draft-ietf-mobileip-ipv6-21.txt   draft-ietf-mobileip-ipv6-22.txt 
IETF Mobile IP Working Group D. Johnson IETF Mobile IP Working Group D. Johnson
Internet-Draft Rice University Internet-Draft Rice University
Expires: August 27, 2003 C. Perkins Expires: November 24, 2003 C. Perkins
Nokia Research Center Nokia Research Center
J. Arkko J. Arkko
Ericsson Ericsson
February 26, 2003 May 26, 2003
Mobility Support in IPv6 Mobility Support in IPv6
draft-ietf-mobileip-ipv6-21.txt draft-ietf-mobileip-ipv6-22.txt
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026. all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as other groups may also distribute working documents as
Internet-Drafts. Internet-Drafts.
skipping to change at page 1, line 35 skipping to change at page 1, line 35
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at http:// The list of current Internet-Drafts can be accessed at http://
www.ietf.org/ietf/1id-abstracts.txt. www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on August 27, 2003. This Internet-Draft will expire on November 24, 2003.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2003). All Rights Reserved. Copyright (C) The Internet Society (2003). All Rights Reserved.
Abstract Abstract
This document specifies the operation of the IPv6 Internet with This document specifies a protocol which allows nodes to remain
mobile computers. Each mobile node is always identified by its home reachable while moving around in the IPv6 Internet. Each mobile node
address, regardless of its current point of attachment to the is always identified by its home address, regardless of its current
Internet. While situated away from its home, a mobile node is also point of attachment to the Internet. While situated away from its
associated with a care-of address, which provides information about home, a mobile node is also associated with a care-of address, which
the mobile node's current location. IPv6 packets addressed to a provides information about the mobile node's current location. IPv6
mobile node's home address are transparently routed to its care-of packets addressed to a mobile node's home address are transparently
address. The protocol enables IPv6 nodes to cache the binding of a routed to its care-of address. The protocol enables IPv6 nodes to
mobile node's home address with its care-of address, and to then send cache the binding of a mobile node's home address with its care-of
any packets destined for the mobile node directly to it at this address, and to then send any packets destined for the mobile node
care-of address. To support this operation, Mobile IPv6 defines a directly to it at this care-of address. To support this operation,
new IPv6 protocol and a new destination option. All IPv6 nodes, Mobile IPv6 defines a new IPv6 protocol and a new destination option.
whether mobile or stationary can communicate with mobile nodes. All IPv6 nodes, whether mobile or stationary can communicate with
mobile nodes.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . 6 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . 6
2. Comparison with Mobile IP for IPv4 . . . . . . . . . . . . 8 2. Comparison with Mobile IP for IPv4 . . . . . . . . . . . . 8
3. Terminology . . . . . . . . . . . . . . . . . . . . . . . 9 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . 9
3.1 General Terms . . . . . . . . . . . . . . . . . . . 9 3.1 General Terms . . . . . . . . . . . . . . . . . . . 9
3.2 Mobile IPv6 Terms . . . . . . . . . . . . . . . . . 11 3.2 Mobile IPv6 Terms . . . . . . . . . . . . . . . . . 11
4. Overview of Mobile IPv6 . . . . . . . . . . . . . . . . . 15 4. Overview of Mobile IPv6 . . . . . . . . . . . . . . . . . 15
4.1 Basic Operation . . . . . . . . . . . . . . . . . . 15 4.1 Basic Operation . . . . . . . . . . . . . . . . . . 15
skipping to change at page 2, line 32 skipping to change at page 2, line 33
4.5 Conceptual Data Structure Terminology . . . . . . . 18 4.5 Conceptual Data Structure Terminology . . . . . . . 18
4.6 Site-Local Addressability . . . . . . . . . . . . . 19 4.6 Site-Local Addressability . . . . . . . . . . . . . 19
5. Overview of Mobile IPv6 Security . . . . . . . . . . . . . 20 5. Overview of Mobile IPv6 Security . . . . . . . . . . . . . 20
5.1 Binding Updates to Home Agents . . . . . . . . . . . 20 5.1 Binding Updates to Home Agents . . . . . . . . . . . 20
5.2 Binding Updates to Correspondent Nodes . . . . . . . 21 5.2 Binding Updates to Correspondent Nodes . . . . . . . 21
5.2.1 Node Keys . . . . . . . . . . . . . . . . . 22 5.2.1 Node Keys . . . . . . . . . . . . . . . . . 22
5.2.2 Nonces . . . . . . . . . . . . . . . . . . . 22 5.2.2 Nonces . . . . . . . . . . . . . . . . . . . 22
5.2.3 Cookies and Tokens . . . . . . . . . . . . . 23 5.2.3 Cookies and Tokens . . . . . . . . . . . . . 23
5.2.4 Cryptographic Functions . . . . . . . . . . 23 5.2.4 Cryptographic Functions . . . . . . . . . . 23
5.2.5 Return Routability Procedure . . . . . . . . 23 5.2.5 Return Routability Procedure . . . . . . . . 23
5.2.6 Authorizing Binding Management Messages . . 27 5.2.6 Authorizing Binding Management Messages . . 28
5.2.7 Updating Node Keys and Nonces . . . . . . . 29 5.2.7 Updating Node Keys and Nonces . . . . . . . 30
5.2.8 Preventing Replay Attacks . . . . . . . . . 31 5.2.8 Preventing Replay Attacks . . . . . . . . . 31
5.3 Dynamic Home Agent Address Discovery . . . . . . . . 31 5.3 Dynamic Home Agent Address Discovery . . . . . . . . 31
5.4 Prefix Discovery . . . . . . . . . . . . . . . . . . 31 5.4 Mobile Prefix Discovery . . . . . . . . . . . . . . 31
5.5 Payload Packets . . . . . . . . . . . . . . . . . . 31 5.5 Payload Packets . . . . . . . . . . . . . . . . . . 32
6. New IPv6 Protocol, Message Types, and Destination Option . 33 6. New IPv6 Protocol, Message Types, and Destination Option . 33
6.1 Mobility Header . . . . . . . . . . . . . . . . . . 33 6.1 Mobility Header . . . . . . . . . . . . . . . . . . 33
6.1.1 Format . . . . . . . . . . . . . . . . . . . 33 6.1.1 Format . . . . . . . . . . . . . . . . . . . 33
6.1.2 Binding Refresh Request Message . . . . . . 35 6.1.2 Binding Refresh Request Message . . . . . . 35
6.1.3 Home Test Init Message . . . . . . . . . . . 36 6.1.3 Home Test Init Message . . . . . . . . . . . 36
6.1.4 Care-of Test Init Message . . . . . . . . . 37 6.1.4 Care-of Test Init Message . . . . . . . . . 37
6.1.5 Home Test Message . . . . . . . . . . . . . 38 6.1.5 Home Test Message . . . . . . . . . . . . . 38
6.1.6 Care-of Test Message . . . . . . . . . . . . 39 6.1.6 Care-of Test Message . . . . . . . . . . . . 39
6.1.7 Binding Update Message . . . . . . . . . . . 40 6.1.7 Binding Update Message . . . . . . . . . . . 41
6.1.8 Binding Acknowledgement Message . . . . . . 42 6.1.8 Binding Acknowledgement Message . . . . . . 43
6.1.9 Binding Error Message . . . . . . . . . . . 45 6.1.9 Binding Error Message . . . . . . . . . . . 46
6.2 Mobility Options . . . . . . . . . . . . . . . . . . 46 6.2 Mobility Options . . . . . . . . . . . . . . . . . . 47
6.2.1 Format . . . . . . . . . . . . . . . . . . . 47 6.2.1 Format . . . . . . . . . . . . . . . . . . . 48
6.2.2 Pad1 . . . . . . . . . . . . . . . . . . . . 48 6.2.2 Pad1 . . . . . . . . . . . . . . . . . . . . 48
6.2.3 PadN . . . . . . . . . . . . . . . . . . . . 48 6.2.3 PadN . . . . . . . . . . . . . . . . . . . . 49
6.2.4 Binding Refresh Advice . . . . . . . . . . . 48 6.2.4 Binding Refresh Advice . . . . . . . . . . . 49
6.2.5 Alternate Care-of Address . . . . . . . . . 49 6.2.5 Alternate Care-of Address . . . . . . . . . 50
6.2.6 Nonce Indices . . . . . . . . . . . . . . . 49 6.2.6 Nonce Indices . . . . . . . . . . . . . . . 50
6.2.7 Binding Authorization Data . . . . . . . . . 50 6.2.7 Binding Authorization Data . . . . . . . . . 51
6.3 Home Address Option . . . . . . . . . . . . . . . . 51 6.3 Home Address Option . . . . . . . . . . . . . . . . 52
6.4 Type 2 Routing Header . . . . . . . . . . . . . . . 53 6.4 Type 2 Routing Header . . . . . . . . . . . . . . . 54
6.4.1 Format . . . . . . . . . . . . . . . . . . . 53 6.4.1 Format . . . . . . . . . . . . . . . . . . . 54
6.5 ICMP Home Agent Address Discovery Request Message . 55 6.5 ICMP Home Agent Address Discovery Request Message . 56
6.6 ICMP Home Agent Address Discovery Reply Message . . 56 6.6 ICMP Home Agent Address Discovery Reply Message . . 57
6.7 ICMP Mobile Prefix Solicitation Message Format . . . 57 6.7 ICMP Mobile Prefix Solicitation Message Format . . . 58
6.8 ICMP Mobile Prefix Advertisement Message Format . . 59 6.8 ICMP Mobile Prefix Advertisement Message Format . . 60
7. Modifications to IPv6 Neighbor Discovery . . . . . . . . . 62 7. Modifications to IPv6 Neighbor Discovery . . . . . . . . . 63
7.1 Modified Router Advertisement Message Format . . . . 62 7.1 Modified Router Advertisement Message Format . . . . 63
7.2 Modified Prefix Information Option Format . . . . . 62 7.2 Modified Prefix Information Option Format . . . . . 63
7.3 New Advertisement Interval Option Format . . . . . . 64 7.3 New Advertisement Interval Option Format . . . . . . 65
7.4 New Home Agent Information Option Format . . . . . . 65 7.4 New Home Agent Information Option Format . . . . . . 66
7.5 Changes to Sending Router Advertisements . . . . . . 66 7.5 Changes to Sending Router Advertisements . . . . . . 68
7.6 Changes to Duplicate Address Detection . . . . . . . 68 8. Requirements for Types of IPv6 Nodes . . . . . . . . . . . 70
8. Requirements for Types of IPv6 Nodes . . . . . . . . . . . 69 8.1 All IPv6 Nodes . . . . . . . . . . . . . . . . . . . 70
8.1 All IPv6 Nodes . . . . . . . . . . . . . . . . . . . 69 8.2 IPv6 Nodes with Support for Route Optimization . . . 70
8.2 IPv6 Nodes with Support for Route Optimization . . . 69 8.3 All IPv6 Routers . . . . . . . . . . . . . . . . . . 72
8.3 All IPv6 Routers . . . . . . . . . . . . . . . . . . 71 8.4 IPv6 Home Agents . . . . . . . . . . . . . . . . . . 72
8.4 IPv6 Home Agents . . . . . . . . . . . . . . . . . . 71 8.5 IPv6 Mobile Nodes . . . . . . . . . . . . . . . . . 74
8.5 IPv6 Mobile Nodes . . . . . . . . . . . . . . . . . 73 9. Correspondent Node Operation . . . . . . . . . . . . . . . 76
9. Correspondent Node Operation . . . . . . . . . . . . . . . 75 9.1 Conceptual Data Structures . . . . . . . . . . . . . 76
9.1 Conceptual Data Structures . . . . . . . . . . . . . 75 9.2 Processing Mobility Headers . . . . . . . . . . . . 77
9.2 Processing Mobility Headers . . . . . . . . . . . . 76 9.3 Packet Processing . . . . . . . . . . . . . . . . . 77
9.3 Packet Processing . . . . . . . . . . . . . . . . . 76 9.3.1 Receiving Packets with Home Address Option . 77
9.3.1 Receiving Packets with Home Address Option . 76 9.3.2 Sending Packets to a Mobile Node . . . . . . 78
9.3.2 Sending Packets to a Mobile Node . . . . . . 77 9.3.3 Sending Binding Error Messages . . . . . . . 80
9.3.3 Sending Binding Error Messages . . . . . . . 79 9.3.4 Receiving ICMP Error Messages . . . . . . . 80
9.3.4 Receiving ICMP Error Messages . . . . . . . 79 9.4 Return Routability Procedure . . . . . . . . . . . . 81
9.4 Return Routability Procedure . . . . . . . . . . . . 80 9.4.1 Receiving Home Test Init Messages . . . . . 81
9.4.1 Receiving Home Test Init Messages . . . . . 80 9.4.2 Receiving Care-of Test Init Messages . . . . 81
9.4.2 Receiving Care-of Test Init Messages . . . . 80 9.4.3 Sending Home Test Messages . . . . . . . . . 82
9.4.3 Sending Home Test Messages . . . . . . . . . 80 9.4.4 Sending Care-of Test Messages . . . . . . . 82
9.4.4 Sending Care-of Test Messages . . . . . . . 81 9.5 Processing Bindings . . . . . . . . . . . . . . . . 82
9.5 Processing Bindings . . . . . . . . . . . . . . . . 81 9.5.1 Receiving Binding Updates . . . . . . . . . 82
9.5.1 Receiving Binding Updates . . . . . . . . . 81 9.5.2 Requests to Cache a Binding . . . . . . . . 85
9.5.2 Requests to Cache a Binding . . . . . . . . 83 9.5.3 Requests to Delete a Binding . . . . . . . . 85
9.5.3 Requests to Delete a Binding . . . . . . . . 84 9.5.4 Sending Binding Acknowledgements . . . . . . 86
9.5.4 Sending Binding Acknowledgements . . . . . . 84 9.5.5 Sending Binding Refresh Requests . . . . . . 87
9.5.5 Sending Binding Refresh Requests . . . . . . 85 9.6 Cache Replacement Policy . . . . . . . . . . . . . . 87
9.6 Cache Replacement Policy . . . . . . . . . . . . . . 86 10. Home Agent Operation . . . . . . . . . . . . . . . . . . . 89
10. Home Agent Operation . . . . . . . . . . . . . . . . . . . 88 10.1 Conceptual Data Structures . . . . . . . . . . . . . 89
10.1 Conceptual Data Structures . . . . . . . . . . . . . 88 10.2 Processing Mobility Headers . . . . . . . . . . . . 90
10.2 Processing Mobility Headers . . . . . . . . . . . . 89 10.3 Processing Bindings . . . . . . . . . . . . . . . . 90
10.3 Processing Bindings . . . . . . . . . . . . . . . . 89 10.3.1 Primary Care-of Address Registration . . . . 90
10.3.1 Primary Care-of Address Registration . . . . 89 10.3.2 Primary Care-of Address De-Registration . . 94
10.3.2 Primary Care-of Address De-Registration . . 93 10.4 Packet Processing . . . . . . . . . . . . . . . . . 95
10.4 Packet Processing . . . . . . . . . . . . . . . . . 94 10.4.1 Intercepting Packets for a Mobile Node . . . 95
10.4.1 Intercepting Packets for a Mobile Node . . . 94 10.4.2 Processing Intercepted Packets . . . . . . . 97
10.4.2 Processing Intercepted Packets . . . . . . . 95 10.4.3 Multicast Membership Control . . . . . . . . 98
10.4.3 Multicast Membership Control . . . . . . . . 97 10.4.4 Stateful Address Autoconfiguration . . . . . 99
10.4.4 Stateful Address Autoconfiguration . . . . . 98 10.4.5 Handling Reverse Tunneled Packets . . . . . 100
10.4.5 Handling Reverse Tunneled Packets . . . . . 98 10.4.6 Protecting Return Routability Packets . . . 100
10.4.6 Protecting Return Routability Packets . . . 99 10.5 Dynamic Home Agent Address Discovery . . . . . . . .101
10.5 Dynamic Home Agent Address Discovery . . . . . . . . 99 10.5.1 Receiving Router Advertisement Messages . . 101
10.5.1 Receiving Router Advertisement Messages . . 100 10.6 Sending Prefix Information to the Mobile Node . . .103
10.6 Sending Prefix Information to the Mobile Node . . .102 10.6.1 List of Home Network Prefixes . . . . . . . 103
10.6.1 Aggregate List of Home Network Prefixes . . 102 10.6.2 Scheduling Prefix Deliveries . . . . . . . . 104
10.6.2 Scheduling Prefix Deliveries . . . . . . . . 103 10.6.3 Sending Advertisements . . . . . . . . . . . 106
10.6.3 Sending Advertisements . . . . . . . . . . . 105 10.6.4 Lifetimes for Changed Prefixes . . . . . . . 107
10.6.4 Lifetimes for Changed Prefixes . . . . . . . 106 11. Mobile Node Operation . . . . . . . . . . . . . . . . . . 108
11. Mobile Node Operation . . . . . . . . . . . . . . . . . . 107 11.1 Conceptual Data Structures . . . . . . . . . . . . .108
11.1 Conceptual Data Structures . . . . . . . . . . . . .107 11.2 Processing Mobility Headers . . . . . . . . . . . .109
11.2 Processing Mobility Headers . . . . . . . . . . . .108 11.3 Packet Processing . . . . . . . . . . . . . . . . .110
11.3 Packet Processing . . . . . . . . . . . . . . . . .108 11.3.1 Sending Packets While Away from Home . . . . 110
11.3.1 Sending Packets While Away from Home . . . . 109 11.3.2 Interaction with Outbound IPsec Processing . 113
11.3.2 Interaction with Outbound IPsec Processing . 111 11.3.3 Receiving Packets While Away from Home . . . 115
11.3.3 Receiving Packets While Away from Home . . . 113 11.3.4 Routing Multicast Packets . . . . . . . . . 116
11.3.4 Routing Multicast Packets . . . . . . . . . 114 11.3.5 Receiving ICMP Error Messages . . . . . . . 118
11.3.5 Receiving ICMP Error Messages . . . . . . . 116 11.3.6 Receiving Binding Error Messages . . . . . . 118
11.3.6 Receiving Binding Error Messages . . . . . . 116 11.4 Home Agent and Prefix Management . . . . . . . . . .119
11.4 Home Agent and Prefix Management . . . . . . . . . .117 11.4.1 Dynamic Home Agent Address Discovery . . . . 119
11.4.1 Dynamic Home Agent Address Discovery . . . . 117 11.4.2 Sending Mobile Prefix Solicitations . . . . 120
11.4.2 Sending Mobile Prefix Solicitations . . . . 118 11.4.3 Receiving Mobile Prefix Advertisements . . . 121
11.4.3 Receiving Mobile Prefix Advertisements . . . 119 11.5 Movement . . . . . . . . . . . . . . . . . . . . . .122
11.5 Movement . . . . . . . . . . . . . . . . . . . . . .120 11.5.1 Movement Detection . . . . . . . . . . . . . 122
11.5.1 Movement Detection . . . . . . . . . . . . . 120 11.5.2 Forming New Care-of Addresses . . . . . . . 124
11.5.2 Forming New Care-of Addresses . . . . . . . 123 11.5.3 Using Multiple Care-of Addresses . . . . . . 125
11.5.3 Using Multiple Care-of Addresses . . . . . . 123 11.5.4 Returning Home . . . . . . . . . . . . . . . 126
11.5.4 Returning Home . . . . . . . . . . . . . . . 124 11.6 Return Routability Procedure . . . . . . . . . . . .128
11.6 Return Routability Procedure . . . . . . . . . . . .126 11.6.1 Sending Test Init Messages . . . . . . . . . 128
11.6.1 Sending Test Init Messages . . . . . . . . . 126 11.6.2 Receiving Test Messages . . . . . . . . . . 129
11.6.2 Receiving Test Messages . . . . . . . . . . 127 11.6.3 Protecting Return Routability Packets . . . 130
11.6.3 Protecting Return Routability Packets . . . 128 11.7 Processing Bindings . . . . . . . . . . . . . . . .130
11.7 Processing Bindings . . . . . . . . . . . . . . . .128 11.7.1 Sending Binding Updates to the Home Agent . 131
11.7.1 Sending Binding Updates to the Home Agent . 128 11.7.2 Correspondent Registration . . . . . . . . . 133
11.7.2 Correspondent Binding Procedure . . . . . . 131 11.7.3 Receiving Binding Acknowledgements . . . . . 136
11.7.3 Receiving Binding Acknowledgements . . . . . 134 11.7.4 Receiving Binding Refresh Requests . . . . . 138
11.7.4 Receiving Binding Refresh Requests . . . . . 136 11.8 Retransmissions and Rate Limiting . . . . . . . . .139
11.8 Retransmissions and Rate Limiting . . . . . . . . .137 12. Protocol Constants . . . . . . . . . . . . . . . . . . . . 141
12. Protocol Constants . . . . . . . . . . . . . . . . . . . . 139 13. Protocol Configuration Variables . . . . . . . . . . . . . 142
13. Protocol Configuration Variables . . . . . . . . . . . . . 140 14. IANA Considerations . . . . . . . . . . . . . . . . . . . 143
14. IANA Considerations . . . . . . . . . . . . . . . . . . . 141 15. Security Considerations . . . . . . . . . . . . . . . . . 145
15. Security Considerations . . . . . . . . . . . . . . . . . 143 15.1 Threats . . . . . . . . . . . . . . . . . . . . . .145
15.1 Threats . . . . . . . . . . . . . . . . . . . . . .143 15.2 Features . . . . . . . . . . . . . . . . . . . . . .147
15.2 Features . . . . . . . . . . . . . . . . . . . . . .145 15.3 Binding Updates to Home Agent . . . . . . . . . . .148
15.3 Binding Updates to Home Agent . . . . . . . . . . .146 15.4 Binding Updates to Correspondent Nodes . . . . . . .151
15.4 Binding Updates to Correspondent Nodes . . . . . . .147 15.4.1 Overview . . . . . . . . . . . . . . . . . . 151
15.4.1 Overview . . . . . . . . . . . . . . . . . . 147 15.4.2 Achieved Security Properties . . . . . . . . 152
15.4.2 Achieved Security Properties . . . . . . . . 148 15.4.3 Comparison to Regular IPv6 Communications . 152
15.4.3 Comparison to Regular IPv6 Communications . 149 15.4.4 Replay Attacks . . . . . . . . . . . . . . . 154
15.4.4 Replay Attacks . . . . . . . . . . . . . . . 151 15.4.5 Denial-of-Service Attacks . . . . . . . . . 155
15.4.5 Denial-of-Service Attacks . . . . . . . . . 151 15.4.6 Key Lengths . . . . . . . . . . . . . . . . 156
15.4.6 Key Lengths . . . . . . . . . . . . . . . . 152 15.5 Dynamic Home Agent Address Discovery . . . . . . . .157
15.5 Dynamic Home Agent Address Discovery . . . . . . . .153 15.6 Mobile Prefix Discovery . . . . . . . . . . . . . .157
15.6 Prefix Discovery . . . . . . . . . . . . . . . . . .153 15.7 Tunneling via the Home Agent . . . . . . . . . . . .157
15.7 Tunneling via the Home Agent . . . . . . . . . . . .153 15.8 Home Address Option . . . . . . . . . . . . . . . .158
15.8 Home Address Option . . . . . . . . . . . . . . . .154 15.9 Type 2 Routing Header . . . . . . . . . . . . . . .159
15.9 Type 2 Routing Header . . . . . . . . . . . . . . .155 16. Contributors . . . . . . . . . . . . . . . . . . . . . . . 160
16. Contributors . . . . . . . . . . . . . . . . . . . . . . . 156 17. Acknowledgements . . . . . . . . . . . . . . . . . . . . . 161
17. Acknowledgements . . . . . . . . . . . . . . . . . . . . . 157 Normative References . . . . . . . . . . . . . . . . . . . 162
Normative References . . . . . . . . . . . . . . . . . . . 158 Informative References . . . . . . . . . . . . . . . . . . 164
Informative References . . . . . . . . . . . . . . . . . . 160 Authors' Addresses . . . . . . . . . . . . . . . . . . . . 165
Authors' Addresses . . . . . . . . . . . . . . . . . . . . 161 A. Changes from Previous Version of the Draft . . . . . . . . 166
A. Changes from Previous Version of the Draft . . . . . . . . 162 B. Future Extensions . . . . . . . . . . . . . . . . . . . . 169
B. Future Extensions . . . . . . . . . . . . . . . . . . . . 165 B.1 Piggybacking . . . . . . . . . . . . . . . . . . . . . . . 169
B.1 Piggybacking . . . . . . . . . . . . . . . . . . . .165 B.2 Triangular Routing . . . . . . . . . . . . . . . . . . . . 169
B.2 Triangular Routing . . . . . . . . . . . . . . . . .165 B.3 New Authorization Methods . . . . . . . . . . . . . . . . 169
B.3 New Authorization Methods . . . . . . . . . . . . .165 B.4 Dynamically Generated Home Addresses . . . . . . . . . . . 169
B.4 Dynamically Generated Home Addresses . . . . . . . .165 B.5 Remote Home Address Configuration . . . . . . . . . . . . 169
B.5 Remote Home Address Configuration . . . . . . . . .165 B.6 Neighbor Discovery Extensions . . . . . . . . . . . . . . 170
B.6 Neighbor Discovery Extensions . . . . . . . . . . .166 Intellectual Property and Copyright Statements . . . . . . 172
Intellectual Property and Copyright Statements . . . . . . 168
1. Introduction 1. Introduction
This document specifies how the IPv6 Internet operates with mobile This document specifies a protocol which allows nodes to remain
computers. Without specific support for mobility in IPv6 [11], reachable while moving around in the IPv6 Internet. Without specific
packets destined to a mobile node would not be able to reach it while support for mobility in IPv6 [11], packets destined to a mobile node
the mobile node is away from its home link. In order to continue would not be able to reach it while the mobile node is away from its
communication in spite of its movement, a mobile node could change home link. In order to continue communication in spite of its
its IP address each time it moves to a new link, but the mobile node movement, a mobile node could change its IP address each time it
would then not be able to maintain transport and higher-layer moves to a new link, but the mobile node would then not be able to
connections when it changes location. Mobility support in IPv6 is maintain transport and higher-layer connections when it changes
particularly important, as mobile computers are likely to account for location. Mobility support in IPv6 is particularly important, as
a majority or at least a substantial fraction of the population of mobile computers are likely to account for a majority or at least a
the Internet during the lifetime of IPv6. substantial fraction of the population of the Internet during the
lifetime of IPv6.
