draft-ietf-mip6-bootstrapping-integrated-dhc-05.txt   draft-ietf-mip6-bootstrapping-integrated-dhc-06.txt 
Network Working Group K. Chowdhury, Editor Network Working Group K. Chowdhury, Editor
Internet-Draft Starent Networks Internet-Draft Starent Networks
Intended status: Standards Track A. Yegin Intended status: Standards Track A. Yegin
Expires: December 22, 2007 Samsung AIT Expires: October 22, 2008 Samsung AIT
June 20, 2007 April 20, 2008
MIP6-bootstrapping for the Integrated Scenario MIP6-bootstrapping for the Integrated Scenario
draft-ietf-mip6-bootstrapping-integrated-05.txt draft-ietf-mip6-bootstrapping-integrated-06.txt
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 35 skipping to change at page 1, line 35
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on December 22, 2007. This Internet-Draft will expire on October 22, 2008.
Copyright Notice
Copyright (C) The IETF Trust (2007).
Abstract Abstract
Mobile IPv6 bootstrapping can be categorized into two primary Mobile IPv6 bootstrapping can be categorized into two primary
scenarios, the split scenario and the integrated scenario. In the scenarios, the split scenario and the integrated scenario. In the
split scenario, the mobile node's mobility service is authorized by a split scenario, the mobile node's mobility service is authorized by a
different service authorizer than the network access authorizer. In different service authorizer than the network access authorizer. In
the the integrated scenario, the mobile node's mobility service is the integrated scenario, the mobile node's mobility service is
authorized by the same service authorizer as the network access authorized by the same service authorizer as the network access
service authorizer. This document defines a method for home agent service authorizer. This document defines a method for home agent
information discovery for the integrated scenario. information discovery for the integrated scenario.
Table of Contents Table of Contents
1. Introduction and Scope . . . . . . . . . . . . . . . . . . . . 3 1. Introduction and Scope . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4
3. Assumptions & Conformance . . . . . . . . . . . . . . . . . . 5 3. Assumptions & Conformance . . . . . . . . . . . . . . . . . . 5
4. Solution Overview . . . . . . . . . . . . . . . . . . . . . . 6 4. Solution Overview . . . . . . . . . . . . . . . . . . . . . . 6
4.1. Logical View of the Integrated Scenario . . . . . . . . . 6 4.1. Logical View of the Integrated Scenario . . . . . . . . . 6
4.2. Bootstrapping Message Sequence . . . . . . . . . . . . . . 7 4.2. Bootstrapping Message Sequence . . . . . . . . . . . . . . 7
4.2.1. Home Agent allocation in the MSP . . . . . . . . . . . 7 4.2.1. Home Agent allocation in the MSP . . . . . . . . . . . 8
4.2.2. Home Agent allocation in the ASP . . . . . . . . . . . 9 4.2.2. Home Agent allocation in the ASP . . . . . . . . . . . 9
4.3. Bootstrapping Message Sequence: Fallback case . . . . . . 11 4.3. Bootstrapping Message Sequence: Fallback case . . . . . . 10
4.4. HoA and IKEv2 SA Bootstrapping in the Integrated 4.4. HoA and IKEv2 SA Bootstrapping in the Integrated
Scenario . . . . . . . . . . . . . . . . . . . . . . . . . 11 Scenario . . . . . . . . . . . . . . . . . . . . . . . . . 11
5. Security Considerations . . . . . . . . . . . . . . . . . . . 12 5. Security Considerations . . . . . . . . . . . . . . . . . . . 12
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 14 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 14
8. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 15 8. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 15
9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 16 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 16
9.1. Normative References . . . . . . . . . . . . . . . . . . . 16 9.1. Normative References . . . . . . . . . . . . . . . . . . . 16
9.2. Informative References . . . . . . . . . . . . . . . . . . 16 9.2. Informative References . . . . . . . . . . . . . . . . . . 16
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 17 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 18
Intellectual Property and Copyright Statements . . . . . . . . . . 18 Intellectual Property and Copyright Statements . . . . . . . . . . 19
1. Introduction and Scope 1. Introduction and Scope
The Mobile IPv6 protocol [RFC3775] requires the mobile node to have The Mobile IPv6 protocol [RFC3775] requires the mobile node to have
information of its Home Address, the home agent address and the information of its Home Address, the home agent address and the
cryptographic materials for establishing an IPsec security cryptographic materials for establishing an IPsec security
association with the home agent prior to initiating the registration association with the home agent prior to initiating the registration
process. The mechanism via which the mobile node obtains these process. The mechanism via which the mobile node obtains these
