not provided. If such support is provided then they are set in not provided. If such support is provided, then they are set in
concert with the home network's administrative settings. concert with the home network's administrative settings.
7. Modifications to IPv6 Neighbor Discovery 7. Modifications to IPv6 Neighbor Discovery
7.1. Modified Router Advertisement Message Format 7.1. Modified Router Advertisement Message Format
Mobile IPv6 modifies the format of the Router Advertisement message Mobile IPv6 modifies the format of the Router Advertisement message
[18] by the addition of a single flag bit to indicate that the router [18] by the addition of a single flag bit to indicate that the router
sending the Advertisement message is serving as a home agent on this sending the Advertisement message is serving as a home agent on this
link. The format of the Router Advertisement message is as follows: link. The format of the Router Advertisement message is as follows:
skipping to change at page 68, line 19 skipping to change at page 66, line 31
the sending router need not include all options in each of these the sending router need not include all options in each of these
Advertisements. However, in both of these cases the router SHOULD Advertisements. However, in both of these cases the router SHOULD
include at least one Prefix Information option with the Router include at least one Prefix Information option with the Router
Address (R) bit set in each such advertisement, if this bit is set in Address (R) bit set in each such advertisement, if this bit is set in
some advertisement sent by the router. some advertisement sent by the router.
In addition, the following requirement can assist mobile nodes in In addition, the following requirement can assist mobile nodes in
movement detection. Barring changes in the prefixes for the link, movement detection. Barring changes in the prefixes for the link,
routers that send multiple Router Advertisements with the Router routers that send multiple Router Advertisements with the Router
Address (R) bit set in some of the included Prefix Information Address (R) bit set in some of the included Prefix Information
options SHOULD provide at least one option and router address which options SHOULD provide at least one option and router address that
stays the same in all of the Advertisements. stays the same in all of the Advertisements.
7.3. New Advertisement Interval Option Format 7.3. New Advertisement Interval Option Format
Mobile IPv6 defines a new Advertisement Interval option, used in Mobile IPv6 defines a new Advertisement Interval option, used in
Router Advertisement messages to advertise the interval at which the Router Advertisement messages to advertise the interval at which the
sending router sends unsolicited multicast Router Advertisements. sending router sends unsolicited multicast Router Advertisements.
The format of the Advertisement Interval option is as follows: The format of the Advertisement Interval option is as follows:
0 1 2 3 0 1 2 3
skipping to change at page 70, line 19 skipping to change at page 68, line 34
addresses returned to a mobile node in the Home Agent Addresses addresses returned to a mobile node in the Home Agent Addresses
field of a Home Agent Address Discovery Reply message. Higher field of a Home Agent Address Discovery Reply message. Higher
values mean more preferable. If this option is not included in a values mean more preferable. If this option is not included in a
Router Advertisement in which the Home Agent (H) bit is set, the Router Advertisement in which the Home Agent (H) bit is set, the
preference value for this home agent MUST be considered to be 0. preference value for this home agent MUST be considered to be 0.
Greater values indicate a more preferable home agent than lower Greater values indicate a more preferable home agent than lower
values. values.
The manual configuration of the Home Agent Preference value is The manual configuration of the Home Agent Preference value is
described in Section 8.4. In addition, the sending home agent MAY described in Section 8.4. In addition, the sending home agent MAY
dynamically set the Home Agent Preference value, for example dynamically set the Home Agent Preference value, for example,
basing it on the number of mobile nodes it is currently serving or basing it on the number of mobile nodes it is currently serving or
on its remaining resources for serving additional mobile nodes; on its remaining resources for serving additional mobile nodes;
such dynamic settings are beyond the scope of this document. Any such dynamic settings are beyond the scope of this document. Any
such dynamic setting of the Home Agent Preference, however, MUST such dynamic setting of the Home Agent Preference, however, MUST
set the preference appropriately, relative to the default Home set the preference appropriately, relative to the default Home
Agent Preference value of 0 that may be in use by some home agents Agent Preference value of 0 that may be in use by some home agents
on this link (i.e., a home agent not including a Home Agent on this link (i.e., a home agent not including a Home Agent
Information option in its Router Advertisements will be considered Information option in its Router Advertisements will be considered
to have a Home Agent Preference value of 0). to have a Home Agent Preference value of 0).
skipping to change at page 70, line 47 skipping to change at page 69, line 15
to this router's usefulness as a home agent; it does not apply to to this router's usefulness as a home agent; it does not apply to
information contained in other message fields or options. information contained in other message fields or options.
Home agents MAY include this option in their Router Advertisements. Home agents MAY include this option in their Router Advertisements.
This option MUST NOT be included in a Router Advertisement in which This option MUST NOT be included in a Router Advertisement in which
the Home Agent (H) bit (see Section 7.1) is not set. If this option the Home Agent (H) bit (see Section 7.1) is not set. If this option
is not included in a Router Advertisement in which the Home Agent (H) is not included in a Router Advertisement in which the Home Agent (H)
bit is set, the lifetime for this home agent MUST be considered to be bit is set, the lifetime for this home agent MUST be considered to be
the same as the Router Lifetime in the Router Advertisement. If the same as the Router Lifetime in the Router Advertisement. If
multiple Advertisements are being sent instead of a single larger multiple Advertisements are being sent instead of a single larger
unsolicited multicast Advertisement, all of the multiple unsolicited multicast Router Advertisement, all of the multiple
Advertisements with the Router Address (R) bit set MUST include this Advertisements with the Router Address (R) bit set MUST include this
option with the same contents, otherwise this option MUST be omitted option with the same contents; otherwise, this option MUST be omitted
from all Advertisements. from all Advertisements.
This option MUST be silently ignored for other Neighbor Discovery This option MUST be silently ignored for other Neighbor Discovery
messages. messages.
If both the Home Agent Preference and Home Agent Lifetime are set to If both the Home Agent Preference and Home Agent Lifetime are set to
their default values specified above, this option SHOULD NOT be their default values specified above, this option SHOULD NOT be
included in the Router Advertisement messages sent by this home included in the Router Advertisement messages sent by this home
agent. agent.
7.5. Changes to Sending Router Advertisements 7.5. Changes to Sending Router Advertisements
The Neighbor Discovery protocol specification [18] limits routers to The Neighbor Discovery protocol specification [18] limits routers to
a minimum interval of 3 seconds between sending unsolicited multicast a minimum interval of 3 seconds between sending unsolicited multicast
Router Advertisement messages from any given network interface Router Advertisement messages from any given network interface
(limited by MinRtrAdvInterval and MaxRtrAdvInterval), stating that: (limited by MinRtrAdvInterval and MaxRtrAdvInterval), stating that:
"Routers generate Router Advertisements frequently enough that Routers generate Router Advertisements frequently enough that
hosts will learn of their presence within a few minutes, but not hosts will learn of their presence within a few minutes, but not
frequently enough to rely on an absence of advertisements to frequently enough to rely on an absence of advertisements to
detect router failure; a separate Neighbor Unreachability detect router failure; a separate Neighbor Unreachability
Detection algorithm provides failure detection." Detection algorithm provides failure detection.
This limitation, however, is not suitable to providing timely This limitation, however, is not suitable to providing timely
movement detection for mobile nodes. Mobile nodes detect their own movement detection for mobile nodes. Mobile nodes detect their own
movement by learning the presence of new routers as the mobile node movement by learning the presence of new routers as the mobile node
moves into wireless transmission range of them (or physically moves into wireless transmission range of them (or physically
connects to a new wired network), and by learning that previous connects to a new wired network), and by learning that previous
routers are no longer reachable. Mobile nodes MUST be able to routers are no longer reachable. Mobile nodes MUST be able to
quickly detect when they move to a link served by a new router, so quickly detect when they move to a link served by a new router, so
that they can acquire a new care-of address and send Binding Updates that they can acquire a new care-of address and send Binding Updates
to register this care-of address with their home agent and to notify to register this care-of address with their home agent and to notify
correspondent nodes as needed. correspondent nodes as needed.
One method which can provide for faster movement detection, is to One method that can provide for faster movement detection is to
increase the rate at which unsolicited Router Advertisements are increase the rate at which unsolicited Router Advertisements are
sent. Mobile IPv6 relaxes this limit such that routers MAY send sent. Mobile IPv6 relaxes this limit such that routers MAY send
unsolicited multicast Router Advertisements more frequently. This unsolicited multicast Router Advertisements more frequently. This
method can be applied where the router is expecting to provide method can be applied where the router is expecting to provide
service to visiting mobile nodes (e.g., wireless network interfaces), service to visiting mobile nodes (e.g., wireless network interfaces),
or on which it is serving as a home agent to one or more mobile nodes or on which it is serving as a home agent to one or more mobile nodes
(who may return home and need to hear its Advertisements). (who may return home and need to hear its Advertisements).
Routers supporting mobility SHOULD be able to be configured with a Routers supporting mobility SHOULD be able to be configured with a
smaller MinRtrAdvInterval value and MaxRtrAdvInterval value to allow smaller MinRtrAdvInterval value and MaxRtrAdvInterval value to allow
skipping to change at page 72, line 4 skipping to change at page 70, line 20
service to visiting mobile nodes (e.g., wireless network interfaces), service to visiting mobile nodes (e.g., wireless network interfaces),
or on which it is serving as a home agent to one or more mobile nodes or on which it is serving as a home agent to one or more mobile nodes
(who may return home and need to hear its Advertisements). (who may return home and need to hear its Advertisements).
Routers supporting mobility SHOULD be able to be configured with a Routers supporting mobility SHOULD be able to be configured with a
smaller MinRtrAdvInterval value and MaxRtrAdvInterval value to allow smaller MinRtrAdvInterval value and MaxRtrAdvInterval value to allow
sending of unsolicited multicast Router Advertisements more often. sending of unsolicited multicast Router Advertisements more often.
The minimum allowed values are: The minimum allowed values are:
o MinRtrAdvInterval 0.03 seconds o MinRtrAdvInterval 0.03 seconds
o MaxRtrAdvInterval 0.07 seconds o MaxRtrAdvInterval 0.07 seconds
In the case where the minimum intervals and delays are used, the mean In the case where the minimum intervals and delays are used, the mean
time between unsolicited multicast router advertisements is 50ms. time between unsolicited multicast Router Advertisements is 50 ms.
Use of these modified limits MUST be configurable (see also the Use of these modified limits MUST be configurable (see also the
configuration variable MinDelayBetweenRas in Section 13 which may configuration variable MinDelayBetweenRas in Section 13 that may also
also have to be modified accordingly). Systems where these values have to be modified accordingly). Systems where these values are
are available MUST NOT default to them, and SHOULD default to values available MUST NOT default to them, and SHOULD default to values
specified in Neighbor Discovery (RFC 4861 [18]). Knowledge of the specified in Neighbor Discovery (RFC 4861 [18]). Knowledge of the
type of network interface and operating environment SHOULD be taken type of network interface and operating environment SHOULD be taken
into account in configuring these limits for each network interface. into account in configuring these limits for each network interface.
This is important with some wireless links, where increasing the This is important with some wireless links, where increasing the
frequency of multicast beacons can cause considerable overhead. frequency of multicast beacons can cause considerable overhead.
Routers SHOULD adhere to the intervals specified in RFC 4861 [18], if Routers SHOULD adhere to the intervals specified in RFC 4861 [18], if
this overhead is likely to cause service degradation. this overhead is likely to cause service degradation.
Additionally, the possible low values of MaxRtrAdvInterval may cause Additionally, the possible low values of MaxRtrAdvInterval may cause
some problems with movement detection in some mobile nodes. To some problems with movement detection in some mobile nodes. To
ensure that this is not a problem, Routers SHOULD add 20ms to any ensure that this is not a problem, Routers SHOULD add 20 ms to any
Advertisement Intervals sent in RAs, which are below 200 ms, in order Advertisement Intervals sent in RAs that are below 200 ms, in order
to account for scheduling granularities on both the MN and the to account for scheduling granularities on both the MN and the
Router. router.
Note that multicast Router Advertisements are not always required in Note that multicast Router Advertisements are not always required in
certain wireless networks that have limited bandwidth. Mobility certain wireless networks that have limited bandwidth. Mobility
detection or link changes in such networks may be done at lower detection or link changes in such networks may be done at lower
layers. Router advertisements in such networks SHOULD be sent only layers. Router advertisements in such networks SHOULD be sent only
when solicited. In such networks it SHOULD be possible to disable when solicited. In such networks it SHOULD be possible to disable
unsolicited multicast Router Advertisements on specific interfaces. unsolicited multicast Router Advertisements on specific interfaces.
The MinRtrAdvInterval and MaxRtrAdvInterval in such a case can be set The MinRtrAdvInterval and MaxRtrAdvInterval in such a case can be set
to some high values. to some high values.
skipping to change at page 73, line 38 skipping to change at page 71, line 51
8.1. All IPv6 Nodes 8.1. All IPv6 Nodes
Any IPv6 node may at any time be a correspondent node of a mobile Any IPv6 node may at any time be a correspondent node of a mobile
node, either sending a packet to a mobile node or receiving a packet node, either sending a packet to a mobile node or receiving a packet
from a mobile node. There are no Mobile IPv6 specific MUST from a mobile node. There are no Mobile IPv6 specific MUST
requirements for such nodes, and basic IPv6 techniques are requirements for such nodes, and basic IPv6 techniques are
sufficient. If a mobile node attempts to set up route optimization sufficient. If a mobile node attempts to set up route optimization
with a node with only basic IPv6 support, an ICMP error will signal with a node with only basic IPv6 support, an ICMP error will signal
that the node does not support such optimizations (Section 11.3.5), that the node does not support such optimizations (Section 11.3.5),
and communications will flow through the home agent . and communications will flow through the home agent.
An IPv6 node MUST NOT support the Home Address destination option, An IPv6 node MUST NOT support the Home Address destination option,
type 2 routing header, or the Mobility Header unless it fully type 2 routing header, or the Mobility Header unless it fully
supports the requirements listed in the next sections for either supports the requirements listed in the next sections for either
route optimization, mobile node, or home agent functionality. route optimization, mobile node, or home agent functionality.
8.2. IPv6 Nodes with Support for Route Optimization 8.2. IPv6 Nodes with Support for Route Optimization
Nodes that implement route optimization are a subset of all IPv6 Nodes that implement route optimization are a subset of all IPv6
nodes on the Internet. The ability of a correspondent node to nodes on the Internet. The ability of a correspondent node to
skipping to change at page 74, line 14 skipping to change at page 72, line 26
o Avoidance of congestion in the home network, and enabling the use o Avoidance of congestion in the home network, and enabling the use
of lower-performance home agent equipment even for supporting of lower-performance home agent equipment even for supporting
thousands of mobile nodes. thousands of mobile nodes.
o Reduced network load across the entire Internet, as mobile devices o Reduced network load across the entire Internet, as mobile devices
begin to predominate. begin to predominate.
o Reduction of jitter and latency for the communications. o Reduction of jitter and latency for the communications.
o Greater likelihood of success for QoS signaling as tunneling is o Greater likelihood of success for Quality of Service (QoS)
avoided and, again, fewer sources of congestion. signaling as tunneling is avoided and, again, fewer sources of
congestion.
o Improved robustness against network partitions, congestion, and o Improved robustness against network partitions, congestion, and
other problems, since fewer routing path segments are traversed. other problems, since fewer routing path segments are traversed.
These effects combine to enable much better performance and These effects combine to enable much better performance and
robustness for communications between mobile nodes and IPv6 robustness for communications between mobile nodes and IPv6
correspondent nodes. Route optimization introduces a small amount of correspondent nodes. Route optimization introduces a small amount of
additional state for the peers, some additional messaging, and up to additional state for the peers, some additional messaging, and up to
1.5 roundtrip delays before it can be turned on. However, it is 1.5 round-trip delays before it can be turned on. However, it is
believed that the benefits far outweigh the costs in most cases. believed that the benefits far outweigh the costs in most cases.
Section 11.3.1 discusses how mobile nodes may avoid route Section 11.3.1 discusses how mobile nodes may avoid route
optimization for some of the remaining cases, such as very short-term optimization for some of the remaining cases, such as very short-term
communications. communications.
The following requirements apply to all correspondent nodes that The following requirements apply to all correspondent nodes that
support route optimization: support route optimization:
o The node MUST be able to validate a Home Address option using an o The node MUST be able to validate a Home Address option using an
existing Binding Cache entry, as described in Section 9.3.1. existing Binding Cache entry, as described in Section 9.3.1.
skipping to change at page 75, line 15 skipping to change at page 73, line 28
o The node MUST be able to participate in a return routability o The node MUST be able to participate in a return routability
procedure (Section 9.4). procedure (Section 9.4).
o The node MUST be able to process Binding Update messages o The node MUST be able to process Binding Update messages
(Section 9.5). (Section 9.5).
o The node MUST be able to return a Binding Acknowledgement o The node MUST be able to return a Binding Acknowledgement
(Section 9.5.4). (Section 9.5.4).
o The node MUST be able to maintain a Binding Cache of the bindings o The node MUST be able to maintain a Binding Cache of the bindings
received in accepted Binding Updates, as described in Section 9.1 received in accepted Binding Updates, as described in Sections 9.1
and Section 9.6. and 9.6.
o The node SHOULD allow route optimization to be administratively o The node SHOULD allow route optimization to be administratively
enabled or disabled. The default SHOULD be enabled. enabled or disabled. The default SHOULD be enabled.
8.3. All IPv6 Routers 8.3. All IPv6 Routers
All IPv6 routers, even those not serving as a home agent for Mobile All IPv6 routers, even those not serving as a home agent for Mobile
IPv6, have an effect on how well mobile nodes can communicate: IPv6, have an effect on how well mobile nodes can communicate:
o Every IPv6 router SHOULD be able to send an Advertisement Interval o Every IPv6 router SHOULD be able to send an Advertisement Interval
skipping to change at page 75, line 44 skipping to change at page 74, line 8
Section 7.5. If the router supports a faster rate, the used rate Section 7.5. If the router supports a faster rate, the used rate
MUST be configurable. MUST be configurable.
o Each router SHOULD include at least one prefix with the Router o Each router SHOULD include at least one prefix with the Router
Address (R) bit set and with its full IP address in its Router Address (R) bit set and with its full IP address in its Router
Advertisements (as described in Section 7.2). Advertisements (as described in Section 7.2).
o Routers supporting filtering packets with routing headers SHOULD o Routers supporting filtering packets with routing headers SHOULD
support different rules for type 0 and type 2 routing headers (see support different rules for type 0 and type 2 routing headers (see
Section 6.4) so that filtering of source routed packets (type 0) Section 6.4) so that filtering of source routed packets (type 0)
will not necessarily limit Mobile IPv6 traffic which is delivered will not necessarily limit Mobile IPv6 traffic that is delivered
via type 2 routing headers. via type 2 routing headers.