The protocol defined in this document, known as Mobile IPv6, allows a The protocol defined in this document, known as Mobile IPv6, allows a
mobile node to move from one link to another without changing the mobile node to move from one link to another without changing the
mobile node's "home address". Packets may be routed to the mobile mobile node's "home address". Packets may be routed to the mobile
node using this address regardless of the mobile node's current point node using this address regardless of the mobile node's current point
of attachment to the Internet. The mobile node may also continue to of attachment to the Internet. The mobile node may also continue to
communicate with other nodes (stationary or mobile) after moving to a communicate with other nodes (stationary or mobile) after moving to a
new link. The movement of a mobile node away from its home link is new link. The movement of a mobile node away from its home link is
thus transparent to transport and higher-layer protocols and thus transparent to transport and higher-layer protocols and
applications. applications.
skipping to change at page 6, line 49 skipping to change at page 6, line 50
each of which covers only a very small geographic area -- have been each of which covers only a very small geographic area -- have been
solved using link-layer techniques. For example, in many current solved using link-layer techniques. For example, in many current
wireless LAN products, link-layer mobility mechanisms allow a wireless LAN products, link-layer mobility mechanisms allow a
"handover" of a mobile node from one cell to another, re-establishing "handover" of a mobile node from one cell to another, re-establishing
link-layer connectivity to the node in each new location. link-layer connectivity to the node in each new location.
Mobile IPv6 does not attempt to solve all general problems related to Mobile IPv6 does not attempt to solve all general problems related to
the use of mobile computers or wireless networks. In particular, the use of mobile computers or wireless networks. In particular,
this protocol does not attempt to solve: this protocol does not attempt to solve:
o Handling links with partial reachability, or unidirectional o Handling links with unidirectional connectivity or partial
connectivity, such as are often found in wireless networks (but reachability, such as the hidden terminal problem where a host is
see Section 11.5.1). hidden from only some of the routers on the link.
o Access control on a link being visited by a mobile node. o Access control on a link being visited by a mobile node.
o Local or hierarchical forms of mobility management (similar to o Local or hierarchical forms of mobility management (similar to
many current link-layer mobility management solutions). many current link-layer mobility management solutions).
o Assistance for adaptive applications o Assistance for adaptive applications
o Mobile routers o Mobile routers
skipping to change at page 8, line 31 skipping to change at page 8, line 31
o Mobile IPv6 route optimization can operate securely even without o Mobile IPv6 route optimization can operate securely even without
pre-arranged security associations. It is expected that route pre-arranged security associations. It is expected that route
optimization can be deployed on a global scale between all mobile optimization can be deployed on a global scale between all mobile
nodes and correspondent nodes. nodes and correspondent nodes.
o Support is also integrated into Mobile IPv6 for allowing route o Support is also integrated into Mobile IPv6 for allowing route
optimization to coexist efficiently with routers that perform optimization to coexist efficiently with routers that perform
"ingress filtering" [26]. "ingress filtering" [26].
o The movement detection mechanism in Mobile IPv6 provides o The IPv6 Neighbor Unreachability Detection assures symmetric
bidirectional confirmation of a mobile node's ability to reachability between the mobile node and its default router in the
communicate with its default router in its current location. current location.
o Most packets sent to a mobile node while away from home in Mobile o Most packets sent to a mobile node while away from home in Mobile
IPv6 are sent using an IPv6 routing header rather than IP IPv6 are sent using an IPv6 routing header rather than IP
encapsulation, reducing the amount of resulting overhead compared encapsulation, reducing the amount of resulting overhead compared
to Mobile IPv4. to Mobile IPv4.
o Mobile IPv6 is decoupled from any particular link layer, as it o Mobile IPv6 is decoupled from any particular link layer, as it
uses IPv6 Neighbor Discovery [12] instead of ARP. This also uses IPv6 Neighbor Discovery [12] instead of ARP. This also
improves the robustness of the protocol. improves the robustness of the protocol.
skipping to change at page 10, line 22 skipping to change at page 10, line 22
A link-layer identifier for an interface, such as IEEE 802 A link-layer identifier for an interface, such as IEEE 802
addresses on Ethernet links. addresses on Ethernet links.
packet packet
An IP header plus payload. An IP header plus payload.
security association security association
An IPsec security association is a simplex "connection" that An IPsec security association is a cooperative relationship formed
affords security services to the traffic carried by it. Security by the sharing of cryptographic keying material and associated
services are afforded to a security association by the use of the context. Security associations are simplex. That is, two
AH and ESP protocols. security associations are needed to protect bidirectional traffic
between two nodes, one for each direction.
security policy database security policy database
A database that specifies what security services are to be offered A database that specifies what security services are to be offered
to IP packets and in what fashion. to IP packets and in what fashion.
destination option destination option
Destination options are carried by the IPv6 Destination Options Destination options are carried by the IPv6 Destination Options
extension header. Destination options include optional extension header. Destination options include optional
skipping to change at page 11, line 5 skipping to change at page 11, line 9
indicates that the payload has to be delivered to a destination indicates that the payload has to be delivered to a destination
IPv6 address in some way that is different from what would be IPv6 address in some way that is different from what would be
carried out by standard Internet routing. In this document, use carried out by standard Internet routing. In this document, use
of the term "routing header" typically refers to use of a type 2 of the term "routing header" typically refers to use of a type 2
routing header, as specified in Section 6.4. routing header, as specified in Section 6.4.
'|' (concatenation) '|' (concatenation)
Some formulas in this specification use the symbol '|' indicate Some formulas in this specification use the symbol '|' indicate
bytewise concatenation, as in A | B. This concatenation requires bytewise concatenation, as in A | B. This concatenation requires
that all of the bytes of the datum A appear first in the result, that all of the octets of the datum A appear first in the result,
followed by all of the bytes of the datum B. followed by all of the octets of the datum B.
First (size, input) First (size, input)
Some formulas in this specification use a functional form "First Some formulas in this specification use a functional form "First
(size, input)" to indicate truncation of the "input" data so that (size, input)" to indicate truncation of the "input" data so that
only the first "size" bits remain to be used. only the first "size" bits remain to be used.
3.2 Mobile IPv6 Terms 3.2 Mobile IPv6 Terms
home address home address
A unicast routable address assigned to a mobile node, used as the A unicast routable address assigned to a mobile node, used as the
permanent address of the mobile node. This address is within the permanent address of the mobile node. This address is within the
mobile node's home link. Standard IP routing mechanisms will mobile node's home link. Standard IP routing mechanisms will
deliver packets destined for a mobile node's home address to its deliver packets destined for a mobile node's home address to its
home link. home link. Mobile nodes can have multiple home addresses, for
instance when there are multiple home prefixes on the home link.
home subnet prefix home subnet prefix
The IP subnet prefix corresponding to a mobile node's home The IP subnet prefix corresponding to a mobile node's home
address. address.
home link home link
The link on which a mobile node's home subnet prefix is defined. The link on which a mobile node's home subnet prefix is defined.
skipping to change at page 11, line 45 skipping to change at page 12, line 5
A node that can change its point of attachment from one link to A node that can change its point of attachment from one link to
another, while still being reachable via its home address. another, while still being reachable via its home address.
movement movement
A change in a mobile node's point of attachment to the Internet A change in a mobile node's point of attachment to the Internet
such that it is no longer connected to the same link as it was such that it is no longer connected to the same link as it was
previously. If a mobile node is not currently attached to its previously. If a mobile node is not currently attached to its
home link, the mobile node is said to be "away from home". home link, the mobile node is said to be "away from home".
L2 handover
A process by which the mobile node changes from one link-layer
connection to another. For example, a change of wireless access
point is an L2 handover.
L3 handover
Subsequent to an L2 handover, a mobile node detects a change in an
on-link subnet prefix that would require a change in the primary
care-of address. For example, a change of access router
subsequent to a change of wireless access point typically results
in an L3 handover.
correspondent node correspondent node
A peer node with which a mobile node is communicating. The A peer node with which a mobile node is communicating. The
correspondent node may be either mobile or stationary. correspondent node may be either mobile or stationary.
foreign subnet prefix foreign subnet prefix
Any IP subnet prefix other than the mobile node's home subnet Any IP subnet prefix other than the mobile node's home subnet
prefix. prefix.
skipping to change at page 12, line 21 skipping to change at page 12, line 40
Any link other than the mobile node's home link. Any link other than the mobile node's home link.
care-of address care-of address
A unicast routable address associated with a mobile node while A unicast routable address associated with a mobile node while
visiting a foreign link; the subnet prefix of this IP address is a visiting a foreign link; the subnet prefix of this IP address is a
foreign subnet prefix. Among the multiple care-of addresses that foreign subnet prefix. Among the multiple care-of addresses that
a mobile node may have at any given time (e.g., with different a mobile node may have at any given time (e.g., with different
subnet prefixes), the one registered with the mobile node's home subnet prefixes), the one registered with the mobile node's home
agent is called its "primary" care-of address. agent for a given home address is called its "primary" care-of
address.
home agent home agent
A router on a mobile node's home link with which the mobile node A router on a mobile node's home link with which the mobile node
has registered its current care-of address. While the mobile node has registered its current care-of address. While the mobile node
is away from home, the home agent intercepts packets on the home is away from home, the home agent intercepts packets on the home
link destined to the mobile node's home address, encapsulates link destined to the mobile node's home address, encapsulates
them, and tunnels them to the mobile node's registered care-of them, and tunnels them to the mobile node's registered care-of
address. address.
skipping to change at page 12, line 48 skipping to change at page 13, line 21
registration registration
The process during which a mobile node sends a Binding Update to The process during which a mobile node sends a Binding Update to
its home agent or a correspondent node, causing a binding for the its home agent or a correspondent node, causing a binding for the
mobile node to be registered. mobile node to be registered.
mobility message mobility message
A message containing a Mobility Header (see Section 6.1). A message containing a Mobility Header (see Section 6.1).
binding procedure
A binding procedure is initiated by the mobile node to inform
either a correspondent node or the mobile node's home agent of the
current binding of the mobile node.
binding authorization binding authorization
Binding procedure needs to be authorized to allow the recipient to Correspondent registration needs to be authorized to allow the
believe that the sender has the right to specify a new binding. recipient to believe that the sender has the right to specify a
new binding.
return routability procedure return routability procedure
The return routability procedure authorizes binding procedures by The return routability procedure authorizes registrations by the
the use of a cryptographic token exchange. use of a cryptographic token exchange.
correspondent binding procedure correspondent registration
A return routability procedure followed by a binding procedure, A return routability procedure followed by a registration, run
run between the mobile node and a correspondent node. between the mobile node and a correspondent node.
home binding procedure home registration
A binding procedure between the mobile node and its home agent, A registration between the mobile node and its home agent,
authorized by the use of IPsec. authorized by the use of IPsec.
nonce nonce
Nonces are random numbers used internally by the correspondent Nonces are random numbers used internally by the correspondent
node in the creation of keygen tokens related to the return node in the creation of keygen tokens related to the return
routability procedure. The nonces are not specific to a mobile routability procedure. The nonces are not specific to a mobile
node, and are kept secret within the correspondent node. node, and are kept secret within the correspondent node.
nonce index nonce index
skipping to change at page 15, line 43 skipping to change at page 15, line 43
binding registration by sending a "Binding Update" message to the binding registration by sending a "Binding Update" message to the
home agent. The home agent replies to the mobile node by returning a home agent. The home agent replies to the mobile node by returning a
"Binding Acknowledgement" message. The operation of the mobile node "Binding Acknowledgement" message. The operation of the mobile node
is specified in Section 11, and the operation of the home agent is is specified in Section 11, and the operation of the home agent is
specified in Section 10. specified in Section 10.
Any node communicating with a mobile node is referred to in this Any node communicating with a mobile node is referred to in this
document as a "correspondent node" of the mobile node, and may itself document as a "correspondent node" of the mobile node, and may itself
be either a stationary node or a mobile node. Mobile nodes can be either a stationary node or a mobile node. Mobile nodes can
provide information about their current location to correspondent provide information about their current location to correspondent
nodes. This happens through the correspondent binding procedure. As nodes. This happens through the correspondent registration. As a
a part of this procedure, a return routability test is performed in part of this procedure, a return routability test is performed in
order to authorize the establishment of the binding. The operation order to authorize the establishment of the binding. The operation
of the correspondent node is specified in Section 9. of the correspondent node is specified in Section 9.
There are two possible modes for communications between the mobile There are two possible modes for communications between the mobile
node and a correspondent node. The first mode, bidirectional node and a correspondent node. The first mode, bidirectional
tunneling, does not require Mobile IPv6 support from the tunneling, does not require Mobile IPv6 support from the
correspondent node and is available even if the mobile node has not correspondent node and is available even if the mobile node has not
registered its current binding with the correspondent node. Packets registered its current binding with the correspondent node. Packets
from the correspondent node are routed to the home agent and then from the correspondent node are routed to the home agent and then
tunneled to the mobile node. Packets to the correspondent node are tunneled to the mobile node. Packets to the correspondent node are
skipping to change at page 16, line 41 skipping to change at page 16, line 41
node sets the Destination Address in the IPv6 header to the care-of node sets the Destination Address in the IPv6 header to the care-of
address of the mobile node. A new type of IPv6 routing header (see address of the mobile node. A new type of IPv6 routing header (see
Section 6.4) is also added to the packet to carry the desired home Section 6.4) is also added to the packet to carry the desired home
address. Similarly, the mobile node sets the Source Address in the address. Similarly, the mobile node sets the Source Address in the
packet's IPv6 header to its current care-of addresses. The mobile packet's IPv6 header to its current care-of addresses. The mobile
node adds a new IPv6 "Home Address" destination option (see Section node adds a new IPv6 "Home Address" destination option (see Section
6.3) to carry its home address. The inclusion of home addresses in 6.3) to carry its home address. The inclusion of home addresses in
these packets makes the use of the care-of address transparent above these packets makes the use of the care-of address transparent above
the network layer (e.g., at the transport layer). the network layer (e.g., at the transport layer).
Mobile IPv6 also provides support for multiple home agents, and the Mobile IPv6 also provides support for multiple home agents, and a
reconfiguration of the home network. In these cases, the mobile node limited support for the reconfiguration of the home network. In
may not know the IP address of its own home agent, and even the home these cases, the mobile node may not know the IP address of its own
subnet prefixes may change over time. A mechanism, known as "dynamic home agent, and even the home subnet prefixes may change over time.
home agent address discovery" allows a mobile node to dynamically A mechanism, known as "dynamic home agent address discovery" allows a
discover the IP address of a home agent on its home link, even when mobile node to dynamically discover the IP address of a home agent on
the mobile node is away from home. Mobile nodes can also learn new its home link, even when the mobile node is away from home. Mobile
information about home subnet prefixes through the "prefix discovery" nodes can also learn new information about home subnet prefixes
mechanism. These mechanisms are described starting from Section 6.5. through the "mobile prefix discovery" mechanism. These mechanisms
are described starting from Section 6.5.
4.2 New IPv6 Protocol 4.2 New IPv6 Protocol
Mobile IPv6 defines a new IPv6 protocol, using the Mobility Header Mobile IPv6 defines a new IPv6 protocol, using the Mobility Header
(see Section 6.1). This Header is used to carry the following (see Section 6.1). This Header is used to carry the following
messages: messages:
Home Test Init Home Test Init
Home Test Home Test
Care-of Test Init Care-of Test Init
Care-of Test Care-of Test
These four messages are used to initiate the return routability These four messages are used to perform the return routability
procedure from the mobile node to a correspondent node. This procedure from the mobile node to a correspondent node. This
ensures authorization of subsequent Binding Updates, as described ensures authorization of subsequent Binding Updates, as described
in Section 5.2.5. in Section 5.2.5.
Binding Update Binding Update
A Binding Update is used by a mobile node to notify a A Binding Update is used by a mobile node to notify a
correspondent node or the mobile node's home agent of its current correspondent node or the mobile node's home agent of its current
binding. The Binding Update sent to the mobile node's home agent binding. The Binding Update sent to the mobile node's home agent
to register its primary care-of address is marked as a "home to register its primary care-of address is marked as a "home
skipping to change at page 17, line 41 skipping to change at page 17, line 41
Binding Acknowledgement Binding Acknowledgement
A Binding Acknowledgement is used to acknowledge receipt of a A Binding Acknowledgement is used to acknowledge receipt of a
Binding Update, if an acknowledgement was requested in the Binding Binding Update, if an acknowledgement was requested in the Binding
Update, the binding update was sent to a home agent, or an error Update, the binding update was sent to a home agent, or an error
occurred. occurred.
Binding Refresh Request Binding Refresh Request
A Binding Refresh Request is used to request a mobile node to A Binding Refresh Request is used by a correspondent node to
re-establish its binding with the correspondent node. This request a mobile node to re-establish its binding with the
message is typically used when the cached binding is in active use correspondent node. This message is typically used when the
but the binding's lifetime is close to expiration. The cached binding is in active use but the binding's lifetime is
correspondent node may use, for instance, recent traffic and open close to expiration. The correspondent node may use, for
transport layer connections as an indication of active use. instance, recent traffic and open transport layer connections as
an indication of active use.
Binding Error Binding Error
The Binding Error is used by the correspondent node to signal an The Binding Error is used by the correspondent node to signal an
error related to mobility, such as an inappropriate attempt to use error related to mobility, such as an inappropriate attempt to use
the Home Address destination option without an existing binding. the Home Address destination option without an existing binding.
4.3 New IPv6 Destination Option 4.3 New IPv6 Destination Option
Mobile IPv6 defines a new IPv6 destination option, the Home Address Mobile IPv6 defines a new IPv6 destination option, the Home Address
skipping to change at page 19, line 19 skipping to change at page 19, line 22
described in more detail in Section 10.1. The list is used for described in more detail in Section 10.1. The list is used for
informing mobile nodes during dynamic home agent address informing mobile nodes during dynamic home agent address
discovery. discovery.
4.6 Site-Local Addressability 4.6 Site-Local Addressability
This specification requires that home and care-of addresses MUST be This specification requires that home and care-of addresses MUST be
unicast routable addresses. Site-local addresses may be usable on unicast routable addresses. Site-local addresses may be usable on
networks that are not connected to the Internet, but this networks that are not connected to the Internet, but this
specification does not define when such usage is safe and when not. specification does not define when such usage is safe and when not.
Mobile nodes may not be aware of which site they are currently on, it Mobile nodes may not be aware of which site they are currently in, it
is hard to prevent accidental attachment to other sites, and is hard to prevent accidental attachment to other sites, and
ambiguity of site-local addresses can cause problems if the home and ambiguity of site-local addresses can cause problems if the home and
visited networks use the same addresses. Therefore, site-local visited networks use the same addresses. Therefore, site-local
addresses SHOULD NOT be used as home or care-of addresses. addresses SHOULD NOT be used as home or care-of addresses.
5. Overview of Mobile IPv6 Security 5. Overview of Mobile IPv6 Security
This specification provides a number of security features. These This specification provides a number of security features. These
include the protection of Binding Updates both to home agents and include the protection of Binding Updates both to home agents and
correspondent nodes, the protection of prefix discovery, and the correspondent nodes, the protection of mobile prefix discovery, and
protection of the mechanisms that Mobile IPv6 uses for transporting the protection of the mechanisms that Mobile IPv6 uses for
data packets. transporting data packets.