information is called Mobile IPv6 bootstrapping. In order to allow a information is called Mobile IPv6 bootstrapping. In order to allow a
flexible deployment model for Mobile IPv6, it is desirable to define flexible deployment model for Mobile IPv6, it is desirable to define
a bootstrapping mechanism for the mobile node to acquire these a bootstrapping mechanism for the mobile node to acquire these
parameters dynamically. [RFC4640] describes the problem statement parameters dynamically. [RFC4640] describes the problem statement
for Mobile IPv6 bootstrapping. It also defines two bootstrapping for Mobile IPv6 bootstrapping. It also defines the bootstrapping
scenarios based on the relationship between the entity that scenarios based on the relationship between the entity that
authenticates and authorizes the mobile node for network access authenticates and authorizes the mobile node for network access
(i.e., the Access Service Authorizer) and the entity that (i.e., the Access Service Authorizer) and the entity that
authenticates and authorizes the mobile node for mobility service authenticates and authorizes the mobile node for mobility service
(i.e., the Mobility Service Authorizer). The scenario in which the (i.e., the Mobility Service Authorizer). The scenario in which the
Access Service Authorizer is not the Mobility Service Authorizer is Access Service Authorizer is not the Mobility Service Authorizer is
called the "Split" scenario. The bootstrapping solution for split called the "Split" scenario. The bootstrapping solution for the
scenario is defined in [BOOT-SPLIT]. The scenario in which the split scenario is defined in [RFC5026]. The scenario in which the
Access Service Authorizer is also the Mobility Service Authorizer is Access Service Authorizer is also the Mobility Service Authorizer is
called the "Integrated" scenario. This document defines a called the "Integrated" scenario. This document defines a
bootstrapping solution for the Integrated scenario. bootstrapping solution for the Integrated scenario.
[BOOT-SPLIT] identifies four different components of the [RFC5026] identifies four different components of the bootstrapping
bootstrapping problem: home agent address discovery, HoA assignment, problem: home agent address discovery, HoA assignment, IPsec Security
IPsec Security Association setup and Authentication and Authorization Association [RFC4301] setup, and Authentication and Authorization
with the MSA. This document defines a mechanism for home agent with the MSA. This document defines a mechanism for home agent
address discovery. The other components of bootstrapping are as per address discovery. The other components of bootstrapping are as per
[BOOT-SPLIT]. [RFC5026].
In the integrated scenario, the bootstrapping of the home agent In the integrated scenario, the bootstrapping of the home agent
information can be achieved via DHCPv6. This document defines the information can be achieved via DHCPv6. This document defines the
mip6 bootstrapping procedures for the integrated scenario. It MIPv6 bootstrapping procedures for the integrated scenario. It
enables Home Agent assignment in the integrated scenario by utilizing enables Home Agent assignment in the integrated scenario by utilizing
DHCP and AAA protocols. The specification utilizes DHCP and AAA DHCP and AAA protocols. The specification utilizes DHCP and AAA
options and AVPs that are defined in [HIOPT], [MIP6-Dime], and options and AVPs that are defined in [HIOPT], [MIP6-Dime], and
[MIP6-RADIUS]. This document specifies the interworking among MN, [MIP6-RADIUS]. This document specifies the interworking among MN,
NAS, DHCP, and AAA entities for bootstrapping procedure in the NAS, DHCP, and AAA entities for the bootstrapping procedure in the
integrated scenario. integrated scenario.
2. Terminology 2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119. document are to be interpreted as described in RFC 2119.
General mobility terminology can be found in [RFC3753]. The General mobility terminology can be found in [RFC3753]. The
following additional terms, as defined in [RFC4640], are used in this following additional terms, as defined in [RFC4640], are used in this
skipping to change at page 5, line 13 skipping to change at page 5, line 13
network access service are authorized by the same entity. network access service are authorized by the same entity.
3. Assumptions & Conformance 3. Assumptions & Conformance
The following assumptions are made in this document: The following assumptions are made in this document:
a. MSA == ASA. a. MSA == ASA.
b. MSA and MSP roaming relationship is assumed but not required. b. MSA and MSP roaming relationship is assumed but not required.
c. DHCP relay and NAS are collocated or there is a mechanism to c. DHCP relay and NAS are co-located or there is a mechanism to
transfer received AAA information from the NAS to the DHCP relay. transfer received AAA information from the NAS to the DHCP relay.