8.4. IPv6 Home Agents 8.4. IPv6 Home Agents
In order for a mobile node to operate correctly while away from home, In order for a mobile node to operate correctly while away from home,
at least one IPv6 router on the mobile node's home link must function at least one IPv6 router on the mobile node's home link must function
as a home agent for the mobile node. The following additional as a home agent for the mobile node. The following additional
requirements apply to all IPv6 routers that serve as a home agent: requirements apply to all IPv6 routers that serve as a home agent:
o Every home agent MUST be able to maintain an entry in its Binding o Every home agent MUST be able to maintain an entry in its Binding
Cache for each mobile node for which it is serving as the home Cache for each mobile node for which it is serving as the home
agent (Section 10.1 and Section 10.3.1). agent (Sections 10.1 and 10.3.1).
o Every home agent MUST be able to intercept packets (using proxy o Every home agent MUST be able to intercept packets (using proxy
Neighbor Discovery [18]) addressed to a mobile node for which it Neighbor Discovery [18]) addressed to a mobile node for which it
is currently serving as the home agent, on that mobile node's home is currently serving as the home agent, on that mobile node's home
link, while the mobile node is away from home (Section 10.4.1). link, while the mobile node is away from home (Section 10.4.1).
o Every home agent MUST be able to encapsulate [7] such intercepted o Every home agent MUST be able to encapsulate [7] such intercepted
packets in order to tunnel them to the primary care-of address for packets in order to tunnel them to the primary care-of address for
the mobile node indicated in its binding in the home agent's the mobile node indicated in its binding in the home agent's
Binding Cache (Section 10.4.2). Binding Cache (Section 10.4.2).
o Every home agent MUST support decapsulating [7] reverse tunneled o Every home agent MUST support decapsulating [7] reverse-tunneled
packets sent to it from a mobile node's home address. Every home packets sent to it from a mobile node's home address. Every home
agent MUST also check that the source address in the tunneled agent MUST also check that the source address in the tunneled
packets corresponds to the currently registered location of the packets corresponds to the currently registered location of the
mobile node (Section 10.4.5). mobile node (Section 10.4.5).
o The node MUST be able to process Mobility Headers as described in o The node MUST be able to process Mobility Headers as described in
Section 10.2. Section 10.2.
o Every home agent MUST be able to return a Binding Acknowledgement o Every home agent MUST be able to return a Binding Acknowledgement
in response to a Binding Update (Section 10.3.1). in response to a Binding Update (Section 10.3.1).
o Every home agent MUST maintain a separate Home Agents List for o Every home agent MUST maintain a separate Home Agents List for
each link on which it is serving as a home agent, as described in each link on which it is serving as a home agent, as described in
Section 10.1 and Section 10.5.1. Sections 10.1 and 10.5.1.
o Every home agent MUST be able to accept packets addressed to the o Every home agent MUST be able to accept packets addressed to the
Mobile IPv6 Home-Agents anycast address [8] for the subnet on Mobile IPv6 Home-Agents anycast address [8] for the subnet on
which it is serving as a home agent, and MUST be able to which it is serving as a home agent, and MUST be able to
participate in dynamic home agent address discovery participate in dynamic home agent address discovery
(Section 10.5). (Section 10.5).
o Every home agent SHOULD support a configuration mechanism to allow o Every home agent SHOULD support a configuration mechanism to allow
a system administrator to manually set the value to be sent by a system administrator to manually set the value to be sent by
this home agent in the Home Agent Preference field of the Home this home agent in the Home Agent Preference field of the Home
skipping to change at page 77, line 32 skipping to change at page 75, line 45
o The node MUST maintain a Binding Update List (Section 11.1). o The node MUST maintain a Binding Update List (Section 11.1).
o The node MUST support sending packets containing a Home Address o The node MUST support sending packets containing a Home Address
option (Section 11.3.1), and follow the required IPsec interaction option (Section 11.3.1), and follow the required IPsec interaction
(Section 11.3.2). (Section 11.3.2).
o The node MUST be able to perform IPv6 encapsulation and o The node MUST be able to perform IPv6 encapsulation and
decapsulation [7]. decapsulation [7].
o The node MUST be able to process type 2 routing header as defined o The node MUST be able to process type 2 routing header as defined
in Section 6.4 and Section 11.3.3. in Sections 6.4 and 11.3.3.
o The node MUST support receiving a Binding Error message o The node MUST support receiving a Binding Error message
(Section 11.3.6). (Section 11.3.6).
o The node MUST support receiving ICMP errors (Section 11.3.5). o The node MUST support receiving ICMP errors (Section 11.3.5).
o The node MUST support movement detection, care-of address o The node MUST support movement detection, care-of address
formation, and returning home (Section 11.5). formation, and returning home (Section 11.5).
o The node MUST be able to process Mobility Headers as described in o The node MUST be able to process Mobility Headers as described in
Section 11.2. Section 11.2.
o The node MUST support the return routability procedure o The node MUST support the return routability procedure
(Section 11.6). (Section 11.6).
o The node MUST be able to send Binding Updates, as specified in o The node MUST be able to send Binding Updates, as specified in
Section 11.7.1 and Section 11.7.2. Sections 11.7.1 and 11.7.2.
o The node MUST be able to receive and process Binding o The node MUST be able to receive and process Binding
Acknowledgements, as specified in Section 11.7.3. Acknowledgements, as specified in Section 11.7.3.
o The node MUST support receiving a Binding Refresh Request o The node MUST support receiving a Binding Refresh Request
(Section 6.1.2), by responding with a Binding Update. (Section 6.1.2), by responding with a Binding Update.
o The node MUST support receiving Mobile Prefix Advertisements o The node MUST support receiving Mobile Prefix Advertisements
(Section 11.4.3) and reconfiguring its home address based on the (Section 11.4.3) and reconfiguring its home address based on the
prefix information contained therein. prefix information contained therein.
skipping to change at page 78, line 24 skipping to change at page 76, line 39
o The node MUST allow route optimization to be administratively o The node MUST allow route optimization to be administratively
enabled or disabled. The default SHOULD be enabled. enabled or disabled. The default SHOULD be enabled.
o The node MAY support the multicast address listener part of a o The node MAY support the multicast address listener part of a
multicast group membership protocol as described in multicast group membership protocol as described in
Section 11.3.4. If this support is provided, the mobile node MUST Section 11.3.4. If this support is provided, the mobile node MUST
be able to receive tunneled multicast packets from the home agent. be able to receive tunneled multicast packets from the home agent.
o The node MAY support stateful address autoconfiguration mechanisms o The node MAY support stateful address autoconfiguration mechanisms
such as DHCPv6 [30] on the interface represented by the tunnel to such as DHCPv6 [31] on the interface represented by the tunnel to
the home agent. the home agent.
9. Correspondent Node Operation 9. Correspondent Node Operation
9.1. Conceptual Data Structures 9.1. Conceptual Data Structures
IPv6 nodes with route optimization support maintain a Binding Cache IPv6 nodes with route optimization support maintain a Binding Cache
of bindings for other nodes. A separate Binding Cache SHOULD be of bindings for other nodes. A separate Binding Cache SHOULD be
maintained by each IPv6 node for each of its unicast routable maintained by each IPv6 node for each of its unicast routable
addresses. The Binding Cache MAY be implemented in any manner addresses. The Binding Cache MAY be implemented in any manner
consistent with the external behavior described in this document, for consistent with the external behavior described in this document, for
example by being combined with the node's Destination Cache as example, by being combined with the node's Destination Cache as
maintained by Neighbor Discovery [18]. When sending a packet, the maintained by Neighbor Discovery [18]. When sending a packet, the
Binding Cache is searched before the Neighbor Discovery conceptual Binding Cache is searched before the Neighbor Discovery conceptual
Destination Cache [18]. Destination Cache [18].
Each Binding Cache entry conceptually contains the following fields: Each Binding Cache entry conceptually contains the following fields:
o The home address of the mobile node for which this is the Binding o The home address of the mobile node for which this is the Binding
Cache entry. This field is used as the key for searching the Cache entry. This field is used as the key for searching the
Binding Cache for the destination address of a packet being sent. Binding Cache for the destination address of a packet being sent.
skipping to change at page 79, line 36 skipping to change at page 77, line 25
address field in this Binding Cache entry. address field in this Binding Cache entry.
o A lifetime value, indicating the remaining lifetime for this o A lifetime value, indicating the remaining lifetime for this
Binding Cache entry. The lifetime value is initialized from the Binding Cache entry. The lifetime value is initialized from the
Lifetime field in the Binding Update that created or last modified Lifetime field in the Binding Update that created or last modified
this Binding Cache entry. A correspondent node MAY select a this Binding Cache entry. A correspondent node MAY select a
smaller lifetime for the Binding Cache entry, and supply that smaller lifetime for the Binding Cache entry, and supply that
value to the mobile node in the Binding Acknowledgment message. value to the mobile node in the Binding Acknowledgment message.
o A flag indicating whether or not this Binding Cache entry is a o A flag indicating whether or not this Binding Cache entry is a
home registration entry (applicable only on nodes which support home registration entry (applicable only on nodes that support
home agent functionality). home agent functionality).
o The maximum value of the Sequence Number field received in o The maximum value of the Sequence Number field received in
previous Binding Updates for this home address. The Sequence previous Binding Updates for this home address. The Sequence
Number field is 16 bits long. Sequence Number values MUST be Number field is 16 bits long. Sequence Number values MUST be
compared modulo 2**16 as explained in Section 9.5.1. compared modulo 2**16 as explained in Section 9.5.1.
o Usage information for this Binding Cache entry. This is needed to o Usage information for this Binding Cache entry. This is needed to
implement the cache replacement policy in use in the Binding implement the cache replacement policy in use in the Binding
Cache. Recent use of a cache entry also serves as an indication Cache. Recent use of a cache entry also serves as an indication
skipping to change at page 80, line 18 skipping to change at page 78, line 14
9.2. Processing Mobility Headers 9.2. Processing Mobility Headers
Mobility Header processing MUST observe the following rules: Mobility Header processing MUST observe the following rules:
o The checksum must be verified as per Section 6.1. If invalid, the o The checksum must be verified as per Section 6.1. If invalid, the
node MUST silently discard the message. node MUST silently discard the message.
o The MH Type field MUST have a known value (Section 6.1.1). o The MH Type field MUST have a known value (Section 6.1.1).
Otherwise, the node MUST discard the message and issue a Binding Otherwise, the node MUST discard the message and issue a Binding
Error message as described in Section 9.3.3, with Status field set Error message as described in Section 9.3.3, with the Status field
to 2 (unrecognized MH Type value). set to 2 (unrecognized MH Type value).
o The Payload Proto field MUST be IPPROTO_NONE (59 decimal). o The Payload Proto field MUST be IPPROTO_NONE (59 decimal).
Otherwise, the node MUST discard the message and SHOULD send ICMP Otherwise, the node MUST discard the message and SHOULD send ICMP
Parameter Problem, Code 0, directly to the Source Address of the Parameter Problem, Code 0, directly to the Source Address of the
packet as specified in RFC 4443 [17]. Thus no Binding Cache packet as specified in RFC 4443 [17]. Thus, no Binding Cache
information is used in sending the ICMP message. The Pointer information is used in sending the ICMP message. The Pointer
field in the ICMP message SHOULD point at the Payload Proto field. field in the ICMP message SHOULD point at the Payload Proto field.
o The Header Len field in the Mobility Header MUST NOT be less than o The Header Len field in the Mobility Header MUST NOT be less than
the length specified for this particular type of message in the length specified for this particular type of message in
Section 6.1. Otherwise, the node MUST discard the message and Section 6.1. Otherwise, the node MUST discard the message and
SHOULD send ICMP Parameter Problem, Code 0, directly to the Source SHOULD send ICMP Parameter Problem, Code 0, directly to the Source
Address of the packet as specified in RFC 4443 [17]. (The Binding Address of the packet as specified in RFC 4443 [17]. (The Binding
Cache information is again not used.) The Pointer field in the Cache information is again not used.) The Pointer field in the
ICMP message SHOULD point at the Header Len field. ICMP message SHOULD point at the Header Len field.
skipping to change at page 81, line 38 skipping to change at page 79, line 35
definition of the Option Type code for the Home Address option, since definition of the Option Type code for the Home Address option, since
it indicates that the data within the option cannot change en route it indicates that the data within the option cannot change en route
to the packet's final destination, and thus the option is included in to the packet's final destination, and thus the option is included in
the AH computation. By requiring that any authentication of the IPv6 the AH computation. By requiring that any authentication of the IPv6
header also cover the Home Address option, the security of the Source header also cover the Home Address option, the security of the Source
Address field in the IPv6 header is not compromised by the presence Address field in the IPv6 header is not compromised by the presence
of a Home Address option. of a Home Address option.
When attempting to verify AH authentication data in a packet that When attempting to verify AH authentication data in a packet that
contains a Home Address option, the receiving node MUST calculate the contains a Home Address option, the receiving node MUST calculate the
AH authentication data as if the following were true: The Home AH authentication data as if the following were true: the Home
Address option contains the care-of address, and the source IPv6 Address option contains the care-of address, and the source IPv6
address field of the IPv6 header contains the home address. This address field of the IPv6 header contains the home address. This
conforms with the calculation specified in Section 11.3.2. conforms with the calculation specified in Section 11.3.2.
9.3.2. Sending Packets to a Mobile Node 9.3.2. Sending Packets to a Mobile Node
Before sending any packet, the sending node SHOULD examine its Before sending any packet, the sending node SHOULD examine its
Binding Cache for an entry for the destination address to which the Binding Cache for an entry for the destination address to which the
packet is being sent. If the sending node has a Binding Cache entry packet is being sent. If the sending node has a Binding Cache entry
for this address, the sending node SHOULD use a type 2 routing header for this address, the sending node SHOULD use a type 2 routing header
to route the packet to this mobile node (the destination node) by way to route the packet to this mobile node (the destination node) by way
of its care-of address. However, the sending node MUST NOT do this of its care-of address. However, the sending node MUST NOT do this
in the following cases: in the following cases:
o When sending an IPv6 Neighbor Discovery [18] packet. o When sending an IPv6 Neighbor Discovery [18] packet.
o Where otherwise noted in Section 6.1. o Where otherwise noted in Section 6.1.
When calculating authentication data in a packet that contains a type When calculating authentication data in a packet that contains a type
2 routing header, the correspondent node MUST calculate the AH 2 routing header, the correspondent node MUST calculate the AH
authentication data as if the following were true: The routing header authentication data as if the following were true: the routing header
contains the care-of address, the destination IPv6 address field of contains the care-of address, the destination IPv6 address field of
the IPv6 header contains the home address, and the Segments Left the IPv6 header contains the home address, and the Segments Left
field is zero. The IPsec Security Policy Database lookup MUST based field is zero. The IPsec Security Policy Database lookup MUST based
on the mobile node's home address. on the mobile node's home address.
For instance, assuming there are no additional routing headers in For instance, assuming there are no additional routing headers in
this packet beyond those needed by Mobile IPv6, the correspondent this packet beyond those needed by Mobile IPv6, the correspondent
node could set the fields in the packet's IPv6 header and routing node could set the fields in the packet's IPv6 header and routing
header as follows: header as follows:
skipping to change at page 83, line 13 skipping to change at page 81, line 11
node simply sends the packet normally, with no routing header. If node simply sends the packet normally, with no routing header. If
the destination node is not a mobile node (or is a mobile node that the destination node is not a mobile node (or is a mobile node that
is currently at home), the packet will be delivered directly to this is currently at home), the packet will be delivered directly to this
node and processed normally by it. If, however, the destination node node and processed normally by it. If, however, the destination node
is a mobile node that is currently away from home, the packet will be is a mobile node that is currently away from home, the packet will be
intercepted by the mobile node's home agent and tunneled to the intercepted by the mobile node's home agent and tunneled to the
mobile node's current primary care-of address. mobile node's current primary care-of address.
9.3.3. Sending Binding Error Messages 9.3.3. Sending Binding Error Messages
Section 9.2 and Section 9.3.1 describe error conditions that lead to Sections 9.2 and 9.3.1 describe error conditions that lead to a need
a need to send a Binding Error message. to send a Binding Error message.
A Binding Error message is sent directly to the address that appeared A Binding Error message is sent directly to the address that appeared
in the IPv6 Source Address field of the offending packet. If the in the IPv6 Source Address field of the offending packet. If the
Source Address field does not contain a unicast address, the Binding Source Address field does not contain a unicast address, the Binding
Error message MUST NOT be sent. Error message MUST NOT be sent.
The Home Address field in the Binding Error message MUST be copied The Home Address field in the Binding Error message MUST be copied
from the Home Address field in the Home Address destination option of from the Home Address field in the Home Address destination option of
the offending packet, or set to the unspecified address if no such the offending packet, or set to the unspecified address if no such
option appeared in the packet. option appeared in the packet.
skipping to change at page 84, line 27 skipping to change at page 82, line 25
This subsection specifies actions taken by a correspondent node This subsection specifies actions taken by a correspondent node
during the return routability procedure. during the return routability procedure.
9.4.1. Receiving Home Test Init Messages 9.4.1. Receiving Home Test Init Messages
Upon receiving a Home Test Init message, the correspondent node Upon receiving a Home Test Init message, the correspondent node
verifies the following: verifies the following:
o The packet MUST NOT include a Home Address destination option. o The packet MUST NOT include a Home Address destination option.
Any packet carrying a Home Test Init message which fails to satisfy Any packet carrying a Home Test Init message that fails to satisfy
this test MUST be silently ignored. this test MUST be silently ignored.
Otherwise, in preparation for sending the corresponding Home Test Otherwise, in preparation for sending the corresponding Home Test
Message, the correspondent node checks that it has the necessary Message, the correspondent node checks that it has the necessary
material to engage in a return routability procedure, as specified in material to engage in a return routability procedure, as specified in
Section 5.2. The correspondent node MUST have a secret Kcn and a Section 5.2. The correspondent node MUST have a secret Kcn and a
nonce. If it does not have this material yet, it MUST produce it nonce. If it does not have this material yet, it MUST produce it
before continuing with the return routability procedure. before continuing with the return routability procedure.
Section 9.4.3 specifies further processing. Section 9.4.3 specifies further processing.
9.4.2. Receiving Care-of Test Init Messages 9.4.2. Receiving Care-of Test Init Messages
Upon receiving a Care-of Test Init message, the correspondent node Upon receiving a Care-of Test Init message, the correspondent node
verifies the following: verifies the following:
o The packet MUST NOT include a Home Address destination option. o The packet MUST NOT include a Home Address destination option.
Any packet carrying a Care-of Test Init message which fails to Any packet carrying a Care-of Test Init message that fails to satisfy
satisfy this test MUST be silently ignored. this test MUST be silently ignored.
Otherwise, in preparation for sending the corresponding Care-of Test Otherwise, in preparation for sending the corresponding Care-of Test
Message, the correspondent node checks that it has the necessary Message, the correspondent node checks that it has the necessary
material to engage in a return routability procedure in the manner material to engage in a return routability procedure in the manner
described in Section 9.4.1. described in Section 9.4.1.
Section 9.4.4 specifies further processing. Section 9.4.4 specifies further processing.
9.4.3. Sending Home Test Messages 9.4.3. Sending Home Test Messages
skipping to change at page 86, line 45 skipping to change at page 84, line 45
authorization method, the correspondent node MUST verify the authorization method, the correspondent node MUST verify the
authenticator by using the address within the Alternate Care-of authenticator by using the address within the Alternate Care-of
Address in the calculations. Address in the calculations.
o The Binding Authorization Data mobility option MUST be the last o The Binding Authorization Data mobility option MUST be the last
option and MUST NOT have trailing padding. option and MUST NOT have trailing padding.
If the Home Registration (H) bit is set, the Nonce Indices mobility If the Home Registration (H) bit is set, the Nonce Indices mobility
option MUST NOT be present. option MUST NOT be present.
If the mobile node sends a sequence number which is not greater than If the mobile node sends a sequence number that is not greater than
the sequence number from the last valid Binding Update for this home the sequence number from the last valid Binding Update for this home
address, then the receiving node MUST send back a Binding address, then the receiving node MUST send back a Binding
Acknowledgement with status code 135, and the last accepted sequence Acknowledgement with status code 135, and the last accepted sequence
number in the Sequence Number field of the Binding Acknowledgement. number in the Sequence Number field of the Binding Acknowledgement.
If a binding already exists for the given home address and the home If a binding already exists for the given home address and the home
registration flag has a different value than the Home Registration registration flag has a different value than the Home Registration
(H) bit in the Binding Update, then the receiving node MUST send back (H) bit in the Binding Update, then the receiving node MUST send back
a Binding Acknowledgement with status code 139 (registration type a Binding Acknowledgement with status code 139 (registration type
change disallowed). The home registration flag stored in the Binding change disallowed). The home registration flag stored in the Binding
skipping to change at page 89, line 9 skipping to change at page 87, line 13
bit is not set in the Binding Update. bit is not set in the Binding Update.
Any existing binding for the given home address MUST be deleted. A Any existing binding for the given home address MUST be deleted. A
Binding Cache entry for the home address MUST NOT be created in Binding Cache entry for the home address MUST NOT be created in
response to receiving the Binding Update. response to receiving the Binding Update.
If the Binding Cache entry was created by use of return routability If the Binding Cache entry was created by use of return routability
nonces, the correspondent node MUST ensure that the same nonces are nonces, the correspondent node MUST ensure that the same nonces are
not used again with the particular home and care-of address. If both not used again with the particular home and care-of address. If both
nonces are still valid, the correspondent node has to remember the nonces are still valid, the correspondent node has to remember the
particular combination of nonce indexes, addresses, and sequence particular combination of nonce indices, addresses, and sequence
number as illegal until at least one of the nonces has become too number as illegal until at least one of the nonces has become too
old. old.
9.5.4. Sending Binding Acknowledgements 9.5.4. Sending Binding Acknowledgements
A Binding Acknowledgement may be sent to indicate receipt of a A Binding Acknowledgement may be sent to indicate receipt of a
Binding Update as follows: Binding Update as follows:
o If the Binding Update was discarded as described in Section 9.2 or o If the Binding Update was discarded as described in Sections 9.2
Section 9.5.1, a Binding Acknowledgement MUST NOT be sent. or 9.5.1, a Binding Acknowledgement MUST NOT be sent. Otherwise,
Otherwise the treatment depends on the following rules. the treatment depends on the following rules.
o If the Acknowledge (A) bit is set in the Binding Update, a Binding o If the Acknowledge (A) bit is set in the Binding Update, a Binding
Acknowledgement MUST be sent. Otherwise, the treatment depends on Acknowledgement MUST be sent. Otherwise, the treatment depends on
the next rule. the next rule.
o If the node rejects the Binding Update due to an expired nonce o If the node rejects the Binding Update due to an expired nonce
index, sequence number being out of window (Section 9.5.1), or index, sequence number being out of window (Section 9.5.1), or
insufficiency of resources (Section 9.5.2), a Binding insufficiency of resources (Section 9.5.2), a Binding
Acknowledgement MUST be sent. If the node accepts the Binding Acknowledgement MUST be sent. If the node accepts the Binding
Update, the Binding Acknowledgement SHOULD NOT be sent. Update, the Binding Acknowledgement SHOULD NOT be sent.
If the node accepts the Binding Update and creates or updates an If the node accepts the Binding Update and creates or updates an
entry for this binding, the Status field in the Binding entry for this binding, the Status field in the Binding
Acknowledgement MUST be set to a value less than 128. Otherwise, the Acknowledgement MUST be set to a value less than 128. Otherwise, the
Status field MUST be set to a value greater than or equal to 128. Status field MUST be set to a value greater than or equal to 128.