Binding Updates are protected by the use of IPsec extension headers, Binding Updates are protected by the use of IPsec extension headers,
or by the use of the Binding Authorization Data option. This option or by the use of the Binding Authorization Data option. This option
employs a binding management key, Kbm, which can be established employs a binding management key, Kbm, which can be established
through the return routability procedure. Prefix discovery is through the return routability procedure. Mobile prefix discovery is
protected through the use of IPsec extension headers. Mechanisms protected through the use of IPsec extension headers. Mechanisms
related to transporting payload packets - such as the Home Address related to transporting payload packets - such as the Home Address
destination option and type 2 routing header - have been specified in destination option and type 2 routing header - have been specified in
a manner which restricts their use in attacks. a manner which restricts their use in attacks.
5.1 Binding Updates to Home Agents 5.1 Binding Updates to Home Agents
The mobile node and the home agent MUST use an IPsec security The mobile node and the home agent MUST use an IPsec security
association to protect the integrity and authenticity of the Binding association to protect the integrity and authenticity of the Binding
Updates and Acknowledgements. Both the mobile nodes and the home Updates and Acknowledgements. Both the mobile nodes and the home
agents SHOULD use the Encapsulating Security Payload (ESP) [6] header agents MUST support and SHOULD use the Encapsulating Security Payload
in transport mode and MUST use a non-NULL payload authentication (ESP) [6] header in transport mode and MUST use a non-NULL payload
algorithm to provide data origin authentication, connectionless authentication algorithm to provide data origin authentication,
integrity and optional anti-replay protection. Note that connectionless integrity and optional anti-replay protection. Note
Authentication Header (AH) [5] is also possible but for brevity not that Authentication Header (AH) [5] is also possible but for brevity
discussed in this specification. not discussed in this specification.
In order to protect messages exchanged between the mobile node and In order to protect messages exchanged between the mobile node and
the home agent with IPsec, appropriate security policy database the home agent with IPsec, appropriate security policy database
entries must be created. A mobile node must be prevented from using entries must be created. A mobile node must be prevented from using
its security association to send a Binding Update on behalf of its security association to send a Binding Update on behalf of
another mobile node using the same home agent. This MUST be achieved another mobile node using the same home agent. This MUST be achieved
by having the home agent check that the given home address has been by having the home agent check that the given home address has been
used with the right security association. Such a check is provided used with the right security association. Such a check is provided
in the IPsec processing, by having the security policy database in the IPsec processing, by having the security policy database
entries unequivocally identify a single security association for any entries unequivocally identify a single security association for
given home address and home agent. In order to make this possible, protecting Binding Updates between any given home address and home
it is necessary that the home address of the mobile node is visible agent. In order to make this possible, it is necessary that the home
in the Binding Updates and Acknowledgements. The home address is address of the mobile node is visible in the Binding Updates and
used in these packets as a source or destination, or in the Home Acknowledgements. The home address is used in these packets as a
Address Destination option or the type 2 routing header. source or destination, or in the Home Address Destination option or
the type 2 routing header.
As with all IPsec security associations in this specification, manual As with all IPsec security associations in this specification, manual
configuration of security associations MUST be supported. The used configuration of security associations MUST be supported. The used
shared secrets MUST be random and unique for different mobile nodes, shared secrets MUST be random and unique for different mobile nodes,
and MUST be distributed off-line to the mobile nodes. and MUST be distributed off-line to the mobile nodes.
Automatic key management with IKE [9] MAY be supported. When IKE is Automatic key management with IKE [9] MAY be supported. When IKE is
used, either the security policy database entries or the MIPv6 used, either the security policy database entries or the MIPv6
processing MUST unequivocally identify the IKE phase 1 credentials processing MUST unequivocally identify the IKE phase 1 credentials
which can be used to authorize the creation of security associations which can be used to authorize the creation of security associations
for a particular home address. How these mappings are maintained is for protecting Binding Updates for a particular home address. How
outside the scope of this specification, but they may be maintained, these mappings are maintained is outside the scope of this
for instance, as a locally administered table in the home agent. If specification, but they may be maintained, for instance, as a locally
the phase 1 identity is a FQDN, secure forms of DNS may also be used. administered table in the home agent. If the phase 1 identity is a
Fully Qualified Domain Name (FQDN), secure forms of DNS may also be
used.
Section 11.3.2 discusses how IKE connections to the home agent need a Section 11.3.2 discusses how IKE connections to the home agent need a
careful treatment of the addresses used for transporting IKE. This careful treatment of the addresses used for transporting IKE. This
is necessary to ensure that a Binding Update is not needed before the is necessary to ensure that a Binding Update is not needed before the
IKE exchange which is needed for securing the Binding Update. IKE exchange which is needed for securing the Binding Update.
When IKE version 1 is used with preshared secret authentication When IKE version 1 is used with preshared secret authentication
between the mobile node and the home agent, aggressive mode MUST be between the mobile node and the home agent, aggressive mode MUST be
used. Similarly, the ID_IPV6_ADDR Identity Payload MUST NOT be used used. Similarly, the ID_IPV6_ADDR Identity Payload MUST NOT be used
in IKEv1 phase 1. in IKEv1 phase 1.
skipping to change at page 24, line 41 skipping to change at page 24, line 46
The Home and Care-of Test Init messages are sent at the same time. The Home and Care-of Test Init messages are sent at the same time.
The procedure requires very little processing at the correspondent The procedure requires very little processing at the correspondent
node, and the Home and Care-of Test messages can be returned quickly, node, and the Home and Care-of Test messages can be returned quickly,
perhaps nearly simultaneously. These four messages form the return perhaps nearly simultaneously. These four messages form the return
routability procedure. routability procedure.
Home Test Init Home Test Init
A mobile node sends a Home Test Init message to the correspondent A mobile node sends a Home Test Init message to the correspondent
node to acquire the home keygen token. The contents of the node (via the home agent) to acquire the home keygen token. The
message can be summarized as follows: contents of the message can be summarized as follows:
* Source Address = home address * Source Address = home address
* Destination Address = correspondent * Destination Address = correspondent
* Parameters: * Parameters:
+ home init cookie + home init cookie
The Home Test Init message conveys the mobile node's home address The Home Test Init message conveys the mobile node's home address
to the correspondent node. The mobile node also sends along a to the correspondent node. The mobile node also sends along a
home init cookie that the correspondent node must return later. home init cookie that the correspondent node must return later.
The Home Test Init message is reverse tunneled through the home The Home Test Init message is reverse tunneled through the home
agent. (The headers and addresses related to reverse tunneling agent. (The headers and addresses related to reverse tunneling
have been omitted from the above discussion of the message have been omitted from the above discussion of the message
contents.) The mobile node remembers these cookie values to obtain contents.) The mobile node remembers these cookie values to obtain
some assurance that its protocol messages are being processed by some assurance that its protocol messages are being processed by
the desired correspondent node. the desired correspondent node.
skipping to change at page 25, line 17 skipping to change at page 25, line 23
The Home Test Init message is reverse tunneled through the home The Home Test Init message is reverse tunneled through the home
agent. (The headers and addresses related to reverse tunneling agent. (The headers and addresses related to reverse tunneling
have been omitted from the above discussion of the message have been omitted from the above discussion of the message
contents.) The mobile node remembers these cookie values to obtain contents.) The mobile node remembers these cookie values to obtain
some assurance that its protocol messages are being processed by some assurance that its protocol messages are being processed by
the desired correspondent node. the desired correspondent node.
Care-of Test Init Care-of Test Init
The mobile node sends a Care-of Test Init message to the The mobile node sends a Care-of Test Init message to the
correspondent node to acquire the care-of keygen token. The correspondent node (directly, not via the home agent) to acquire
contents of this message can be summarized as follows: the care-of keygen token. The contents of this message can be
summarized as follows:
* Source Address = care-of address * Source Address = care-of address
* Destination Address = correspondent * Destination Address = correspondent
* Parameters: * Parameters:
+ care-of init cookie + care-of init cookie
The Care-of Test Init message conveys the mobile node's care-of The Care-of Test Init message conveys the mobile node's care-of
address to the correspondent node. The mobile node also sends address to the correspondent node. The mobile node also sends
along a care-of init cookie that the correspondent node must along a care-of init cookie that the correspondent node must
return later. The Care-of Test Init message is sent directly to return later. The Care-of Test Init message is sent directly to
the correspondent node. the correspondent node.
Home Test Home Test
The Home Test message is sent in response to a Home Test Init The Home Test message is sent in response to a Home Test Init
message. The contents of the message are: message. It is sent via the home agent. The contents of the
message are:
* Source Address = correspondent * Source Address = correspondent
* Destination Address = home address * Destination Address = home address
* Parameters: * Parameters:
+ home init cookie + home init cookie
+ home keygen token + home keygen token
+ home nonce index + home nonce index
When the correspondent node receives the Home Test Init message, When the correspondent node receives the Home Test Init message,
it generates a home keygen token as follows: it generates a home keygen token as follows:
home keygen token := home keygen token :=
First (64, HMAC_SHA1 (Kcn, (home address | nonce | 0))) First (64, HMAC_SHA1 (Kcn, (home address | nonce | 0)))
where | denotes concatenation. The final "0" inside the HMAC_SHA1 where | denotes concatenation. The final "0" inside the HMAC_SHA1
function is a single zero octet, used to distinguish home and function is a single zero octet, used to distinguish home and
skipping to change at page 26, line 14 skipping to change at page 26, line 22
+ home nonce index + home nonce index
When the correspondent node receives the Home Test Init message, When the correspondent node receives the Home Test Init message,
it generates a home keygen token as follows: it generates a home keygen token as follows:
home keygen token := home keygen token :=
First (64, HMAC_SHA1 (Kcn, (home address | nonce | 0))) First (64, HMAC_SHA1 (Kcn, (home address | nonce | 0)))
where | denotes concatenation. The final "0" inside the HMAC_SHA1 where | denotes concatenation. The final "0" inside the HMAC_SHA1
function is a single zero octet, used to distinguish home and function is a single zero octet, used to distinguish home and
care-of cookies from each other. The home keygen token is formed care-of cookies from each other.
from the first 64 bits of the MAC. The home keygen token tests
that the mobile can receive messages sent to its home address. The home keygen token is formed from the first 64 bits of the MAC.
Kcn is used in the production of home keygen token in order to The home keygen token tests that the mobile node can receive
allow the correspondent node to verify that it generated the home messages sent to its home address. Kcn is used in the production
and care-of nonces, without forcing the correspondent node to of home keygen token in order to allow the correspondent node to
remember a list of all tokens it has handed out. The Home Test verify that it generated the home and care-of nonces, without
message is sent to the mobile node via the home network, where it forcing the correspondent node to remember a list of all tokens it
is presumed that the home agent will tunnel the message to the has handed out.
mobile node. This means that the mobile node needs to already
have sent a Binding Update to the home agent, so that the home The Home Test message is sent to the mobile node via the home
agent will have received and authorized the new care-of address network, where it is presumed that the home agent will tunnel the
for the mobile node before the return routability procedure. For message to the mobile node. This means that the mobile node needs
improved security, the data passed between the home agent and the to already have sent a Binding Update to the home agent, so that
mobile node can be made immune to inspection and passive attacks. the home agent will have received and authorized the new care-of
Such protection can be gained by encrypting the home keygen token address for the mobile node before the return routability
as it is tunneled from the home agent to the mobile node as procedure. For improved security, the data passed between the
specified in Section 10.4.6. The security properties of this home agent and the mobile node is made immune to inspection and
additional security are discussed in Section 15.4.1. The home passive attacks. Such protection is gained by encrypting the home
init cookie from the mobile node is returned in the Home Test keygen token as it is tunneled from the home agent to the mobile
message, to ensure that the message comes from a node on the route node as specified in Section 10.4.6. The security properties of
between the home agent and the correspondent node. The home nonce this additional security are discussed in Section 15.4.1.
index is delivered to the mobile node to later allow the
correspondent node to efficiently find the nonce value that it The home init cookie from the mobile node is returned in the Home
used in creating the home keygen token. Test message, to ensure that the message comes from a node on the
route between the home agent and the correspondent node.
The home nonce index is delivered to the mobile node to later
allow the correspondent node to efficiently find the nonce value
that it used in creating the home keygen token.
Care-of Test Care-of Test
This message is sent in response to a Care-of Test Init message. This message is sent in response to a Care-of Test Init message.
The contents of the message are: This message is not sent via the home agent, it is sent directly
to the mobile node. The contents of the message are:
* Source Address = correspondent * Source Address = correspondent
* Destination Address = care-of address * Destination Address = care-of address
* Parameters: * Parameters:
+ care-of init cookie + care-of init cookie
+ care-of keygen token + care-of keygen token
skipping to change at page 27, line 22 skipping to change at page 27, line 36
message, it generates a care-of keygen token as follows: message, it generates a care-of keygen token as follows:
care-of keygen token := care-of keygen token :=
First (64, HMAC_SHA1 (Kcn, (care-of address | nonce | 1))) First (64, HMAC_SHA1 (Kcn, (care-of address | nonce | 1)))
Here, the final "1" inside the HMAC_SHA1 function is a single Here, the final "1" inside the HMAC_SHA1 function is a single
octet containing the hex value 0x01, and is used to distinguish octet containing the hex value 0x01, and is used to distinguish
home and care-of cookies from each other. The keygen token is home and care-of cookies from each other. The keygen token is
formed from the first 64 bits of the MAC, and sent directly to the formed from the first 64 bits of the MAC, and sent directly to the
mobile node at its care-of address. The care-of init cookie from mobile node at its care-of address. The care-of init cookie from
the from Care-of Test Init message is returned to ensure that the the Care-of Test Init message is returned to ensure that the
message comes from a node on the route to the correspondent node. message comes from a node on the route to the correspondent node.
The care-of nonce index is provided to identify the nonce used for The care-of nonce index is provided to identify the nonce used for
the care-of keygen token. The home and care-of nonce indices MAY the care-of keygen token. The home and care-of nonce indices MAY
be the same, or different, in the Home and Care-of Test messages. be the same, or different, in the Home and Care-of Test messages.
When the mobile node has received both the Home and Care-of Test When the mobile node has received both the Home and Care-of Test
messages, the return routability procedure is complete. As a result messages, the return routability procedure is complete. As a result
of the procedure, the mobile node has the data it needs to send a of the procedure, the mobile node has the data it needs to send a
Binding Update to the correspondent node. The mobile node hashes the Binding Update to the correspondent node. The mobile node hashes the
tokens together to form a 20 octet binding key Kbm: tokens together to form a 20 octet binding key Kbm:
skipping to change at page 28, line 5 skipping to change at page 28, line 24
Note that the correspondent node does not create any state specific Note that the correspondent node does not create any state specific
to the mobile node, until it receives the Binding Update from that to the mobile node, until it receives the Binding Update from that
mobile node. The correspondent node does not maintain the value for mobile node. The correspondent node does not maintain the value for
the binding management key Kbm; it creates Kbm when given the nonce the binding management key Kbm; it creates Kbm when given the nonce
indices and the mobile node's addresses. indices and the mobile node's addresses.
5.2.6 Authorizing Binding Management Messages 5.2.6 Authorizing Binding Management Messages
After the mobile node has created the binding management key (Kbm), After the mobile node has created the binding management key (Kbm),
it can supply a verifiable Binding Update to the correspondent node. it can supply a verifiable Binding Update to the correspondent node.
This section provides an overview of this binding procedure. The This section provides an overview of this registration. The below
below figure shows the message flow. figure shows the message flow.
Mobile node Correspondent node Mobile node Correspondent node
| | | |
| Binding Update (BU) | | Binding Update (BU) |
|---------------------------------------------->| |---------------------------------------------->|
| (MAC, seq#, nonce indices, care-of address) | | (MAC, seq#, nonce indices, care-of address) |
| | | |
| | | |
| Binding Acknowledgement (BA) (if sent) | | Binding Acknowledgement (BA) (if sent) |
|<----------------------------------------------| |<----------------------------------------------|
skipping to change at page 28, line 41 skipping to change at page 29, line 12
+ home address (within the Home Address destination option if + home address (within the Home Address destination option if
different from the Source Address) different from the Source Address)
+ sequence number (within the Binding Update message header) + sequence number (within the Binding Update message header)
+ home nonce index (within the Nonce Indices option) + home nonce index (within the Nonce Indices option)
+ care-of nonce index (within the Nonce Indices option) + care-of nonce index (within the Nonce Indices option)
+ HMAC_SHA1 (Kbm, (care-of address | CN address | BU)) + First (96, HMAC_SHA1 (Kbm, (care-of address | correspondent
| BU)))
The Binding Update contains a Nonce Indices option, indicating to The Binding Update contains a Nonce Indices option, indicating to
the correspondent node which home and care-of nonces to use to the correspondent node which home and care-of nonces to use to
recompute Kbm, the binding management key. The MAC is computed as recompute Kbm, the binding management key. The MAC is computed as
described in Section 6.2.7, using the correspondent node's address described in Section 6.2.7, using the correspondent node's address
as the destination address and the Binding Update message itself as the destination address and the Binding Update message itself
as the Mobility Header Data. Once the correspondent node has ("BU" above) as the Mobility Header Data.
verified the MAC, it can create a Binding Cache entry for the
mobile. Once the correspondent node has verified the MAC, it can create a
Binding Cache entry for the mobile.
Binding Acknowledgement Binding Acknowledgement
The Binding Update is in some cases acknowledged by the The Binding Update is in some cases acknowledged by the
correspondent node. The contents of the message are as follows: correspondent node. The contents of the message are as follows:
* Source Address = correspondent * Source Address = correspondent
* Destination Address = care-of address * Destination Address = care-of address
* Parameters: * Parameters:
+ sequence number (within the Binding Update message header) + sequence number (within the Binding Update message header)
+ HMAC_SHA1 (Kbm, (care-of address | CN address | BA)) + First (96, HMAC_SHA1 (Kbm, (care-of address | correspondent
| BA)))
The Binding Acknowledgement contains the same sequence number as The Binding Acknowledgement contains the same sequence number as
the Binding Update. The MAC is computed as described in Section the Binding Update. The MAC is computed as described in Section
6.2.7, using the correspondent node's address as the destination 6.2.7, using the correspondent node's address as the destination
address and the message itself as the Mobility Header Data. address and the message itself ("BA" above) as the Mobility Header
Data.
Bindings established with correspondent nodes using keys created by Bindings established with correspondent nodes using keys created by
way of the return routability procedure MUST NOT exceed way of the return routability procedure MUST NOT exceed
MAX_RR_BINDING_LIFETIME seconds (see Section 12). MAX_RR_BINDING_LIFETIME seconds (see Section 12).
The value in the Source Address field in the IPv6 header carrying the The value in the Source Address field in the IPv6 header carrying the
Binding Update is normally also the care-of address which is used in Binding Update is normally also the care-of address which is used in
the binding. However, a different care-of address MAY be specified the binding. However, a different care-of address MAY be specified
by including an Alternate Care-of Address mobility option in the by including an Alternate Care-of Address mobility option in the
Binding Update (see Section 6.2.5). When such a message is sent to Binding Update (see Section 6.2.5). When such a message is sent to
skipping to change at page 31, line 24 skipping to change at page 31, line 46
correspondent node MAY invalidate the nonces that were used for the correspondent node MAY invalidate the nonces that were used for the
binding being deleted (or some larger group of nonces that they binding being deleted (or some larger group of nonces that they
belong to). This may, however, impact the ability to accept Binding belong to). This may, however, impact the ability to accept Binding
Updates from mobile nodes that have recently received keygen tokens. Updates from mobile nodes that have recently received keygen tokens.
This alternative is therefore recommended only as a last measure. This alternative is therefore recommended only as a last measure.
5.3 Dynamic Home Agent Address Discovery 5.3 Dynamic Home Agent Address Discovery
No security is required for dynamic home agent address discovery. No security is required for dynamic home agent address discovery.
5.4 Prefix Discovery 5.4 Mobile Prefix Discovery
The mobile node and the home agent SHOULD use an IPsec security The mobile node and the home agent SHOULD use an IPsec security
association to protect the integrity and authenticity of the Mobile association to protect the integrity and authenticity of the Mobile
Prefix Solicitations and Advertisements. Both the mobile nodes and Prefix Solicitations and Advertisements. Both the mobile nodes and
the home agents SHOULD use the Encapsulating Security Payload (ESP) the home agents MUST support and SHOULD use the Encapsulating
header in transport mode with a non-NULL payload authentication Security Payload (ESP) header in transport mode with a non-NULL
algorithm to provide data origin authentication, connectionless payload authentication algorithm to provide data origin
integrity and optional anti-replay protection. authentication, connectionless integrity and optional anti-replay
protection.
5.5 Payload Packets 5.5 Payload Packets
Payload packets exchanged with mobile nodes can be protected in the Payload packets exchanged with mobile nodes can be protected in the
usual manner, in the same way as stationary hosts can protect them. usual manner, in the same way as stationary hosts can protect them.
However, Mobile IPv6 introduces the Home Address destination option, However, Mobile IPv6 introduces the Home Address destination option,
a routing header, and tunneling headers in the payload packets. In a routing header, and tunneling headers in the payload packets. In
the following we define the security measures taken to protect these, the following we define the security measures taken to protect these,
and to prevent their use in attacks against other parties. and to prevent their use in attacks against other parties.
skipping to change at page 33, line 15 skipping to change at page 33, line 15
6. New IPv6 Protocol, Message Types, and Destination Option 6. New IPv6 Protocol, Message Types, and Destination Option
6.1 Mobility Header 6.1 Mobility Header
The Mobility Header is an extension header used by mobile nodes, The Mobility Header is an extension header used by mobile nodes,
correspondent nodes, and home agents in all messaging related to the correspondent nodes, and home agents in all messaging related to the
creation and management of bindings. The subsections within this creation and management of bindings. The subsections within this
section describe the message types that may be sent using the section describe the message types that may be sent using the
Mobility Header. Mobility Header.
Mobility Header messages MUST NOT be sent with a type 2 routing
header, except as described in Section 9.5.4 for Binding
Acknowledgement. Mobility Header messages also MUST NOT be used with
a Home Address destination option, except as described in Section
11.7.1 and Section 11.7.2 for Binding Update. Binding Update List or
Binding Cache information (when present) for the destination MUST NOT
be used in sending Mobility Header messages. That is, Mobility
Header messages bypass both the Binding Cache check described in
Section 9.3.2 and the Binding Update List check described in Section
11.3.1 which are normally performed for all packets. This applies
even to messages sent to or from a correspondent node which is itself
a mobile node.
6.1.1 Format 6.1.1 Format
The Mobility Header is identified by a Next Header value of TBD <To The Mobility Header is identified by a Next Header value of TBD <To
be assigned by IANA> in the immediately preceding header, and has the be assigned by IANA> in the immediately preceding header, and has the
following format: following format:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Payload Proto | Header Len | MH Type | Reserved | | Payload Proto | Header Len | MH Type | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Checksum | | | Checksum | |
skipping to change at page 33, line 40 skipping to change at page 34, line 4
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Payload Proto Payload Proto
8-bit selector. Identifies the type of header immediately 8-bit selector. Identifies the type of header immediately
following the Mobility Header. Uses the same values as the IPv6 following the Mobility Header. Uses the same values as the IPv6
Next Header field [11]. Next Header field [11].