Note: if assignment of home agent in the home MSP is not required by Note: If assignment of a home agent in the home MSP is not required
a deployment, collocation of the NAS and the DHCP relay functions or by a deployment, co-location of the NAS and the DHCP relay functions
a mechanism to transfer received AAA information from the NAS to the or a mechanism to transfer received AAA information from the NAS to
DHCP relay won't be necessary. In such a case, only the the DHCP relay won't be necessary. In such a case, only the
implementation of the options and procedures defined in [HIOPT] implementation of the options and procedures defined in [HIOPT]
should suffice. should suffice.
d. the NAS shall support MIPv6 specific AAA attributes as specified d. The NAS shall support MIPv6 specific AAA attributes as specified
in [MIP6-RADIUS] and [MIP6-Dime]. in [MIP6-RADIUS] and [MIP6-Dime].
e. The AAAH used for network access authentication (ASA) has access e. The AAAH used for network access authentication (ASA) has access
to the same database as the AAAH used for the mobility service to the same database as the AAAH used for the mobility service
authentication (MSA). authentication (MSA).
If home agent assignment only in the ASP is required by the If home agent assignment only in the ASP is required by the
deployment, a minimal implementation of this specification MAY only deployment, a minimal implementation of this specification MAY only
support the delivery of information from the DHCP server to the DHCP support the delivery of information from the DHCP server to the DHCP
client through [HIOPT]. However, if home agent assignment in the MSP client through [HIOPT]. However, if home agent assignment in the MSP
is required by the deployment, the implementation conforming to this is required by the deployment, an implementation conforming to this
specification SHALL be able to transfer received information (from specification SHALL be able to transfer received information (from
the AAA server) from the NAS to the DHCP relay function. This can be the AAA server) from the NAS to the DHCP relay function. This can be
achieved either by collocating the NAS and the DHCP relay functions achieved either by co-locating the NAS and the DHCP relay functions
or via an interface between these functions. The detail of this or via an interface between these functions. The detail of this
interface is out of scope of this specification. interface is out of scope of this specification.
4. Solution Overview 4. Solution Overview
4.1. Logical View of the Integrated Scenario 4.1. Logical View of the Integrated Scenario
In the integrated scenario the mobile node utilizes network access In the integrated scenario, the mobile node utilizes the network
authentication process to bootstrap Mobile IPv6. It is assumed that access authentication process to bootstrap Mobile IPv6. It is
the access service authorizer is mobility service aware. This allows assumed that the access service authorizer is mobility service aware.
for Mobile IPv6 bootstrapping at the time of access authentication This allows for Mobile IPv6 bootstrapping at the time of access
and authorization. Also, the mechanism defined in this document authentication and authorization. Also, the mechanism defined in
requires the NAS to support Mobile IPv6 specific AAA attributes and a this document requires the NAS to support Mobile IPv6 specific AAA
collocated DHCP relay agent. attributes and a co-located DHCP relay agent.
The following diagram shows the network elements and layout in the The following diagram shows the network elements and layout in the
integrated scenario: integrated scenario:
| |
ASP(/MSP) | ASA/MSA(/MSP) ASP(/MSP) | ASA/MSA(/MSP)
| |
| |
+-------+ | +-------+ +-------+ | +-------+
| | | | | | | | | |
|AAAV |-----------|--------|AAAH | |AAAV |-----------|--------|AAAH |
| | | | | | | | | |
| | | | |
+-------+ | +-------+ +-------+ | +-------+
| | | |
| | | |
| | | |
| | | |
| |
| |
| |
+-----+ +------+ | +-----+ +------+ |
+----+ | | |DHCP | | +----+ | NAS/| |DHCP | |
| MN |------| NAS/|----|Server| | | MN |------|DHCP |----|Server| |
+----+ |Relay| | | | +----+ |Relay| | | |
+-----+ +------+ | +-----+ +------+ |
| |
| |
+--------+ | +--------+ +--------+ | +--------+
| HA | | | HA | | HA | | | HA |
| in ASP | | |in MSP | | in ASP | | |in MSP |
+--------+ | +--------+ +--------+ | +--------+
Integrated Scenario, Network Diagram with DHCP Server
Figure 1. Integrated Scenario, Network Diagram with DHCP Figure 1. Integrated Scenario, Network Diagram with DHCP Server
Figure 1 shows the AAA infrastructure with a AAA client (NAS), a AAA Figure 1 shows the AAA infrastructure with an AAA client (NAS), an
proxy in the visited network and a AAA server in the home network. AAA proxy in the visited network and an AAA server in the home
The user's home network authorizes the mobile node for network access network. The user's home network authorizes the mobile node for
and also for mobility services. Note that a home agent for usage network access and also for mobility services. Note that a home
with the mobile node might be selected in the access service agent for usage with the mobile node might be selected in the access
provider's network or alternatively in the mobility service service provider's network or alternatively in the mobility service
provider's network. provider's network.