Values for the Status field are described in Section 6.1.8 and in the Values for the Status field are described in Section 6.1.8 and in the
IANA registry of assigned numbers [29]. IANA registry of assigned numbers [30].
If the Status field in the Binding Acknowledgement contains the value If the Status field in the Binding Acknowledgement contains the value
136 (expired home nonce index), 137 (expired care-of nonce index), or 136 (expired home nonce index), 137 (expired care-of nonce index), or
138 (expired nonces) then the message MUST NOT include the Binding 138 (expired nonces), then the message MUST NOT include the Binding
Authorization Data mobility option. Otherwise, the Binding Authorization Data mobility option. Otherwise, the Binding
Authorization Data mobility option MUST be included, and MUST meet Authorization Data mobility option MUST be included, and MUST meet
the specific authentication requirements for Binding Acknowledgements the specific authentication requirements for Binding Acknowledgements
as defined in Section 5.2. as defined in Section 5.2.
If the Source Address field of the IPv6 header that carried the If the Source Address field of the IPv6 header that carried the
Binding Update does not contain a unicast address, the Binding Binding Update does not contain a unicast address, the Binding
Acknowledgement MUST NOT be sent and the Binding Update packet MUST Acknowledgement MUST NOT be sent and the Binding Update packet MUST
be silently discarded. Otherwise, the acknowledgement MUST be sent be silently discarded. Otherwise, the acknowledgement MUST be sent
to the Source Address. Unlike the treatment of regular packets, this to the Source Address. Unlike the treatment of regular packets, this
skipping to change at page 90, line 4 skipping to change at page 88, line 11
Authorization Data mobility option MUST be included, and MUST meet Authorization Data mobility option MUST be included, and MUST meet
the specific authentication requirements for Binding Acknowledgements the specific authentication requirements for Binding Acknowledgements
as defined in Section 5.2. as defined in Section 5.2.
If the Source Address field of the IPv6 header that carried the If the Source Address field of the IPv6 header that carried the
Binding Update does not contain a unicast address, the Binding Binding Update does not contain a unicast address, the Binding
Acknowledgement MUST NOT be sent and the Binding Update packet MUST Acknowledgement MUST NOT be sent and the Binding Update packet MUST
be silently discarded. Otherwise, the acknowledgement MUST be sent be silently discarded. Otherwise, the acknowledgement MUST be sent
to the Source Address. Unlike the treatment of regular packets, this to the Source Address. Unlike the treatment of regular packets, this
addressing procedure does not use information from the Binding Cache. addressing procedure does not use information from the Binding Cache.
However, a routing header is needed in some cases. If the Source However, a routing header is needed in some cases. If the Source
Address is the home address of the mobile node, i.e., the Binding Address is the home address of the mobile node, i.e., the Binding
Update did not contain a Home Address destination option, then the Update did not contain a Home Address destination option, then the
Binding Acknowledgement MUST be sent to that address and the routing Binding Acknowledgement MUST be sent to that address and the routing
header MUST NOT be used. Otherwise, the Binding Acknowledgement MUST header MUST NOT be used. Otherwise, the Binding Acknowledgement MUST
be sent using a type 2 routing header which contains the mobile be sent using a type 2 routing header that contains the mobile node's
node's home address. home address.
9.5.5. Sending Binding Refresh Requests 9.5.5. Sending Binding Refresh Requests
If a Binding Cache entry being deleted is still in active use when If a Binding Cache entry being deleted is still in active use when
sending packets to a mobile node, then the next packet sent to the sending packets to a mobile node, then the next packet sent to the
mobile node will be routed normally to the mobile node's home link. mobile node will be routed normally to the mobile node's home link.
Communication with the mobile node continues, but the tunneling from Communication with the mobile node continues, but the tunneling from
the home network creates additional overhead and latency in the home network creates additional overhead and latency in
delivering packets to the mobile node. delivering packets to the mobile node.
skipping to change at page 95, line 29 skipping to change at page 93, line 6
remaining valid lifetime for this prefix is determined by the home remaining valid lifetime for this prefix is determined by the home
agent based on its own Prefix List entry [18]. agent based on its own Prefix List entry [18].
The remaining preferred lifetime SHOULD NOT have any impact on the The remaining preferred lifetime SHOULD NOT have any impact on the
lifetime for the Binding Cache entry. lifetime for the Binding Cache entry.
The home agent MUST remove a binding when the valid lifetime of The home agent MUST remove a binding when the valid lifetime of
the prefix associated with it expires. the prefix associated with it expires.
o The home agent MAY further decrease the specified lifetime for the o The home agent MAY further decrease the specified lifetime for the
binding, for example based on a local policy. The resulting binding, for example, based on a local policy. The resulting
lifetime is stored by the home agent in the Binding Cache entry, lifetime is stored by the home agent in the Binding Cache entry,
and this Binding Cache entry MUST be deleted by the home agent and this Binding Cache entry MUST be deleted by the home agent
after the expiration of this lifetime. after the expiration of this lifetime.
Regardless of the setting of the Acknowledge (A) bit in the Binding Regardless of the setting of the Acknowledge (A) bit in the Binding
Update, the home agent MUST return a Binding Acknowledgement to the Update, the home agent MUST return a Binding Acknowledgement to the
mobile node constructed as follows: mobile node constructed as follows:
o The Status field MUST be set to a value indicating success. The o The Status field MUST be set to a value indicating success. The
value 1 (accepted but prefix discovery necessary) MUST be used if value 1 (accepted but prefix discovery necessary) MUST be used if
skipping to change at page 97, line 10 skipping to change at page 94, line 35
registration within the Refresh period. registration within the Refresh period.
The rules for selecting the Destination IP address (and possibly The rules for selecting the Destination IP address (and possibly
routing header construction) for the Binding Acknowledgement to the routing header construction) for the Binding Acknowledgement to the
mobile node are the same as in Section 9.5.4. mobile node are the same as in Section 9.5.4.
In addition, the home agent MUST follow the procedure defined in In addition, the home agent MUST follow the procedure defined in
Section 10.4.1 to intercept packets on the mobile node's home link Section 10.4.1 to intercept packets on the mobile node's home link
addressed to the mobile node, while the home agent is serving as the addressed to the mobile node, while the home agent is serving as the
home agent for this mobile node. The home agent MUST also be home agent for this mobile node. The home agent MUST also be
prepared to accept reverse tunneled packets from the new care-of prepared to accept reverse-tunneled packets from the new care-of
address of the mobile node, as described in Section 10.4.5. Finally, address of the mobile node, as described in Section 10.4.5. Finally,
the home agent MUST also propagate new home network prefixes, as the home agent MUST also propagate new home network prefixes, as
described in Section 10.6. described in Section 10.6.
10.3.2. Primary Care-of Address De-Registration 10.3.2. Primary Care-of Address De-Registration
A binding may need to be de-registered when the mobile node returns A binding may need to be de-registered when the mobile node returns
home or when the mobile node knows that it will not have any care-of home or when the mobile node knows that it will not have any care-of
addresses in the visited network. addresses in the visited network.
skipping to change at page 98, line 18 skipping to change at page 95, line 42
o The Lifetime field MUST be set to zero. o The Lifetime field MUST be set to zero.
o The Binding Refresh Advice mobility option MUST be omitted. o The Binding Refresh Advice mobility option MUST be omitted.
The rules for selecting the Destination IP address (and, if required, The rules for selecting the Destination IP address (and, if required,
routing header construction) for the Binding Acknowledgement to the routing header construction) for the Binding Acknowledgement to the
mobile node are the same as in the previous section. When the Status mobile node are the same as in the previous section. When the Status
field in the Binding Acknowledgement is greater than or equal to 128 field in the Binding Acknowledgement is greater than or equal to 128
and the Source Address of the Binding Update is on the home link, and and the Source Address of the Binding Update is on the home link, and
the Binding Update came from a mobile node on the same link, the home the Binding Update came from a mobile node on the same link, the home
agent MUST send it to the mobile node's link layer address (retrieved agent MUST send it to the mobile node's link-layer address (retrieved
either from the Binding Update or through Neighbor Solicitation). either from the Binding Update or through Neighbor Solicitation).
When a mobile node sends a Binding Update to refresh the binding from When a mobile node sends a Binding Update to refresh the binding from
the visited link and soon after moves to the home link and sends a the visited link and soon after moves to the home link and sends a
de-registration Binding Update, a race condition can happen if the de-registration Binding Update, a race condition can happen if the
first Binding Update gets delayed. The delayed Binding Update can first Binding Update gets delayed. The delayed Binding Update can
cause the home agent to create a new Binding Cache entry for a mobile cause the home agent to create a new Binding Cache entry for a mobile
node that had just attached to the home link and successfully deleted node that had just attached to the home link and successfully deleted
the binding. This would prevent the mobile node from using its home the binding. This would prevent the mobile node from using its home
address from the home link. address from the home link.
In order to prevent this, the home agent SHOULD NOT remove the In order to prevent this, the home agent SHOULD NOT remove the
Binding Cache entry immediately after receiving the deregistration Binding Cache entry immediately after receiving the de-registration
Binding Update from the mobile node. It SHOULD mark the Binding Binding Update from the mobile node. It SHOULD mark the Binding
Cache entry as invalid, and MUST stop intercepting packets on the Cache entry as invalid, and MUST stop intercepting packets on the
mobile node's home link that are addressed to the mobile node mobile node's home link that are addressed to the mobile node
(Section 10.4.1). The home agent should wait for (Section 10.4.1). The home agent should wait for
MAX_DELETE_BCE_TIMEOUT (Section 12) seconds before removing the MAX_DELETE_BCE_TIMEOUT (Section 12) seconds before removing the
Binding Cache entry completely. In the scenario described above, if Binding Cache entry completely. In the scenario described above, if
the home agent receives the delayed Binding Update that the mobile the home agent receives the delayed Binding Update that the mobile
node sent from the visited link, it would reject the message since node sent from the visited link, it would reject the message since
the sequence number would be less than the last received the sequence number would be less than the last received de-
deregistration Binding Update from the home link. The home agent registration Binding Update from the home link. The home agent would
would then send a Binding Acknowledgment with status '135' (Sequence then send a Binding Acknowledgment with status '135' (Sequence number
number out of window) to the care of address on the visited link. out of window) to the care-of address on the visited link. The
The mobile node can continue using the home address from the home mobile node can continue using the home address from the home link.
link.
10.4. Packet Processing 10.4. Packet Processing
10.4.1. Intercepting Packets for a Mobile Node 10.4.1. Intercepting Packets for a Mobile Node
While a node is serving as the home agent for a mobile node it MUST While a node is serving as the home agent for a mobile node it MUST
attempt to intercept packets on the mobile node's home link that are attempt to intercept packets on the mobile node's home link that are
addressed to the mobile node. addressed to the mobile node.
In order to do this, when a node begins serving as the home agent it In order to do this, when a node begins serving as the home agent it
skipping to change at page 99, line 31 skipping to change at page 97, line 10
exceptions: exceptions:
o The Target Address in the Neighbor Advertisement MUST be set to o The Target Address in the Neighbor Advertisement MUST be set to
the specific IP address for the mobile node. the specific IP address for the mobile node.
o The Advertisement MUST include a Target Link-layer Address option o The Advertisement MUST include a Target Link-layer Address option
specifying the home agent's link-layer address. specifying the home agent's link-layer address.
o The Router (R) bit in the Advertisement MUST be set to zero. o The Router (R) bit in the Advertisement MUST be set to zero.
o The Solicited Flag (S) in the Advertisement MUST NOT be set, since o The Solicited (S) flag in the Advertisement MUST NOT be set, since
it was not solicited by any Neighbor Solicitation. it was not solicited by any Neighbor Solicitation.
o The Override Flag (O) in the Advertisement MUST be set, indicating o The Override (O) flag in the Advertisement MUST be set, indicating
that the Advertisement SHOULD override any existing Neighbor Cache that the Advertisement SHOULD override any existing Neighbor Cache
entry at any node receiving it. entry at any node receiving it.
o The Source Address in the IPv6 header MUST be set to the home o The Source Address in the IPv6 header MUST be set to the home
agent's IP address on the interface used to send the agent's IP address on the interface used to send the
advertisement. advertisement.
Any node on the home link that receives one of the Neighbor Any node on the home link that receives one of the Neighbor
Advertisement messages (described above) will update its Neighbor Advertisement messages (described above) will update its Neighbor
Cache to associate the mobile node's address with the home agent's Cache to associate the mobile node's address with the home agent's
link layer address, causing it to transmit any future packets link-layer address, causing it to transmit any future packets
normally destined to the mobile node to the mobile node's home agent. normally destined to the mobile node to the mobile node's home agent.
Since multicasting on the local link (such as Ethernet) is typically Since multicasting on the local link (such as Ethernet) is typically
not guaranteed to be reliable, the home agent MAY retransmit this not guaranteed to be reliable, the home agent MAY retransmit this
Neighbor Advertisement message up to MAX_NEIGHBOR_ADVERTISEMENT (see Neighbor Advertisement message up to MAX_NEIGHBOR_ADVERTISEMENT (see
[18]) times to increase its reliability. It is still possible that [18]) times to increase its reliability. It is still possible that
some nodes on the home link will not receive any of the Neighbor some nodes on the home link will not receive any of the Neighbor
Advertisements, but these nodes will eventually be able to detect the Advertisements, but these nodes will eventually be able to detect the
link-layer address change for the mobile node's address through use link-layer address change for the mobile node's address through use
of Neighbor Unreachability Detection [18]. of Neighbor Unreachability Detection [18].
skipping to change at page 101, line 42 skipping to change at page 99, line 24
This section is a prerequisite for the multicast data packet This section is a prerequisite for the multicast data packet
forwarding, described in the previous section. If this support is forwarding, described in the previous section. If this support is
not provided, multicast group membership control messages are not provided, multicast group membership control messages are
silently ignored. silently ignored.
In order to forward multicast data packets from the home network to In order to forward multicast data packets from the home network to
all the proper mobile nodes, the home agent SHOULD be capable of all the proper mobile nodes, the home agent SHOULD be capable of
receiving tunneled multicast group membership control information receiving tunneled multicast group membership control information
from the mobile node in order to determine which groups the mobile from the mobile node in order to determine which groups the mobile
node has subscribed to. These multicast group membership messages node has subscribed to. These multicast group membership messages
are Listener Report messages specified in MLD [9] or in other are Listener Report messages specified in Multicast Listener
protocols such as [40]. Discovery (MLD) [9] or in other protocols such as [41].
The messages are issued by the mobile node, but sent through the The messages are issued by the mobile node, but sent through the
reverse tunnel to the home agent. These messages are issued whenever reverse tunnel to the home agent. These messages are issued whenever
the mobile node decides to enable reception of packets for a the mobile node decides to enable reception of packets for a
multicast group or in response to an MLD Query from the home agent. multicast group or in response to an MLD Query from the home agent.
The mobile node will also issue multicast group control messages to The mobile node will also issue multicast group control messages to
disable reception of multicast packets when it is no longer disable reception of multicast packets when it is no longer
interested in receiving multicasts for a particular group. interested in receiving multicasts for a particular group.
To obtain the mobile node's current multicast group membership the To obtain the mobile node's current multicast group membership the
skipping to change at page 102, line 24 skipping to change at page 100, line 9
multicast address and have a hop limit of 1, there is no direct multicast address and have a hop limit of 1, there is no direct
forwarding of such packets between the home network and the mobile forwarding of such packets between the home network and the mobile
node. The MLD packets between the mobile node and the home agent are node. The MLD packets between the mobile node and the home agent are
encapsulated within the same tunnel header used for other packet encapsulated within the same tunnel header used for other packet
flows between the mobile node and home agent. flows between the mobile node and home agent.
Note that at this time, even though a link-local source is used on Note that at this time, even though a link-local source is used on
MLD packets, no functionality depends on these addresses being MLD packets, no functionality depends on these addresses being
unique, nor do they elicit direct responses. All MLD messages are unique, nor do they elicit direct responses. All MLD messages are
sent to multicast destinations. To avoid ambiguity on the home sent to multicast destinations. To avoid ambiguity on the home
agent, due to mobile nodes which may choose identical link-local agent, due to mobile nodes that may choose identical link-local
source addresses for their MLD function, it is necessary for the home source addresses for their MLD function, it is necessary for the home
agent to identify which mobile node was actually the issuer of a agent to identify which mobile node was actually the issuer of a
particular MLD message. This may be accomplished by noting which particular MLD message. This may be accomplished by noting which
tunnel such an MLD arrived by, which IPsec SA was used, or by other tunnel such an MLD arrived by, which IPsec security association (SA)
distinguishing means. was used, or by other distinguishing means.
This specification puts no requirement on how the functions in this This specification puts no requirement on how the functions in this
section and the multicast forwarding in Section 10.4.2 are to be section and the multicast forwarding in Section 10.4.2 are to be
achieved. At the time of this writing it was thought that a full achieved. At the time of this writing, it was thought that a full
IPv6 multicast router function would be necessary on the home agent, IPv6 multicast router function would be necessary on the home agent,
but it may be possible to achieve the same effects through a "proxy but it may be possible to achieve the same effects through a "proxy
MLD" application coupled with kernel multicast forwarding. This may MLD" application coupled with kernel multicast forwarding. This may
be the subject of future specifications. be the subject of future specifications.
10.4.4. Stateful Address Autoconfiguration 10.4.4. Stateful Address Autoconfiguration
This section describes how home agents support the use of stateful This section describes how home agents support the use of stateful
address autoconfiguration mechanisms such as DHCPv6 [30] from the address autoconfiguration mechanisms such as DHCPv6 [31] from the
mobile nodes. If this support is not provided, then the M and O bits mobile nodes. If this support is not provided, then the M and O bits
must remain cleared on the Mobile Prefix Advertisement Messages. Any must remain cleared on the Mobile Prefix Advertisement Messages. Any
mobile node which sends DHCPv6 messages to the home agent without mobile node that sends DHCPv6 messages to the home agent without this
this support will not receive a response. support will not receive a response.
If DHCPv6 is used, packets are sent with link-local source addresses If DHCPv6 is used, packets are sent with link-local source addresses
either to a link-scope multicast address or a link-local address. either to a link-scope multicast address or a link-local address.
Mobile nodes desiring to locate a DHCPv6 service may reverse tunnel Mobile nodes desiring to locate a DHCPv6 service may reverse tunnel
standard DHCPv6 packets to the home agent. Since these link-scope standard DHCPv6 packets to the home agent. Since these link-scope
packets cannot be forwarded onto the home network, it is necessary packets cannot be forwarded onto the home network, it is necessary
for the home agent to either implement a DHCPv6 relay agent or a for the home agent to implement either a DHCPv6 relay agent or a
DHCPv6 server function itself. The arriving tunnel or IPsec SA of DHCPv6 server function itself. The arriving tunnel or IPsec SA of
DHCPv6 link-scope messages from the mobile node must be noted so that DHCPv6 link-scope messages from the mobile node must be noted so that
DHCPv6 responses may be sent back to the appropriate mobile node. DHCPv6 responses may be sent back to the appropriate mobile node.
DHCPv6 messages sent to the mobile node with a link-local destination DHCPv6 messages sent to the mobile node with a link-local destination
must be tunneled within the same tunnel header used for other packet must be tunneled within the same tunnel header used for other packet
flows. flows.
10.4.5. Handling Reverse Tunneled Packets 10.4.5. Handling Reverse-Tunneled Packets
Unless a binding has been established between the mobile node and a Unless a binding has been established between the mobile node and a
correspondent node, traffic from the mobile node to the correspondent correspondent node, traffic from the mobile node to the correspondent
node goes through a reverse tunnel. Home agents MUST support reverse node goes through a reverse tunnel. Home agents MUST support reverse
tunneling as follows: tunneling as follows:
o The tunneled traffic arrives to the home agent's address using o The tunneled traffic arrives to the home agent's address using
IPv6 encapsulation [7]. IPv6 encapsulation [7].
o Depending on the security policies used by the home agent, reverse o Depending on the security policies used by the home agent,
tunneled packets MAY be discarded unless accompanied by a valid reverse-tunneled packets MAY be discarded unless accompanied by a
ESP header. The support for authenticated reverse tunneling valid ESP header. The support for authenticated reverse tunneling
allows the home agent to protect the home network and allows the home agent to protect the home network and
correspondent nodes from malicious nodes masquerading as a mobile correspondent nodes from malicious nodes masquerading as a mobile
node. node.
o Otherwise, when a home agent decapsulates a tunneled packet from o Otherwise, when a home agent decapsulates a tunneled packet from
the mobile node, the home agent MUST verify that the Source the mobile node, the home agent MUST verify that the Source
Address in the tunnel IP header is the mobile node's primary Address in the tunnel IP header is the mobile node's primary
care-of address. Otherwise, any node in the Internet could send care-of address. Otherwise, any node in the Internet could send
traffic through the home agent and escape ingress filtering traffic through the home agent and escape ingress filtering
limitations. This simple check forces the attacker to know the limitations. This simple check forces the attacker to know the
skipping to change at page 108, line 11 skipping to change at page 105, line 43
Solicitation (see Section 11.4.2). Solicitation (see Section 11.4.2).
SHOULD: SHOULD:
o A new prefix is added to the home subnet interface(s) of the home o A new prefix is added to the home subnet interface(s) of the home
agent. agent.