This field is intended to be used by a future extension (see This field is intended to be used by a future extension (see
Appendix B.1). Implementations conforming to this specification Appendix B.1).
SHOULD set the payload protocol type to IPPROTO_NONE (59 decimal).
Implementations conforming to this specification SHOULD set the
payload protocol type to IPPROTO_NONE (59 decimal).
Header Len Header Len
8-bit unsigned integer, representing the length of the Mobility 8-bit unsigned integer, representing the length of the Mobility
Header in units of 8 octets, excluding the first 8 octets. Header in units of 8 octets, excluding the first 8 octets.
The length of the Mobility Header MUST be a multiple of 8 octets. The length of the Mobility Header MUST be a multiple of 8 octets.
MH Type MH Type
skipping to change at page 34, line 28 skipping to change at page 34, line 43
consisting of a "pseudo-header" followed by the entire Mobility consisting of a "pseudo-header" followed by the entire Mobility
Header starting with the Payload Proto field. The checksum is the Header starting with the Payload Proto field. The checksum is the
16-bit one's complement of the one's complement sum of this 16-bit one's complement of the one's complement sum of this
string. string.
The pseudo-header contains IPv6 header fields, as specified in The pseudo-header contains IPv6 header fields, as specified in
Section 8.1 of RFC 2460 [11]. The Next Header value used in the Section 8.1 of RFC 2460 [11]. The Next Header value used in the
pseudo-header is TBD <To be assigned by IANA>. The addresses used pseudo-header is TBD <To be assigned by IANA>. The addresses used
in the pseudo-header are the addresses that appear in the Source in the pseudo-header are the addresses that appear in the Source
and Destination Address fields in the IPv6 packet carrying the and Destination Address fields in the IPv6 packet carrying the
Mobility Header. Note that the procedures of calculating upper Mobility Header.
layer checksums while away from home described in Section 11.3.1
apply even for the Mobility Header. If a mobility message has a Note that the procedures of calculating upper layer checksums
Home Address destination option, then the checksum calculation while away from home described in Section 11.3.1 apply even for
uses the home address in this option as the value of the IPv6 the Mobility Header. If a mobility message has a Home Address
Source Address field. The type 2 routing header is treated as destination option, then the checksum calculation uses the home
explained in [11]. The Mobility Header is considered as the upper address in this option as the value of the IPv6 Source Address
layer protocol for the purposes of calculating the pseudo-header. field. The type 2 routing header is treated as explained in [11].
The Upper-Layer Packet Length field in the pseudo-header MUST be
set to the total length of the Mobility Header. For computing the The Mobility Header is considered as the upper layer protocol for
checksum, the checksum field is set to zero. the purposes of calculating the pseudo-header. The Upper-Layer
Packet Length field in the pseudo-header MUST be set to the total
length of the Mobility Header.
For computing the checksum, the checksum field is set to zero.
Message Data Message Data
A variable length field containing the data specific to the A variable length field containing the data specific to the
indicated Mobility Header type. indicated Mobility Header type.
Mobile IPv6 also defines a number of "mobility options" for use Mobile IPv6 also defines a number of "mobility options" for use
within these messages; if included, any options MUST appear after the within these messages; if included, any options MUST appear after the
fixed portion of the message data specified in this document. The fixed portion of the message data specified in this document. The
presence of such options will be indicated by the Header Len field presence of such options will be indicated by the Header Len field
skipping to change at page 42, line 16 skipping to change at page 42, line 41
Variable-length field of such length that the complete Mobility Variable-length field of such length that the complete Mobility
Header is an integer multiple of 8 octets long. This field Header is an integer multiple of 8 octets long. This field
contains zero or more TLV-encoded mobility options. The encoding contains zero or more TLV-encoded mobility options. The encoding
and format of defined options are described in Section 6.2. The and format of defined options are described in Section 6.2. The
receiver MUST ignore and skip any options which it does not receiver MUST ignore and skip any options which it does not
understand. understand.
The following options are valid in a Binding Update: The following options are valid in a Binding Update:
* Binding Authorization Data option * Binding Authorization Data option (this option is mandatory in
Binding Updates sent to a correspondent node)
* Nonce Indices option. * Nonce Indices option.
* Alternate Care-of Address option * Alternate Care-of Address option
If no options are present in this message, 4 bytes of padding is If no options are present in this message, 4 octets of padding is
necessary and the Header Len field will be set to 1. necessary and the Header Len field will be set to 1.
The care-of address is specified either by the Source Address field The care-of address is specified either by the Source Address field
in the IPv6 header or by the Alternate Care-of Address option, if in the IPv6 header or by the Alternate Care-of Address option, if
present. The care-of address MUST be a unicast routable address. present. The care-of address MUST be a unicast routable address.
IPv6 Source Adress MUST be a topologically correct source address. IPv6 Source Address MUST be a topologically correct source address.
Binding Updates for a care-of address which is not a unicast routable Binding Updates for a care-of address which is not a unicast routable
address MUST be silently discarded. address MUST be silently discarded. Similarly, the Binding Update
MUST be silently discarded if the care-of address appears as a home
address in an existing Binding Cache entry, with its current location
creating a circular reference back to the home address specified in
the Binding Update (possibly through additional entries).
The deletion of a binding can be indicated by setting the Lifetime The deletion of a binding can be indicated by setting the Lifetime
field to 0 and by setting the care-of address equal to the home field to 0 and by setting the care-of address equal to the home
address. In deletion, the generation of the binding management key address. In deletion, the generation of the binding management key
depends exclusively on the home keygen token, as explained in Section depends exclusively on the home keygen token, as explained in Section
5.2.5. (Note that while the senders are required to set both the 5.2.5. (Note that while the senders are required to set both the
Lifetime field to 0 and the care-of address equal to the home Lifetime field to 0 and the care-of address equal to the home
address, Section 9.5.1 rules for receivers are more liberal, and address, Section 9.5.1 rules for receivers are more liberal, and
interprete either condition as a deletion.) interpret either condition as a deletion.)
Correspondent nodes SHOULD NOT expire the Binding Cache entry before Correspondent nodes SHOULD NOT expire the Binding Cache entry before
the lifetime expires, if any application hosted by the correspondent the lifetime expires, if any application hosted by the correspondent
node is still likely to require communication with the mobile node. node is still likely to require communication with the mobile node.
A Binding Cache entry that is deallocated prematurely might cause A Binding Cache entry that is deallocated prematurely might cause
subsequent packets to be dropped from the mobile node, if they subsequent packets to be dropped from the mobile node, if they
contain the Home Address destination option. This situation is contain the Home Address destination option. This situation is
recoverable, since an Binding Error message is sent to the mobile recoverable, since an Binding Error message is sent to the mobile
node (see Section 6.1.9); however, it causes unnecessary delay in the node (see Section 6.1.9); however, it causes unnecessary delay in the
communications. communications.
skipping to change at page 44, line 28 skipping to change at page 45, line 20
134 Duplicate Address Detection failed 134 Duplicate Address Detection failed
135 Sequence number out of window 135 Sequence number out of window
136 Expired home nonce index 136 Expired home nonce index
137 Expired care-of nonce index 137 Expired care-of nonce index
138 Expired nonces 138 Expired nonces
139 Registration type change disallowed
Up-to-date values of the Status field are to be specified in the Up-to-date values of the Status field are to be specified in the
IANA registry of assigned numbers [19]. IANA registry of assigned numbers [19].
Sequence # Sequence #
The Sequence Number in the Binding Acknowledgement is copied from The Sequence Number in the Binding Acknowledgement is copied from
the Sequence Number field in the Binding Update. It is used by the Sequence Number field in the Binding Update. It is used by
the mobile node in matching this Binding Acknowledgement with an the mobile node in matching this Binding Acknowledgement with an
outstanding Binding Update. outstanding Binding Update.
skipping to change at page 45, line 15 skipping to change at page 46, line 9
and format of defined options are described in Section 6.2. The and format of defined options are described in Section 6.2. The
receiver MUST ignore and skip any options which it does not receiver MUST ignore and skip any options which it does not
understand. understand.
There MAY be additional information, associated with this Binding There MAY be additional information, associated with this Binding
Acknowledgement that need not be present in all Binding Acknowledgement that need not be present in all Binding
Acknowledgements sent. Mobility options allow future extensions Acknowledgements sent. Mobility options allow future extensions
to the format of the Binding Acknowledgement to be defined. The to the format of the Binding Acknowledgement to be defined. The
following options are valid for the Binding Acknowledgement: following options are valid for the Binding Acknowledgement:
* Binding Authorization Data option * Binding Authorization Data option (this option is mandatory in
Binding Acknowledgements sent by a correspondent node, except
where otherwise noted in Section 9.5.4)
* Binding Refresh Advice option * Binding Refresh Advice option
If no options are present in this message, 4 bytes of padding is If no options are present in this message, 4 octets of padding is
necessary and the Header Len field will be set to 1. necessary and the Header Len field will be set to 1.
6.1.9 Binding Error Message 6.1.9 Binding Error Message
The Binding Error (BE) message is used by the correspondent node to The Binding Error (BE) message is used by the correspondent node to
signal an error related to mobility, such as an inappropriate attempt signal an error related to mobility, such as an inappropriate attempt
to use the Home Address destination option without an existing to use the Home Address destination option without an existing
binding; see Section 9.3.3 for details. binding; see Section 9.3.3 for details.
The Binding Error message uses the MH Type value 7. When this value The Binding Error message uses the MH Type value 7. When this value
skipping to change at page 51, line 11 skipping to change at page 52, line 11
The Authenticator field contains a cryptographic value which can be The Authenticator field contains a cryptographic value which can be
used to determine that the message in question comes from the right used to determine that the message in question comes from the right
authority. Rules for calculating this value depend on the used authority. Rules for calculating this value depend on the used
authorization procedure. authorization procedure.
For the return routability procedure, this option can appear in the For the return routability procedure, this option can appear in the
Binding Update and Binding Acknowledgements. Rules for calculating Binding Update and Binding Acknowledgements. Rules for calculating
the Authenticator value are the following: the Authenticator value are the following:
Mobility Data = care-of address | final dest | Mobility Header Data Mobility Data = care-of address | correspondent | MH Data
Authenticator = First (96, HMAC_SHA1 (Kbm, Mobility Data)) Authenticator = First (96, HMAC_SHA1 (Kbm, Mobility Data))
Where | denotes concatenation and "final dest" is the IPv6 address of Where | denotes concatenation and "correspondent" is the IPv6 address
the final destination of the packet. "Mobility Header Data" is the of the correspondent node. Note that, if the message is sent to a
content of the Mobility Header, excluding the Authenticator field destination which is itself mobile, the "correspondent" address may
itself. The Authenticator value is calculated as if the Checksum not be the address found in the Destination Address field of the IPv6
field in the Mobility Header was zero. The Checksum in the header; instead the home address from the type 2 Routing header
transmitted packet is still calculated in the usual manner, with the should be used.
calculated Authenticator being a part of the packet protected by the
Checksum. Kbm is the binding management key, which is typically "MH Data" is the content of the Mobility Header, excluding the
created using nonces provided by the correspondent node (see Section Authenticator field itself. The Authenticator value is calculated as
9.4). if the Checksum field in the Mobility Header was zero. The Checksum
in the transmitted packet is still calculated in the usual manner,
with the calculated Authenticator being a part of the packet
protected by the Checksum. Kbm is the binding management key, which
is typically created using nonces provided by the correspondent node
(see Section 9.4). Note that while the contents of a potential Home
Address destination option are not covered in this formula, the rules
for the calculation of the Kbm do take the home address in account.
This ensures that the MAC will be different for different home
addresses.
The first 96 bits from the MAC result are used as the Authenticator The first 96 bits from the MAC result are used as the Authenticator
field. Note that, if the message is sent to a destination which is field.
itself mobile, the "final dest" address may not be the address found
in the Destination Address field of the IPv6 header; instead the home
address from the Home Address destination option should be used.
6.3 Home Address Option 6.3 Home Address Option
The Home Address option is carried by the Destination Option The Home Address option is carried by the Destination Option
extension header (Next Header value = 60). It is used in a packet extension header (Next Header value = 60). It is used in a packet
sent by a mobile node while away from home, to inform the recipient sent by a mobile node while away from home, to inform the recipient
of the mobile node's home address. of the mobile node's home address.
The Home Address option is encoded in type-length-value (TLV) format The Home Address option is encoded in type-length-value (TLV) format
as follows: as follows:
skipping to change at page 52, line 42 skipping to change at page 53, line 42
address MUST be a unicast routable address. address MUST be a unicast routable address.
The alignment requirement [11] for the Home Address option is 8n+6. The alignment requirement [11] for the Home Address option is 8n+6.
The three highest-order bits of the Option Type field are encoded to The three highest-order bits of the Option Type field are encoded to
indicate specific processing of the option [11]; for the Home Address indicate specific processing of the option [11]; for the Home Address
option, these three bits are set to 110. This indicates the option, these three bits are set to 110. This indicates the
following processing requirements: following processing requirements:
o Any IPv6 node that does not recognize the Option Type must discard o Any IPv6 node that does not recognize the Option Type must discard
the packet. the packet, and if the packet's Destination Address was not a
multicast address, return an ICMP Parameter Problem, Code 2,
o If the packet's Destination Address was not a multicast address, message to the packet's Source Address. The Pointer field in the
return an ICMP Parameter Problem, Code 2, message to the packet's ICMP message SHOULD point at the Option Type field. Otherwise,
Source Address; otherwise, for multicast addresses, the ICMP for multicast addresses, the ICMP message MUST NOT be sent.
message MUST NOT be sent.
o The data within the option cannot change en-route to the packet's o The data within the option cannot change en-route to the packet's
final destination. final destination.
The Home Address option MUST be placed as follows: The Home Address option MUST be placed as follows:
o After the routing header, if that header is present o After the routing header, if that header is present
o Before the Fragment Header, if that header is present o Before the Fragment Header, if that header is present
skipping to change at page 55, line 27 skipping to change at page 56, line 27
routing headers. routing headers.
6.5 ICMP Home Agent Address Discovery Request Message 6.5 ICMP Home Agent Address Discovery Request Message
The ICMP Home Agent Address Discovery Request message is used by a The ICMP Home Agent Address Discovery Request message is used by a
mobile node to initiate the dynamic home agent address discovery mobile node to initiate the dynamic home agent address discovery
mechanism, as described in Section 11.4.1. The mobile node sends the mechanism, as described in Section 11.4.1. The mobile node sends the
Home Agent Address Discovery Request message to the Mobile IPv6 Home Agent Address Discovery Request message to the Mobile IPv6
Home-Agents anycast address [16] for its own home subnet prefix. Home-Agents anycast address [16] for its own home subnet prefix.
(Note that the currently defined anycast addresses may not work with (Note that the currently defined anycast addresses may not work with
all prefix lengths other than those defined in RFC 2373 [3, 33].) all prefix lengths other than those defined in RFC 2373 [3, 35].)
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum | | Type | Code | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identifier | Reserved | | Identifier | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type Type
skipping to change at page 59, line 5 skipping to change at page 60, line 5
Identifier Identifier
An identifier to aid in matching a future Mobile Prefix An identifier to aid in matching a future Mobile Prefix
Advertisement to this Mobile Prefix Solicitation. Advertisement to this Mobile Prefix Solicitation.
Reserved Reserved
This field is unused. It MUST be initialized to zero by the This field is unused. It MUST be initialized to zero by the
sender and MUST be ignored by the receiver. sender and MUST be ignored by the receiver.
The Mobile Prefix Solicitation messages may have options. These
options MUST use the option format defined in RFC 2461 [12]. This
document does not define any option types for the Mobile Prefix
Solicitation message, but future documents may define new options.
Home agents MUST silently ignore any options they do not recognize
and continue processing the message.
6.8 ICMP Mobile Prefix Advertisement Message Format 6.8 ICMP Mobile Prefix Advertisement Message Format
A home agent will send a Mobile Prefix Advertisement to a mobile node A home agent will send a Mobile Prefix Advertisement to a mobile node
to distribute prefix information about the home link while the mobile to distribute prefix information about the home link while the mobile
node is traveling away from the home network. This will occur in node is traveling away from the home network. This will occur in
response to a Mobile Prefix Solicitation with an Advertisement, or by response to a Mobile Prefix Solicitation with an Advertisement, or by
an unsolicited Advertisement sent according to the rules in Section an unsolicited Advertisement sent according to the rules in Section
10.6. 10.6.
0 1 2 3 0 1 2 3
skipping to change at page 60, line 41 skipping to change at page 61, line 46
1-bit Other Stateful Configuration flag. When set, hosts use the 1-bit Other Stateful Configuration flag. When set, hosts use the
administered (stateful) protocol for autoconfiguration of other administered (stateful) protocol for autoconfiguration of other
(non-address) information. The use of this flag is described in (non-address) information. The use of this flag is described in
[12, 13]. [12, 13].
Reserved Reserved
This field is unused. It MUST be initialized to zero by the This field is unused. It MUST be initialized to zero by the
sender and MUST be ignored by the receiver. sender and MUST be ignored by the receiver.
Options: The Mobile Prefix Advertisement messages may have options. These
options MUST use the option format defined in <xref
target='RFC2461'>RFC 2461</xref>. This document defines one option
which may be carried in a Mobile Prefix Advertisement message, but
future documents may define new options. Home agents MUST silently
ignore any options they do not recognize and continue processing the
message.
Prefix Information Prefix Information
Each message contains one or more Prefix Information options. Each message contains one or more Prefix Information options.
Each option carries the prefix(es) that the mobile node should use Each option carries the prefix(es) that the mobile node should use
to configure its home address(es). Section 10.6 describes which to configure its home address(es). Section 10.6 describes which
prefixes should be advertised to the mobile node. prefixes should be advertised to the mobile node.
The Prefix Information option is defined in Section 4.6.2 of RFC The Prefix Information option is defined in Section 4.6.2 of RFC
2461 [12], with modifications defined in Section 7.2 of this 2461 [12], with modifications defined in Section 7.2 of this
specification. The home agent MUST use this modified Prefix specification. The home agent MUST use this modified Prefix
Information option to send the aggregate list of home network Information option to send home network prefixes as defined in
prefixes as defined in Section 10.6.1. Section 10.6.1.
Future versions of this protocol may define new option types. Mobile
nodes MUST silently ignore any options they do not recognize and
continue processing the message.
If the Advertisement is sent in response to a Mobile Prefix If the Advertisement is sent in response to a Mobile Prefix
Solicitation, the home agent MUST copy the Identifier value from that Solicitation, the home agent MUST copy the Identifier value from that
message into the Identifier field of the Advertisement. message into the Identifier field of the Advertisement.
The home agent MUST NOT send more than one Mobile Prefix The home agent MUST NOT send more than one Mobile Prefix
Advertisement message per second to any mobile node. Advertisement message per second to any mobile node.
The M and O bits MUST be cleared if the Home Agent DHCPv6 support is The M and O bits MUST be cleared if the Home Agent DHCPv6 support is
not provided. If such support is provided then they are set in not provided. If such support is provided then they are set in
skipping to change at page 64, line 7 skipping to change at page 65, line 7
Reserved1 Reserved1
Reduced from a 6-bit field to a 5-bit field to account for the Reduced from a 6-bit field to a 5-bit field to account for the
addition of the above bit. addition of the above bit.
In a Router Advertisement, a home agent MUST, and all other routers In a Router Advertisement, a home agent MUST, and all other routers
MAY, include at least one Prefix Information option with the Router MAY, include at least one Prefix Information option with the Router
Address (R) bit set. Neighbor Discovery specifies that, if including Address (R) bit set. Neighbor Discovery specifies that, if including
all options in a Router Advertisement causes the size of the all options in a Router Advertisement causes the size of the
Advertisement to exceed the link MTU, multiple Advertisements can be Advertisement to exceed the link MTU, multiple Advertisements can be
sent, each containing a subset of the options [12]. In this case, at sent, each containing a subset of the options [12]. Also, when
least one (not all) of these multiple Advertisements being sent needs sending unsolicited multicast Router Advertisements more frequently
to satisfy the above requirement. than the limit specified in RFC 2461 [12], the sending router need
not include all options in each of these Advertisements. However, in
both of these cases the router SHOULD include at least one Prefix
Information option with the Router Address (R) bit set in each such
advertisement, if this bit is set in some advertisement sent by the
router.
In addition, the following requirement can assist mobile nodes in
movement detection. Barring changes in the prefixes for the link,
routers that send multiple Router Advertisements with the Router
Address (R) bit set in some of the included Prefix Information
options SHOULD provide at least one option and router address which
stays the same in all of the Advertisements.
7.3 New Advertisement Interval Option Format 7.3 New Advertisement Interval Option Format
Mobile IPv6 defines a new Advertisement Interval option, used in Mobile IPv6 defines a new Advertisement Interval option, used in
Router Advertisement messages to advertise the interval at which the Router Advertisement messages to advertise the interval at which the
sending router sends unsolicited multicast Router Advertisements. sending router sends unsolicited multicast Router Advertisements.
The format of the Advertisement Interval option is as follows: The format of the Advertisement Interval option is as follows:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
skipping to change at page 68, line 23 skipping to change at page 69, line 34
Note that multicast Router Advertisements are not always required in Note that multicast Router Advertisements are not always required in
certain wireless networks that have limited bandwidth. Mobility certain wireless networks that have limited bandwidth. Mobility
detection or link changes in such networks may be done at lower detection or link changes in such networks may be done at lower
layers. Router advertisements in such networks SHOULD be sent only layers. Router advertisements in such networks SHOULD be sent only
when solicited. In such networks it SHOULD be possible to disable when solicited. In such networks it SHOULD be possible to disable
unsolicited multicast Router Advertisements on specific interfaces. unsolicited multicast Router Advertisements on specific interfaces.
The MinRtrAdvInterval and MaxRtrAdvInterval in such a case can be set The MinRtrAdvInterval and MaxRtrAdvInterval in such a case can be set
to some high values. to some high values.
When sending unsolicited multicast Router Advertisements more
frequently than the limit specified in RFC 2461 [12], the sending
router need not include all options in each of these Advertisements,
but it SHOULD include at least one Prefix Information option with the
Router Address (R) bit set (Section 7.2) in each.
Home agents MUST include the Source Link-Layer Address option in all Home agents MUST include the Source Link-Layer Address option in all
Router Advertisements they send. This simplifies the process of Router Advertisements they send. This simplifies the process of
returning home, as discussed in Section 11.5.4. returning home, as discussed in Section 11.5.4.
7.6 Changes to Duplicate Address Detection
Upon failing Duplicate Address Detection, [13] requires IPv6 nodes to
stop using the address and wait for reconfiguration. In addition, if
the failed address was a link-local address formed from an interface
identifier, the interface should be disabled.