The mobile node interacts with the DHCP Server via the Relay Agent The mobile node interacts with the DHCP Server via the Relay Agent
after the network access authentication as part of the mobile node after the network access authentication as part of the mobile node
configuration procedure. configuration procedure.
4.2. Bootstrapping Message Sequence 4.2. Bootstrapping Message Sequence
In this case, the mobile node is able to acquire the home agent In this case, the mobile node is able to acquire the home agent
address via a DHCPv6 query. The message flows for home agent address via a DHCPv6 query. The message flows for home agent
allocation in the ASP and the MSP are illustrated below. In the allocation in the ASP and the MSP are illustrated below. In the
integrated scenario, the ASA and the MSA are the same, it can be integrated scenario, the ASA and the MSA are the same, it can be
safely assumed that the AAAH used for network access authentication safely assumed that the AAAH used for network access authentication
(ASA) has access to the same database as the AAAH used for the (ASA) has access to the same database as the AAAH used for the
mobility service authentication (MSA). Hence, the same AAAH can mobility service authentication (MSA). Hence, the same AAAH can
authorize the mobile node for network access and mobility service at authorize the mobile node for network access and mobility service at
the same time. When the MN performs Mobile IPv6 registration, the the same time. When the MN performs Mobile IPv6 registration, the
AAAH ensures that the MN is accessing the assigned Home Agent for AAAH ensures that the MN is accessing the assigned Home Agent for
that MSP. that MSP.
4.2.1. Home Agent allocation in the MSP Figure 2 shows the message sequence for home agent allocation in both
scenarios -- HA in the MSP, and HA in the ASP.
This section describes a scenario where the home agent is allocated
in the mobile node's MSP network(s). in order to provide the mobile
node with information about the assigned home agent the AAAH conveys
the assigned home agent's information to the NAS via AAA protocol
[MIP6-RADIUS] or [MIP6-Dime].
| |
--------------ASP------>|<--ASA+MSA-- --------------ASP------>|<--ASA+MSA--
| |
+----+ +------+ +-------+ +-----+ +----+ +------+ +-------+ +-----+
| | | | | | | | | | | | | | | |
| MN/| |NAS/ | | DHCP | |AAAH | | MN/| |NAS/ | | DHCP | |AAAH |
|User| |DHCP | | Server| | | |User| |DHCP | | Server| | |
| | |relay | | Server| | | | | |relay | | | | |
+----+ +------+ +-------+ +-----+ +----+ +------+ +-------+ +-----+
| | | | | | | |
| 1 | 1 | | | 1 | 1 | |
|<------------->|<---------------------->| |<------------->|<---------------------->|
| | | | | | | |
| | | | | | | |
| 2 | | | | 2 | | |
|-------------->| | | |-------------->| | |
| | | | | | | |
| | 3 | | | | 3 | |
| |------------>| | | |------------>| |
| | | | | | | |
| | 4 | | | | 4 | |
| |<------------| | | |<------------| |
| | | | | | | |
| 5 | | | | 5 | | |
|<--------------| | | |<--------------| | |
| | | | | | | |
Home Agent in the MSP Figure 2. Message sequence for Home Agent allocation
Figure 2. The home agent allocation in the MSP 4.2.1. Home Agent allocation in the MSP
Figure 2 shows the message sequence for home agent allocation in the This section describes a scenario where the home agent is allocated
MSP. in the mobile node's MSP network(s). In order to provide the mobile
node with information about the assigned home agent, the AAAH conveys
the assigned home agent's information to the NAS via an AAA protocol,
e.g., [MIP6-RADIUS] or [MIP6-Dime].
Figure 2 shows the message sequence for home agent allocation. In
the scenario with HA in the MSP, the following details apply.
(1) The mobile node executes the network access authentication (1) The mobile node executes the network access authentication
procedure (e.g., IEEE 802.11i/802.1X) and it interacts with the NAS. procedure (e.g., IEEE 802.11i/802.1X) and it interacts with the NAS.