MAY: MAY:
o The valid or preferred lifetime or the state of the flags changes o The valid or preferred lifetime or the state of the flags changes
for a prefix which is not used in any Binding Cache entry for this for a prefix that is not used in any Binding Cache entry for this
mobile node. mobile node.
The home agent uses the following algorithm to determine when to send The home agent uses the following algorithm to determine when to send
prefix information to the mobile node. prefix information to the mobile node.
o If a mobile node sends a solicitation, answer right away. o If a mobile node sends a solicitation, answer right away.
o If no Mobile Prefix Advertisement has been sent to the mobile node o If no Mobile Prefix Advertisement has been sent to the mobile node
in the last MaxMobPfxAdvInterval seconds (see Section 13), then in the last MaxMobPfxAdvInterval seconds (see Section 13), then
ensure that a transmission is scheduled. The actual transmission ensure that a transmission is scheduled. The actual transmission
skipping to change at page 108, line 41 skipping to change at page 106, line 27
advertisements to the mobile node. advertisements to the mobile node.
The list of prefixes is sent in its entirety in all cases. The list of prefixes is sent in its entirety in all cases.
If the home agent has already scheduled the transmission of a Mobile If the home agent has already scheduled the transmission of a Mobile
Prefix Advertisement to the mobile node, then the home agent will Prefix Advertisement to the mobile node, then the home agent will
replace the advertisement with a new one to be sent at the scheduled replace the advertisement with a new one to be sent at the scheduled
time. time.
Otherwise, the home agent computes a fresh value for RAND_ADV_DELAY Otherwise, the home agent computes a fresh value for RAND_ADV_DELAY
which offsets from the current time for the scheduled transmission. that offsets from the current time for the scheduled transmission.
First calculate the maximum delay for the scheduled Advertisement: First, calculate the maximum delay for the scheduled Advertisement:
MaxScheduleDelay = min (MaxMobPfxAdvInterval, Preferred Lifetime), MaxScheduleDelay = min (MaxMobPfxAdvInterval, Preferred Lifetime),
where MaxMobPfxAdvInterval is as defined in Section 12. Then compute where MaxMobPfxAdvInterval is as defined in Section 12. Then,
the final delay for the advertisement: compute the final delay for the advertisement:
RAND_ADV_DELAY = MinMobPfxAdvInterval + RAND_ADV_DELAY = MinMobPfxAdvInterval +
(rand() % abs(MaxScheduleDelay - MinMobPfxAdvInterval)) (rand() % abs(MaxScheduleDelay - MinMobPfxAdvInterval))
Here rand() returns a random integer value in the range of 0 to the Here rand() returns a random integer value in the range of 0 to the
maximum possible integer value. This computation is expected to maximum possible integer value. This computation is expected to
alleviate bursts of advertisements when prefix information changes. alleviate bursts of advertisements when prefix information changes.
In addition, a home agent MAY further reduce the rate of packet In addition, a home agent MAY further reduce the rate of packet
transmission by further delaying individual advertisements, when transmission by further delaying individual advertisements, when
necessary to avoid overwhelming local network resources. The home necessary to avoid overwhelming local network resources. The home
skipping to change at page 109, line 22 skipping to change at page 107, line 8
Advertisement to the mobile node, until it is acknowledged by the Advertisement to the mobile node, until it is acknowledged by the
receipt of a Mobile Prefix Solicitation from the mobile node. receipt of a Mobile Prefix Solicitation from the mobile node.
The home agent MUST wait PREFIX_ADV_TIMEOUT (see Section 12) before The home agent MUST wait PREFIX_ADV_TIMEOUT (see Section 12) before
the first retransmission and double the retransmission wait time for the first retransmission and double the retransmission wait time for
every succeeding retransmission until a maximum number of every succeeding retransmission until a maximum number of
PREFIX_ADV_RETRIES attempts (see Section 12) has been tried. If the PREFIX_ADV_RETRIES attempts (see Section 12) has been tried. If the
mobile node's bindings expire before the matching Binding Update has mobile node's bindings expire before the matching Binding Update has
been received, then the home agent MUST NOT attempt any more been received, then the home agent MUST NOT attempt any more
retransmissions, even if not all PREFIX_ADV_RETRIES have been retransmissions, even if not all PREFIX_ADV_RETRIES have been
retransmitted. In the mean time, if the mobile node sends another retransmitted. In the meantime, if the mobile node sends another
Binding Update without returning home, then the home agent SHOULD Binding Update without returning home, then the home agent SHOULD
begin transmitting the unsolicited Advertisement again. begin transmitting the unsolicited Advertisement again.
If some condition, as described above, occurs on the home link and If some condition, as described above, occurs on the home link and
causes another Prefix Advertisement to be sent to the mobile node, causes another Prefix Advertisement to be sent to the mobile node,
before the mobile node acknowledges a previous transmission, the home before the mobile node acknowledges a previous transmission, the home
agent SHOULD combine any Prefix Information options in the agent SHOULD combine any Prefix Information options in the
unacknowledged Mobile Prefix Advertisement into a new Advertisement. unacknowledged Mobile Prefix Advertisement into a new Advertisement.
The home agent then discards the old Advertisement. The home agent then discards the old Advertisement.
skipping to change at page 109, line 46 skipping to change at page 107, line 32
home agent MUST construct the packet as follows: home agent MUST construct the packet as follows:
o The Source Address in the packet's IPv6 header MUST be set to the o The Source Address in the packet's IPv6 header MUST be set to the
home agent's IP address to which the mobile node addressed its home agent's IP address to which the mobile node addressed its
current home registration or its default global home agent address current home registration or its default global home agent address
if no binding exists. if no binding exists.
o If the advertisement was solicited, it MUST be destined to the o If the advertisement was solicited, it MUST be destined to the
source address of the solicitation. If it was triggered by prefix source address of the solicitation. If it was triggered by prefix
changes or renumbering, the advertisement's destination will be changes or renumbering, the advertisement's destination will be
the mobile node's home address in the binding which triggered the the mobile node's home address in the binding that triggered the
rule. rule.
o A type 2 routing header MUST be included with the mobile node's o A type 2 routing header MUST be included with the mobile node's
home address. home address.
o IPsec headers MUST be supported and SHOULD be used. o IPsec headers MUST be supported and SHOULD be used.
o The home agent MUST send the packet as it would any other unicast o The home agent MUST send the packet as it would any other unicast
IPv6 packet that it originates. IPv6 packet that it originates.
skipping to change at page 111, line 14 skipping to change at page 108, line 22
11. Mobile Node Operation 11. Mobile Node Operation
11.1. Conceptual Data Structures 11.1. Conceptual Data Structures
Each mobile node MUST maintain a Binding Update List. Each mobile node MUST maintain a Binding Update List.
The Binding Update List records information for each Binding Update The Binding Update List records information for each Binding Update
sent by this mobile node, in which the lifetime of the binding has sent by this mobile node, in which the lifetime of the binding has
not yet expired. The Binding Update List includes all bindings sent not yet expired. The Binding Update List includes all bindings sent
by the mobile node either to its home agent or correspondent nodes. by the mobile node to either its home agent or correspondent nodes.
It also contains Binding Updates which are waiting for the completion It also contains Binding Updates that are waiting for the completion
of the return routability procedure before they can be sent. of the return routability procedure before they can be sent.
However, for multiple Binding Updates sent to the same destination However, for multiple Binding Updates sent to the same destination
address, the Binding Update List contains only the most recent address, the Binding Update List contains only the most recent
Binding Update (i.e., with the greatest Sequence Number value) sent Binding Update (i.e., with the greatest Sequence Number value) sent
to that destination. The Binding Update List MAY be implemented in to that destination. The Binding Update List MAY be implemented in
any manner consistent with the external behavior described in this any manner consistent with the external behavior described in this
document. document.
Each Binding Update List entry conceptually contains the following Each Binding Update List entry conceptually contains the following
fields: fields:
skipping to change at page 113, line 46 skipping to change at page 111, line 9
relying on Mobile IPv6. If application running on the mobile node relying on Mobile IPv6. If application running on the mobile node
has no particular knowledge that the communication being sent fits has no particular knowledge that the communication being sent fits
within this general type of communication, however, the mobile within this general type of communication, however, the mobile
node should not use its care-of address as the source of the node should not use its care-of address as the source of the
packet in this way. packet in this way.
The choice of the most efficient communications method is The choice of the most efficient communications method is
application specific, and outside the scope of this specification. application specific, and outside the scope of this specification.
The APIs necessary for controlling the choice are also out of The APIs necessary for controlling the choice are also out of
scope. One example of such an API is described in the IPv6 Socket scope. One example of such an API is described in the IPv6 Socket
API for Source Address Selection specification [43]. API for Source Address Selection specification [44].
o While not at its home link, the mobile node MUST NOT use the Home o While not at its home link, the mobile node MUST NOT use the Home
Address destination option when communicating with link-local Address destination option when communicating with link-local
peers. peers.
Similarly, the mobile node MUST NOT use the Home Address Similarly, the mobile node MUST NOT use the Home Address
destination option for IPv6 Neighbor Discovery [18] packets. destination option for IPv6 Neighbor Discovery [18] packets.
Detailed operation of these cases is described later in this section Detailed operation of these cases is described later in this section
and also discussed in [32]. and also discussed in [33].
For packets sent by a mobile node while it is at home, no special For packets sent by a mobile node while it is at home, no special
Mobile IPv6 processing is required. Likewise, if the mobile node Mobile IPv6 processing is required. Likewise, if the mobile node
uses any address other than one of its home addresses as the source uses any address other than one of its home addresses as the source
of a packet sent while away from home, no special Mobile IPv6 of a packet sent while away from home, no special Mobile IPv6
processing is required. In either case, the packet is simply processing is required. In either case, the packet is simply
addressed and transmitted in the same way as any normal IPv6 packet. addressed and transmitted in the same way as any normal IPv6 packet.
For packets sent by the mobile node sent while away from home using For packets sent by the mobile node sent while away from home using
the mobile node's home address as the source, special Mobile IPv6 the mobile node's home address as the source, special Mobile IPv6
skipping to change at page 114, line 32 skipping to change at page 111, line 44
This manner of delivering packets does not require going through This manner of delivering packets does not require going through
the home network, and typically will enable faster and more the home network, and typically will enable faster and more
reliable transmission. reliable transmission.
The mobile node needs to ensure that a Binding Cache entry exists The mobile node needs to ensure that a Binding Cache entry exists
for its home address so that the correspondent node can process for its home address so that the correspondent node can process
the packet (Section 9.3.1 specifies the rules for Home Address the packet (Section 9.3.1 specifies the rules for Home Address
Destination Option Processing at a correspondent node). The Destination Option Processing at a correspondent node). The
mobile node SHOULD examine its Binding Update List for an entry mobile node SHOULD examine its Binding Update List for an entry
which fulfills the following conditions: that fulfills the following conditions:
* The Source Address field of the packet being sent is equal to * The Source Address field of the packet being sent is equal to
the home address in the entry. the home address in the entry.
* The Destination Address field of the packet being sent is equal * The Destination Address field of the packet being sent is equal
to the address of the correspondent node in the entry. to the address of the correspondent node in the entry.
* One of the current care-of addresses of the mobile node appears * One of the current care-of addresses of the mobile node appears
as the care-of address in the entry. as the care-of address in the entry.
* The entry indicates that a binding has been successfully * The entry indicates that a binding has been successfully
created. created.
* The remaining lifetime of the binding is greater than zero. * The remaining lifetime of the binding is greater than zero.
When these conditions are met, the mobile node knows that the When these conditions are met, the mobile node knows that the
correspondent node has a suitable Binding Cache entry. correspondent node has a suitable Binding Cache entry.
A mobile node SHOULD arrange to supply the home address in a Home A mobile node SHOULD arrange to supply the home address in a Home
Address option, and MUST set the IPv6 header's Source Address Address option, and MUST set the IPv6 header's Source Address
field to the care-of address which the mobile node has registered field to the care-of address that the mobile node has registered
to be used with this correspondent node. The correspondent node to be used with this correspondent node. The correspondent node
will then use the address supplied in the Home Address option to will then use the address supplied in the Home Address option to
serve the function traditionally done by the Source IP address in serve the function traditionally done by the Source IP address in
the IPv6 header. The mobile node's home address is then supplied the IPv6 header. The mobile node's home address is then supplied
to higher protocol layers and applications. to higher protocol layers and applications.
Specifically: Specifically:
* Construct the packet using the mobile node's home address as * Construct the packet using the mobile node's home address as
the packet's Source Address, in the same way as if the mobile the packet's Source Address, in the same way as if the mobile
node were at home. This includes the calculation of upper node were at home. This includes the calculation of upper-
layer checksums using the home address as the value of the layer checksums using the home address as the value of the
source. source.
* Insert a Home Address option into the packet with the Home * Insert a Home Address option into the packet with the Home
Address field copied from the original value of the Source Address field copied from the original value of the Source
Address field in the packet. Address field in the packet.
* Change the Source Address field in the packet's IPv6 header to * Change the Source Address field in the packet's IPv6 header to
one of the mobile node's care-of addresses. This will one of the mobile node's care-of addresses. This will
typically be the mobile node's current primary care-of address, typically be the mobile node's current primary care-of address,
but MUST be an address assigned to the interface on the link but MUST be an address assigned to the interface on the link
being used. being used.
By using the care-of address as the Source Address in the IPv6 By using the care-of address as the Source Address in the IPv6
header, with the mobile node's home address instead in the Home header, with the mobile node's home address instead in the Home
Address option, the packet will be able to safely pass through any Address option, the packet will be able to safely pass through any
router implementing ingress filtering [27]. router implementing ingress filtering [27].
Reverse Tunneling Reverse Tunneling
This is the mechanism which tunnels the packets via the home This is the mechanism that tunnels the packets via the home agent.
agent. It is not as efficient as the above mechanism, but is It is not as efficient as the above mechanism, but is needed if
needed if there is no binding yet with the correspondent node. there is no binding yet with the correspondent node.
This mechanism is used for packets that have the mobile node's This mechanism is used for packets that have the mobile node's
home address as the Source Address in the IPv6 header, or with home address as the Source Address in the IPv6 header, or with
multicast control protocol packets as described in Section 11.3.4. multicast control protocol packets as described in Section 11.3.4.
Specifically: Specifically:
* The packet is sent to the home agent using IPv6 encapsulation * The packet is sent to the home agent using IPv6 encapsulation
[7]. [7].
* The Source Address in the tunnel packet is the primary care-of * The Source Address in the tunnel packet is the primary care-of
skipping to change at page 116, line 28 skipping to change at page 113, line 42
sent by a mobile node while away from home. Any specific sent by a mobile node while away from home. Any specific
implementation MAY use algorithms and data structures other than implementation MAY use algorithms and data structures other than
those suggested here, but its processing MUST be consistent with the those suggested here, but its processing MUST be consistent with the
effect of the operation described here and with the relevant IPsec effect of the operation described here and with the relevant IPsec
specifications. In the steps described below, it is assumed that specifications. In the steps described below, it is assumed that
IPsec is being used in transport mode [3] and that the mobile node is IPsec is being used in transport mode [3] and that the mobile node is
using its home address as the source for the packet (from the point using its home address as the source for the packet (from the point
of view of higher protocol layers or applications, as described in of view of higher protocol layers or applications, as described in
Section 11.3.1): Section 11.3.1):
o The packet is created by higher layer protocols and applications o The packet is created by higher-layer protocols and applications
(e.g., by TCP) as if the mobile node were at home and Mobile IPv6 (e.g., by TCP) as if the mobile node were at home and Mobile IPv6
were not being used. were not being used.
o Determine the outgoing interface for the packet. (Note that the o Determine the outgoing interface for the packet. (Note that the
selection between reverse tunneling and route optimization may selection between reverse tunneling and route optimization may
imply different interfaces, particularly if tunnels are considered imply different interfaces, particularly if tunnels are considered
interfaces as well.) interfaces as well.)
o As part of outbound packet processing in IP, the packet is o As part of outbound packet processing in IP, the packet is
compared against the IPsec security policy database to determine compared against the IPsec security policy database to determine
what processing is required for the packet [3]. what processing is required for the packet [3].
o If IPsec processing is required, the packet is either mapped to an o If IPsec processing is required, the packet is either mapped to an
existing Security Association (or SA bundle), or a new SA (or SA existing security association (or SA bundle), or a new SA (or SA
bundle) is created for the packet, according to the procedures bundle) is created for the packet, according to the procedures
defined for IPsec. defined for IPsec.
o Since the mobile node is away from home, the mobile is either o Since the mobile node is away from home, the mobile is using
using reverse tunneling or route optimization to reach the either reverse tunneling or route optimization to reach the
correspondent node. correspondent node.
If reverse tunneling is used, the packet is constructed in the If reverse tunneling is used, the packet is constructed in the
normal manner and then tunneled through the home agent. normal manner and then tunneled through the home agent.
If route optimization is in use, the mobile node inserts a Home If route optimization is in use, the mobile node inserts a Home
Address destination option into the packet, replacing the Source Address destination option into the packet, replacing the Source
Address in the packet's IP header with the care-of address used Address in the packet's IP header with the care-of address used
with this correspondent node, as described in Section 11.3.1. The with this correspondent node, as described in Section 11.3.1. The
Destination Options header in which the Home Address destination Destination Options header in which the Home Address destination
option is inserted MUST appear in the packet after the routing option is inserted MUST appear in the packet after the routing
header, if present, and before the IPsec (AH [4] or ESP [5]) header, if present, and before the IPsec (AH [4] or ESP [5])
header, so that the Home Address destination option is processed header, so that the Home Address destination option is processed
by the destination node before the IPsec header is processed. by the destination node before the IPsec header is processed.
Finally, once the packet is fully assembled, the necessary IPsec Finally, once the packet is fully assembled, the necessary IPsec
authentication (and encryption, if required) processing is authentication (and encryption, if required) processing is
performed on the packet, initializing the Authentication Data in performed on the packet, initializing the Authentication Data in
the IPsec header. the IPsec header.
RFC 4302 treatment of destination options is extended as follows. The treatment of destination options described in RFC 4302 is
The AH authentication data MUST be calculated as if the following extended as follows. The AH authentication data MUST be
were true: calculated as if the following were true:
* the IPv6 source address in the IPv6 header contains the mobile * the IPv6 source address in the IPv6 header contains the mobile
node's home address, node's home address, and
* the Home Address field of the Home Address destination option * the Home Address field of the Home Address destination option
(Section 6.3) contains the new care-of address. (Section 6.3) contains the new care-of address.
o This allows, but does not require, the receiver of the packet o This allows, but does not require, the receiver of the packet
containing a Home Address destination option to exchange the two containing a Home Address destination option to exchange the two
fields of the incoming packet to reach the above situation, fields of the incoming packet to reach the above situation,
simplifying processing for all subsequent packet headers. simplifying processing for all subsequent packet headers.
However, such an exchange is not required, as long as the result However, such an exchange is not required, as long as the result
of the authentication calculation remains the same. of the authentication calculation remains the same.
skipping to change at page 118, line 14 skipping to change at page 115, line 30
The Key Management Mobility Capability (K) bit in Binding Updates and The Key Management Mobility Capability (K) bit in Binding Updates and
Acknowledgements can be used to avoid the need to rerun IKEv2 upon Acknowledgements can be used to avoid the need to rerun IKEv2 upon
movements. movements.
11.3.3. Receiving Packets While Away from Home 11.3.3. Receiving Packets While Away from Home
While away from home, a mobile node will receive packets addressed to While away from home, a mobile node will receive packets addressed to
its home address, by one of two methods: its home address, by one of two methods:
o Packets sent by a correspondent node, that does not have a Binding o Packets sent by a correspondent node that does not have a Binding
Cache entry for the mobile node, will be sent to the home address, Cache entry for the mobile node will be sent to the home address,
captured by the home agent and tunneled to the mobile node. captured by the home agent and tunneled to the mobile node.
o Packets sent by a correspondent node that has a Binding Cache o Packets sent by a correspondent node that has a Binding Cache
entry for the mobile node that contains the mobile node's current entry for the mobile node that contains the mobile node's current
care-of address, will be sent by the correspondent node using a care-of address will be sent by the correspondent node using a
type 2 routing header. The packet will be addressed to the mobile type 2 routing header. The packet will be addressed to the mobile
node's care-of address, with the final hop in the routing header node's care-of address, with the final hop in the routing header
directing the packet to the mobile node's home address; the directing the packet to the mobile node's home address; the
processing of this last hop of the routing header is entirely processing of this last hop of the routing header is entirely
internal to the mobile node, since the care-of address and home internal to the mobile node, since the care-of address and home
address are both addresses within the mobile node. address are both addresses within the mobile node.
For packets received by the first method, the mobile node MUST check For packets received by the first method, the mobile node MUST check
that the IPv6 source address of the tunneled packet is the IP address that the IPv6 source address of the tunneled packet is the IP address
of its home agent. In this method, the mobile node may also send a of its home agent. In this method, the mobile node may also send a
skipping to change at page 119, line 20 skipping to change at page 116, line 37
o The Home Address field in the routing header is one of the node's o The Home Address field in the routing header is one of the node's
home addresses, if the segments left field was 1. Thus, in home addresses, if the segments left field was 1. Thus, in
particular the address field is required to be a unicast routable particular the address field is required to be a unicast routable
address. address.