Mobile nodes that wish to avoid this situation MAY use temporary
link-local addresses as follows. The mobile node SHOULD generate a
random interface identifier and use it for assigning itself a
link-local address. In order to do this, the mobile node applies to
the link-local address the procedure described in RFC 3041 [18] for
global addresses. At most 5 consecutive attempts SHOULD be performed
to generate such addresses and test them through Duplicate Address
Detection. If after these attempts no unique address was found, the
mobile node SHOULD log a system error and give up attempting to find
a link-local address on that interface, until the node moves to a new
link.
8. Requirements for Types of IPv6 Nodes 8. Requirements for Types of IPv6 Nodes
Mobile IPv6 places some special requirements on the functions Mobile IPv6 places some special requirements on the functions
provided by different types of IPv6 nodes. This section summarizes provided by different types of IPv6 nodes. This section summarizes
those requirements, identifying the functionality each requirement is those requirements, identifying the functionality each requirement is
intended to support. intended to support.
The requirements are set for the following groups of nodes: The requirements are set for the following groups of nodes:
o All IPv6 nodes. o All IPv6 nodes.
skipping to change at page 69, line 40 skipping to change at page 70, line 40
Any IPv6 node may at any time be a correspondent node of a mobile Any IPv6 node may at any time be a correspondent node of a mobile
node, either sending a packet to a mobile node or receiving a packet node, either sending a packet to a mobile node or receiving a packet
from a mobile node. There are no Mobile IPv6 specific MUST from a mobile node. There are no Mobile IPv6 specific MUST
requirements for such nodes, and basic IPv6 techniques are requirements for such nodes, and basic IPv6 techniques are
sufficient. If a mobile node attempts to set up route optimization sufficient. If a mobile node attempts to set up route optimization
with a node with only basic IPv6 support, an ICMP error will signal with a node with only basic IPv6 support, an ICMP error will signal
that the node does not support such optimizations (Section 11.3.5), that the node does not support such optimizations (Section 11.3.5),
and communications will flow through the home agent . and communications will flow through the home agent .
An IPv6 node MUST NOT support the Home Address destination option,
type 2 routing header, or the Mobility Header unless it fully
supports the requirements listed in the next sections for either
route optimization, mobile node, or home agent functionality.
8.2 IPv6 Nodes with Support for Route Optimization 8.2 IPv6 Nodes with Support for Route Optimization
Nodes that implement route optimization are a subset of all IPv6 Nodes that implement route optimization are a subset of all IPv6
nodes on the Internet. The ability of a correspondent node to nodes on the Internet. The ability of a correspondent node to
participate in route optimization is essential for the efficient participate in route optimization is essential for the efficient
operation of the IPv6 Internet, for the following reasons: operation of the IPv6 Internet, for the following reasons:
o Avoidance of congestion in the home network, and enabling the use o Avoidance of congestion in the home network, and enabling the use
of lower-performance home agent equipment even for supporting of lower-performance home agent equipment even for supporting
thousands of mobile nodes. thousands of mobile nodes.
skipping to change at page 70, line 18 skipping to change at page 71, line 23
avoided and, again, fewer sources of congestion. avoided and, again, fewer sources of congestion.
o Improved robustness against network partitions, congestion, and o Improved robustness against network partitions, congestion, and
other problems, since fewer routing path segments are traversed. other problems, since fewer routing path segments are traversed.
These effects combine to enable much better performance and These effects combine to enable much better performance and
robustness for communications between mobile nodes and IPv6 robustness for communications between mobile nodes and IPv6
correspondent nodes. Route optimization introduces a small amount of correspondent nodes. Route optimization introduces a small amount of
additional state for the peers, some additional messaging, and upto additional state for the peers, some additional messaging, and upto
1.5 roundtrip delays before it can be turned on. However, it is 1.5 roundtrip delays before it can be turned on. However, it is
believed that the benefits far outweight the costs in most cases. believed that the benefits far outweigh the costs in most cases.
Section 11.3.1 discusses how mobile nodes may avoid route Section 11.3.1 discusses how mobile nodes may avoid route
optimization for some of the remaining cases, such as very short-term optimization for some of the remaining cases, such as very short-term
communications. communications.
The following requirements apply to all correspondent nodes that The following requirements apply to all correspondent nodes that
support route optimization: support route optimization:
o The node MUST be able validate a Home Address option using an o The node MUST be able validate a Home Address option using an
existing Binding Cache entry, as described in Section 9.3.1. existing Binding Cache entry, as described in Section 9.3.1.
o The node MUST be able to insert a type 2 routing header into o The node MUST be able to insert a type 2 routing header into
packets to be sent to a mobile node, as described in Section packets to be sent to a mobile node, as described in Section
9.3.2. 9.3.2.
o Unless the correspondent node is also acting as a mobile node, it o Unless the correspondent node is also acting as a mobile node, it
MUST ignore type 2 routing headers and drop all packets that it MUST ignore type 2 routing headers and silently discard all
has received with such headers. packets that it has received with such headers.
o The node SHOULD be able to interpret ICMP messages as described in o The node SHOULD be able to interpret ICMP messages as described in
Section 9.3.4. Section 9.3.4.
o The node MUST be able to send Binding Error messages as described o The node MUST be able to send Binding Error messages as described
in Section 9.3.3. in Section 9.3.3.
o The node MUST be able to process Mobility Headers as described in o The node MUST be able to process Mobility Headers as described in
Section 9.2. Section 9.2.
skipping to change at page 71, line 10 skipping to change at page 72, line 16
o The node MUST be able to process Binding Update messages (Section o The node MUST be able to process Binding Update messages (Section
9.5). 9.5).
o The node MUST be able to return a Binding Acknowledgement (Section o The node MUST be able to return a Binding Acknowledgement (Section
9.5.4). 9.5.4).
o The node MUST be able to maintain a Binding Cache of the bindings o The node MUST be able to maintain a Binding Cache of the bindings
received in accepted Binding Updates, as described in Section 9.1 received in accepted Binding Updates, as described in Section 9.1
and Section 9.6. and Section 9.6.
o The node MUST allow route optimization to be administratively o The node SHOULD allow route optimization to be administratively
enabled or disabled. The default SHOULD be enabled. enabled or disabled. The default SHOULD be enabled.
8.3 All IPv6 Routers 8.3 All IPv6 Routers
All IPv6 routers, even those not serving as a home agent for Mobile All IPv6 routers, even those not serving as a home agent for Mobile
IPv6, have an effect on how well mobile nodes can communicate: IPv6, have an effect on how well mobile nodes can communicate:
o Every IPv6 router SHOULD be able to send an Advertisement Interval o Every IPv6 router SHOULD be able to send an Advertisement Interval
option (Section 7.3) in each of its Router Advertisements [12], to option (Section 7.3) in each of its Router Advertisements [12], to
aid movement detection by mobile nodes (as in Section 11.5.1). aid movement detection by mobile nodes (as in Section 11.5.1).
skipping to change at page 74, line 22 skipping to change at page 75, line 28
o The node MUST allow route optimization to be administratively o The node MUST allow route optimization to be administratively
enabled or disabled. The default SHOULD be enabled. enabled or disabled. The default SHOULD be enabled.
o The node MAY support the multicast address listener part of a o The node MAY support the multicast address listener part of a
multicast group membership protocol as described in Section multicast group membership protocol as described in Section
11.3.4. If this support is provided, the mobile node MUST be able 11.3.4. If this support is provided, the mobile node MUST be able
to receive tunneled multicast packets from the home agent. to receive tunneled multicast packets from the home agent.
o The node MAY support stateful address autoconfiguration mechanisms o The node MAY support stateful address autoconfiguration mechanisms
such as DHCPv6 [28] on the interface represented by the tunnel to such as DHCPv6 [29] on the interface represented by the tunnel to
the home agent. the home agent.
9. Correspondent Node Operation 9. Correspondent Node Operation
9.1 Conceptual Data Structures 9.1 Conceptual Data Structures
IPv6 nodes with route optimization support maintain a Binding Cache IPv6 nodes with route optimization support maintain a Binding Cache
of bindings for other nodes. A separate Binding Cache SHOULD be of bindings for other nodes. A separate Binding Cache SHOULD be
maintained by each IPv6 node for each of its unicast routable maintained by each IPv6 node for each of its unicast routable
addresses. The Binding Cache MAY be implemented in any manner addresses. The Binding Cache MAY be implemented in any manner
consistent with the external behavior described in this document, for consistent with the external behavior described in this document, for
example by being combined with the node's Destination Cache as example by being combined with the node's Destination Cache as
maintained by Neighbor Discovery [12]. When sending a packet, the maintained by Neighbor Discovery [12]. When sending a packet, the
Binding Cache is searched before the Neighbor Discovery conceptual Binding Cache is searched before the Neighbor Discovery conceptual
Destination Cache [12]. That is, any Binding Cache entry for this Destination Cache [12].
destination SHOULD take precedence over any Destination Cache entry
for the same destination.
Each Binding Cache entry conceptually contains the following fields: Each Binding Cache entry conceptually contains the following fields:
o The home address of the mobile node for which this is the Binding o The home address of the mobile node for which this is the Binding
Cache entry. This field is used as the key for searching the Cache entry. This field is used as the key for searching the
Binding Cache for the destination address of a packet being sent. Binding Cache for the destination address of a packet being sent.
If the destination address of the packet matches the home address
in the Binding Cache entry, this entry SHOULD be used in routing
that packet.
o The care-of address for the mobile node indicated by the home o The care-of address for the mobile node indicated by the home
address field in this Binding Cache entry. If the destination address field in this Binding Cache entry.
address of a packet being routed by a node matches the home
address in this entry, the packet SHOULD be routed to this care-of
address. This is described in Section 9.3.2 for packets
originated by this node.
o A lifetime value, indicating the remaining lifetime for this o A lifetime value, indicating the remaining lifetime for this
Binding Cache entry. The lifetime value is initialized from the Binding Cache entry. The lifetime value is initialized from the
Lifetime field in the Binding Update that created or last modified Lifetime field in the Binding Update that created or last modified
this Binding Cache entry. Once the lifetime of this entry this Binding Cache entry.
expires, the entry MUST be deleted from the Binding Cache.
o A flag indicating whether or not this Binding Cache entry is a o A flag indicating whether or not this Binding Cache entry is a
home registration entry (applicable only on nodes which support home registration entry (applicable only on nodes which support
home agent functionality). home agent functionality).
o The maximum value of the Sequence Number field received in o The maximum value of the Sequence Number field received in
previous Binding Updates for this mobile node home address. The previous Binding Updates for this home address. The Sequence
Sequence Number field is 16 bits long. Sequence Number values Number field is 16 bits long. Sequence Number values MUST be
MUST be compared modulo 2**16 as explained in Section 9.5.1. compared modulo 2**16 as explained in Section 9.5.1.
o Usage information for this Binding Cache entry. This is needed to o Usage information for this Binding Cache entry. This is needed to
implement the cache replacement policy in use in the Binding implement the cache replacement policy in use in the Binding
Cache. Recent use of a cache entry also serves as an indication Cache. Recent use of a cache entry also serves as an indication
that a Binding Refresh Request should be sent when the lifetime of that a Binding Refresh Request should be sent when the lifetime of
this entry nears expiration. this entry nears expiration.
Binding Cache entries not marked as home registrations MAY be Binding Cache entries not marked as home registrations MAY be
replaced at any time by any reasonable local cache replacement policy replaced at any time by any reasonable local cache replacement policy
but SHOULD NOT be unnecessarily deleted. The Binding Cache for any but SHOULD NOT be unnecessarily deleted. The Binding Cache for any
skipping to change at page 76, line 31 skipping to change at page 77, line 21
o The checksum must be verified as per Section 6.1. Otherwise, the o The checksum must be verified as per Section 6.1. Otherwise, the
node MUST silently discard the message. node MUST silently discard the message.
o The MH Type field MUST have a known value (Section 6.1.1). o The MH Type field MUST have a known value (Section 6.1.1).
Otherwise, the node MUST discard the message and issue a Binding Otherwise, the node MUST discard the message and issue a Binding
Error message as described in Section 9.3.3, with Status field set Error message as described in Section 9.3.3, with Status field set
to 2 (unrecognized MH Type value). to 2 (unrecognized MH Type value).
o The Payload Proto field MUST be IPPROTO_NONE (59 decimal). o The Payload Proto field MUST be IPPROTO_NONE (59 decimal).
Otherwise, the node MUST discard the message and SHOULD send ICMP Otherwise, the node MUST discard the message and SHOULD send ICMP
Parameter Problem [14], Code 0, to the Source Address of the Parameter Problem, Code 0, directly to the Source Address of the
packet. packet as specified in RFC 2463 [14]. Thus no Binding Cache
information is used in sending the ICMP message. The Pointer
field in the ICMP message SHOULD point at the Payload Proto field.
o The Header Len field in the Mobility Header MUST NOT be less than o The Header Len field in the Mobility Header MUST NOT be less than
the length specified for this particular type of message in the length specified for this particular type of message in
Section 6.1. Otherwise, the node MUST discard the message and Section 6.1. Otherwise, the node MUST discard the message and
SHOULD send ICMP Parameter Problem [14], Code 0, to the Source SHOULD send ICMP Parameter Problem, Code 0, directly to the Source
Address of the packet. Address of the packet as specified in RFC 2463 [14]. (The Binding
Cache information is again not used.) The Pointer field in the
ICMP message SHOULD point at the Header Len field.
Subsequent checks depend on the particular Mobility Header. Subsequent checks depend on the particular Mobility Header.
9.3 Packet Processing 9.3 Packet Processing
This section describes how the correspondent node sends packets to This section describes how the correspondent node sends packets to
the mobile node, and receives packets from it. the mobile node, and receives packets from it.
9.3.1 Receiving Packets with Home Address Option 9.3.1 Receiving Packets with Home Address Option
Packets containing a Home Address option MUST be dropped if the given Packets containing a Home Address option MUST be dropped if the given
home address is not a unicast routable address. home address is not a unicast routable address.
Mobile nodes are expected to include a Home Address destination Mobile nodes can include a Home Address destination option in a
option in a packet they believe the correspondent node has a Binding packet if they believe the correspondent node has a Binding Cache
Cache entry for the home address of a mobile node. Packets entry for the home address of a mobile node. Packets containing a
containing a Home Address option MUST be dropped if there is no Home Address option MUST be dropped if there is no corresponding
corresponding Binding Cache entry. A corresponding Binding Cache Binding Cache entry. A corresponding Binding Cache entry MUST have
entry MUST have the same home address as appears in the Home Address the same home address as appears in the Home Address destination
destination option, and the currently registered care-of address MUST option, and the currently registered care-of address MUST be equal to
be equal to the source address of the packet. These tests MUST NOT the source address of the packet. These tests MUST NOT be done for
be done for packets that contain a Home Address option and a Binding packets that contain a Home Address option and a Binding Update.
Update.
If the packet is dropped due the above tests, the correspondent node If the packet is dropped due the above tests, the correspondent node
MUST send the Binding Error message as described in Section 9.3.3. MUST send the Binding Error message as described in Section 9.3.3.
The Status field in this message should be set to 1 (unknown binding The Status field in this message should be set to 1 (unknown binding
for Home Address destination option). for Home Address destination option).
The correspondent node MUST process the option in a manner consistent The correspondent node MUST process the option in a manner consistent
with exchanging the Home Address field from the Home Address option with exchanging the Home Address field from the Home Address option
into the IPv6 header and replacing the original value of the Source into the IPv6 header and replacing the original value of the Source
Address field there. After all IPv6 options have been processed, it Address field there. After all IPv6 options have been processed, it
MUST be possible for upper layers to process the packet without the MUST be possible for upper layers to process the packet without the
knowledge that it came originally from a care-of address or that a knowledge that it came originally from a care-of address or that a
Home Address option was used. Home Address option was used.
No additional authentication of the Home Address option is required, The use of IPsec Authentication Header (AH) for the Home Address
except that if the IPv6 header of a packet is covered by option is not required, except that if the IPv6 header of a packet is
authentication, then that authentication MUST also cover the Home covered by AH, then the authentication MUST also cover the Home
Address option; this coverage is achieved automatically by the Address option; this coverage is achieved automatically by the
definition of the Option Type code for the Home Address option, since definition of the Option Type code for the Home Address option, since
it indicates that the data within the option cannot change en-route it indicates that the data within the option cannot change en-route
to the packet's final destination, and thus the option is included in to the packet's final destination, and thus the option is included in
the authentication computation. By requiring that any authentication the AH computation. By requiring that any authentication of the IPv6
of the IPv6 header also cover the Home Address option, the security header also cover the Home Address option, the security of the Source
of the Source Address field in the IPv6 header is not compromised by Address field in the IPv6 header is not compromised by the presence
the presence of a Home Address option. of a Home Address option.
When attempting to verify authentication data in a packet that When attempting to verify AH authentication data in a packet that
contains a Home Address option, the receiving node MUST calculate the contains a Home Address option, the receiving node MUST calculate the
authentication data as if the following were true: The Home Address AH authentication data as if the following were true: The Home
option contains the care-of address, and the source IPv6 address Address option contains the care-of address, and the source IPv6
field of the IPv6 header contains the home address. This conforms address field of the IPv6 header contains the home address. This
with the calculation specified in Section 11.3.2. conforms with the calculation specified in Section 11.3.2.
9.3.2 Sending Packets to a Mobile Node 9.3.2 Sending Packets to a Mobile Node
Before sending any packet, the sending node SHOULD examine its Before sending any packet, the sending node SHOULD examine its
Binding Cache for an entry for the destination address to which the Binding Cache for an entry for the destination address to which the
packet is being sent. If the sending node has a Binding Cache entry packet is being sent. If the sending node has a Binding Cache entry
for this address, the sending node SHOULD use a type 2 routing header for this address, the sending node SHOULD use a type 2 routing header
to route the packet to this mobile node (the destination node) by way to route the packet to this mobile node (the destination node) by way
of its care-of address. When calculating authentication data in a of its care-of address. However, the mobile node MUST not do this in
packet that contains a type 2 routing header, the correspondent node the following cases:
MUST calculate the authentication data as if the following were true:
The routing header contains the care-of address, the destination IPv6 o When sending an IPv6 Neighbor Discovery [12] packet.
address field of the IPv6 header contains the home address, and the
Segments Left field is zero. The IPsec Security Policy Database o Where otherwise noted in Section 6.1.
lookup MUST based on the mobile node's home address.
When calculating authentication data in a packet that contains a type
2 routing header, the correspondent node MUST calculate the AH
authentication data as if the following were true: The routing header
contains the care-of address, the destination IPv6 address field of
the IPv6 header contains the home address, and the Segments Left
field is zero. The IPsec Security Policy Database lookup MUST based
on the mobile node's home address.
For instance, assuming there are no additional routing headers in For instance, assuming there are no additional routing headers in
this packet beyond those needed by Mobile IPv6, the correspondent this packet beyond those needed by Mobile IPv6, the correspondent
node could set the fields in the packet's IPv6 header and routing node could set the fields in the packet's IPv6 header and routing
header as follows: header as follows:
o The Destination Address in the packet's IPv6 header is set to the o The Destination Address in the packet's IPv6 header is set to the
mobile node's home address (the original destination address to mobile node's home address (the original destination address to
which the packet was being sent). which the packet was being sent).
skipping to change at page 79, line 14 skipping to change at page 80, line 14
node and processed normally by it. If, however, the destination node node and processed normally by it. If, however, the destination node
is a mobile node that is currently away from home, the packet will be is a mobile node that is currently away from home, the packet will be
intercepted by the mobile node's home agent and tunneled to the intercepted by the mobile node's home agent and tunneled to the
mobile node's current primary care-of address. mobile node's current primary care-of address.
9.3.3 Sending Binding Error Messages 9.3.3 Sending Binding Error Messages
Section 9.2 and Section 9.3.1 describe error conditions that lead to Section 9.2 and Section 9.3.1 describe error conditions that lead to
a need to send a Binding Error message. a need to send a Binding Error message.
A Binding Error message is sent to the address that appeared in the A Binding Error message is sent directly to the address that appeared
IPv6 Source Address field of the offending packet. If the Source in the IPv6 Source Address field of the offending packet (before any
Address field does not contain a unicast address, the Binding Error modifications possibly performed as specified in Section 9.3.1). If
message MUST NOT be sent. the Source Address field does not contain a unicast address, the
Binding Error message MUST NOT be sent.
The Home Address field in the Binding Error message MUST be copied The Home Address field in the Binding Error message MUST be copied
from the Home Address field in the Home Address destination option of from the Home Address field in the Home Address destination option of
the offending packet, or set to the unspecified address if no such the offending packet, or set to the unspecified address if no such
option appeared in the packet. option appeared in the packet.
Binding Error messages SHOULD be subject to rate limiting in the same Binding Error messages SHOULD be subject to rate limiting in the same
manner as is done for ICMPv6 messages [14]. manner as is done for ICMPv6 messages [14].
9.3.4 Receiving ICMP Error Messages 9.3.4 Receiving ICMP Error Messages
skipping to change at page 79, line 50 skipping to change at page 80, line 51
transmitted to the mobile node's home agent. By the definition of transmitted to the mobile node's home agent. By the definition of
IPv6 encapsulation [15], the home agent MUST relay certain ICMP error IPv6 encapsulation [15], the home agent MUST relay certain ICMP error
messages back to the original sender of the packet, which in this messages back to the original sender of the packet, which in this
case is the correspondent node. case is the correspondent node.
Thus, in all cases, any meaningful ICMP error messages caused by Thus, in all cases, any meaningful ICMP error messages caused by
packets from a correspondent node to a mobile node will be returned packets from a correspondent node to a mobile node will be returned
to the correspondent node. If the correspondent node receives to the correspondent node. If the correspondent node receives
persistent ICMP Destination Unreachable messages after sending persistent ICMP Destination Unreachable messages after sending
packets to a mobile node based on an entry in its Binding Cache, the packets to a mobile node based on an entry in its Binding Cache, the
correspondent node SHOULD delete this Binding Cache entry. correspondent node SHOULD delete this Binding Cache entry. Note that
if the mobile node continues to send packets with the Home Address
destination option to this correspondent node, they will be dropped
due to the lack of a binding. For this reason it is important that
only persistent ICMP messages lead to the deletion of the Binding
Cache entry.
9.4 Return Routability Procedure 9.4 Return Routability Procedure
This subsection specifies actions taken by a correspondent node This subsection specifies actions taken by a correspondent node
during the return routability procedure. during the return routability procedure.
9.4.1 Receiving Home Test Init Messages 9.4.1 Receiving Home Test Init Messages
Upon receiving a Home Test Init message, the correspondent node Upon receiving a Home Test Init message, the correspondent node
verifies the following: verifies the following:
skipping to change at page 80, line 51 skipping to change at page 82, line 10
material to engage in a return routability procedure in the manner material to engage in a return routability procedure in the manner
described in Section 9.4.1. described in Section 9.4.1.