The NAS is in the ASP and it interacts with the AAAH, which is in the The NAS is in the ASP and it interacts with the AAAH, which is in the
ASA/MSA, to authenticate the mobile node. In the process of ASA/MSA, to authenticate the mobile node. In the process of
authorizing the mobile node the AAAH verifies in the AAA profile that authorizing the mobile node, the AAAH verifies in the AAA profile
the mobile node is allowed to use Mobile IPv6 service. The AAAH that the mobile node is allowed to use the Mobile IPv6 service. The
assigns home agent in the home MSP and other authorized MSPs and AAAH assigns a home agent in the home MSP and it assigns one or more
returns this information to the NAS. The NAS may keep the received home agent(s) in other authorized MSPs and returns this information
information for a configurable duration or it may keep the to the NAS. The NAS may keep the received information for a
information for as long as the MN is connected to the NAS. configurable duration or it may keep the information for as long as
the MN is connected to the NAS.
(2) The mobile node sends a DHCPv6 Information Request message (2) The mobile node sends a DHCPv6 Information Request message
[RFC3315] to the All_DHCP_Relay_Agents_and_Servers multicast address. [RFC3315] to the All_DHCP_Relay_Agents_and_Servers multicast address.
In this message, the mobile node (DHCP client) SHALL include the
In this message the mobile node (DHCP client) SHALL include the Option Code for the Home Network Identifier Option [HIOPT] in the
Option Code for Home Network Identifier Option [HIOPT] in the OPTION_ORO, and a Home Network Identifier Option with id-type set to
OPTION_ORO, Home Network Identifier Option with id-type set to 1 and 1 and the Home Network Identifier field set to the network realm of
the Home Network Identifier field set to the network realm of the the home MSP [HIOPT]. The mobile node SHALL also include the
home MSP [HIOPT]. The mobile node SHALL also include the
OPTION_CLIENTID to identify itself to the DHCP server. OPTION_CLIENTID to identify itself to the DHCP server.
(3) The Relay Agent intercepts the Information Request from the (3) The Relay Agent intercepts the Information Request from the
mobile node and forwards it to the DHCP server. The Relay Agent also mobile node and forwards it to the DHCP server. The Relay Agent also
includes the received home agent information from the AAAH in the includes the received home agent information from the AAAH in the
OPTION_MIP6-RELAY-Option [HIOPT]. If a NAS implementation does not OPTION_MIP6-RELAY-Option [HIOPT]. If a NAS implementation does not
store the received information as long as the MN's session remains in store the received information as long as the MN's session remains in
the ASP, and if the MN delays sending DHCP request, the NAS/DHCP the ASP, and if the MN delays sending a DHCP request, the NAS/DHCP
relay does not include the OPTION_MIP6-RELAY-Option in the Relay relay does not include the OPTION_MIP6-RELAY-Option in the Relay
Forward message. Forward message.
(4) The DHCP server identifies the client by looking at the DUID for (4) The DHCP server identifies the client by looking at the DUID for
the client in the OPTION_CLIENTID. The DHCP server also determines the client in the OPTION_CLIENTID. The DHCP server also determines
that the mobile node is requesting home agent information in the MSP that the mobile node is requesting home agent information in the MSP
by looking at the Home Network Identifier Option (id-type 1). The by looking at the Home Network Identifier Option (id-type 1). The
DHCP server determines that the home agent is allocated by the AAAH DHCP server determines that the home agent is allocated by the AAAH
by looking at the MIP6 home agent sub-option in the OPTION_MIP6- by looking at the MIP6 home agent sub-option in the OPTION_MIP6-
RELAY-Option. The DHCP server extracts the allocated home agent RELAY-Option. The DHCP server extracts the allocated home agent
skipping to change at page 10, line 5 skipping to change at page 9, line 51
information that it requested. information that it requested.
4.2.2. Home Agent allocation in the ASP 4.2.2. Home Agent allocation in the ASP
This section describes a scenario where the mobile node requests for This section describes a scenario where the mobile node requests for
home agent allocation in the ASP by setting the id-type field to zero home agent allocation in the ASP by setting the id-type field to zero
in the Home Network Identifier Option [HIOPT] in the DHCPv6 request in the Home Network Identifier Option [HIOPT] in the DHCPv6 request
message. In this scenario, the ASP becomes the MSP for the duration message. In this scenario, the ASP becomes the MSP for the duration
of the network access authentication session. of the network access authentication session.
| Figure 2 shows the message sequence for home agent allocation. In
--------------ASP-------->|<--ASA+MSA-- the scenario with HA in the ASP, the following details apply.
|
+----+ +-------+ +-------+ +------+
| | | | | | | |
| MN/| | NAS/ | | DHCP | |AAAH |
|User| | DHCP | | Server| | |
| | | relay | | Server| | |
+----+ +-------+ +-------+ +------+
| | | |
| 1 | 1 | |
|<------------->|<------------------------>|
| | | |
| | | |
| 2 | | |
|-------------->| | |
| | | |
| | 3 | |
| |------------->| |
| | | |
| | 4 | |
| |<-------------| |
| | | |
| 5 | | |
|<--------------| | |
| | | |
Home Agent in the ASP
Figure 3. The home agent allocation in the ASP
Figure 3 shows the message sequence for home agent allocation in the
ASP.