Once the above checks have been performed, the node swaps the IPv6 Once the above checks have been performed, the node swaps the IPv6
destination field with the Home Address field in the routing header, destination field with the Home Address field in the routing header,
decrements segments left by one from the value it had on the wire, decrements segments left by one from the value it had on the wire,
and resubmits the packet to IP for processing the next header. and resubmits the packet to IP for processing the next header.
Conceptually, this follows the same model as in RFC 2460. However, Conceptually, this follows the same model as in RFC 2460. However,
in the case of type 2 routing header this can be simplified since it in the case of the type 2 routing header, this can be simplified
is known that the packet will not be forwarded to a different node. since it is known that the packet will not be forwarded to a
different node.
The definition of AH requires the sender to calculate the AH The definition of AH requires the sender to calculate the AH
integrity check value of a routing header in the same way it appears integrity check value of a routing header in the same way it appears
in the receiver after it has processed the header. Since IPsec in the receiver after it has processed the header. Since IPsec
headers follow the routing header, any IPsec processing will operate headers follow the routing header, any IPsec processing will operate
on the packet with the home address in the IP destination field and on the packet with the home address in the IP destination field and
segments left being zero. Thus, the AH calculations at the sender segments left being zero. Thus, the AH calculations at the sender
and receiver will have an identical view of the packet. and receiver will have an identical view of the packet.
11.3.4. Routing Multicast Packets 11.3.4. Routing Multicast Packets
skipping to change at page 119, line 46 skipping to change at page 117, line 20
receivers. Therefore, this section describes the behavior of a receivers. Therefore, this section describes the behavior of a
mobile node that is not on its home link. mobile node that is not on its home link.
In order to receive packets sent to some multicast group, a mobile In order to receive packets sent to some multicast group, a mobile
node must join that multicast group. One method, in which a mobile node must join that multicast group. One method, in which a mobile
node MAY join the group, is via a (local) multicast router on the node MAY join the group, is via a (local) multicast router on the
foreign link being visited. In this case, the mobile node MUST use foreign link being visited. In this case, the mobile node MUST use
its care-of address and MUST NOT use the Home Address destination its care-of address and MUST NOT use the Home Address destination
option when sending MLD packets [9]. option when sending MLD packets [9].
Alternatively, a mobile node MAY join multicast groups via a bi- Alternatively, a mobile node MAY join multicast groups via a
directional tunnel to its home agent. The mobile node tunnels its bidirectional tunnel to its home agent. The mobile node tunnels its
multicast group membership control packets (such as those defined in multicast group membership control packets (such as those defined in
[9] or in [40]) to its home agent, and the home agent forwards [9] or in [41]) to its home agent, and the home agent forwards
multicast packets down the tunnel to the mobile node. A mobile node multicast packets down the tunnel to the mobile node. A mobile node
MUST NOT tunnel multicast group membership control packets until (1) MUST NOT tunnel multicast group membership control packets until (1)
the mobile node has a binding in place at the home agent, and (2) the the mobile node has a binding in place at the home agent, and (2) the
latter sends at least one multicast group membership control packet latter sends at least one multicast group membership control packet
via the tunnel. Once this condition is true, the mobile node SHOULD via the tunnel. Once this condition is true, the mobile node SHOULD
assume it does not change as long as the binding does not expire. assume it does not change as long as the binding does not expire.
A mobile node that wishes to send packets to a multicast group also A mobile node that wishes to send packets to a multicast group also
has two options: has two options:
1. Send directly on the foreign link being visited. 1. Send directly on the foreign link being visited.
To do this, the application uses the care-of address as a source To do this, the application uses the care-of address as a source
address for multicast traffic, just as it would use a stationary address for multicast traffic, just as it would use a stationary
address. This requires that the application either knows the address. This requires that the application either knows the
care-of address, or uses an API such as the IPv6 Socket API for care-of address, or uses an API such as the IPv6 Socket API for
Source Address Selection specification [43] to request that the Source Address Selection specification [44] to request that the
care-of address be used as the source address in transmitted care-of address be used as the source address in transmitted
packets. The mobile node MUST NOT use Home Address destination packets. The mobile node MUST NOT use the Home Address
option in such traffic. destination option in such traffic.
2. Send via a tunnel to its home agent. 2. Send via a tunnel to its home agent.
Because multicast routing in general depends upon the Source Because multicast routing in general depends upon the Source
Address used in the IPv6 header of the multicast packet, a mobile Address used in the IPv6 header of the multicast packet, a mobile
node that tunnels a multicast packet to its home agent MUST use node that tunnels a multicast packet to its home agent MUST use
its home address as the IPv6 Source Address of the inner its home address as the IPv6 Source Address of the inner
multicast packet. multicast packet.
Note that direct sending from the foreign link is only applicable Note that direct sending from the foreign link is only applicable
while the mobile node is at that foreign link. This is because the while the mobile node is at that foreign link. This is because the
associated multicast tree is specific to that source location and any associated multicast tree is specific to that source location and any
change of location and source address will invalidate the source change of location and source address will invalidate the source-
specific tree or branch and the application context of the other specific tree or branch and the application context of the other
multicast group members. multicast group members.
This specification does not provide mechanisms to enable such local This specification does not provide mechanisms to enable such local
multicast session to survive hand-off and to seamlessly continue from multicast session to survive hand-off and to seamlessly continue from
a new care-of address on each new foreign link. Any such mechanism, a new care-of address on each new foreign link. Any such mechanism,
developed as an extension to this specification, needs to take into developed as an extension to this specification, needs to take into
account the impact of fast moving mobile nodes on the Internet account the impact of fast moving mobile nodes on the Internet
multicast routing protocols and their ability to maintain the multicast routing protocols and their ability to maintain the
integrity of source specific multicast trees and branches. integrity of source specific multicast trees and branches.
While the use of bidirectional tunneling can ensure that multicast While the use of bidirectional tunneling can ensure that multicast
trees are independent of the mobile nodes movement, in some case such trees are independent of the mobile nodes movement, in some case such
tunneling can have adverse affects. The latency of specific types of tunneling can have adverse effects. The latency of specific types of
multicast applications (such as multicast based discovery protocols) multicast applications (such as multicast-based discovery protocols)
will be affected when the round-trip time between the foreign subnet will be affected when the round-trip time between the foreign subnet
and the home agent is significant compared to that of the topology to and the home agent is significant compared to that of the topology to
be discovered. In addition, the delivery tree from the home agent in be discovered. In addition, the delivery tree from the home agent in
such circumstances relies on unicast encapsulation from the agent to such circumstances relies on unicast encapsulation from the agent to
the mobile node. Therefore, bandwidth usage is inefficient compared the mobile node. Therefore, bandwidth usage is inefficient compared
to the native multicast forwarding in the foreign multicast system. to the native multicast forwarding in the foreign multicast system.
11.3.5. Receiving ICMP Error Messages 11.3.5. Receiving ICMP Error Messages
Any node that does not recognize the Mobility header will return an Any node that does not recognize the Mobility header will return an
skipping to change at page 121, line 37 skipping to change at page 119, line 20
Parameter Problem, Code 2, message from some node indicating that it Parameter Problem, Code 2, message from some node indicating that it
does not support the Home Address option, the mobile node SHOULD log does not support the Home Address option, the mobile node SHOULD log
the error and then discard the ICMP message. the error and then discard the ICMP message.
11.3.6. Receiving Binding Error Messages 11.3.6. Receiving Binding Error Messages
When a mobile node receives a packet containing a Binding Error When a mobile node receives a packet containing a Binding Error
message, it should first check if the mobile node has a Binding message, it should first check if the mobile node has a Binding
Update List entry for the source of the Binding Error message. If Update List entry for the source of the Binding Error message. If
the mobile node does not have such an entry, it MUST ignore the the mobile node does not have such an entry, it MUST ignore the
message. This is necessary to prevent a waste of resources on, e.g., message. This is necessary to prevent a waste of resources, e.g., on
return routability procedure due to spoofed Binding Error messages. return routability procedure due to spoofed Binding Error messages.
Otherwise, if the message Status field was 1 (unknown binding for Otherwise, if the message Status field was 1 (unknown binding for
Home Address destination option), the mobile node should perform one Home Address destination option), the mobile node should perform one
of the following three actions: of the following three actions:
o If the Binding Error Message was sent by the Home Agent, the o If the Binding Error Message was sent by the home agent, the
Mobile Node SHOULD send a Binding Update to the Home Agent mobile node SHOULD send a Binding Update to the home agent
according to Section 11.7.1. according to Section 11.7.1.
o If the mobile node has recent upper layer progress information, o If the mobile node has recent upper-layer progress information,
which indicates that communications with the correspondent node which indicates that communications with the correspondent node
are progressing, it MAY ignore the message. This can be done in are progressing, it MAY ignore the message. This can be done in
order to limit the damage that spoofed Binding Error messages can order to limit the damage that spoofed Binding Error messages can
cause to ongoing communications. cause to ongoing communications.
o If the mobile node has no upper layer progress information, it o If the mobile node has no upper-layer progress information, it
MUST remove the entry and route further communications through the MUST remove the entry and route further communications through the
home agent. It MAY also optionally start a return routability home agent. It MAY also optionally start a return routability
procedure (see Section 5.2). procedure (see Section 5.2).
If the message Status field was 2 (unrecognized MH Type value), the If the message Status field was 2 (unrecognized MH Type value), the
mobile node should perform one of the following two actions: mobile node should perform one of the following two actions:
o If the mobile node is not expecting an acknowledgement or response o If the mobile node is not expecting an acknowledgement or response
from the correspondent node, the mobile node SHOULD ignore this from the correspondent node, the mobile node SHOULD ignore this
message. message.
skipping to change at page 124, line 43 skipping to change at page 122, line 26
o The Source Address of the IP packet carrying the Mobile Prefix o The Source Address of the IP packet carrying the Mobile Prefix
Advertisement is the same as the home agent address to which the Advertisement is the same as the home agent address to which the
mobile node last sent an accepted home registration Binding Update mobile node last sent an accepted home registration Binding Update
to register its primary care-of address. Otherwise, if no such to register its primary care-of address. Otherwise, if no such
registrations have been made, it SHOULD be the mobile node's registrations have been made, it SHOULD be the mobile node's
stored home agent address, if one exists. Otherwise, if the stored home agent address, if one exists. Otherwise, if the
mobile node has not yet discovered its home agent's address, it mobile node has not yet discovered its home agent's address, it
MUST NOT accept Mobile Prefix Advertisements. MUST NOT accept Mobile Prefix Advertisements.
o The packet MUST have a type 2 routing header and SHOULD be o The packet MUST have a type 2 routing header and SHOULD be
protected by an IPsec header as described in Section 5.4 and protected by an IPsec header as described in Sections 5.4 and 6.8.
Section 6.8.
o If the ICMP Identifier value matches the ICMP Identifier value of o If the ICMP Identifier value matches the ICMP Identifier value of
the most recently sent Mobile Prefix Solicitation and no other the most recently sent Mobile Prefix Solicitation and no other
advertisement has yet been received for this value, then the advertisement has yet been received for this value, then the
advertisement is considered to be solicited and will be processed advertisement is considered to be solicited and will be processed
further. further.
Otherwise, the advertisement is unsolicited, and MUST be Otherwise, the advertisement is unsolicited, and MUST be
discarded. In this case the mobile node SHOULD send a Mobile discarded. In this case the mobile node SHOULD send a Mobile
Prefix Solicitation. Prefix Solicitation.
skipping to change at page 125, line 37 skipping to change at page 123, line 19
is still necessary to add policy entries to protect the is still necessary to add policy entries to protect the
communications involving the home address(es). Mechanisms for communications involving the home address(es). Mechanisms for
setting up these entries are outside the scope of this specification. setting up these entries are outside the scope of this specification.
11.5. Movement 11.5. Movement
11.5.1. Movement Detection 11.5.1. Movement Detection
The primary goal of movement detection is to detect L3 handovers. The primary goal of movement detection is to detect L3 handovers.
This section does not attempt to specify a fast movement detection This section does not attempt to specify a fast movement detection
algorithm which will function optimally for all types of algorithm that will function optimally for all types of applications,
applications, link-layers and deployment scenarios; instead, it link layers, and deployment scenarios; instead, it describes a
describes a generic method that uses the facilities of IPv6 Neighbor generic method that uses the facilities of IPv6 Neighbor Discovery,
Discovery, including Router Discovery and Neighbor Unreachability including Router Discovery and Neighbor Unreachability Detection. At
Detection. At the time of this writing, this method is considered the time of this writing, this method is considered well enough
well enough understood to recommend for standardization, however it understood to recommend for standardization; however, it is expected
is expected that future versions of this specification or other that future versions of this specification or other specifications
specifications may contain updated versions of the movement detection may contain updated versions of the movement detection algorithm that
algorithm that have better performance. have better performance.
Generic movement detection uses Neighbor Unreachability Detection to Generic movement detection uses Neighbor Unreachability Detection to
detect when the default router is no longer bi-directionally detect when the default router is no longer bidirectionally
reachable, in which case the mobile node must discover a new default reachable, in which case the mobile node must discover a new default
router (usually on a new link). However, this detection only occurs router (usually on a new link). However, this detection only occurs
when the mobile node has packets to send, and in the absence of when the mobile node has packets to send, and in the absence of
frequent Router Advertisements or indications from the link-layer, frequent Router Advertisements or indications from the link-layer,
the mobile node might become unaware of an L3 handover that occurred. the mobile node might become unaware of an L3 handover that occurred.
Therefore, the mobile node should supplement this method with other Therefore, the mobile node should supplement this method with other
information whenever it is available to the mobile node (e.g., from information whenever it is available to the mobile node (e.g., from
lower protocol layers). lower protocol layers).
When the mobile node detects an L3 handover, it performs Duplicate When the mobile node detects an L3 handover, it performs Duplicate
Address Detection [19] on its link-local address, selects a new Address Detection [19] on its link-local address, selects a new
default router as a consequence of Router Discovery, and then default router as a consequence of Router Discovery, and then
performs Prefix Discovery with that new router to form new care-of performs prefix discovery with that new router to form new care-of
address(es) as described in Section 11.5.3. It then registers its address(es) as described in Section 11.5.3. It then registers its
new primary care-of address with its home agent as described in new primary care-of address with its home agent as described in
Section 11.7.1. After updating its home registration, the mobile Section 11.7.1. After updating its home registration, the mobile
node then updates associated mobility bindings in correspondent nodes node then updates associated mobility bindings in correspondent nodes
that it is performing route optimization with as specified in that it is performing route optimization with as specified in
Section 11.7.2. Section 11.7.2.
Due to the temporary packet flow disruption and signaling overhead Due to the temporary packet flow disruption and signaling overhead
involved in updating mobility bindings, the mobile node should avoid involved in updating mobility bindings, the mobile node should avoid
performing an L3 handover until it is strictly necessary. performing an L3 handover until it is strictly necessary.
skipping to change at page 126, line 23 skipping to change at page 124, line 8
address(es) as described in Section 11.5.3. It then registers its address(es) as described in Section 11.5.3. It then registers its
new primary care-of address with its home agent as described in new primary care-of address with its home agent as described in
Section 11.7.1. After updating its home registration, the mobile Section 11.7.1. After updating its home registration, the mobile
node then updates associated mobility bindings in correspondent nodes node then updates associated mobility bindings in correspondent nodes
that it is performing route optimization with as specified in that it is performing route optimization with as specified in
Section 11.7.2. Section 11.7.2.
Due to the temporary packet flow disruption and signaling overhead Due to the temporary packet flow disruption and signaling overhead
involved in updating mobility bindings, the mobile node should avoid involved in updating mobility bindings, the mobile node should avoid
performing an L3 handover until it is strictly necessary. performing an L3 handover until it is strictly necessary.
Specifically, when the mobile node receives a Router Advertisement Specifically, when the mobile node receives a Router Advertisement
from a new router that contains a different set of on-link prefixes, from a new router that contains a different set of on-link prefixes,
if the mobile node detects that the currently selected default router if the mobile node detects that the currently selected default router
on the old link is still bi-directionally reachable, it should on the old link is still bidirectionally reachable, it should
generally continue to use the old router on the old link rather than generally continue to use the old router on the old link rather than
switch away from it to use a new default router. switch away from it to use a new default router.
Mobile nodes can use the information in received Router Mobile nodes can use the information in received Router
Advertisements to detect L3 handovers. In doing so the mobile node Advertisements to detect L3 handovers. In doing so the mobile node
needs to consider the following issues: needs to consider the following issues:
o There might be multiple routers on the same link, thus hearing a o There might be multiple routers on the same link. Thus, hearing a
new router does not necessarily constitute an L3 handover. new router does not necessarily constitute an L3 handover.
o When there are multiple routers on the same link they might o When there are multiple routers on the same link they might
advertise different prefixes. Thus even hearing a new router with advertise different prefixes. Thus, even hearing a new router
a new prefix might not be a reliable indication of an L3 handover. with a new prefix might not be a reliable indication of an L3
handover.
o The link-local addresses of routers are not globally unique, hence o The link-local addresses of routers are not globally unique, hence
after completing an L3 handover the mobile node might continue to after completing an L3 handover the mobile node might continue to
receive Router Advertisements with the same link-local source receive Router Advertisements with the same link-local source
address. This might be common if routers use the same link-local address. This might be common if routers use the same link-local
address on multiple interfaces. This issue can be avoided when address on multiple interfaces. This issue can be avoided when
routers use the Router Address (R) bit, since that provides a routers use the Router Address (R) bit, since that provides a
global address of the router. global address of the router.
In addition, the mobile node should consider the following events as In addition, the mobile node should consider the following events as
skipping to change at page 127, line 24 skipping to change at page 125, line 11
amount of time elapses without the mobile node receiving any amount of time elapses without the mobile node receiving any
Advertisement from this router, the mobile node can be sure that Advertisement from this router, the mobile node can be sure that
at least one Advertisement sent by the router has been lost. The at least one Advertisement sent by the router has been lost. The
mobile node can then implement its own policy to determine how mobile node can then implement its own policy to determine how
many lost Advertisements from its current default router many lost Advertisements from its current default router
constitute an L3 handover indication. constitute an L3 handover indication.
o Neighbor Unreachability Detection determines that the default o Neighbor Unreachability Detection determines that the default
router is no longer reachable. router is no longer reachable.
o With some types of networks, notification that a L2 handover has o With some types of networks, notification that an L2 handover has
occurred might be obtained from lower layer protocols or device occurred might be obtained from lower-layer protocols or device
driver software within the mobile node. While further details driver software within the mobile node. While further details
around handling L2 indications as movement hints is an item for around handling L2 indications as movement hints is an item for
further study, at the time of writing this specification the further study, at the time of writing this specification the
following is considered reasonable: following is considered reasonable:
A L2 handover indication may or may not imply L2 movement and L2 An L2 handover indication may or may not imply L2 movement and L2
movement may or may not imply L3 movement; the correlations might movement may or may not imply L3 movement; the correlations might
be a function of the type of L2 but might also be a function of be a function of the type of L2 but might also be a function of
actual deployment of the wireless topology. actual deployment of the wireless topology.
Unless it is well-known that a L2 handover indication is likely to Unless it is well-known that an L2 handover indication is likely
imply L3 movement, instead of immediately multicasting a router to imply L3 movement, instead of immediately multicasting a router
solicitation it may be better to attempt to verify whether the solicitation it may be better to attempt to verify whether the
default router is still bi-directionally reachable. This can be default router is still bidirectionally reachable. This can be
accomplished by sending a unicast Neighbor Solicitation and accomplished by sending a unicast Neighbor Solicitation and
waiting for a Neighbor Advertisement with the solicited flag set. waiting for a Neighbor Advertisement with the Solicited flag set.
Note that this is similar to Neighbor Unreachability detection but Note that this is similar to Neighbor Unreachability detection,
it does not have the same state machine, such as the STALE state. but it does not have the same state machine, such as the STALE
state.
If the default router does not respond to the Neighbor If the default router does not respond to the Neighbor
Solicitation it makes sense to proceed to multicasting a Router Solicitation it makes sense to proceed to multicasting a Router
Solicitation. Solicitation.
11.5.2. Home Link Detection 11.5.2. Home Link Detection
When an MN detects that it has arrived on a new link using the When an MN detects that it has arrived on a new link using the
movement detection algorithm in use (Section 11.5.1,) or on movement detection algorithm in use (Section 11.5.1) or on
bootstrapping, it performs the following steps to determine if it is bootstrapping, it performs the following steps to determine if it is
on the home link. on the home link.
o The MN performs the procedure described in Section 11.5.3 and o The MN performs the procedure described in Section 11.5.3 and
configures an address. It also keeps track of all the on-link configures an address. It also keeps track of all the on-link
prefix(es) received in the RA along with their prefix lengths. prefix(es) received in the RA along with their prefix lengths.
o If the home prefix has not been statically configured the MN uses o If the home prefix has not been statically configured the MN uses
some form of bootstrapping procedure (e.g. RFC5026 [22]) to some form of bootstrapping procedure (e.g., RFC 5026 [22]) to
determine the home prefix. determine the home prefix.
o Given the availability of the home prefix, the MN checks whether o Given the availability of the home prefix, the MN checks whether
or not the home prefix matches one of the prefixes received in the or not the home prefix matches one of the prefixes received in the
RA. If it does, the MN concludes that it is connected to the home RA. If it does, the MN concludes that it is connected to the home
link. link.