Section 9.4.4 specifies further processing. Section 9.4.4 specifies further processing.
9.4.3 Sending Home Test Messages 9.4.3 Sending Home Test Messages
The correspondent node creates a home keygen token and uses the The correspondent node creates a home keygen token and uses the
current nonce index as the Home Nonce Index. It then creates a Home current nonce index as the Home Nonce Index. It then creates a Home
Test message (Section 6.1.5) and sends it to the mobile node at the Test message (Section 6.1.5) and sends it to the mobile node at the
latter's home address. Note that the Home Test message is always latter's home address.
sent to the home address of the mobile node without route
optimization, even when there is an existing binding for the mobile
node.
9.4.4 Sending Care-of Test Messages 9.4.4 Sending Care-of Test Messages
The correspondent node creates a care-of nonce and uses the current The correspondent node creates a care-of nonce and uses the current
nonce index as the Care-of Nonce Index. It then creates a Care-of nonce index as the Care-of Nonce Index. It then creates a Care-of
Test message (Section 6.1.6) and sends it to the mobile node at the Test message (Section 6.1.6) and sends it to the mobile node at the
latter's care-of address. latter's care-of address.
9.5 Processing Bindings 9.5 Processing Bindings
skipping to change at page 81, line 37 skipping to change at page 82, line 42
9.5.1 Receiving Binding Updates 9.5.1 Receiving Binding Updates
Before accepting a Binding Update, the receiving node MUST validate Before accepting a Binding Update, the receiving node MUST validate
the Binding Update according to the following tests: the Binding Update according to the following tests:
o The packet MUST contain a unicast routable home address, either in o The packet MUST contain a unicast routable home address, either in
the Home Address option or in the Source Address, if the Home the Home Address option or in the Source Address, if the Home
Address option is not present. Address option is not present.
o The Sequence Number field in the Binding Update is greater than o The Sequence Number field in the Binding Update is greater than
the Sequence Number received in the valid previous Binding Update the Sequence Number received in the previous valid Binding Update
for this home address, if any. for this home address, if any.
If the receiving node has no Binding Cache entry for the indicated
home address, it MUST accept any Sequence Number value in a
received Binding Update from this mobile node.
This Sequence Number comparison MUST be performed modulo 2**16, This Sequence Number comparison MUST be performed modulo 2**16,
i.e., the number is a free running counter represented modulo i.e., the number is a free running counter represented modulo
65536. A Sequence Number in a received Binding Update is 65536. A Sequence Number in a received Binding Update is
considered less than or equal to the last received number if its considered less than or equal to the last received number if its
value lies in the range of the last received number and the value lies in the range of the last received number and the
preceding 32767 values, inclusive. For example, if the last preceding 32768 values, inclusive. For example, if the last
received sequence number was 15, then messages with sequence received sequence number was 15, then messages with sequence
numbers 0 through 15, as well as 32784 through 65535, would be numbers 0 through 15, as well as 32783 through 65535, would be
considered less than or equal. considered less than or equal.
When the return routability procedure is used to enable the When the Home Registration (H) bit is not set, the following are also
establishment of nonce indices as inputs to the creation of the required:
binding key Kbm, the following are also required:
o A Nonce Indices mobility option MUST be present, and the Home and o A Nonce Indices mobility option MUST be present, and the Home and
Care-of Nonce Index values in this option MUST be recent enough to Care-of Nonce Index values in this option MUST be recent enough to
be recognized by the correspondent node. (Care-of Nonce Index be recognized by the correspondent node. (Care-of Nonce Index
values are not inspected for requests to delete a binding.) values are not inspected for requests to delete a binding.)
o The correspondent node MUST re-generate the home keygen token and o The correspondent node MUST re-generate the home keygen token and
the care-of keygen token from the information contained in the the care-of keygen token from the information contained in the
packet. It then generates the binding management key Kbm and uses packet. It then generates the binding management key Kbm and uses
it to verify the authenticator field in the Binding Update as it to verify the authenticator field in the Binding Update as
specified in Section 6.1.7. specified in Section 6.1.7.
o The Home Registration (H) bit MUST NOT be set.
When using Kbm for validating the Binding Update, the following are
required:
o The Binding Authorization Data mobility option MUST be present, o The Binding Authorization Data mobility option MUST be present,
and its contents MUST satisfy rules presented in Section 5.2.6. and its contents MUST satisfy rules presented in Section 5.2.6.
Note that a care-of address different from the Source Address MAY Note that a care-of address different from the Source Address MAY
have been specified by including an Alternate Care-of Address have been specified by including an Alternate Care-of Address
mobility option in the Binding Update. When such a message is mobility option in the Binding Update. When such a message is
received and the return routability procedure is used as an received and the return routability procedure is used as an
authorization method, the correspondent node MUST verify the authorization method, the correspondent node MUST verify the
authenticator by using the address within the Alternate Care-of authenticator by using the address within the Alternate Care-of
Address in the calculations. Address in the calculations.
o The Binding Authorization Data mobility option MUST be the last o The Binding Authorization Data mobility option MUST be the last
option and MUST NOT have trailing padding. option and MUST NOT have trailing padding.
If the Home Registration (H) bit is set, the Nonce Indices mobility
option MUST NOT be present.
If the mobile node sends a sequence number which is not greater than If the mobile node sends a sequence number which is not greater than
the sequence number from the last successful Binding Update, then the the sequence number from the last valid Binding Update for this home
receiving node MUST send back a Binding Acknowledgement with status address, then the receiving node MUST send back a Binding
code 135, and the last accepted sequence number in the Sequence Acknowledgement with status code 135, and the last accepted sequence
Number field of the Binding Acknowledgement. number in the Sequence Number field of the Binding Acknowledgement.
If a binding already exists for the given home address and the home
registration flag has a different value than the Home Registration
(H) bit in the Binding Update, then the receiving node MUST send back
a Binding Acknowledgement with status code 139 (registration type
change disallowed). The home registration flag stored in the Binding
Cache entry MUST NOT be changed.
If the receiving node no longer recognizes the Home Nonce Index If the receiving node no longer recognizes the Home Nonce Index
value, Care-of Nonce Index value, or both values from the Binding value, Care-of Nonce Index value, or both values from the Binding
Update, then the receiving node MUST send back a Binding Update, then the receiving node MUST send back a Binding
Acknowledgement with status code 136, 137, or 138, respectively. Acknowledgement with status code 136, 137, or 138, respectively.
For packets carrying Binding Updates that fail to satisfy all of For packets carrying Binding Updates that fail to satisfy all of
these tests for any reason other than insufficiency of the Sequence these tests for any reason other than insufficiency of the Sequence
Number or expired nonce index values MUST be silently discarded. Number, registration type change, or expired nonce index values, they
MUST be silently discarded.
If the Binding Update is valid according to the tests above, then the If the Binding Update is valid according to the tests above, then the
Binding Update is processed further as follows: Binding Update is processed further as follows:
o The Sequence Number value received from a mobile node in a Binding
Update is stored by the receiving node in its Binding Cache entry
for the given home address.
o If the Lifetime specified in the Binding Update is nonzero and the o If the Lifetime specified in the Binding Update is nonzero and the
specified care-of address is not equal to the home address for the specified care-of address is not equal to the home address for the
binding, then this is a request to cache a binding for the mobile binding, then this is a request to cache a binding for the home
node. If the Home Registration (H) bit is set in the Binding address. If the Home Registration (H) bit is set in the Binding
Update, the Binding Update is processed according to the procedure Update, the Binding Update is processed according to the procedure
specified in Section 10.3.1; otherwise, it is processed according specified in Section 10.3.1; otherwise, it is processed according
to the procedure specified in Section 9.5.2. to the procedure specified in Section 9.5.2.
o If the Lifetime specified in the Binding Update is zero or the o If the Lifetime specified in the Binding Update is zero or the
specified care-of address matches the home address for the specified care-of address matches the home address for the
binding, then this is a request to delete the mobile node's cached binding, then this is a request to delete the cached binding for
binding. In this case, the Binding Update MUST include a valid the home address. In this case, the Binding Update MUST include a
home nonce index, and the care-of nonce index MUST be ignored by valid home nonce index, and the care-of nonce index MUST be
the correspondent node. The generation of the binding management ignored by the correspondent node. The generation of the binding
key depends then exclusively on the home keygen token (Section management key depends then exclusively on the home keygen token
5.2.5). If the Home Registration (H) bit is set in the Binding (Section 5.2.5). If the Home Registration (H) bit is set in the
Update, the Binding Update is processed according to the procedure Binding Update, the Binding Update is processed according to the
specified in Section 10.3.2; otherwise, it is processed according procedure specified in Section 10.3.2; otherwise, it is processed
to the procedure specified in Section 9.5.3. according to the procedure specified in Section 9.5.3.
The specified care-of address MUST be determined as follows: The specified care-of address MUST be determined as follows:
o If the Alternate Care-of Address option is present, the care-of o If the Alternate Care-of Address option is present, the care-of
address is the address in that option. address is the address in that option.
o Otherwise, the care-of address is the Source Address field in the o Otherwise, the care-of address is the Source Address field in the
packet's IPv6 header. packet's IPv6 header.
The home address for the binding MUST be determined as follows: The home address for the binding MUST be determined as follows:
o If the Home Address destination option is present, the home o If the Home Address destination option is present, the home
address is the address in that option. address is the address in that option.
o Otherwise, the home address is the Source Address field in the o Otherwise, the home address is the Source Address field in the
packet's IPv6 header. This implies that the mobile node is at packet's IPv6 header.
home and is about to perform de-registration.
9.5.2 Requests to Cache a Binding 9.5.2 Requests to Cache a Binding
This section describes the processing of a valid Binding Update that This section describes the processing of a valid Binding Update that
requests a node to cache a mobile node's binding, for which the Home requests a node to cache a binding, for which the Home Registration
Registration (H) bit is not set in the Binding Update. (H) bit is not set in the Binding Update.
In this case, the receiving node SHOULD create a new entry in its In this case, the receiving node SHOULD create a new entry in its
Binding Cache for this mobile node, or update its existing Binding Binding Cache for this home address, or update its existing Binding
Cache entry for this mobile node, if such an entry already exists. Cache entry for this home address, if such an entry already exists.
The lifetime for the Binding Cache entry is initialized from the The lifetime for the Binding Cache entry is initialized from the
Lifetime field specified in the Binding Update, although this Lifetime field specified in the Binding Update, although this
lifetime MAY be reduced by the node caching the binding; the lifetime lifetime MAY be reduced by the node caching the binding; the lifetime
for the Binding Cache entry MUST NOT be greater than the Lifetime for the Binding Cache entry MUST NOT be greater than the Lifetime
value specified in the Binding Update. Any Binding Cache entry MUST value specified in the Binding Update. Any Binding Cache entry MUST
be deleted after the expiration of its lifetime. be deleted after the expiration of its lifetime.
The Sequence Number value received from a mobile node in a Binding Note that if the mobile node did not request a Binding
Update is stored by a correspondent node in its Binding Cache entry Acknowledgement, it is not aware of the selected shorter lifetime.
for that mobile node. If the receiving correspondent node has no The mobile node may thus use route optimization and send packets with
Binding Cache entry for the sending mobile node, it MUST accept any the Home Address destination option. As discussed in Section 9.3.1,
Sequence Number value in a received Binding Update from this mobile such packets will be dropped if there is no binding. This situation
node. is recoverable, but can cause temporary packet loss.
The correspondent node MAY refuse to accept a new Binding Cache The correspondent node MAY refuse to accept a new Binding Cache
entry, if it does not have sufficient resources. A new entry MAY entry, if it does not have sufficient resources. A new entry MAY
also be refused if the correspondent node believes its resources are also be refused if the correspondent node believes its resources are
utilized more efficiently in some other purpose, such as serving utilized more efficiently in some other purpose, such as serving
another mobile node with higher amount of traffic. In both cases the another mobile node with higher amount of traffic. In both cases the
correspondent node SHOULD return a Binding Acknowledgement with correspondent node SHOULD return a Binding Acknowledgement with
status value 130. status value 130.
9.5.3 Requests to Delete a Binding 9.5.3 Requests to Delete a Binding
This section describes the processing of a valid Binding Update that This section describes the processing of a valid Binding Update that
requests a node to delete a mobile node's binding from its Binding requests a node to delete a binding, when the Home Registration (H)
Cache, for which the Home Registration (H) bit is not set in the bit is not set in the Binding Update.
Binding Update.
Any existing binding for the mobile node MUST be deleted. A Binding Any existing binding for the given home address MUST be deleted. A
Cache entry for the mobile node MUST NOT be created in response to Binding Cache entry for the home address MUST NOT be created in
receiving the Binding Update. response to receiving the Binding Update.
If the Binding Cache entry was created by use of return routability If the Binding Cache entry was created by use of return routability
nonces, the correspondent node MUST ensure that the same nonces are nonces, the correspondent node MUST ensure that the same nonces are
not used again with the particular home and care-of address. If both not used again with the particular home and care-of address. If both
nonces are still valid, the correspondent node has to remember the nonces are still valid, the correspondent node has to remember the
particular combination of nonce indexes, addresses, and sequence particular combination of nonce indexes, addresses, and sequence
number as illegal, until at least one of the nonces has become too number as illegal, until at least one of the nonces has become too
old. old.
9.5.4 Sending Binding Acknowledgements 9.5.4 Sending Binding Acknowledgements
skipping to change at page 85, line 38 skipping to change at page 87, line 4
Authorization Data mobility option MUST be included, and MUST meet Authorization Data mobility option MUST be included, and MUST meet
the specific authentication requirements for Binding Acknowledgements the specific authentication requirements for Binding Acknowledgements
as defined in Section 5.2. as defined in Section 5.2.
If the Source Address field of the IPv6 header that carried the If the Source Address field of the IPv6 header that carried the
Binding Update does not contain a unicast address, the Binding Binding Update does not contain a unicast address, the Binding
Acknowledgement MUST NOT be sent, and the Binding Update packet MUST Acknowledgement MUST NOT be sent, and the Binding Update packet MUST
be silently discarded. Otherwise, the acknowledgement MUST be sent be silently discarded. Otherwise, the acknowledgement MUST be sent
to the Source Address. Unlike the treatment of regular packets, this to the Source Address. Unlike the treatment of regular packets, this
addressing procedure does not use information from the Binding Cache. addressing procedure does not use information from the Binding Cache.
However, a routing header is needed in some cases. If the Source However, a routing header is needed in some cases. If the Source
Address is the home address of the mobile node, i.e., the Binding Address is the home address of the mobile node, i.e., the Binding
Update did not contain a Home Address destination option, then the Update did not contain a Home Address destination option, then the
Binding Acknowledgement MUST be sent to that address, and the routing Binding Acknowledgement MUST be sent to that address, and the routing
header MUST NOT be used. Otherwise, the Binding Acknowledgement MUST header MUST NOT be used. Otherwise, the Binding Acknowledgement MUST
be sent using a type 2 routing header which contains the mobile be sent using a type 2 routing header which contains the mobile
node's home address. node's home address.
Entries in a node's Binding Cache MUST be deleted when their lifetime
expires.
9.5.5 Sending Binding Refresh Requests 9.5.5 Sending Binding Refresh Requests
If a Binding Cache entry being deleted is still in active use in If a Binding Cache entry being deleted is still in active use in
sending packets to a mobile node, the next packet sent to the mobile sending packets to a mobile node, the next packet sent to the mobile
node will be routed normally to the mobile node's home link. node will be routed normally to the mobile node's home link.
Communication with the mobile node continues, but the tunneling from Communication with the mobile node continues, but the tunneling from
the home network creates additional overhead and latency in the home network creates additional overhead and latency in
delivering packets to the mobile node. delivering packets to the mobile node.
If the sender knows that the Binding Cache entry is still in active If the sender knows that the Binding Cache entry is still in active
use, it MAY send a Binding Refresh Request message to the mobile node use, it MAY send a Binding Refresh Request message to the mobile node
in an attempt to avoid this overhead and latency due to deleting and in an attempt to avoid this overhead and latency due to deleting and
recreating the Binding Cache entry. The Binding Refresh Request recreating the Binding Cache entry.
message is sent in the same way as any packet addressed to the mobile
node (Section 9.3.2).
The correspondent node MAY retransmit Binding Refresh Request The correspondent node MAY retransmit Binding Refresh Request
messages provided that rate limitation is applied. The correspondent messages provided that rate limitation is applied. The correspondent
node MUST stop retransmitting when it receives a Binding Update. node MUST stop retransmitting when it receives a Binding Update.
9.6 Cache Replacement Policy 9.6 Cache Replacement Policy
Conceptually, a node maintains a separate timer for each entry in its Conceptually, a node maintains a separate timer for each entry in its
Binding Cache. When creating or updating a Binding Cache entry in Binding Cache. When creating or updating a Binding Cache entry in
response to a received and accepted Binding Update, the node sets the response to a received and accepted Binding Update, the node sets the
timer for this entry to the specified Lifetime period. Any entry in timer for this entry to the specified Lifetime period. Any entry in
a node's Binding Cache MUST be deleted after the expiration of the a node's Binding Cache MUST be deleted after the expiration of the
Lifetime specified in the Binding Update from which the entry was Lifetime specified in the Binding Update from which the entry was
created or last updated. created or last updated.
Each node's Binding Cache will, by necessity, have a finite size. A Each node's Binding Cache will, by necessity, have a finite size. A
node MAY use any reasonable local policy for managing the space node MAY use any reasonable local policy for managing the space
within its Binding Cache, except that any entry marked as a home within its Binding Cache.
registration (Section 10.3.1) MUST NOT be deleted from the cache
until the expiration of its lifetime period. When such home
registration entries are deleted, the home agent MUST also cease
intercepting packets on the mobile node's home link addressed to the
mobile node (Section 10.4.1), just as if the mobile node had
de-registered its primary care-of address (see Section 10.3.2).
When attempting to add a new home registration entry in response to a
Binding Update with the Home Registration (H) bit set, if no
sufficient space can be found, the home agent MUST reject the Binding
Update. Furthermore, the home agent MUST return a Binding
Acknowledgement to the sending mobile node, in which the Status field
is set to 130 (insufficient resources).
A node MAY choose to drop any entry already in its Binding Cache, A node MAY choose to drop any entry already in its Binding Cache in
other than home registration entries, in order to make space for a order to make space for a new entry. For example, a "least-recently
new entry. For example, a "least-recently used" (LRU) strategy for used" (LRU) strategy for cache entry replacement among entries is
cache entry replacement among entries not marked as home likely to work well unless the size of the Binding Cache is
registrations is likely to work well unless the size of the Binding substantially insufficient. When entries are deleted, the
Cache is substantially insufficient. correspondent node MUST follow the rules in Section 5.2.8 in order to
guard the return routability procedure against replay attacks.
If the node sends a packet to a destination for which it has dropped If the node sends a packet to a destination for which it has dropped
the entry from its Binding Cache, the packet will be routed through the entry from its Binding Cache, the packet will be routed through
the mobile node's home link. The mobile node can detect this, and the mobile node's home link. The mobile node can detect this, and
establish a new binding if necessary. establish a new binding if necessary.
However, if the mobile node believes that the binding still exists,
it may use route optimization and send packets with the Home Address
destination option. This can create temporary packet loss, as
discussed earlier in the context of binding lifetime reductions
performed by the correspondent node (Section 9.5.2).
10. Home Agent Operation 10. Home Agent Operation
10.1 Conceptual Data Structures 10.1 Conceptual Data Structures
Each home agent MUST maintain a Binding Cache and Home Agents List. Each home agent MUST maintain a Binding Cache and Home Agents List.
The rules for maintaining a Binding Cache are the same for home The rules for maintaining a Binding Cache are the same for home
agents and correspondent nodes, and have already been described in agents and correspondent nodes, and have already been described in
Section 9.1. Section 9.1.
skipping to change at page 89, line 47 skipping to change at page 90, line 47
o If the node implements only correspondent node functionality, or o If the node implements only correspondent node functionality, or
has not been configured to act as a home agent, then the node MUST has not been configured to act as a home agent, then the node MUST
reject the Binding Update. The node MUST then also return a reject the Binding Update. The node MUST then also return a
Binding Acknowledgement to the mobile node, in which the Status Binding Acknowledgement to the mobile node, in which the Status
field is set to 131 (home registration not supported). field is set to 131 (home registration not supported).
o Else, if the home address for the binding (the Home Address field o Else, if the home address for the binding (the Home Address field
in the packet's Home Address option) is not an on-link IPv6 in the packet's Home Address option) is not an on-link IPv6
address with respect to the home agent's current Prefix List or if address with respect to the home agent's current Prefix List or if
the corresponding prefix was not advertised with the Home Agent the corresponding prefix was not included in an advertisement sent
(H) bit set, then the home agent MUST reject the Binding Update with the Home Agent (H) bit set, then the home agent MUST reject
and SHOULD return a Binding Acknowledgement to the mobile node, in the Binding Update and SHOULD return a Binding Acknowledgement to
which the Status field is set to 132 (not home subnet). the mobile node, in which the Status field is set to 132 (not home
subnet).
o Else, if the home agent chooses to reject the Binding Update for o Else, if the home agent chooses to reject the Binding Update for
any other reason (e.g., insufficient resources to serve another any other reason (e.g., insufficient resources to serve another
mobile node as a home agent), then the home agent SHOULD return a mobile node as a home agent), then the home agent SHOULD return a
Binding Acknowledgement to the mobile node, in which the Status Binding Acknowledgement to the mobile node, in which the Status
field is set to an appropriate value to indicate the reason for field is set to an appropriate value to indicate the reason for
the rejection. the rejection.
o A Home Address destination option MUST be present in the message. o A Home Address destination option MUST be present in the message.
It MUST be validated as described in Section 9.3.1 with the It MUST be validated as described in Section 9.3.1 with the
skipping to change at page 90, line 45 skipping to change at page 91, line 45
Acknowledgement. This ensures that no other node on the home link Acknowledgement. This ensures that no other node on the home link
was using the mobile node's home address when the Binding Update was using the mobile node's home address when the Binding Update
arrived. If this Duplicate Address Detection fails for the given arrived. If this Duplicate Address Detection fails for the given
home address or an associated link local address, then the home agent home address or an associated link local address, then the home agent
MUST reject the complete Binding Update and MUST return a Binding MUST reject the complete Binding Update and MUST return a Binding
Acknowledgement to the mobile node, in which the Status field is set Acknowledgement to the mobile node, in which the Status field is set
to 134 (Duplicate Address Detection failed). When the home agent to 134 (Duplicate Address Detection failed). When the home agent
sends a successful Binding Acknowledgement to the mobile node, the sends a successful Binding Acknowledgement to the mobile node, the
home agent assures to the mobile node that its address(es) will home agent assures to the mobile node that its address(es) will
continue to be kept unique by the home agent at least as long as the continue to be kept unique by the home agent at least as long as the
lifetime granted for the bindings is not over. lifetime granted for the binding is not over.