(1) The mobile node executes the network access authentication (1) The mobile node executes the network access authentication
procedure (e.g., IEEE 802.11i/802.1X) and it interacts with the NAS. procedure (e.g., IEEE 802.11i/802.1X) and it interacts with the NAS.
The NAS is in the ASP and it interacts with the AAAH, which is in the The NAS is in the ASP and it interacts with the AAAH, which is in the
ASA/MSA, to authenticate the mobile node. In the process of ASA/MSA, to authenticate the mobile node. In the process of
authorizing the mobile node the AAAH verifies in the AAA profile that authorizing the mobile node, the AAAH verifies in the AAA profile
the mobile node is allowed to use Mobile IPv6 services. The AAAH that the mobile node is allowed to use the Mobile IPv6 services. The
assigns a home agent in the home MSP and returns this information to AAAH assigns a home agent in the home MSP and it assigns one or more
the NAS. Note that the AAAH is not aware of the fact that the mobile home agent(s) in other authorized MSPs and returns this information
node prefers a home agent allocation in the ASP. Therefore the to the NAS. Note that the AAAH is not aware of the fact that the
assigned home agent may not be used by the mobile node. This leaves mobile node prefers a home agent allocation in the ASP. Therefore
the location of the mobility anchor point decision to the mobile the assigned home agent may not be used by the mobile node. This
node. leaves the location of the mobility anchor point decision to the
mobile node.
(2) The mobile node sends a DHCPv6 Information Request message (2) The mobile node sends a DHCPv6 Information Request message
[RFC3315] to the All_DHCP_Relay_Agents_and_Servers multicast address. [RFC3315] to the All_DHCP_Relay_Agents_and_Servers multicast address.
In this message the mobile node (DHCP client) SHALL include the In this message, the mobile node (DHCP client) SHALL include the
Option Code for Home Network Identifier Option [HIOPT] in the Option Code for the Home Network Identifier Option [HIOPT] in the
OPTION_ORO, Home Network Identifier Option with id-type set to 0. OPTION_ORO, and a Home Network Identifier Option with id-type set to
The mobile node SHALL also include the OPTION_CLIENTID to identify 0. The mobile node SHALL also include the OPTION_CLIENTID to
itself to the DHCP server. identify itself to the DHCP server.
(3) The Relay Agent intercepts the Information Request from the (3) The Relay Agent intercepts the Information Request from the
mobile node and forwards it to the DHCP server. The Relay Agent mobile node and forwards it to the DHCP server. The Relay Agent
(which is the NAS) also includes the received AAA AVP from the AAAH (which is the NAS) also includes the received AAA AVP from the AAAH
in the OPTION_MIP6-RELAY-Option [HIOPT]. in the OPTION_MIP6-RELAY-Option [HIOPT].
(4) The DHCP server identifies the client by looking at the DUID for (4) The DHCP server identifies the client by looking at the DUID for
the client in the OPTION_CLIENTID. The DHCP server also determines the client in the OPTION_CLIENTID. The DHCP server also determines
that the mobile node is requesting home agent information in the ASP that the mobile node is requesting home agent information in the ASP
by looking at the Home Network Identifier Option (id-type 0). If by looking at the Home Network Identifier Option (id-type 0). If
configured to do so, the DHCP server allocates an home agent from its configured to do so, the DHCP server allocates a home agent from its
configured list of home agents and includes it in the Home Network configured list of home agents and includes it in the Home Network
Information Option [HIOPT] in the Reply Message. Note that in this Information Option [HIOPT] in the Reply Message. Note that in this
case, the DHCP server does not use the received information in the case, the DHCP server does not use the received information in the
OPTION_MIP6-RELAY-Option. OPTION_MIP6-RELAY-Option.
(5) The Relay Agent relays the Reply Message from the DHCP server to (5) The Relay Agent relays the Reply Message from the DHCP server to
the mobile node. At this point, the mobile node has the home agent the mobile node. At this point, the mobile node has the home agent
information that it requested. information that it requested.