11.5.3. Forming New Care-of Addresses 11.5.3. Forming New Care-of Addresses
After detecting that it has moved a mobile node SHOULD generate a new After detecting that it has moved a mobile node SHOULD generate a new
skipping to change at page 128, line 49 skipping to change at page 126, line 34
care-of address for any or all of the prefixes on its current link. care-of address for any or all of the prefixes on its current link.
Furthermore, since a wireless network interface may actually allow a Furthermore, since a wireless network interface may actually allow a
mobile node to be reachable on more than one link at a time (i.e., mobile node to be reachable on more than one link at a time (i.e.,
within wireless transmitter range of routers on more than one within wireless transmitter range of routers on more than one
separate link), a mobile node MAY have care-of addresses on more than separate link), a mobile node MAY have care-of addresses on more than
one link at a time. The use of more than one care-of address at a one link at a time. The use of more than one care-of address at a
time is described in Section 11.5.4. time is described in Section 11.5.4.
As described in Section 4, in order to form a new care-of address, a As described in Section 4, in order to form a new care-of address, a
mobile node MAY use either stateless [19] or stateful (e.g., DHCPv6 mobile node MAY use either stateless [19] or stateful (e.g., DHCPv6
[30]) Address Autoconfiguration. If a mobile node needs to use a [31]) Address Autoconfiguration. If a mobile node needs to use a
source address (other than the unspecified address) in packets sent source address (other than the unspecified address) in packets sent
as a part of address autoconfiguration, it MUST use an IPv6 link- as a part of address autoconfiguration, it MUST use an IPv6 link-
local address rather than its own IPv6 home address. local address rather than its own IPv6 home address.
RFC 4862 [19] specifies that in normal processing for Duplicate RFC 4862 [19] specifies that in normal processing for Duplicate
Address Detection, the node SHOULD delay sending the initial Neighbor Address Detection, the node SHOULD delay sending the initial Neighbor
Solicitation message by a random delay between 0 and Solicitation message by a random delay between 0 and
MAX_RTR_SOLICITATION_DELAY. Since delaying DAD can result in MAX_RTR_SOLICITATION_DELAY. Since delaying Duplicate Address
significant delays in configuring a new care-of address when the Detection (DAD) can result in significant delays in configuring a new
Mobile Node moves to a new link, the Mobile Node preferably SHOULD care-of address when the mobile node moves to a new link, the mobile
NOT delay DAD when configuring a new care-of address. The Mobile node preferably SHOULD NOT delay DAD when configuring a new care-of
Node SHOULD delay according to the mechanisms specified in RFC 4862 address. The mobile node SHOULD delay according to the mechanisms
unless the implementation has a behavior that desynchronizes the specified in RFC 4862 unless the implementation has a behavior that
steps that happen before the DAD in the case that multiple nodes desynchronizes the steps that happen before the DAD in the case that
experience handover at the same time. Such desynchronizing behaviors multiple nodes experience handover at the same time. Such
might be due to random delays in the L2 protocols or device drivers, desynchronizing behaviors might be due to random delays in the L2
or due to the movement detection mechanism that is used. protocols or device drivers, or due to the movement detection
mechanism that is used.
11.5.4. Using Multiple Care-of Addresses 11.5.4. Using Multiple Care-of Addresses
As described in Section 11.5.3, a mobile node MAY use more than one As described in Section 11.5.3, a mobile node MAY use more than one
care-of address at a time. Particularly in the case of many wireless care-of address at a time. Particularly in the case of many wireless
networks, a mobile node effectively might be reachable through networks, a mobile node effectively might be reachable through
multiple links at the same time (e.g., with overlapping wireless multiple links at the same time (e.g., with overlapping wireless
cells), on which different on-link subnet prefixes may exist. The cells), on which different on-link subnet prefixes may exist. The
mobile node MUST ensure that its primary care-of address always has a mobile node MUST ensure that its primary care-of address always has a
prefix that is advertised by its current default router. After prefix that is advertised by its current default router. After
skipping to change at page 129, line 41 skipping to change at page 127, line 27
Acknowledge (A) bits set its home agent, as described on Acknowledge (A) bits set its home agent, as described on
Section 11.7.1. Section 11.7.1.
To assist with smooth handovers, a mobile node SHOULD retain its To assist with smooth handovers, a mobile node SHOULD retain its
previous primary care-of address as a (non-primary) care-of address, previous primary care-of address as a (non-primary) care-of address,
and SHOULD still accept packets at this address, even after and SHOULD still accept packets at this address, even after
registering its new primary care-of address with its home agent. registering its new primary care-of address with its home agent.
This is reasonable, since the mobile node could only receive packets This is reasonable, since the mobile node could only receive packets
at its previous primary care-of address if it were indeed still at its previous primary care-of address if it were indeed still
connected to that link. If the previous primary care-of address was connected to that link. If the previous primary care-of address was
allocated using stateful Address Autoconfiguration [30], the mobile allocated using stateful Address Autoconfiguration [31], the mobile
node may not wish to release the address immediately upon switching node may not wish to release the address immediately upon switching
to a new primary care-of address. to a new primary care-of address.
Whenever a mobile node determines that it is no longer reachable Whenever a mobile node determines that it is no longer reachable
through a given link, it SHOULD invalidate all care-of addresses through a given link, it SHOULD invalidate all care-of addresses
associated with address prefixes that it discovered from routers on associated with address prefixes that it discovered from routers on
the unreachable link which are not in the current set of address the unreachable link that are not in the current set of address
prefixes advertised by the (possibly new) current default router. prefixes advertised by the (possibly new) current default router.
11.5.5. Returning Home 11.5.5. Returning Home
A mobile node detects that it has returned to its home link through A mobile node detects that it has returned to its home link through
the movement detection algorithm in use (Section 11.5.2), when the the movement detection algorithm in use (Section 11.5.2), when the
mobile node detects that its home subnet prefix is again on-link. To mobile node detects that its home subnet prefix is again on-link. To
be able to send and receive packets using its home address from the be able to send and receive packets using its home address from the
home link, the mobile node MUST send a Binding Update to its home home link, the mobile node MUST send a Binding Update to its home
agent to instruct its home agent to no longer intercept or tunnel agent to instruct its home agent to no longer intercept or tunnel
skipping to change at page 130, line 46 skipping to change at page 128, line 32
learned the home agent's link-layer address from a Source Link-Layer learned the home agent's link-layer address from a Source Link-Layer
Address option in a Router Advertisement. However, if there are Address option in a Router Advertisement. However, if there are
multiple home agents it may still be necessary to send a multiple home agents it may still be necessary to send a
solicitation. In this special case of the mobile node returning solicitation. In this special case of the mobile node returning
home, the mobile node MUST multicast the packet, and in addition set home, the mobile node MUST multicast the packet, and in addition set
the Source Address of this Neighbor Solicitation to the unspecified the Source Address of this Neighbor Solicitation to the unspecified
address (0:0:0:0:0:0:0:0). The target of the Neighbor Solicitation address (0:0:0:0:0:0:0:0). The target of the Neighbor Solicitation
MUST be set to the mobile node's home address. The destination IP MUST be set to the mobile node's home address. The destination IP
address MUST be set to the Solicited-Node multicast address [16]. address MUST be set to the Solicited-Node multicast address [16].
The home agent will send a multicast Neighbor Advertisement back to The home agent will send a multicast Neighbor Advertisement back to
the mobile node with the Solicited flag (S) set to zero. In any the mobile node with the Solicited (S) flag set to zero. In any
case, the mobile node SHOULD record the information from the Source case, the mobile node SHOULD record the information from the Source
Link-Layer Address option or from the advertisement, and set the Link-Layer Address option or from the advertisement, and set the
state of the Neighbor Cache entry for the home agent to REACHABLE. state of the Neighbor Cache entry for the home agent to REACHABLE.
The mobile node then sends its Binding Update to the home agent's The mobile node then sends its Binding Update to the home agent's
link-layer address, instructing its home agent to no longer serve as link-layer address, instructing its home agent to no longer serve as
a home agent for it. By processing this Binding Update, the home a home agent for it. By processing this Binding Update, the home
agent will cease defending the mobile node's home address for agent will cease defending the mobile node's home address for
Duplicate Address Detection and will no longer respond to Neighbor Duplicate Address Detection and will no longer respond to Neighbor
Solicitations for the mobile node's home address. The mobile node is Solicitations for the mobile node's home address. The mobile node is
skipping to change at page 131, line 20 skipping to change at page 129, line 8
expiration of a current binding for its home address, and configuring expiration of a current binding for its home address, and configuring
its home address on its network interface on its home link, the its home address on its network interface on its home link, the
mobile node MUST NOT perform Duplicate Address Detection on its own mobile node MUST NOT perform Duplicate Address Detection on its own
home address, in order to avoid confusion or conflict with its home home address, in order to avoid confusion or conflict with its home
agent's use of the same address. This rule also applies to the agent's use of the same address. This rule also applies to the
derived link-local address of the mobile node, if the Link Local derived link-local address of the mobile node, if the Link Local
Address Compatibility (L) bit was set when the binding was created. Address Compatibility (L) bit was set when the binding was created.
If the mobile node returns home after the bindings for all of its If the mobile node returns home after the bindings for all of its
care-of addresses have expired, then it SHOULD perform DAD. care-of addresses have expired, then it SHOULD perform DAD.
After the Mobile Node sends the Binding Update, it MUST be prepared After the mobile node sends the Binding Update, it MUST be prepared
to reply to Neighbor Solicitations for its home address. Such to reply to Neighbor Solicitations for its home address. Such
replies MUST be sent using a unicast Neighbor Advertisement to the replies MUST be sent using a unicast Neighbor Advertisement to the
sender's link-layer address. It is necessary to reply, since sending sender's link-layer address. It is necessary to reply, since sending
the Binding Acknowledgement from the home agent may require the Binding Acknowledgement from the home agent may require
performing Neighbor Discovery, and the mobile node may not be able to performing Neighbor Discovery, and the mobile node may not be able to
distinguish Neighbor Solicitations coming from the home agent from distinguish Neighbor Solicitations coming from the home agent from
other Neighbor Solicitations. Note that a race condition exists other Neighbor Solicitations. Note that a race condition exists
where both the mobile node and the home agent respond to the same where both the mobile node and the home agent respond to the same
solicitations sent by other nodes; this will be only temporary, solicitations sent by other nodes; this will be only temporary,
however, until the Binding Update is accepted. however, until the Binding Update is accepted.
skipping to change at page 131, line 42 skipping to change at page 129, line 30
After receiving the Binding Acknowledgement for its Binding Update to After receiving the Binding Acknowledgement for its Binding Update to
its home agent, the mobile node MUST multicast onto the home link (to its home agent, the mobile node MUST multicast onto the home link (to
the all-nodes multicast address) a Neighbor Advertisement [18], to the all-nodes multicast address) a Neighbor Advertisement [18], to
advertise the mobile node's own link-layer address for its own home advertise the mobile node's own link-layer address for its own home
address. The Target Address in this Neighbor Advertisement MUST be address. The Target Address in this Neighbor Advertisement MUST be
set to the mobile node's home address, and the Advertisement MUST set to the mobile node's home address, and the Advertisement MUST
include a Target Link-layer Address option specifying the mobile include a Target Link-layer Address option specifying the mobile
node's link-layer address. The mobile node MUST multicast such a node's link-layer address. The mobile node MUST multicast such a
Neighbor Advertisement for each of its home addresses, as defined by Neighbor Advertisement for each of its home addresses, as defined by
the current on-link prefixes, including its link-local address. The the current on-link prefixes, including its link-local address. The
Solicited Flag (S) in these Advertisements MUST NOT be set, since Solicited (S) flag in these Advertisements MUST NOT be set, since
they were not solicited by any Neighbor Solicitation. The Override they were not solicited by any Neighbor Solicitation. The Override
Flag (O) in these Advertisements MUST be set, indicating that the (O) flag in these Advertisements MUST be set, indicating that the
Advertisements SHOULD override any existing Neighbor Cache entries at Advertisements SHOULD override any existing Neighbor Cache entries at
any node receiving them. any node receiving them.
Since multicasting on the local link (such as Ethernet) is typically Since multicasting on the local link (such as Ethernet) is typically
not guaranteed to be reliable, the mobile node MAY retransmit these not guaranteed to be reliable, the mobile node MAY retransmit these
Neighbor Advertisements [18] up to MAX_NEIGHBOR_ADVERTISEMENT times Neighbor Advertisements [18] up to MAX_NEIGHBOR_ADVERTISEMENT times
to increase their reliability. It is still possible that some nodes to increase their reliability. It is still possible that some nodes
on the home link will not receive any of these Neighbor on the home link will not receive any of these Neighbor
Advertisements, but these nodes will eventually be able to recover Advertisements, but these nodes will eventually be able to recover
through use of Neighbor Unreachability Detection [18]. through use of Neighbor Unreachability Detection [18].
skipping to change at page 132, line 22 skipping to change at page 130, line 16
This section defines the rules that the mobile node must follow when This section defines the rules that the mobile node must follow when
performing the return routability procedure. Section 11.7.2 performing the return routability procedure. Section 11.7.2
describes the rules when the return routability procedure needs to be describes the rules when the return routability procedure needs to be
initiated. initiated.
11.6.1. Sending Test Init Messages 11.6.1. Sending Test Init Messages
A mobile node that initiates a return routability procedure MUST send A mobile node that initiates a return routability procedure MUST send
(in parallel) a Home Test Init message and a Care-of Test Init (in parallel) a Home Test Init message and a Care-of Test Init
messages. However, if the mobile node has recently received (see message. However, if the mobile node has recently received (see
Section 5.2.7) one or both home or care-of keygen tokens, and Section 5.2.7) one or both home or care-of keygen tokens, and
associated nonce indices for the desired addresses, it MAY reuse associated nonce indices for the desired addresses, it MAY reuse
them. Therefore, the return routability procedure may in some cases them. Therefore, the return routability procedure may in some cases
be completed with only one message pair. It may even be completed be completed with only one message pair. It may even be completed
without any messages at all, if the mobile node has a recent home without any messages at all, if the mobile node has a recent home
keygen token and has previously visited the same care-of address so keygen token and has previously visited the same care-of address so
that it also has a recent care-of keygen token. If the mobile node that it also has a recent care-of keygen token. If the mobile node
intends to send a Binding Update with the Lifetime set to zero and intends to send a Binding Update with the Lifetime set to zero and
the care-of address equal to its home address - such as when the care-of address equal to its home address -- such as when
returning home - sending a Home Test Init message is sufficient. In returning home -- sending a Home Test Init message is sufficient. In
this case, generation of the binding management key depends this case, generation of the binding management key depends
exclusively on the home keygen token (Section 5.2.5). exclusively on the home keygen token (Section 5.2.5).
A Home Test Init message MUST be created as described in A Home Test Init message MUST be created as described in
Section 6.1.3. Section 6.1.3.
A Care-of Test Init message MUST be created as described in A Care-of Test Init message MUST be created as described in
Section 6.1.4. When sending a Home Test Init or Care-of Test Init Section 6.1.4. When sending a Home Test Init or Care-of Test Init
message the mobile node MUST record in its Binding Update List the message, the mobile node MUST record in its Binding Update List the
following fields from the messages: following fields from the messages:
o The IP address of the node to which the message was sent. o The IP address of the node to which the message was sent.
o The home address of the mobile node. This value will appear in o The home address of the mobile node. This value will appear in
the Source Address field of the Home Test Init message. When the Source Address field of the Home Test Init message. When
sending the Care-of Test Init message, this address does not sending the Care-of Test Init message, this address does not
appear in the message, but represents the home address for which appear in the message, but represents the home address for which
the binding is desired. the binding is desired.
skipping to change at page 134, line 45 skipping to change at page 132, line 42
outgoing tunnel packets to the current primary care-of address. The outgoing tunnel packets to the current primary care-of address. The
mobile node starts to use a new primary care-of address immediately mobile node starts to use a new primary care-of address immediately
after sending a Binding Update to the home agent to register this new after sending a Binding Update to the home agent to register this new
address. address.
11.7. Processing Bindings 11.7. Processing Bindings
11.7.1. Sending Binding Updates to the Home Agent 11.7.1. Sending Binding Updates to the Home Agent
In order to change its primary care-of address as described in In order to change its primary care-of address as described in
Section 11.5.1 and Section 11.5.3, a mobile node MUST register this Sections 11.5.1 and 11.5.3, a mobile node MUST register this care-of
care-of address with its home agent in order to make this its primary address with its home agent in order to make this its primary care-of
care-of address. address.
Also, if the mobile node wants the services of the home agent beyond Also, if the mobile node wants the services of the home agent beyond
the current registration period, the mobile node should send a new the current registration period, the mobile node should send a new
Binding Update to it well before the expiration of this period, even Binding Update to it well before the expiration of this period, even
if it is not changing its primary care-of address. However, if the if it is not changing its primary care-of address. However, if the
home agent returned a Binding Acknowledgement for the current home agent returned a Binding Acknowledgement for the current
registration with Status field set to 1 (accepted but prefix registration with the Status field set to 1 (accepted but prefix
discovery necessary), the mobile node should not try to register discovery necessary), the mobile node should not try to register
again before it has learned the validity of its home prefixes through again before it has learned the validity of its home prefixes through
mobile prefix discovery. This is typically necessary every time this mobile prefix discovery. This is typically necessary every time this
Status value is received, because information learned earlier may Status value is received, because information learned earlier may
have changed. have changed.
To register a care-of address or to extend the lifetime of an To register a care-of address or to extend the lifetime of an
existing registration, the mobile node sends a packet to its home existing registration, the mobile node sends a packet to its home
agent containing a Binding Update, with the packet constructed as agent containing a Binding Update, with the packet constructed as
follows: follows:
skipping to change at page 136, line 41 skipping to change at page 134, line 36
to register a different primary care-of address). See Section 11.8 to register a different primary care-of address). See Section 11.8
for information about retransmitting Binding Updates. for information about retransmitting Binding Updates.
With the Binding Update, the mobile node requests the home agent to With the Binding Update, the mobile node requests the home agent to
serve as the home agent for the given home address. Until the serve as the home agent for the given home address. Until the
lifetime of this registration expires, the home agent considers lifetime of this registration expires, the home agent considers
itself the home agent for this home address. itself the home agent for this home address.
Each Binding Update MUST be authenticated as coming from the right Each Binding Update MUST be authenticated as coming from the right
mobile node, as defined in Section 5.1. The mobile node MUST use its mobile node, as defined in Section 5.1. The mobile node MUST use its
home address - either in the Home Address destination option or in home address -- either in the Home Address destination option or in
the Source Address field of the IPv6 header - in Binding Updates sent the Source Address field of the IPv6 header -- in Binding Updates
to the home agent. This is necessary in order to allow the IPsec sent to the home agent. This is necessary in order to allow the
policies to be matched with the correct home address. IPsec policies to be matched with the correct home address.
When sending a Binding Update to its home agent, the mobile node MUST When sending a Binding Update to its home agent, the mobile node MUST
also create or update the corresponding Binding Update List entry, as also create or update the corresponding Binding Update List entry, as
specified in Section 11.7.2. specified in Section 11.7.2.
The last Sequence Number value sent to the home agent in a Binding The last Sequence Number value sent to the home agent in a Binding
Update is stored by the mobile node. If the sending mobile node has Update is stored by the mobile node. If the sending mobile node has
no knowledge of the correct Sequence Number value, it may start at no knowledge of the correct Sequence Number value, it may start at
any value. If the home agent rejects the value, it sends back a any value. If the home agent rejects the value, it sends back a
Binding Acknowledgement with a status code 135, and the last accepted Binding Acknowledgement with a status code 135, and the last accepted
skipping to change at page 139, line 4 skipping to change at page 136, line 46
Note that the validity of the original packet is checked before Note that the validity of the original packet is checked before
attempting to initiate a correspondent registration. For instance, attempting to initiate a correspondent registration. For instance,
if a Home Address destination option appeared in the original packet, if a Home Address destination option appeared in the original packet,
then rules in Section 9.3.1 are followed. then rules in Section 9.3.1 are followed.
A mobile node MAY also choose to keep its topological location A mobile node MAY also choose to keep its topological location
private from certain correspondent nodes, and thus need not initiate private from certain correspondent nodes, and thus need not initiate
the correspondent registration. the correspondent registration.
Upon successfully completing the return routability procedure, and Upon successfully completing the return routability procedure, and
after receiving a successful Binding Acknowledgement from the Home after receiving a successful Binding Acknowledgement from the home
Agent, a Binding Update MAY be sent to the correspondent node. agent, a Binding Update MAY be sent to the correspondent node.
In any Binding Update sent by a mobile node, the care-of address In any Binding Update sent by a mobile node, the care-of address
(either the Source Address in the packet's IPv6 header or the Care-of (either the Source Address in the packet's IPv6 header or the Care-of
Address in the Alternate Care-of Address mobility option of the Address in the Alternate Care-of Address mobility option of the
Binding Update) MUST be set to one of the care-of addresses currently Binding Update) MUST be set to one of the care-of addresses currently
in use by the mobile node or to the mobile node's home address. A in use by the mobile node or to the mobile node's home address. A
mobile node MAY set the care-of address differently for sending mobile node MAY set the care-of address differently for sending
Binding Updates to different correspondent nodes. Binding Updates to different correspondent nodes.