The specific addresses which are to be tested before accepting the The specific addresses which are to be tested before accepting the
Binding Update, and later to be defended by performing Duplicate Binding Update, and later to be defended by performing Duplicate
Address Detection, depend on the setting of the Link-Local Address Address Detection, depend on the setting of the Link-Local Address
Compatibility (L) bit, as follows: Compatibility (L) bit, as follows:
o L=0: Defend only the given address. Do not derive a link-local o L=0: Defend only the given address. Do not derive a link-local
address. address.
o L=1: Defend both the given non link-local unicast (home) address o L=1: Defend both the given non link-local unicast (home) address
skipping to change at page 91, line 24 skipping to change at page 92, line 24
o The lifetime for the Binding Cache entry MUST NOT be greater than o The lifetime for the Binding Cache entry MUST NOT be greater than
the Lifetime value specified in the Binding Update. the Lifetime value specified in the Binding Update.
o The lifetime for the Binding Cache entry MUST NOT be greater than o The lifetime for the Binding Cache entry MUST NOT be greater than
the remaining valid lifetime for the subnet prefix in the mobile the remaining valid lifetime for the subnet prefix in the mobile
node's home address specified with the Binding Update. The node's home address specified with the Binding Update. The
remaining valid lifetime for this prefix is determined by the home remaining valid lifetime for this prefix is determined by the home
agent based on its own Prefix List entry for this prefix [12]. agent based on its own Prefix List entry for this prefix [12].
The remaining preferred lifetime SHOULD NOT have any impact on the The remaining preferred lifetime SHOULD NOT have any impact on the
lifetime for the binding cache entry. The home agent MUST remove lifetime for the binding cache entry.
a binding when the valid lifetime of the prefix associated with it
expires. The home agent MUST remove a binding when the valid lifetime of
the prefix associated with it expires.
o The home agent MAY further decrease the specified lifetime for the o The home agent MAY further decrease the specified lifetime for the
binding, for example based on a local policy. The resulting binding, for example based on a local policy. The resulting
lifetime is stored by the home agent in the Binding Cache entry, lifetime is stored by the home agent in the Binding Cache entry,
and this Binding Cache entry MUST be deleted by the home agent and this Binding Cache entry MUST be deleted by the home agent
after the expiration of this lifetime. after the expiration of this lifetime.
Regardless of the setting of the Acknowledge (A) bit in the Binding Regardless of the setting of the Acknowledge (A) bit in the Binding
Update, the home agent MUST return a Binding Acknowledgement to the Update, the home agent MUST return a Binding Acknowledgement to the
mobile node, constructed as follows: mobile node, constructed as follows:
skipping to change at page 92, line 31 skipping to change at page 93, line 32
home address. home address.
K = 1 K = 1
Move the peer endpoint of the key management protocol Move the peer endpoint of the key management protocol
connection, if any, to the new care-of address. For an IKE connection, if any, to the new care-of address. For an IKE
phase 1 connection, this means that any IKE packets sent to the phase 1 connection, this means that any IKE packets sent to the
peer are sent to this address, and packets from this address peer are sent to this address, and packets from this address
with the original ISAKMP cookies are accepted. with the original ISAKMP cookies are accepted.
Note that Section 2.5.3 in RFC 2408 [8] Section 2.5.3 states
three specifies rules that ISAKMP cookies must satisfy: they
must depend on specific parties and they can only have been
generated by the entity itself. Then it recommends a
particular way to do this, namely a hash of IP addresses. With
the K bit set to 1, the recommended implementation technique
does not work directly. To satisfy the two rules, the specific
parties must be treated as the original IP addresses, not the
ones in use at the specific moment.
o The Sequence Number field MUST be copied from the Sequence Number o The Sequence Number field MUST be copied from the Sequence Number
given in the Binding Update. given in the Binding Update.
o The Lifetime field MUST be set to the remaining lifetime for the o The Lifetime field MUST be set to the remaining lifetime for the
binding as set by the home agent in its home registration Binding binding as set by the home agent in its home registration Binding
Cache entry for the mobile node, as described above. Cache entry for the mobile node, as described above.
o If the home agent stores the Binding Cache entry in nonvolatile o If the home agent stores the Binding Cache entry in nonvolatile
storage, then the Binding Refresh Advice mobility option MUST be storage, then the Binding Refresh Advice mobility option MUST be
omitted. Otherwise, the home agent MAY include this option to omitted. Otherwise, the home agent MAY include this option to
skipping to change at page 97, line 18 skipping to change at page 98, line 33
forwarding described in the previous section. If this support is not forwarding described in the previous section. If this support is not
provided, multicast group membership control messages are silently provided, multicast group membership control messages are silently
ignored. ignored.
In order to forward multicast data packets from the home network to In order to forward multicast data packets from the home network to
all the proper mobile nodes the home agent SHOULD be capable of all the proper mobile nodes the home agent SHOULD be capable of
receiving tunneled multicast group membership control information receiving tunneled multicast group membership control information
from the mobile node in order to determine which groups the mobile from the mobile node in order to determine which groups the mobile
node has subscribed to. These multicast group membership messages node has subscribed to. These multicast group membership messages
are Listener Report messages specified MLD [17] or in other protocols are Listener Report messages specified MLD [17] or in other protocols
such as [35]. such as [37].
The messages are issued by the mobile node but sent through the The messages are issued by the mobile node but sent through the
reverse tunnel to the home agent. These messages are issued whenever reverse tunnel to the home agent. These messages are issued whenever
the mobile node decides to enable reception of packets for a the mobile node decides to enable reception of packets for a
multicast group or in response to an MLD Query from the home agent. multicast group or in response to an MLD Query from the home agent.
The mobile node will also issue multicast group control messages to The mobile node will also issue multicast group control messages to
disable reception of multicast packets when it is no longer disable reception of multicast packets when it is no longer
interested in receiving multicasts for a particular group. interested in receiving multicasts for a particular group.
To obtain the mobile node's current multicast group membership the To obtain the mobile node's current multicast group membership the
skipping to change at page 98, line 16 skipping to change at page 99, line 32
section and the multicast forwarding in Section 10.4.2 are to be section and the multicast forwarding in Section 10.4.2 are to be
achieved. At the time of this writing it was thought that a full achieved. At the time of this writing it was thought that a full
IPv6 multicast router function would be necessary on the home agent, IPv6 multicast router function would be necessary on the home agent,
but it may be possible to achieve the same effects through a "proxy but it may be possible to achieve the same effects through a "proxy
MLD" application coupled with kernel multicast forwarding. This may MLD" application coupled with kernel multicast forwarding. This may
be the subject of future specifications. be the subject of future specifications.
10.4.4 Stateful Address Autoconfiguration 10.4.4 Stateful Address Autoconfiguration
This section describes how home agents support the use of stateful This section describes how home agents support the use of stateful
address autoconfiguration mechanisms such as DHCPv6 [28] from the address autoconfiguration mechanisms such as DHCPv6 [29] from the
mobile nodes. If this support is not provided, then the M and O bits mobile nodes. If this support is not provided, then the M and O bits
must remain cleared on the Mobile Prefix Advertisement Messages. Any must remain cleared on the Mobile Prefix Advertisement Messages. Any
mobile node which issues autoconfiguration queries for servers mobile node which sends DHCPv6 messages to the home agent without
without this support will not receive a response. this support will not receive a response.
If DHCPv6 is used, packets are sent with link-local source addresses If DHCPv6 is used, packets are sent with link-local source addresses
either to a link-scope multicast address or a link-local address. either to a link-scope multicast address or a link-local address.
Mobile nodes desiring to locate a DHCPv6 service may reverse tunnel Mobile nodes desiring to locate a DHCPv6 service may reverse tunnel
standard DHCPv6 packets to the home agent. Since these link-scope standard DHCPv6 packets to the home agent. Since these link-scope
packets can not be forwarded onto the home network it is necessary packets cannot be forwarded onto the home network it is necessary for
for the home agent to either implement a DHCPv6 relay agent or a the home agent to either implement a DHCPv6 relay agent or a DHCPv6
DHCPv6 server function itself. The arriving tunnel or IPsec SA of server function itself. The arriving tunnel or IPsec SA of DHCPv6
DHCPv6 link-scope messages from the mobile node must be noted so that link-scope messages from the mobile node must be noted so that DHCPv6
DHCPv6 responses may be sent back to the appropriate mobile node. responses may be sent back to the appropriate mobile node. DHCPv6
DHCPv6 messages sent to the mobile node with a link-local destination messages sent to the mobile node with a link-local destination must
must be tunneled within the same tunnel header used for other packet be tunneled within the same tunnel header used for other packet
flows. flows.
10.4.5 Handling Reverse Tunneled Packets 10.4.5 Handling Reverse Tunneled Packets
Unless a binding has been established between the mobile node and a Unless a binding has been established between the mobile node and a
correspondent node, traffic from the mobile node to the correspondent correspondent node, traffic from the mobile node to the correspondent
node goes through a reverse tunnel. Home agents MUST support reverse node goes through a reverse tunnel. Home agents MUST support reverse
tunneling as follows: tunneling as follows:
o The tunneled traffic arrives to the home agent's address using o The tunneled traffic arrives to the home agent's address using
IPv6 encapsulation [15]. IPv6 encapsulation [15].
o When a home agent decapsulates a tunneled packet from the mobile o Depending on the security policies used by the home agent, reverse
node, the home agent MUST verify that the Source Address in the tunneled packets MAY be discarded unless accompanied by a valid
tunnel IP header is the mobile node's primary care-of address. ESP header. The support for authenticated reverse tunneling
Otherwise any node in the Internet could send traffic through the allows the home agent to protect the home network and
home agent and escape ingress filtering limitations. correspondent nodes from malicious nodes masquerading as a mobile
node.
Reverse tunneled packets MAY be discarded unless accompanied by a o Otherwise, when a home agent decapsulates a tunneled packet from
valid ESP header, depending on the security policies used by the home the mobile node, the home agent MUST verify that the Source
agent. The support for authenticated reverse tunneling allows the Address in the tunnel IP header is the mobile node's primary
home agent to protect the home network and correspondent nodes from care-of address. Otherwise any node in the Internet could send
malicious nodes masquerading as a mobile node, even if they know the traffic through the home agent and escape ingress filtering
current location of the real mobile node. limitations. This simple check forces the attacker to at least
know the current location of the real mobile node and be able to
defeat ingress filtering.
10.4.6 Protecting Return Routability Packets 10.4.6 Protecting Return Routability Packets
The return routability procedure described in Section 5.2.5 assumes The return routability procedure described in Section 5.2.5 assumes
that the confidentiality of the Home Test Init and Home Test messages that the confidentiality of the Home Test Init and Home Test messages
is protected as they are tunneled between the home agent to the is protected as they are tunneled between the home agent to the
mobile node. Therefore, the home agent MUST support tunnel mode mobile node. Therefore, the home agent MUST support tunnel mode
IPsec ESP for the protection of packets belonging to the return IPsec ESP for the protection of packets belonging to the return
routability procedure. Support for a non-null encryption transform routability procedure. Support for a non-null encryption transform
and authentication algorithm MUST be available. It isn't necessary and authentication algorithm MUST be available. It is not necessary
to distinguish between different kinds of packets within the return to distinguish between different kinds of packets within the return
routability procedure. routability procedure.
Security associations are needed to provide this protection. When Security associations are needed to provide this protection. When
the care-of address for the mobile node changes as a result of an the care-of address for the mobile node changes as a result of an
accepted Binding Update, special treatment is needed for the next accepted Binding Update, special treatment is needed for the next
packets sent using these security associations. The home agent MUST packets sent using these security associations. The home agent MUST
set the new care-of address as the destination address of these set the new care-of address as the destination address of these
packets, as if the destination gateway address in the security packets, as if the outer header destination address in the security
association had changed [21]. association had changed [21].
The above protection SHOULD be used with all mobile nodes. The use The above protection SHOULD be used with all mobile nodes. The use
is controlled by configuration of the IPsec security policy database is controlled by configuration of the IPsec security policy database
both at the mobile node and at the home agent. both at the mobile node and at the home agent.
As described earlier, the Binding Update and Binding Acknowledgement As described earlier, the Binding Update and Binding Acknowledgement
messages require protection between the home agent and the mobile messages require protection between the home agent and the mobile
node. The Mobility Header protocol carries both these messages as node. The Mobility Header protocol carries both these messages as
well as the return routability messages. From the point of view of well as the return routability messages. From the point of view of
the security policy database these messages are indistinguishable. the security policy database these messages are indistinguishable.
The security policy database entries MUST be defined as if they were When IPsec is used to protect return routability signaling or payload
specifically for the tunnel interface between the mobile node and the packets, this protection MUST only be applied to the return
home agent. That is, the policy entries are not generally applied on routability packets entering the IPv6 encapsulated tunnel interface
all traffic on the physical interface(s) of the nodes, but rather between the mobile node and the home agent. This can be achieved,
only on traffic that enters the tunnel. This makes use of for instance, by defining the security policy database entries
per-interface security policy database entries [4], specific to the specifically for the tunnel interface. That is, the policy entries
tunnel interface (the node's attachment to the tunnel [11]). are not generally applied on all traffic on the physical interface(s)
of the nodes, but rather only on traffic that enters the tunnel.
This makes use of per-interface security policy database entries [4],
specific to the tunnel interface (the node's attachment to the tunnel
[11]).
10.5 Dynamic Home Agent Address Discovery 10.5 Dynamic Home Agent Address Discovery
This section describes how a home agent can help mobile nodes to This section describes how a home agent can help mobile nodes to
discover the addresses of the home agents. The home agent keeps discover the addresses of the home agents. The home agent keeps
track of the other home agents on the same link, and responds to track of the other home agents on the same link, and responds to
queries sent by the mobile node. queries sent by the mobile node.
10.5.1 Receiving Router Advertisement Messages 10.5.1 Receiving Router Advertisement Messages
skipping to change at page 102, line 16 skipping to change at page 103, line 43
o The home agent SHOULD reduce the number of home agent IP addresses o The home agent SHOULD reduce the number of home agent IP addresses
so that the packet fits within the minimum IPv6 MTU [11]. The so that the packet fits within the minimum IPv6 MTU [11]. The
home agent addresses selected for inclusion in the packet SHOULD home agent addresses selected for inclusion in the packet SHOULD
be those from the complete list with the highest preference. This be those from the complete list with the highest preference. This
limitation avoids the danger of the Reply message packet being limitation avoids the danger of the Reply message packet being
fragmented (or rejected by an intermediate router with an ICMP fragmented (or rejected by an intermediate router with an ICMP
Packet Too Big message [14]). Packet Too Big message [14]).
10.6 Sending Prefix Information to the Mobile Node 10.6 Sending Prefix Information to the Mobile Node
10.6.1 Aggregate List of Home Network Prefixes 10.6.1 List of Home Network Prefixes
Mobile IPv6 arranges to propagate relevant prefix information to the Mobile IPv6 arranges to propagate relevant prefix information to the
mobile node when it is away from home, so that it may be used in mobile node when it is away from home, so that it may be used in
mobile node home address configuration, and in network renumbering. mobile node home address configuration, and in network renumbering.
In this mechanism, mobile nodes away from home receive Mobile Prefix In this mechanism, mobile nodes away from home receive Mobile Prefix
Advertisements messages with Prefix Information Options, which give Advertisements messages. These messages include Prefix Information
the valid lifetime and preferred lifetime for available prefixes on Options for the prefixes configured on the home subnet interface(s)
the home link. of the home agent.
The messages relayed to the mobile node are the ones learned via If there are multiple home agents, differences in the advertisements
Neighbor Discovery on the home link. The prefix options are sent by different home agents can lead to an inability to use a
processed as defined in [12, 13]. particular home address when changing to another home agent. In
order to ensure that the mobile nodes get the same information from
different home agents, it is desired that all the home agents on the
same link be configured in the same manner.
To support this, the home agent monitors prefixes advertised by To support this, the home agent monitors prefixes advertised by
itself and other home agents routers on the home link, and passes itself and other home agents on the home link. In RFC 2461 [12] it
this aggregated list of relevant subnet prefixes on to the mobile is acceptable for two routers to advertise different sets of prefixes
node in Mobile Prefix Advertisements. on the same link. For home agents such differences should be
detected since for a given home address the mobile node communicates
The home agent SHOULD construct the aggregate list of home subnet only with one home agent at a time and the mobile node needs to know
prefixes as follows: the full set of prefixes assigned to the home link. All other
comparisons of Router Advertisements are as specified in Section
o Copy prefix information defined in the home agent's AdvPrefixList 6.2.7 of RFC 2461.
on the home subnet's interfaces to the aggregate list. Also apply
any changes made to the AdvPrefixList on the home agent to the
aggregate list.
o Check valid prefixes received in Router Advertisements from the
home network for consistency with the home agent's AdvPrefixList,
as specified in Section 6.2.7 of RFC 2461 [12]. Do not update the
aggregate list with any information from received prefixes that
fail this check.
o For Router Advertisements which have the Home Agent (H) bit set,
check valid prefixes that are not yet in the aggregate list. If a
Prefix Information option has the autonomous address configuration
(A) flag set and the prefix length is valid for address
autoconfiguration on the home subnet, add these advertisements and
preserve the on-link (L) flag value. Clear the Router Address (R)
flag and zero the interface-id portion of the prefix field to
prevent mobile nodes from treating another router's interface
address as belonging to the home agent. Treat the lifetimes of
these prefixes as decrementing in real time, as defined in Section
6.2.7 of RFC 2461 [12].
o Do not perform consistency checks on valid prefixes received in
Router Advertisements on the home network that do not exist in the
home agent's AdvPrefixList. Instead, if the prefixes already
exist in the aggregate list, update the prefix lifetime fields in
the aggregate list according to the rules specified for hosts in
Section 6.3.4 of RFC 2461 [12] and Section 5.5.3 of RFC 2462 [13],
unless the update would override existing information from this
home agent.
o If the L flag is set on valid prefixes received in a Router
Advertisement, and that prefix already exists in the aggregate
list, set the flag in the aggregate list. Ignore the flag if it
is clear or if the setting of the flag was already configured in
this home agent.
o Delete prefixes from the aggregate list when their valid lifetimes
expire.
The home agent uses the information in the aggregate list to
construct Mobile Prefix Advertisements. It may be possible to
construct an aggregate list by combining information contained in the
home agent's AdvPrefixList and its Home Agents List used for Dynamic
Home Agent Address Discovery (Section 11.4.1).
10.6.2 Scheduling Prefix Deliveries 10.6.2 Scheduling Prefix Deliveries
A home agent serving a mobile node will schedule the delivery of new A home agent serving a mobile node will schedule the delivery of new
prefix information to that mobile node when any of the following prefix information to that mobile node when any of the following
conditions occur: conditions occur:
MUST: MUST:
o The valid or preferred lifetime or the state of the flags changes o The state of the flags changes for the prefix of the mobile node's
for the prefix of the mobile node's registered home address. registered home address.
o The valid or preferred lifetime is reconfigured or changes for any
reason other than advancing real time.
o The mobile node requests the information with a Mobile Prefix o The mobile node requests the information with a Mobile Prefix
Solicitation (see Section 11.4.2). Solicitation (see Section 11.4.2).
SHOULD: SHOULD:
o A new prefix is added to the aggregate list. o A new prefix is added to the home subnet interface(s) of the home
agent.
MAY: MAY:
o The valid or preferred lifetime or the state of the flags changes o The valid or preferred lifetime or the state of the flags changes
for a prefix which is not used in any Binding Cache entry for this for a prefix which is not used in any Binding Cache entry for this
mobile node. mobile node.
The home agent uses the following algorithm to determine when to send The home agent uses the following algorithm to determine when to send
prefix information to the mobile node. prefix information to the mobile node.
o If a mobile node sends a solicitation, answer right away. o If a mobile node sends a solicitation, answer right away.
o If no Mobile Prefix Advertisement has been sent to the mobile node o If no Mobile Prefix Advertisement has been sent to the mobile node
in the last MaxMobPfxAdvInterval (see Section 13) seconds, then in the last MaxMobPfxAdvInterval (see Section 13) seconds, then
ensure that a transmission is scheduled. The actual transmission ensure that a transmission is scheduled. The actual transmission
time is randomized as described below. time is randomized as described below.
o If a prefix in the aggregate list that matches the mobile node's o If a prefix matching the mobile node's home registration is added
home registration is added, or if its information changes in any on the home subnet interface, or if its information changes in any
way that does not deprecate the mobile node's address, ensure that way that does not deprecate the mobile node's address, ensure that
a transmission is scheduled. The actual transmission time is a transmission is scheduled. The actual transmission time is
randomized as described below. randomized as described below.
o If a home registration expires, cancel any scheduled o If a home registration expires, cancel any scheduled
advertisements to the mobile node. advertisements to the mobile node.
The aggregate list is sent in its entirety in all cases. The list of prefixes is sent in its entirety in all cases.
If the home agent already has scheduled the transmission of a Mobile If the home agent already has scheduled the transmission of a Mobile
Prefix Advertisement to the mobile node, the home agent replaces the Prefix Advertisement to the mobile node, the home agent replaces the
advertisement with a new one, to be sent at the scheduled time. advertisement with a new one, to be sent at the scheduled time.
Otherwise, the home agent computes a fresh value for RAND_ADV_DELAY, Otherwise, the home agent computes a fresh value for RAND_ADV_DELAY,
the offset from the current time for the scheduled transmission as the offset from the current time for the scheduled transmission as
follows. First calculate the maximum delay for the scheduled follows. First calculate the maximum delay for the scheduled
Advertisement: Advertisement:
skipping to change at page 107, line 12 skipping to change at page 108, line 12
home address. This limit on the binding lifetime serves to prohibit home address. This limit on the binding lifetime serves to prohibit
use of a mobile node's home address after it becomes invalid. use of a mobile node's home address after it becomes invalid.
11. Mobile Node Operation 11. Mobile Node Operation
11.1 Conceptual Data Structures 11.1 Conceptual Data Structures
Each mobile node MUST maintain a Binding Update List. Each mobile node MUST maintain a Binding Update List.
The Binding Update List records information for each Binding Update The Binding Update List records information for each Binding Update
sent by this mobile node, for which the lifetime of the binding not sent by this mobile node, for which the lifetime of the binding has
yet expired. The Binding Update List includes all bindings sent by not yet expired. The Binding Update List includes all bindings sent
the mobile node either to its home agent or correspondent nodes. It by the mobile node either to its home agent or correspondent nodes.
also contains Binding Updates which are waiting for the completion of It also contains Binding Updates which are waiting for the completion
the return routability procedure before they can be sent. However, of the return routability procedure before they can be sent.
for multiple Binding Updates sent to the same destination address, However, for multiple Binding Updates sent to the same destination
the Binding Update List contains only the most recent Binding Update address, the Binding Update List contains only the most recent
(i.e., with the greatest Sequence Number value) sent to that Binding Update (i.e., with the greatest Sequence Number value) sent
destination. The Binding Update List MAY be implemented in any to that destination. The Binding Update List MAY be implemented in
manner consistent with the external behavior described in this any manner consistent with the external behavior described in this
document. document.