4.3. Bootstrapping Message Sequence: Fallback case 4.3. Bootstrapping Message Sequence: Fallback case
In the fallback case, the mobile node is not able to acquire the home In the fallback case, the mobile node is not able to acquire the home
agent information via DHCPv6. The mobile node MAY perform DNS agent information via DHCPv6. The mobile node MAY perform DNS
queries to discover the home agent address as defined in queries to discover the home agent address as defined in [RFC5026].
[BOOT-SPLIT]. To perform DNS based home agent discovery, the mobile
node needs to know the DNS server address. The details of how the MN To perform DNS based home agent discovery, the mobile node needs to
is configured with the DNS server address is outside the scope of know the DNS server address. The details of how the MN is configured
this document. with the DNS server address is outside the scope of this document.
4.4. HoA and IKEv2 SA Bootstrapping in the Integrated Scenario 4.4. HoA and IKEv2 SA Bootstrapping in the Integrated Scenario
In the integrated scenario, the HoA, IPsec Security Associations In the integrated scenario, the HoA, IPsec Security Association
setup, and Authentication and Authorization with the MSA are setup, and Authentication and Authorization with the MSA are
bootstrapped via the same mechanism as described in the bootstrapping bootstrapped via the same mechanism as described in the bootstrapping
solution for split scenario [BOOT-SPLIT]. solution for the split scenario [RFC5026].
5. Security Considerations 5. Security Considerations
The transport of the assigned home agent information via the AAA The transport of the assigned home agent information via the AAA
infrastructure (i.e., from the AAA server to the AAA client) to the infrastructure (i.e., from the AAA server to the AAA client) to the
NAS may only be integrity protected as per standard RADIUS and NAS may only be integrity protected as per standard RADIUS and
Diameter security mechanisms. No additional security considerations Diameter security mechanisms. No additional security considerations
are imposed by the usage of this document. The security mechanisms are imposed by the usage of this document. The security mechanisms
provided by [RFC2865] and [RFC3588] are applicable for this purpose. provided by [RFC2865] and [RFC3588] are applicable for this purpose.
This document does not introduce any new security issues to Mobile This document does not introduce any new security issues to Mobile
IPv6. IPv6.
6. IANA Considerations 6. IANA Considerations
None None
7. Acknowledgements 7. Acknowledgements
The authors would like to thank Kilian Weniger, Vidya Narayanan, and The authors would like to thank Kilian Weniger, Vidya Narayanan, and
George Tsirtsis for their review and comments. George Tsirtsis for their review and comments. Thanks to Alfred
Hoenes for thorough review and valuable suggestions to improve the
readability of the document.
8. Contributors 8. Contributors
This contribution is a joint effort of the bootstrapping solution This contribution is a joint effort of the bootstrapping solution
design team of the MIP6 WG. The contributors include Gerardo design team of the MEXT WG. The contributors include Gerardo
Giaretta, Basavaraj Patil, Alpesh Patel, Jari Arkko, James Kempf, Giaretta, Basavaraj Patil, Alpesh Patel, Jari Arkko, James Kempf,
Gopal Dommety, Alper Yegin, Junghoon Jee, Vijay Devarapalli, Kuntal Gopal Dommety, Alper Yegin, Junghoon Jee, Vijay Devarapalli, Kuntal
Chowdhury, Julien Bournelle, and Hannes Tschofenig. Chowdhury, Julien Bournelle, and Hannes Tschofenig.
The design team members can be reached at: The design team members can be reached at:
Gerardo Giaretta gerardog@qualcomm.com Gerardo Giaretta gerardog@qualcomm.com
Basavaraj Patil basavaraj.patil@nsn.com Basavaraj Patil basavaraj.patil@nsn.com
skipping to change at page 16, line 9 skipping to change at page 16, line 9
Kuntal Chowdhury kchowdhury@starentnetworks.com Kuntal Chowdhury kchowdhury@starentnetworks.com
Julien Bournelle julien.bournelle@orange-ftgroup.com Julien Bournelle julien.bournelle@orange-ftgroup.com
Hannes Tschofenig hannes.tschofenig@nsn.com Hannes Tschofenig hannes.tschofenig@nsn.com
9. References 9. References
9.1. Normative References 9.1. Normative References
[BOOT-SPLIT]
Giaretta et. al., A., "Mobile IPv6 bootstrapping in split
scenario.", draft-ietf-mip6-bootstrapping-split-05.txt
(work in progress), May 2007.