A mobile node MAY also send a Binding Update to such a correspondent A mobile node MAY also send a Binding Update to such a correspondent
skipping to change at page 139, line 51 skipping to change at page 137, line 44
away from home. away from home.
If the mobile node wants to ensure that its new care-of address has If the mobile node wants to ensure that its new care-of address has
been entered into a correspondent node's Binding Cache, the mobile been entered into a correspondent node's Binding Cache, the mobile
node needs to request an acknowledgement by setting the Acknowledge node needs to request an acknowledgement by setting the Acknowledge
(A) bit in the Binding Update. (A) bit in the Binding Update.
A Binding Update is created as follows: A Binding Update is created as follows:
o The current care-of address of the mobile node MUST be sent either o The current care-of address of the mobile node MUST be sent either
in the Source Address of the IPv6 header, or in the Alternate in the Source Address of the IPv6 header or in the Alternate
Care-of Address mobility option. Care-of Address mobility option.
o The Destination Address of the IPv6 header MUST contain the o The Destination Address of the IPv6 header MUST contain the
address of the correspondent node. address of the correspondent node.
o The Mobility Header is constructed according to rules in o The Mobility Header is constructed according to rules in Sections
Section 6.1.7 and Section 5.2.6, including the Binding 6.1.7 and 5.2.6, including the Binding Authorization Data
Authorization Data (calculated as defined in Section 6.2.7) and (calculated as defined in Section 6.2.7) and possibly the Nonce
possibly the Nonce Indices mobility options. Indices mobility options.
o The home address of the mobile node MUST be added to the packet in o The home address of the mobile node MUST be added to the packet in
a Home Address destination option, unless the Source Address is a Home Address destination option, unless the Source Address is
the home address. the home address.
Each Binding Update MUST have a Sequence Number greater than the Each Binding Update MUST have a Sequence Number greater than the
Sequence Number value sent in the previous Binding Update to the same Sequence Number value sent in the previous Binding Update to the same
destination address (if any). The sequence numbers are compared destination address (if any). The sequence numbers are compared
modulo 2**16, as described in Section 9.5.1. There is no modulo 2**16, as described in Section 9.5.1. There is no
requirement, however, that the Sequence Number value strictly requirement, however, that the Sequence Number value strictly
skipping to change at page 140, line 43 skipping to change at page 138, line 39
The mobile node is responsible for the completion of the The mobile node is responsible for the completion of the
correspondent registration, as well as any retransmissions that may correspondent registration, as well as any retransmissions that may
be needed (subject to the rate limitation defined in Section 11.8). be needed (subject to the rate limitation defined in Section 11.8).
11.7.3. Receiving Binding Acknowledgements 11.7.3. Receiving Binding Acknowledgements
Upon receiving a packet carrying a Binding Acknowledgement, a mobile Upon receiving a packet carrying a Binding Acknowledgement, a mobile
node MUST validate the packet according to the following tests: node MUST validate the packet according to the following tests:
o The packet meets the authentication requirements for Binding o The packet meets the authentication requirements for Binding
Acknowledgements defined in Section 6.1.8 and Section 5. That is, Acknowledgements defined in Sections 6.1.8 and 5. That is, if the
if the Binding Update was sent to the home agent, the underlying Binding Update was sent to the home agent, the underlying IPsec
IPsec protection is used. If the Binding Update was sent to the protection is used. If the Binding Update was sent to the
correspondent node, the Binding Authorization Data mobility option correspondent node, the Binding Authorization Data mobility option
MUST be present and have a valid value. MUST be present and have a valid value.
o The Binding Authorization Data mobility option, if present, MUST o The Binding Authorization Data mobility option, if present, MUST
be the last option and MUST NOT have trailing padding. be the last option and MUST NOT have trailing padding.
o The Sequence Number field matches the Sequence Number sent by the o The Sequence Number field matches the Sequence Number sent by the
mobile node to this destination address in an outstanding Binding mobile node to this destination address in an outstanding Binding
Update, and the Status field is not 135. Update, and the Status field is not 135.
skipping to change at page 141, line 36 skipping to change at page 139, line 32
corresponding Binding Update List entry (with a minimum value for corresponding Binding Update List entry (with a minimum value for
the Binding Update List entry lifetime of 0). That is, if the the Binding Update List entry lifetime of 0). That is, if the
Lifetime value sent in the Binding Update was L_update, the Lifetime value sent in the Binding Update was L_update, the
Lifetime value received in the Binding Acknowledgement was L_ack, Lifetime value received in the Binding Acknowledgement was L_ack,
and the current remaining lifetime of the Binding Update List and the current remaining lifetime of the Binding Update List
entry is L_remain, then the new value for the remaining lifetime entry is L_remain, then the new value for the remaining lifetime
of the Binding Update List entry should be of the Binding Update List entry should be
max((L_remain - (L_update - L_ack)), 0) max((L_remain - (L_update - L_ack)), 0)
where max(X, Y) is the maximum of X and Y. The effect of this step where max(X, Y) is the maximum of X and Y. The effect of this
is to correctly manage the mobile node's view of the binding's step is to correctly manage the mobile node's view of the
remaining lifetime (as maintained in the corresponding Binding binding's remaining lifetime (as maintained in the corresponding
Update List entry) so that it correctly counts down from the Binding Update List entry) so that it correctly counts down from
Lifetime value given in the Binding Acknowledgement, but with the the Lifetime value given in the Binding Acknowledgement, but with
timer countdown beginning at the time that the Binding Update was the timer countdown beginning at the time that the Binding Update
sent. was sent.
Mobile nodes SHOULD send a new Binding Update well before the Mobile nodes SHOULD send a new Binding Update well before the
expiration of this period in order to extend the lifetime. This expiration of this period in order to extend the lifetime. This
helps to avoid disruptions in communications which might otherwise helps to avoid disruptions in communications that might otherwise
be caused by network delays or clock drift. be caused by network delays or clock drift.
o If the Binding Acknowledgement correctly passes authentication and o If the Binding Acknowledgement correctly passes authentication and
the Status field value is 135 (Sequence Number out of window), the Status field value is 135 (Sequence Number out of window),
then the mobile node MUST update its binding sequence number then the mobile node MUST update its binding sequence number
appropriately to match the sequence number given in the Binding appropriately to match the sequence number given in the Binding
Acknowledgement. Otherwise, if the Status field value is 135 but Acknowledgement. Otherwise, if the Status field value is 135 but
the Binding Acknowledgement does not pass authentication, the the Binding Acknowledgement does not pass authentication, the
message MUST be silently ignored. message MUST be silently ignored.
skipping to change at page 143, line 6 skipping to change at page 140, line 50
Request message, if the mobile node has a Binding Update List entry Request message, if the mobile node has a Binding Update List entry
for the source of the Binding Refresh Request, and the mobile node for the source of the Binding Refresh Request, and the mobile node
wants to retain its Binding Cache entry at the correspondent node, wants to retain its Binding Cache entry at the correspondent node,
then the mobile node should start a return routability procedure. If then the mobile node should start a return routability procedure. If
the mobile node wants to have its Binding Cache entry removed, it can the mobile node wants to have its Binding Cache entry removed, it can
either ignore the Binding Refresh Request and wait for the binding to either ignore the Binding Refresh Request and wait for the binding to
time out, or at any time, it can delete its binding from a time out, or at any time, it can delete its binding from a
correspondent node with an explicit Binding Update with a zero correspondent node with an explicit Binding Update with a zero
lifetime and the care-of address set to the home address. If the lifetime and the care-of address set to the home address. If the
mobile node does not know if it needs the Binding Cache entry, it can mobile node does not know if it needs the Binding Cache entry, it can
make the decision in an implementation dependent manner, such as make the decision in an implementation-dependent manner, such as
based on available resources. based on available resources.
Note that the mobile node should be careful to not respond to Binding Note that the mobile node should be careful not to respond to Binding
Refresh Requests for addresses not in the Binding Update List to Refresh Requests for addresses not in the Binding Update List to
avoid being subjected to a denial of service attack. avoid being subjected to a denial of service attack.
If the return routability procedure completes successfully, a Binding If the return routability procedure completes successfully, a Binding
Update message SHOULD be sent, as described in Section 11.7.2. The Update message SHOULD be sent, as described in Section 11.7.2. The
Lifetime field in this Binding Update SHOULD be set to a new Lifetime field in this Binding Update SHOULD be set to a new
lifetime, extending any current lifetime remaining from a previous lifetime, extending any current lifetime remaining from a previous
Binding Update sent to this node (as indicated in any existing Binding Update sent to this node (as indicated in any existing
Binding Update List entry for this node), and the lifetime SHOULD Binding Update List entry for this node), and the lifetime SHOULD
again be less than or equal to the remaining lifetime of the home again be less than or equal to the remaining lifetime of the home
registration and the care-of address specified for the binding. When registration and the care-of address specified for the binding. When
sending this Binding Update, the mobile node MUST update its Binding sending this Binding Update, the mobile node MUST update its Binding
Update List in the same way as for any other Binding Update sent by Update List in the same way as for any other Binding Update sent by
the mobile node. the mobile node.
11.8. Retransmissions and Rate Limiting 11.8. Retransmissions and Rate Limiting
The mobile node is responsible for retransmissions and rate limiting The mobile node is responsible for retransmissions and rate limiting
in the return routability procedure, registrations, and in solicited in the return routability procedure, in registrations, and in
prefix discovery. solicited prefix discovery.
When the mobile node sends a Mobile Prefix Solicitation, Home Test When the mobile node sends a Mobile Prefix Solicitation, Home Test
Init, Care-of Test Init or Binding Update for which it expects a Init, Care-of Test Init, or Binding Update for which it expects a
response, the mobile node has to determine a value for the initial response, the mobile node has to determine a value for the initial
retransmission timer: retransmission timer:
o If the mobile node is sending a Mobile Prefix Solicitation, it o If the mobile node is sending a Mobile Prefix Solicitation, it
SHOULD use an initial retransmission interval of SHOULD use an initial retransmission interval of
INITIAL_SOLICIT_TIMER (see Section 12). INITIAL_SOLICIT_TIMER (see Section 12).
o If the mobile node is sending a Binding Update and does not have o If the mobile node is sending a Binding Update and does not have
an existing binding at the home agent, it SHOULD use an existing binding at the home agent, it SHOULD use
InitialBindackTimeoutFirstReg (see Section 13) as a value for the InitialBindackTimeoutFirstReg (see Section 13) as a value for the
skipping to change at page 144, line 15 skipping to change at page 142, line 13
retransmit the message until a response is received. retransmit the message until a response is received.
The retransmissions by the mobile node MUST use an exponential back- The retransmissions by the mobile node MUST use an exponential back-
off process in which the timeout period is doubled upon each off process in which the timeout period is doubled upon each
retransmission, until either the node receives a response or the retransmission, until either the node receives a response or the
timeout period reaches the value MAX_BINDACK_TIMEOUT. The mobile timeout period reaches the value MAX_BINDACK_TIMEOUT. The mobile
node MAY continue to send these messages at this slower rate node MAY continue to send these messages at this slower rate
indefinitely. indefinitely.
The mobile node SHOULD start a separate back-off process for The mobile node SHOULD start a separate back-off process for
different message types, different home addresses and different different message types, different home addresses, and different
care-of addresses. However, in addition an overall rate limitation care-of addresses. However, in addition an overall rate limitation
applies for messages sent to a particular correspondent node. This applies for messages sent to a particular correspondent node. This
ensures that the correspondent node has a sufficient amount of time ensures that the correspondent node has a sufficient amount of time
to respond when bindings for multiple home addresses are registered, to respond when bindings for multiple home addresses are registered,
for instance. The mobile node MUST NOT send Mobility Header messages for instance. The mobile node MUST NOT send Mobility Header messages
of a particular type to a particular correspondent node more than of a particular type to a particular correspondent node more than
MAX_UPDATE_RATE times within a second. MAX_UPDATE_RATE times within a second.
Retransmitted Binding Updates MUST use a Sequence Number value Retransmitted Binding Updates MUST use a Sequence Number value
greater than that used for the previous transmission of this Binding greater than that used for the previous transmission of this Binding
skipping to change at page 146, line 21 skipping to change at page 143, line 13
InitialBindackTimeoutFirstReg Default: 1.5 seconds InitialBindackTimeoutFirstReg Default: 1.5 seconds
Home agents MUST allow the first three variables to be configured by Home agents MUST allow the first three variables to be configured by
system management, and mobile nodes MUST allow the last variable to system management, and mobile nodes MUST allow the last variable to
be configured by system management. be configured by system management.
The default value for InitialBindackTimeoutFirstReg has been The default value for InitialBindackTimeoutFirstReg has been
calculated as 1.5 times the default value of RetransTimer, as calculated as 1.5 times the default value of RetransTimer, as
specified in Neighbor Discovery (RFC 4861 [18]) times the default specified in Neighbor Discovery (RFC 4861 [18]) times the default
value of DupAddrDetectTransmits, as specified in Stateless Address value of DupAddrDetectTransmits, as specified in Stateless Address
Autoconfiguration (RFC 4862 [19]) Autoconfiguration (RFC 4862 [19]).
The value MinDelayBetweenRAs overrides the value of the protocol The value MinDelayBetweenRAs overrides the value of the protocol
constant MIN_DELAY_BETWEEN_RAS, as specified in Neighbor Discovery constant MIN_DELAY_BETWEEN_RAS, as specified in Neighbor Discovery
(RFC 4861 [18]). This variable SHOULD be set to MinRtrAdvInterval, (RFC 4861 [18]). This variable SHOULD be set to MinRtrAdvInterval,
if MinRtrAdvInterval is less than 3 seconds. if MinRtrAdvInterval is less than 3 seconds.
14. IANA Considerations 14. IANA Considerations
This document defines a new IPv6 protocol, the Mobility Header, This document defines a new IPv6 protocol, the Mobility Header,
described in Section 6.1. This protocol has been assigned protocol described in Section 6.1. This protocol has been assigned protocol
skipping to change at page 148, line 36 skipping to change at page 145, line 4
133 Not home agent for this mobile node 133 Not home agent for this mobile node
134 Duplicate Address Detection failed 134 Duplicate Address Detection failed
135 Sequence number out of window 135 Sequence number out of window
136 Expired home nonce index 136 Expired home nonce index
137 Expired care-of nonce index 137 Expired care-of nonce index
138 Expired nonces 138 Expired nonces
139 Registration type change disallowed 139 Registration type change disallowed
TBD Invalid Care-of Address 174 Invalid Care-of Address
Future values of the Status field can be allocated using Standards Future values of the Status field can be allocated using Standards
Action or IESG Approval [23]. Action or IESG Approval [23].
All fields labeled "Reserved" are only to be assigned through All fields labeled "Reserved" are only to be assigned through
Standards Action or IESG Approval. Standards Action or IESG Approval.
This document also defines a new IPv6 destination option, the Home This document also defines a new IPv6 destination option, the Home
Address option, described in Section 6.3. This option has been Address option, described in Section 6.3. This option has been
assigned the Option Type value 0xC9. assigned the Option Type value 0xC9.
skipping to change at page 150, line 11 skipping to change at page 146, line 11
o The Advertisement Interval option, described in Section 7.3; and o The Advertisement Interval option, described in Section 7.3; and
o The Home Agent Information option, described in Section 7.4. o The Home Agent Information option, described in Section 7.4.
15. Security Considerations 15. Security Considerations
15.1. Threats 15.1. Threats
Any mobility solution must protect itself against misuses of the Any mobility solution must protect itself against misuses of the
mobility features and mechanisms. In Mobile IPv6, most of the mobility features and mechanisms. In Mobile IPv6, most of the
potential threats are concerned with false Bindings, usually potential threats are concerned with false bindings, usually
resulting in Denial-of-Service attacks. Some of the threats also resulting in denial-of-service attacks. Some of the threats also
pose potential for Man-in-the-Middle, Hijacking, Confidentiality, and pose potential for man-in-the-middle, hijacking, confidentiality, and
Impersonation attacks. The main threats this protocol protects impersonation attacks. The main threats this protocol protects
against are the following: against are the following:
o Threats involving Binding Updates sent to home agents and o Threats involving Binding Updates sent to home agents and
correspondent nodes. For instance, an attacker might claim that a correspondent nodes. For instance, an attacker might claim that a
certain mobile node is currently at a different location than it certain mobile node is currently at a different location than it
really is. If a home agent accepts such spoofed information sent really is. If a home agent accepts such spoofed information sent
to it, the mobile node might not get traffic destined to it. to it, the mobile node might not get traffic destined to it.
Similarly, a malicious (mobile) node might use the home address of Similarly, a malicious (mobile) node might use the home address of
a victim node in a forged Binding Update sent to a correspondent a victim node in a forged Binding Update sent to a correspondent
node. node.
These pose threats against confidentiality, integrity, and These pose threats against confidentiality, integrity, and
availability. That is, an attacker might learn the contents of availability. That is, an attacker might learn the contents of
packets destined to another node by redirecting the traffic to packets destined to another node by redirecting the traffic to
itself. Furthermore, an attacker might use the redirected packets itself. Furthermore, an attacker might use the redirected packets
in an attempt to set itself as a Man-in-the-Middle between a in an attempt to set itself as a man in the middle between a
mobile and a correspondent node. This would allow the attacker to mobile and a correspondent node. This would allow the attacker to
impersonate the mobile node, leading to integrity and availability impersonate the mobile node, leading to integrity and availability
problems. problems.
A malicious (mobile) node might also send Binding Updates in which A malicious (mobile) node might also send Binding Updates in which
the care-of address is set to the address of a victim node. If the care-of address is set to the address of a victim node. If
such Binding Updates were accepted, the malicious node could lure such Binding Updates were accepted, the malicious node could lure
the correspondent node into sending potentially large amounts of the correspondent node into sending potentially large amounts of
data to the victim; the correspondent node's replies to messages data to the victim; the correspondent node's replies to messages
sent by the malicious mobile node will be sent to the victim host sent by the malicious mobile node will be sent to the victim host
or network. This could be used to cause a Distributed Denial-of- or network. This could be used to cause a distributed denial-of-
Service attack. For example, the correspondent node might be a service attack. For example, the correspondent node might be a
site that will send a high-bandwidth stream of video to anyone who site that will send a high-bandwidth stream of video to anyone who
asks for it. Note that the use of flow-control protocols such as asks for it. Note that the use of flow-control protocols such as
TCP does not necessarily defend against this type of attack, TCP does not necessarily defend against this type of attack,
because the attacker can fake the acknowledgements. Even keeping because the attacker can fake the acknowledgements. Even keeping
TCP initial sequence numbers secret does not help, because the TCP initial sequence numbers secret does not help, because the
attacker can receive the first few segments (including the ISN) at attacker can receive the first few segments (including the ISN) at
its own address, and only then redirect the stream to the victim's its own address, and only then redirect the stream to the victim's
address. These types of attacks may also be directed to networks address. These types of attacks may also be directed to networks
instead of nodes. Further variations of this threat are described instead of nodes. Further variations of this threat are described
elsewhere [28] [34]. elsewhere [28] [35].
An attacker might also attempt to disrupt a mobile node's An attacker might also attempt to disrupt a mobile node's
communications by replaying a Binding Update that the node had communications by replaying a Binding Update that the node had
sent earlier. If the old Binding Update was accepted, packets sent earlier. If the old Binding Update was accepted, packets
destined for the mobile node would be sent to its old location as destined for the mobile node would be sent to its old location as
opposed to its current location. opposed to its current location.
A malicious mobile node associated to multiple home agents could A malicious mobile node associated to multiple home agents could
create a routing loop amongst them. This can be achieved when a create a routing loop amongst them. This can be achieved when a
mobile node binds one home address located on a first home agent mobile node binds one home address located on a first home agent
skipping to change at page 151, line 27 skipping to change at page 147, line 27
Such looping problem is limited to cases where a mobile node has Such looping problem is limited to cases where a mobile node has
multiple home agents and is permitted to be associated with the multiple home agents and is permitted to be associated with the
multiple home agents. For the single home agent case, a policy at multiple home agents. For the single home agent case, a policy at
the home agent would prevent the binding of one home address to the home agent would prevent the binding of one home address to
another home address hosted by the same home agent. another home address hosted by the same home agent.
The potential problems caused by such routing loops in this The potential problems caused by such routing loops in this
scenario can be substantially reduced by use of the Tunnel-Limit scenario can be substantially reduced by use of the Tunnel-Limit
Option specified in RFC 2473 [7]. Option specified in RFC 2473 [7].
In conclusion, there are Denial-of-Service, Man-in-the-Middle, In conclusion, there are denial-of-service, man-in-the-middle,
Confidentiality, and Impersonation threats against the parties confidentiality, and impersonation threats against the parties
involved in sending legitimate Binding Updates, the threat of involved in sending legitimate Binding Updates, the threat of
routing loops when there are multiple home agents, and Denial-of- routing loops when there are multiple home agents, and denial-of-
Service threats against any other party. service threats against any other party.
o Threats associated with payload packets: Payload packets exchanged o Threats associated with payload packets: Payload packets exchanged
with mobile nodes are exposed to similar threats as that of with mobile nodes are exposed to similar threats as that of
regular IPv6 traffic. However, Mobile IPv6 introduces the Home regular IPv6 traffic. However, Mobile IPv6 introduces the Home
Address destination option, a new routing header type (type 2), Address destination option and a new routing header type (type 2),
and uses tunneling headers in the payload packets. The protocol and uses tunneling headers in the payload packets. The protocol
must protect against potential new threats involving the use of must protect against potential new threats involving the use of
these mechanisms. these mechanisms.