[HIOPT] Hee Jang et. al., A., "DHCP Option for Home Agent [HIOPT] Hee Jang et. al., A., "DHCP Option for Home Agent
Discovery in MIPv6.", draft-ietf-mip6-hiopt-03.txt (work Discovery in MIPv6.", draft-ietf-mip6-hiopt-15.txt (work
in progress), May 2007. in progress), April 2008.
[MIP6-Dime] [MIP6-Dime]
Korhonen et. al., J., "Diameter Mobile IPv6: NAS - HAAA Korhonen et. al., J., "Diameter Mobile IPv6: NAS - HAAA
Support.", draft-ietf-dime-mip6-integrated-04.txt (work in Support.", draft-ietf-dime-mip6-integrated-04.txt (work in
progress), May 2007. progress), May 2007.
[MIP6-RADIUS] [MIP6-RADIUS]
Chowdhury et. al., K., "RADIUS Mobile IPv6 Support.", Lior et. al., A., "RADIUS Mobile IPv6 Support.",
draft-ietf-mip6-radius-02.txt (work in progress), draft-ietf-mip6-radius-03.txt (work in progress),
March 2007. November 2007.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson, [RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson,
"Remote Authentication Dial In User Service (RADIUS)", "Remote Authentication Dial In User Service (RADIUS)",
RFC 2865, June 2000. RFC 2865, June 2000.
[RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C.,
and M. Carney, "Dynamic Host Configuration Protocol for and M. Carney, "Dynamic Host Configuration Protocol for
IPv6 (DHCPv6)", RFC 3315, July 2003. IPv6 (DHCPv6)", RFC 3315, July 2003.
[RFC3588] Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J. [RFC3588] Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J.
Arkko, "Diameter Base Protocol", RFC 3588, September 2003. Arkko, "Diameter Base Protocol", RFC 3588, September 2003.
[RFC3775] Johnson, D., Perkins, C., and J. Arkko, "Mobility Support [RFC3775] Johnson, D., Perkins, C., and J. Arkko, "Mobility Support
in IPv6", RFC 3775, June 2004. in IPv6", RFC 3775, June 2004.
[RFC5026] Giaretta, G., Kempf, J., and V. Devarapalli, "Mobile IPv6
Bootstrapping in Split Scenario", RFC 5026, October 2007.
9.2. Informative References 9.2. Informative References
[RFC3753] Manner, J. and M. Kojo, "Mobility Related Terminology", [RFC3753] Manner, J. and M. Kojo, "Mobility Related Terminology",
RFC 3753, June 2004. RFC 3753, June 2004.
[RFC4301] Kent, S. and K. Seo, "Security Architecture for the
Internet Protocol", RFC 4301, December 2005.
[RFC4640] Patel, A. and G. Giaretta, "Problem Statement for [RFC4640] Patel, A. and G. Giaretta, "Problem Statement for
bootstrapping Mobile IPv6 (MIPv6)", RFC 4640, bootstrapping Mobile IPv6 (MIPv6)", RFC 4640,
September 2006. September 2006.
Authors' Addresses Authors' Addresses
Kuntal Chowdhury Kuntal Chowdhury
Starent Networks Starent Networks
30 International Place 30 International Place
Tewksbury, MA 01876 Tewksbury, MA 01876
US US
Phone: +1 214-550-1416
Email: kchowdhury@starentnetworks.com Email: kchowdhury@starentnetworks.com
Alper Yegin Alper Yegin
Samsung AIT Samsung AIT
Istanbul, Istanbul,
Turkey Turkey
Phone:
Email: a.yegin@partner.samsung.com Email: a.yegin@partner.samsung.com
Full Copyright Statement Full Copyright Statement
Copyright (C) The IETF Trust (2007). Copyright (C) The IETF Trust (2008).
This document is subject to the rights, licenses and restrictions This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors contained in BCP 78, and except as set forth therein, the authors
retain all their rights. retain all their rights.
This document and the information contained herein are provided on an This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
skipping to change at page 18, line 44 skipping to change at line 566
attempt made to obtain a general license or permission for the use of attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr. http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at this standard. Please address the information to the IETF at
ietf-ipr@ietf.org. ietf-ipr@ietf.org.
Acknowledgment
Funding for the RFC Editor function is provided by the IETF
Administrative Support Activity (IASA).
 End of changes. 51 change blocks. 
145 lines changed or deleted 108 lines changed or added

This html diff was produced by rfcdiff 1.34. The latest version is available from http://tools.ietf.org/tools/rfcdiff/