Third parties become exposed to a reflection threat via the Home Third parties become exposed to a reflection threat via the Home
Address destination option, unless appropriate security Address destination option, unless appropriate security
precautions are followed. The Home Address destination option precautions are followed. The Home Address destination option
could be used to direct response traffic toward a node whose IP could be used to direct response traffic toward a node whose IP
address appears in the option. In this case, ingress filtering address appears in the option. In this case, ingress filtering
would not catch the forged "return address" [37] [42]. would not catch the forged "return address" [38] [43].
A similar threat exists with the tunnels between the mobile node A similar threat exists with the tunnels between the mobile node
and the home agent. An attacker might forge tunnel packets and the home agent. An attacker might forge tunnel packets
between the mobile node and the home agent, making it appear that between the mobile node and the home agent, making it appear that
the traffic is coming from the mobile node when it is not. Note the traffic is coming from the mobile node when it is not. Note
that an attacker who is able to forge tunnel packets would that an attacker who is able to forge tunnel packets would
typically also be able to forge packets that appear to come typically also be able to forge packets that appear to come
directly from the mobile node. This is not a new threat as such. directly from the mobile node. This is not a new threat as such.
However, it may make it easier for attackers to escape detection However, it may make it easier for attackers to escape detection
by avoiding ingress filtering and packet tracing mechanisms. by avoiding ingress filtering and packet tracing mechanisms.
skipping to change at page 152, line 45 skipping to change at page 148, line 45
protocols. Mobile nodes must be capable to defend themselves in the protocols. Mobile nodes must be capable to defend themselves in the
networks that they visit, as typical perimeter defenses applied in networks that they visit, as typical perimeter defenses applied in
the home network no longer protect them. the home network no longer protect them.
15.2. Features 15.2. Features
This specification provides a series of features designed to mitigate This specification provides a series of features designed to mitigate
the risk introduced by the threats listed above. The main security the risk introduced by the threats listed above. The main security
features are the following: features are the following:
o Reverse Tunneling as a mandatory feature. o Reverse tunneling as a mandatory feature.
o Protection of Binding Updates sent to home agents. o Protection of Binding Updates sent to home agents.
o Protection of Binding Updates sent to correspondent nodes. o Protection of Binding Updates sent to correspondent nodes.
o Protection against reflection attacks that use the Home Address o Protection against reflection attacks that use the Home Address
destination option. destination option.
o Protection of tunnels between the mobile node and the home agent. o Protection of tunnels between the mobile node and the home agent.
o Closing routing header vulnerabilities. o Closing routing header vulnerabilities.
o Mitigating Denial-of-Service threats to the Mobile IPv6 security o Mitigating denial-of-service threats to the Mobile IPv6 security
mechanisms themselves. mechanisms themselves.
The support for encrypted reverse tunneling (see Section 11.3.1) The support for encrypted reverse tunneling (see Section 11.3.1)
allows mobile nodes to defeat certain kinds of traffic analysis. allows mobile nodes to defeat certain kinds of traffic analysis.
Protecting those Binding Updates that are sent to home agents and Protecting those Binding Updates that are sent to home agents and
those that are sent to arbitrary correspondent nodes requires very those that are sent to arbitrary correspondent nodes requires very
different security solutions due to the different situations. Mobile different security solutions due to the different situations. Mobile
nodes and home agents are naturally expected to be subject to the nodes and home agents are naturally expected to be subject to the
network administration of the home domain. network administration of the home domain.
skipping to change at page 153, line 37 skipping to change at page 149, line 37
Section 15.3 below for a discussion of the resulting level of Section 15.3 below for a discussion of the resulting level of
security. security.
It is expected that Mobile IPv6 route optimization will be used on a It is expected that Mobile IPv6 route optimization will be used on a
global basis between nodes belonging to different administrative global basis between nodes belonging to different administrative
domains. It would be a very demanding task to build an domains. It would be a very demanding task to build an
authentication infrastructure on this scale. Furthermore, a authentication infrastructure on this scale. Furthermore, a
traditional authentication infrastructure cannot be easily used to traditional authentication infrastructure cannot be easily used to
authenticate IP addresses because IP addresses can change often. It authenticate IP addresses because IP addresses can change often. It
is not sufficient to just authenticate the mobile nodes; is not sufficient to just authenticate the mobile nodes;
Authorization to claim the right to use an address is needed as well. authorization to claim the right to use an address is needed as well.
Thus, an "infrastructureless" approach is necessary. The chosen Thus, an "infrastructureless" approach is necessary. The chosen
infrastructureless method is described in Section 5.2, and infrastructureless method is described in Section 5.2, and
Section 15.4 discusses the resulting security level and the design Section 15.4 discusses the resulting security level and the design
rationale of this approach. rationale of this approach.
Specific rules guide the use of the Home Address destination option, Specific rules guide the use of the Home Address destination option,
the routing header, and the tunneling headers in the payload packets. the routing header, and the tunneling headers in the payload packets.
These rules are necessary to remove the vulnerabilities associated These rules are necessary to remove the vulnerabilities associated
with their unrestricted use. The effect of the rules is discussed in with their unrestricted use. The effect of the rules is discussed in
Section 15.7, Section 15.8, and Section 15.9. Sections 15.7, 15.8, and 15.9.
Denial-of-Service threats against Mobile IPv6 security mechanisms Denial-of-service threats against Mobile IPv6 security mechanisms
themselves concern mainly the Binding Update procedures with themselves concern mainly the Binding Update procedures with
correspondent nodes. The protocol has been designed to limit the correspondent nodes. The protocol has been designed to limit the
effects of such attacks, as will be described in Section 15.4.5. effects of such attacks, as will be described in Section 15.4.5.
15.3. Binding Updates to Home Agent 15.3. Binding Updates to Home Agent
Signaling between the mobile node and the home agent requires message Signaling between the mobile node and the home agent requires message
integrity. This is necessary to assure the home agent that a Binding integrity. This is necessary to assure the home agent that a Binding
Update is from a legitimate mobile node. In addition, correct Update is from a legitimate mobile node. In addition, correct
ordering and anti-replay protection are optionally needed. ordering and anti-replay protection are optionally needed.
IPsec ESP protects the integrity of the Binding Updates and Binding IPsec ESP protects the integrity of the Binding Updates and Binding
Acknowledgements by securing mobility messages between the mobile Acknowledgements by securing mobility messages between the mobile
node and the home agent. node and the home agent.
IPsec can provide anti-replay protection only if dynamic keying is IPsec can provide anti-replay protection only if dynamic keying is
used (which may not always be the case). IPsec does not guarantee used (which may not always be the case). IPsec does not guarantee
correct ordering of packets, only that they have not been replayed. correct ordering of packets, only that they have not been replayed.
Because of this, sequence numbers within the Mobile IPv6 messages are Because of this, sequence numbers within the Mobile IPv6 messages are
used to ensure correct ordering (see Section 5.1). However, if the used to ensure correct ordering (see Section 5.1). However, if the
16 bit Mobile IPv6 sequence number space is cycled through, or the 16-bit Mobile IPv6 sequence number space is cycled through, or the
home agent reboots and loses its state regarding the sequence home agent reboots and loses its state regarding the sequence
numbers, replay and reordering attacks become possible. The use of numbers, replay and reordering attacks become possible. The use of
dynamic keying, IPsec anti-replay protection, and the Mobile IPv6 dynamic keying, IPsec anti-replay protection, and the Mobile IPv6
sequence numbers can together prevent such attacks. It is also sequence numbers can together prevent such attacks. It is also
recommended that use of non-volatile storage be considered for home recommended that use of non-volatile storage be considered for home
agents, to avoid losing their state. agents, to avoid losing their state.
A sliding window scheme is used for the sequence numbers. The A sliding window scheme is used for the sequence numbers. The
protection against replays and reordering attacks without a key protection against replays and reordering attacks without a key
management mechanism works when the attacker remembers up to a management mechanism works when the attacker remembers up to a
maximum of 2**15 Binding Updates. maximum of 2**15 Binding Updates.
The above mechanisms do not show that the care-of address given in The above mechanisms do not show that the care-of address given in
the Binding Update is correct. This opens the possibility for the Binding Update is correct. This opens the possibility for
Denial-of-Service attacks against third parties. However, since the denial-of-service attacks against third parties. However, since the
mobile node and home agent have a security association, the home mobile node and home agent have a security association, the home
agent can always identify an ill-behaving mobile node. This allows agent can always identify an ill-behaving mobile node. This allows
the home agent operator to discontinue the mobile node's service, and the home agent operator to discontinue the mobile node's service, and
possibly take further actions based on the business relationship with possibly take further actions based on the business relationship with
the mobile node's owner. the mobile node's owner.
Note that the use of a single pair of manually keyed security Note that the use of a single pair of manually keyed security
associations conflicts with the generation of a new home address [21] associations conflicts with the generation of a new home address [21]
for the mobile node, or with the adoption of a new home subnet for the mobile node, or with the adoption of a new home subnet
prefix. This is because IPsec security associations are bound to the prefix. This is because IPsec security associations are bound to the
skipping to change at page 155, line 15 skipping to change at page 151, line 15
specification restricts the generation of new home addresses (for any specification restricts the generation of new home addresses (for any
reason) to those situations where a security association or reason) to those situations where a security association or
certificate for the new address already exists. certificate for the new address already exists.
Support for IKEv2 has been specified as optional. The following Support for IKEv2 has been specified as optional. The following
should be observed about the use of manual keying: should be observed about the use of manual keying:
o As discussed above, with manually keyed IPsec, only a limited form o As discussed above, with manually keyed IPsec, only a limited form
of protection exists against replay and reordering attacks. A of protection exists against replay and reordering attacks. A
vulnerability exists if either the sequence number space is cycled vulnerability exists if either the sequence number space is cycled
through, or if the home agent reboots and forgets its sequence through or the home agent reboots and forgets its sequence numbers
numbers (and uses volatile memory to store the sequence numbers). (and uses volatile memory to store the sequence numbers).
Assuming the mobile node moves continuously every 10 minutes, it Assuming the mobile node moves continuously every 10 minutes, it
takes roughly 455 days before the sequence number space has been takes roughly 455 days before the sequence number space has been
cycled through. Typical movement patterns rarely reach this high cycled through. Typical movement patterns rarely reach this high
frequency today. frequency today.
o A mobile node and its home agent belong to the same domain. If o A mobile node and its home agent belong to the same domain. If
this were not the case, manual keying would not be possible [41], this were not the case, manual keying would not be possible [42],
but in Mobile IPv6 only these two parties need to know the but in Mobile IPv6 only these two parties need to know the
manually configured keys. Similarly, we note that Mobile IPv6 manually configured keys. Similarly, we note that Mobile IPv6
employs standard block ciphers in IPsec, and is not vulnerable to employs standard block ciphers in IPsec, and is not vulnerable to
problems associated with stream ciphers and manual keying. problems associated with stream ciphers and manual keying.
o It is expected that the owner of the mobile node and the o It is expected that the owner of the mobile node and the
administrator of the home agent agree on the used keys and other administrator of the home agent agree on the used keys and other
parameters with some off-line mechanism. parameters with some off-line mechanism.
The use of IKEv2 with Mobile IPv6 is documented in more detail in The use of IKEv2 with Mobile IPv6 is documented in more detail in
skipping to change at page 156, line 8 skipping to change at page 152, line 8
AltName field of certificate to avoid this. However, AltName field of certificate to avoid this. However,
implementations are not guaranteed to support the use of a implementations are not guaranteed to support the use of a
particular IP address (care-of address) while another address particular IP address (care-of address) while another address
(home address) appears in the certificate. In any case, even this (home address) appears in the certificate. In any case, even this
approach would require user-specific tasks in the certificate approach would require user-specific tasks in the certificate
authority. authority.
o Due to the problems outlined in Section 11.3.2, the IKEv2 SA o Due to the problems outlined in Section 11.3.2, the IKEv2 SA
between the mobile node and its home agent is established using between the mobile node and its home agent is established using
the mobile node's current care-of address. This implies that when the mobile node's current care-of address. This implies that when
the mobile node moves to a new location, it may have to re- the mobile node moves to a new location, it may have to
establish an IKEv2 Security Association. A Key Management re-establish an IKEv2 security association. A Key Management
Mobility Capability (K) flag is provided for implementations that Mobility Capability (K) flag is provided for implementations that
can update the IKEv2 endpoints without re-establishing an IKEv2 can update the IKEv2 endpoints without re-establishing an IKEv2
Security Association, but the support for this behavior is security association, but the support for this behavior is
optional. optional.
o Nevertheless, even if per-mobile node configuration is required o Nevertheless, even if per-mobile node configuration is required
with IKEv2, an important benefit of IKEv2 is that it automates the with IKEv2, an important benefit of IKEv2 is that it automates the
negotiation of cryptographic parameters, including the SPIs, negotiation of cryptographic parameters, including the Security
cryptographic algorithms, and so on. Thus, less configuration Parameter Indices (SPIs), cryptographic algorithms, and so on.
information is needed. Thus, less configuration information is needed.
o The frequency of movements in some link layers or deployment o The frequency of movements in some link layers or deployment
scenarios may be high enough to make replay and reordering attacks scenarios may be high enough to make replay and reordering attacks
possible, if only manual keying is used. IKEv2 SHOULD be used in possible, if only manual keying is used. IKEv2 SHOULD be used in
such cases. Potentially vulnerable scenarios involve continuous such cases. Potentially vulnerable scenarios involve continuous
movement through small cells, or uncontrolled alternation between movement through small cells, or uncontrolled alternation between
available network attachment points. available network attachment points.
o Similarly, in some deployment scenarios the number of mobile nodes o Similarly, in some deployment scenarios the number of mobile nodes
may be very large. In these cases, it can be necessary to use may be very large. In these cases, it can be necessary to use
skipping to change at page 156, line 46 skipping to change at page 152, line 46
The motivation for designing the return routability procedure was to The motivation for designing the return routability procedure was to
have sufficient support for Mobile IPv6, without creating significant have sufficient support for Mobile IPv6, without creating significant
new security problems. The goal for this procedure was not to new security problems. The goal for this procedure was not to
protect against attacks that were already possible before the protect against attacks that were already possible before the
introduction of Mobile IPv6. introduction of Mobile IPv6.
The next sections will describe the security properties of the used The next sections will describe the security properties of the used
method, both from the point of view of possible on-path attackers who method, both from the point of view of possible on-path attackers who
can see those cryptographic values that have been sent in the clear can see those cryptographic values that have been sent in the clear
(Section 15.4.2 and Section 15.4.3) and from the point of view of (Sections 15.4.2 and 15.4.3) and from the point of view of other
other attackers (Section 15.4.6). attackers (Section 15.4.6).
15.4.1. Overview 15.4.1. Overview
The chosen infrastructureless method verifies that the mobile node is The chosen infrastructureless method verifies that the mobile node is
"live" (that is, it responds to probes) at its home and care-of "live" (that is, it responds to probes) at its home and care-of
addresses. Section 5.2 describes the return routability procedure in addresses. Section 5.2 describes the return routability procedure in
detail. The procedure uses the following principles: detail. The procedure uses the following principles:
o A message exchange verifies that the mobile node is reachable at o A message exchange verifies that the mobile node is reachable at
its addresses, i.e., is at least able to transmit and receive its addresses, i.e., is at least able to transmit and receive
traffic at both the home and care-of addresses. traffic at both the home and care-of addresses.
o The eventual Binding Update is cryptographically bound to the o The eventual Binding Update is cryptographically bound to the
tokens supplied in the exchanged messages. tokens supplied in the exchanged messages.
o Symmetric exchanges are employed to avoid the use of this protocol o Symmetric exchanges are employed to avoid the use of this protocol
in reflection attacks. In a symmetric exchange, the responses are in reflection attacks. In a symmetric exchange, the responses are
always sent to the same address the request was sent from. always sent to the same address from which the request was sent.
o The correspondent node operates in a stateless manner until it o The correspondent node operates in a stateless manner until it
receives a fully authorized Binding Update. receives a fully authorized Binding Update.
o Some additional protection is provided by encrypting the tunnels o Some additional protection is provided by encrypting the tunnels
between the mobile node and home agent with IPsec ESP. As the between the mobile node and home agent with IPsec ESP. As the
tunnel also transports the nonce exchanges, the ability of tunnel also transports the nonce exchanges, the ability of
attackers to see these nonces is limited. For instance, this attackers to see these nonces is limited. For instance, this
prevents attacks from being launched from the mobile node's prevents attacks from being launched from the mobile node's
current foreign link, even when no link-layer confidentiality is current foreign link, even when no link-layer confidentiality is
available. available.
The resulting level of security is in theory the same even without The resulting level of security is in theory the same even without
this additional protection: the return routability tokens are this additional protection: the return routability tokens are
still exposed only to one path within the whole Internet. still exposed only to one path within the whole Internet.
However, the mobile nodes are often found on an insecure link, However, the mobile nodes are often found on an insecure link,
such as a public access Wireless LAN. Thus, in many cases, this such as a public access Wireless LAN. Thus, in many cases, this
addition makes a practical difference. addition makes a practical difference.
For further information about the design rationale of the return For further information about the design rationale of the return
routability procedure, see [28] [34] [33] [42]. The mechanisms used routability procedure, see [28] [35] [34] [43]. The mechanisms used
have been adopted from these documents. have been adopted from these documents.
15.4.2. Achieved Security Properties 15.4.2. Achieved Security Properties
The return routability procedure protects Binding Updates against all The return routability procedure protects Binding Updates against all
attackers who are unable to monitor the path between the home agent attackers who are unable to monitor the path between the home agent
and the correspondent node. The procedure does not defend against and the correspondent node. The procedure does not defend against
attackers who can monitor this path. Note that such attackers are in attackers who can monitor this path. Note that such attackers are in
any case able to mount an active attack against the mobile node when any case able to mount an active attack against the mobile node when
it is at its home location. The possibility of such attacks is not it is at its home location. The possibility of such attacks is not
an impediment to the deployment of Mobile IPv6 because these attacks an impediment to the deployment of Mobile IPv6 because these attacks
are possible regardless of whether or not Mobile IPv6 is in use. are possible regardless of whether or not Mobile IPv6 is in use.
This procedure also protects against Denial-of-Service attacks in This procedure also protects against denial-of-service attacks in
which the attacker pretends to be mobile, but uses the victim's which the attacker pretends to be mobile, but uses the victim's
address as the care-of address. This would cause the correspondent address as the care-of address. This would cause the correspondent
node to send the victim some unexpected traffic. This procedure node to send the victim some unexpected traffic. This procedure
defends against these attacks by requiring at least the passive defends against these attacks by requiring at least the passive
presence of the attacker at the care-of address or on the path from presence of the attacker at the care-of address or on the path from
the correspondent to the care-of address. Normally, this will be the the correspondent to the care-of address. Normally, this will be the
mobile node. mobile node.
15.4.3. Comparison to Regular IPv6 Communications 15.4.3. Comparison to Regular IPv6 Communications
This section discusses the protection offered by the return This section discusses the protection offered by the return
routability method by comparing it to the security of regular IPv6 routability method by comparing it to the security of regular IPv6
communications. We will divide vulnerabilities into three classes: communications. We will divide vulnerabilities into three classes:
(1) those related to attackers on the local network of the mobile (1) those related to attackers on the local network of the mobile
node, home agent, or the correspondent node, (2) those related to node, home agent, or the correspondent node, (2) those related to
attackers on the path between the home network and the correspondent attackers on the path between the home network and the correspondent
node, and (3) off-path attackers, i.e., the rest of the Internet. node, and (3) off-path attackers, i.e., the rest of the Internet.
We will now discuss the vulnerabilities of regular IPv6 We will now discuss the vulnerabilities of regular IPv6
communications. The on-link vulnerabilities of IPv6 communications communications. The on-link vulnerabilities of IPv6 communications
include Denial-of-Service, Masquerading, Man-in-the-Middle, include denial-of-service, masquerading, man-in-the-middle,
Eavesdropping, and other attacks. These attacks can be launched eavesdropping, and other attacks. These attacks can be launched
through spoofing Router Discovery, Neighbor Discovery and other IPv6 through spoofing Router Discovery, Neighbor Discovery, and other IPv6
mechanisms. Some of these attacks can be prevented with the use of mechanisms. Some of these attacks can be prevented with the use of
cryptographic protection in the packets. cryptographic protection in the packets.
A similar situation exists with on-path attackers. That is, without A similar situation exists with on-path attackers. That is, without
cryptographic protection, the traffic is completely vulnerable. cryptographic protection, the traffic is completely vulnerable.
Assuming that attackers have not penetrated the security of the Assuming that attackers have not penetrated the security of the
Internet routing protocols, attacks are much harder to launch from Internet routing protocols, attacks are much harder to launch from
off-path locations. Attacks that can be launched from these off-path locations. Attacks that can be launched from these
locations are mainly Denial-of-Service attacks, such as flooding locations are mainly denial-of-service attacks, such as flooding