Each Binding Update List entry conceptually contains the following Each Binding Update List entry conceptually contains the following
fields: fields:
o The IP address of the node to which a Binding Update was sent. o The IP address of the node to which a Binding Update was sent.
o The home address for which that Binding Update was sent. o The home address for which that Binding Update was sent.
o The care-of address sent in that Binding Update. This value is o The care-of address sent in that Binding Update. This value is
skipping to change at page 108, line 17 skipping to change at page 109, line 17
retransmission attempt for the Binding Update, and the current retransmission attempt for the Binding Update, and the current
state of the exponential back-off mechanism for retransmissions. state of the exponential back-off mechanism for retransmissions.
o A flag specifying whether or not future Binding Updates should be o A flag specifying whether or not future Binding Updates should be
sent to this destination. The mobile node sets this flag in the sent to this destination. The mobile node sets this flag in the
Binding Update List entry when it receives an ICMP Parameter Binding Update List entry when it receives an ICMP Parameter
Problem, Code 1, error message in response to a return routability Problem, Code 1, error message in response to a return routability
message or Binding Update sent to that destination, as described message or Binding Update sent to that destination, as described
in Section 11.3.5. in Section 11.3.5.
The Binding Update List is used to determine whether a particular
packet is sent directly to the correspondent node or tunneled via the
home agent (see Section 11.3.1).
The Binding Update list also conceptually contains the following data The Binding Update list also conceptually contains the following data
related to running the return routability procedure. This data is related to running the return routability procedure. This data is
relevant only for Binding Updates sent to correspondent nodes. relevant only for Binding Updates sent to correspondent nodes.
o The time at which a Home Test Init or Care-of Test Init message o The time at which a Home Test Init or Care-of Test Init message
was last sent to this destination, as needed to implement the rate was last sent to this destination, as needed to implement the rate
limiting restriction for the return routability procedure. limiting restriction for the return routability procedure.
o The state of any retransmissions needed for this return o The state of any retransmissions needed for this return
routability procedure. This state includes the time remaining routability procedure. This state includes the time remaining
skipping to change at page 109, line 23 skipping to change at page 110, line 25
o Protocols layered over IP will generally treat the mobile node's o Protocols layered over IP will generally treat the mobile node's
home address as its IP address for most packets. For packets sent home address as its IP address for most packets. For packets sent
that are part of transport-level connections established while the that are part of transport-level connections established while the
mobile node was at home, the mobile node MUST use its home mobile node was at home, the mobile node MUST use its home
address. Likewise, for packets sent that are part of address. Likewise, for packets sent that are part of
transport-level connections that the mobile node may still be transport-level connections that the mobile node may still be
using after moving to a new location, the mobile node SHOULD use using after moving to a new location, the mobile node SHOULD use
its home address in this way. If a binding exists, the mobile its home address in this way. If a binding exists, the mobile
node SHOULD send the packets directly to the correspondent node. node SHOULD send the packets directly to the correspondent node.
Otherwise, if a binding does not exist, the mobile node MUST use Otherwise, if a binding does not exist, the mobile node MUST use
reverse tunneling. Detailed operation for both of these cases is reverse tunneling.
described later in this section and also discussed in [29].
o The mobile node MAY choose to directly use one of its care-of o The mobile node MAY choose to directly use one of its care-of
addresses as the source of the packet, not requiring the use of a addresses as the source of the packet, not requiring the use of a
Home Address option in the packet. This is particularly useful Home Address option in the packet. This is particularly useful
for short-term communication that may easily be retried if it for short-term communication that may easily be retried if it
fails. Using the mobile node's care-of address as the source for fails. Using the mobile node's care-of address as the source for
such queries will generally have a lower overhead than using the such queries will generally have a lower overhead than using the
mobile node's home address, since no extra options need be used in mobile node's home address, since no extra options need be used in
either the query or its reply. Such packets can be routed either the query or its reply. Such packets can be routed
normally, directly between their source and destination without normally, directly between their source and destination without
skipping to change at page 109, line 46 skipping to change at page 110, line 47
has no particular knowledge that the communication being sent fits has no particular knowledge that the communication being sent fits
within this general type of communication, however, the mobile within this general type of communication, however, the mobile
node should not use its care-of address as the source of the node should not use its care-of address as the source of the
packet in this way. packet in this way.
The choice of the most efficient communications method is The choice of the most efficient communications method is
application specific, and outside the scope of this specification. application specific, and outside the scope of this specification.
The APIs necessary for controlling the choice are also out of The APIs necessary for controlling the choice are also out of
scope. scope.
o While not at its home link, the mobile node MUST NOT use the home o While not at its home link, the mobile node MUST NOT use the Home
address destination option when communicating with link-local or Address destination option when communicating with link-local or
site-local peers, if the scope of the home address is larger than site-local peers, if the scope of the home address is larger than
the scope of the peer's address. the scope of the peer's address.
Similarly, the mobile node MUST NOT use the Home Address
destination option for IPv6 Neighbor Discovery [12] packets.
Detailed operation of these cases is described later in this section
and also discussed in [31].
For packets sent by a mobile node while it is at home, no special For packets sent by a mobile node while it is at home, no special
Mobile IPv6 processing is required. Likewise, if the mobile node Mobile IPv6 processing is required. Likewise, if the mobile node
uses any address other than any of its home addresses as the source uses any address other than any of its home addresses as the source
of a packet sent while away from home no special Mobile IPv6 of a packet sent while away from home no special Mobile IPv6
processing is required. In either case, the packet is simply processing is required. In either case, the packet is simply
addressed and transmitted in the same way as any normal IPv6 packet. addressed and transmitted in the same way as any normal IPv6 packet.
For packets sent by the mobile node sent while away from home using For packets sent by the mobile node sent while away from home using
the mobile node's home address as the source, special Mobile IPv6 the mobile node's home address as the source, special Mobile IPv6
processing of the packet is required. This can be done in the processing of the packet is required. This can be done in the
following two ways: following two ways:
Route Optimization Route Optimization
This manner of delivering packets does not require going through This manner of delivering packets does not require going through
the home network, and typically will enable faster and more the home network, and typically will enable faster and more
reliable transmission. reliable transmission.
The mobile node may send packets to the correspondent node in this The mobile node needs to ensure that there exists a Binding Cache
manner only if the mobile node is aware that the correspondent entry for its home address so that the correspondent node can
node already has a Binding Cache entry for the mobile node's home process the packet (Section 9.3.1 specifies the rules for Home
address. Section 9.3.1 specifies the rules for Home Address Address Destination Option Processing at a correspondent node).
Destination Option Processing at a correspondent node. The mobile The mobile node SHOULD examine its Binding Update List for an
node needs to ensure that there exists a Binding Cache entry for entry which fulfills the following conditions:
its home address so that the correspondent node can process the
packet. A mobile node SHOULD arrange to supply the home address * The Source Address field of the packet being sent is equal to
in a Home Address option, and allowing the IPv6 header's Source the home address in the entry.
Address field to be set to one of the mobile node's care-of
addresses; the correspondent node will then use the address * The Destination Address field of the packet being sent is equal
supplied in the Home Address option to serve the function to the address of the correspondent node in the entry.
traditionally done by the Source IP address in the IPv6 header.
The mobile node's home address is then supplied to higher protocol * One of the current care-of addresses of the mobile node appears
layers and applications. Specifically: as the care-of address in the entry.
* The entry indicates that a binding has been successfully
created.
* The remaining lifetime of the binding is greater than zero.
When these conditions are met, the mobile node knows that the
correspondent node has a suitable Binding Cache entry.
A mobile node SHOULD arrange to supply the home address in a Home
Address option, and MUST set the IPv6 header's Source Address
field to the care-of address which the mobile node has registered
to be used with this correspondent node. The correspondent node
will then use the address supplied in the Home Address option to
serve the function traditionally done by the Source IP address in
the IPv6 header. The mobile node's home address is then supplied
to higher protocol layers and applications.
Specifically:
* Construct the packet using the mobile node's home address as * Construct the packet using the mobile node's home address as
the packet's Source Address, in the same way as if the mobile the packet's Source Address, in the same way as if the mobile
node were at home. This includes the calculation of upper node were at home. This includes the calculation of upper
layer checksums using the home address as the value of the layer checksums using the home address as the value of the
source. source.
* Insert a Home Address option into the packet, with the Home * Insert a Home Address option into the packet, with the Home
Address field copied from the original value of the Source Address field copied from the original value of the Source
Address field in the packet. Address field in the packet.
skipping to change at page 111, line 13 skipping to change at page 112, line 40
being used. being used.
By using the care-of address as the Source Address in the IPv6 By using the care-of address as the Source Address in the IPv6
header, with the mobile node's home address instead in the Home header, with the mobile node's home address instead in the Home
Address option, the packet will be able to safely pass through any Address option, the packet will be able to safely pass through any
router implementing ingress filtering [26]. router implementing ingress filtering [26].
Reverse Tunneling Reverse Tunneling
This is the mechanism which tunnels the packets via the home This is the mechanism which tunnels the packets via the home
agent. It isn't as efficient as the above mechanism, but is agent. It is not as efficient as the above mechanism, but is
needed if there is no binding yet with the correspondent node. needed if there is no binding yet with the correspondent node.
This mechanism is used for packets that have the mobile node's This mechanism is used for packets that have the mobile node's
home address as the Source Address in the IPv6 header, or with home address as the Source Address in the IPv6 header, or with
multicast control protocol packets as described in Section 11.3.4. multicast control protocol packets as described in Section 11.3.4.
Specifically: Specifically:
* The packet is sent to the home agent using IPv6 encapsulation * The packet is sent to the home agent using IPv6 encapsulation
[15]. [15].
* The Source Address in the tunnel packet is the primary care-of * The Source Address in the tunnel packet is the primary care-of
address as registered with the home agent. address as registered with the home agent.
skipping to change at page 111, line 50 skipping to change at page 113, line 32
specifications. In the steps described below, it is assumed that specifications. In the steps described below, it is assumed that
IPsec is being used in transport mode [4] and that the mobile node is IPsec is being used in transport mode [4] and that the mobile node is
using its home address as the source for the packet (from the point using its home address as the source for the packet (from the point
of view of higher protocol layers or applications, as described in of view of higher protocol layers or applications, as described in
Section 11.3.1): Section 11.3.1):
o The packet is created by higher layer protocols and applications o The packet is created by higher layer protocols and applications
(e.g., by TCP) as if the mobile node were at home and Mobile IPv6 (e.g., by TCP) as if the mobile node were at home and Mobile IPv6
were not being used. were not being used.
o Determine the outgoing interface for the packet. (Note that the
selection between reverse tunneling and route optimization may
imply different interfaces, particularly if tunnels are considered
interfaces as well.)
o As part of outbound packet processing in IP, the packet is o As part of outbound packet processing in IP, the packet is
compared against the IPsec security policy database to determine compared against the IPsec security policy database to determine
what processing is required for the packet [4]. what processing is required for the packet [4].
o If IPsec processing is required, the packet is either mapped to an o If IPsec processing is required, the packet is either mapped to an
existing Security Association (or SA bundle), or a new SA (or SA existing Security Association (or SA bundle), or a new SA (or SA
bundle) is created for the packet, according to the procedures bundle) is created for the packet, according to the procedures
defined for IPsec. defined for IPsec.
o Since the mobile node is away from home, the mobile is either o Since the mobile node is away from home, the mobile is either
using reverse tunneling or route optimization to reach the using reverse tunneling or route optimization to reach the
correspondent node. correspondent node.
If reverse tunneling is used, the packet is constructed in the If reverse tunneling is used, the packet is constructed in the
normal manner and then tunneled through the home agent. If route normal manner and then tunneled through the home agent.
optimization is in use, the mobile node inserts a Home Address
destination option into the packet, replacing the Source Address If route optimization is in use, the mobile node inserts a Home
in the packet's IP header with a care-of address suitable for the Address destination option into the packet, replacing the Source
link on which the packet is being sent, as described in Section Address in the packet's IP header with the care-of address used
11.3.1. The Destination Options header in which the Home Address with this correspondent node, as described in Section 11.3.1. The
destination option is inserted MUST appear in the packet after the Destination Options header in which the Home Address destination
routing header, if present, and before the IPsec (AH [5] or ESP option is inserted MUST appear in the packet after the routing
[6]) header, so that the Home Address destination option is header, if present, and before the IPsec (AH [5] or ESP [6])
processed by the destination node before the IPsec header is header, so that the Home Address destination option is processed
processed. Finally, once the packet is fully assembled, the by the destination node before the IPsec header is processed.
necessary IPsec authentication (and encryption, if required)
processing is performed on the packet, initializing the Finally, once the packet is fully assembled, the necessary IPsec
Authentication Data in the IPsec header. RFC 2402 treatment of authentication (and encryption, if required) processing is
destination options is extended as follows. The AH authentication performed on the packet, initializing the Authentication Data in
data MUST be calculated as if the following were true: the IPsec header.
RFC 2402 treatment of destination options is extended as follows.
The AH authentication data MUST be calculated as if the following
were true:
* the IPv6 source address in the IPv6 header contains the mobile * the IPv6 source address in the IPv6 header contains the mobile
node's home address, node's home address,
* the Home Address field of the Home Address destination option * the Home Address field of the Home Address destination option
(Section 6.3) contains the new care-of address. (Section 6.3) contains the new care-of address.
o This allows, but does not require, the receiver of the packet o This allows, but does not require, the receiver of the packet
containing a Home Address destination option to exchange the two containing a Home Address destination option to exchange the two
fields of the incoming packet to reach the above situation, fields of the incoming packet to reach the above situation,
skipping to change at page 113, line 27 skipping to change at page 115, line 19
giving the mobile node's home address as the initiator of the giving the mobile node's home address as the initiator of the
Security Association [7]. Security Association [7].
The Key Management Mobility Capability (K) bit in Binding Updates and The Key Management Mobility Capability (K) bit in Binding Updates and
Acknowledgements can be used avoid the need to rerun IKE upon Acknowledgements can be used avoid the need to rerun IKE upon
movements. movements.
11.3.3 Receiving Packets While Away from Home 11.3.3 Receiving Packets While Away from Home
While away from home, a mobile node will receive packets addressed to While away from home, a mobile node will receive packets addressed to
its home address, by one of three methods: its home address, by one of two methods:
o Packets sent by a correspondent node that does not have a Binding o Packets sent by a correspondent node that does not have a Binding
Cache entry for the mobile node, will be sent to the home address, Cache entry for the mobile node, will be sent to the home address,
captured by the home agent and tunneled to the mobile node captured by the home agent and tunneled to the mobile node
o Packets sent by a correspondent node that has a Binding Cache o Packets sent by a correspondent node that has a Binding Cache
entry for the mobile node that contains the mobile node's current entry for the mobile node that contains the mobile node's current
care-of address, will be sent by the correspondent node using a care-of address, will be sent by the correspondent node using a
type 2 routing header. The packet will be addressed to the mobile type 2 routing header. The packet will be addressed to the mobile
node's care-of address, with the final hop in the routing header node's care-of address, with the final hop in the routing header
directing the packet to the mobile node's home address; the directing the packet to the mobile node's home address; the
processing of this last hop of the routing header is entirely processing of this last hop of the routing header is entirely
internal to the mobile node, since the care-of address and home internal to the mobile node, since the care-of address and home
address are both addresses within the mobile node. address are both addresses within the mobile node.
For packets received by the first of these methods, the mobile node For packets received by the first method, the mobile node MUST check
MUST check that the IPv6 source address of the tunneled packet is the that the IPv6 source address of the tunneled packet is the IP address
IP address of its home agent. In this method the mobile node may of its home agent. In this method the mobile node may also send a
also send a Binding Update to the original sender of the packet, as Binding Update to the original sender of the packet, as described in
described in Section 11.7.2, subject to the rate limiting defined in Section 11.7.2, subject to the rate limiting defined in Section 11.8.
Section 11.8. The mobile node MUST also process the received packet The mobile node MUST also process the received packet in the manner
in the manner defined for IPv6 encapsulation [15], which will result defined for IPv6 encapsulation [15], which will result in the
in the encapsulated (inner) packet being processed normally by encapsulated (inner) packet being processed normally by upper-layer
upper-layer protocols within the mobile node, as if it had been protocols within the mobile node, as if it had been addressed (only)
addressed (only) to the mobile node's home address. to the mobile node's home address.
For packets received by the second method, the following rules will For packets received by the second method, the following rules will
result in the packet being processed normally by upper-layer result in the packet being processed normally by upper-layer
protocols within the mobile node, as if it had been addressed to the protocols within the mobile node, as if it had been addressed to the
mobile node's home address. mobile node's home address.
A node receiving a packet addressed to itself (i.e., one of the A node receiving a packet addressed to itself (i.e., one of the
node's addresses is in the IPv6 destination field) follows the next node's addresses is in the IPv6 destination field) follows the next
header chain of headers and processes them. When it encounters a header chain of headers and processes them. When it encounters a
type 2 routing header during this processing it performs the type 2 routing header during this processing it performs the
skipping to change at page 115, line 16 skipping to change at page 117, line 8
In order to receive packets sent to some multicast group, a mobile In order to receive packets sent to some multicast group, a mobile
node must join that multicast group. One method by which a mobile node must join that multicast group. One method by which a mobile
node MAY join the group is via a (local) multicast router on the node MAY join the group is via a (local) multicast router on the
foreign link being visited. In this case, the mobile node MUST use foreign link being visited. In this case, the mobile node MUST use
its care-of address and MUST NOT use the Home Address destination its care-of address and MUST NOT use the Home Address destination
option when sending MLD packets [17]. option when sending MLD packets [17].
Alternatively, a mobile node MAY join multicast groups via a Alternatively, a mobile node MAY join multicast groups via a
bi-directional tunnel to its home agent. The mobile node tunnels its bi-directional tunnel to its home agent. The mobile node tunnels its
multicast group membership control packets (such as those defined in multicast group membership control packets (such as those defined in
[17] or in [35]) to its home agent, and the home agent forwards [17] or in [37]) to its home agent, and the home agent forwards
multicast packets down the tunnel to the mobile node. A mobile node multicast packets down the tunnel to the mobile node. A mobile node
MUST NOT tunnel multicast group membership control packets until (1) MUST NOT tunnel multicast group membership control packets until (1)
the mobile node has a binding in place at the home agent, and (2) the the mobile node has a binding in place at the home agent, and (2) the
latter sends at least one such multicast group membership control latter sends at least one such multicast group membership control
packet via the tunnel. Once this condition is true, the mobile node packet via the tunnel. Once this condition is true, the mobile node
SHOULD assume it does not change as long as the binding does not SHOULD assume it does not change as long as the binding does not
expire. expire.
A mobile node that wishes to send packets to a multicast group also A mobile node that wishes to send packets to a multicast group also
has two options: has two options:
1. Send directly on the foreign link being visited. 1. Send directly on the foreign link being visited.
The application is aware of the care-of address and uses it for The application is aware of the care-of address and uses it as a
multicast traffic just like any other stationary address. The source address for multicast traffic, just like it would use a
mobile node MUST NOT use Home Address destination option in such stationary address. The mobile node MUST NOT use Home Address
traffic. destination option in such traffic.
2. Send via a tunnel to its home agent. 2. Send via a tunnel to its home agent.
Because multicast routing in general depends upon the Source Because multicast routing in general depends upon the Source
Address used in the IPv6 header of the multicast packet, a mobile Address used in the IPv6 header of the multicast packet, a mobile
node that tunnels a multicast packet to its home agent MUST use node that tunnels a multicast packet to its home agent MUST use
its home address as the IPv6 Source Address of the inner its home address as the IPv6 Source Address of the inner
multicast packet. multicast packet.
Note that direct sending from the foreign link is only applicable Note that direct sending from the foreign link is only applicable
skipping to change at page 116, line 10 skipping to change at page 117, line 50
multicast group members. multicast group members.
This specification does not provide mechanisms to enable such local This specification does not provide mechanisms to enable such local
multicast session to survive hand-off, and to seamlessly continue multicast session to survive hand-off, and to seamlessly continue
from a new care-of address on each new foreign link. Any such from a new care-of address on each new foreign link. Any such
mechanism, developed as an extension to this specification, needs to mechanism, developed as an extension to this specification, needs to
take into account the impact of fast moving mobile nodes on the take into account the impact of fast moving mobile nodes on the
Internet multicast routing protocols and their ability to maintain Internet multicast routing protocols and their ability to maintain
the integrity of source specific multicast trees and branches. the integrity of source specific multicast trees and branches.
While the use of reverse tunneling can ensure that multicast trees While the use of bidirectional tunneling can ensure that multicast
are independent of the mobile nodes movement, in some case such trees are independent of the mobile nodes movement, in some case such
tunneling can have adverse affects. The latency of specific types of tunneling can have adverse affects. The latency of specific types of
multicast applications such as multicast based discovery protocols multicast applications such as multicast based discovery protocols
will be affected when the round-trip time between the foreign subnet will be affected when the round-trip time between the foreign subnet
and the home agent is significant compared to that of the topology to and the home agent is significant compared to that of the topology to
be discovered. In addition, the delivery tree from the home agent in be discovered. In addition, the delivery tree from the home agent in
such circumstances relies on unicast encapsulation from the agent to such circumstances relies on unicast encapsulation from the agent to
the mobile node and is therefore bandwidth inefficient compared to the mobile node and is therefore bandwidth inefficient compared to
the native multicast forwarding in the foreign multicast system. the native multicast forwarding in the foreign multicast system.
11.3.5 Receiving ICMP Error Messages 11.3.5 Receiving ICMP Error Messages
Any node that doesn't recognize the Mobility header will return an Any node that does not recognize the Mobility header will return an
ICMP Parameter Problem, Code 1, message to the sender of the packet. ICMP Parameter Problem, Code 1, message to the sender of the packet.
If the mobile node receives such an ICMP error message in response to If the mobile node receives such an ICMP error message in response to
a return routability procedure or Binding Update, it SHOULD record in a return routability procedure or Binding Update, it SHOULD record in
its Binding Update List that future Binding Updates SHOULD NOT be its Binding Update List that future Binding Updates SHOULD NOT be
sent to this destination. sent to this destination. Such Binding Update List entries SHOULD be
removed after a period of time, in order to allow for retrying route
optimization.
New Binding Update List entries MUST NOT be created as a result of New Binding Update List entries MUST NOT be created as a result of
receiving ICMP error messages. receiving ICMP error messages.
Correspondent nodes that have participated in the return routability Correspondent nodes that have participated in the return routability
procedure MUST implement the ability to correctly process received procedure MUST implement the ability to correctly process received
packets containing a Home Address destination option. Therefore, packets containing a Home Address destination option. Therefore,
correctly implemented correspondent nodes should always be able to correctly implemented correspondent nodes should always be able to
recognize Home Address options. If a mobile node receives an ICMP recognize Home Address options. If a mobile node receives an ICMP
Parameter Problem, Code 2, message from some node indicating that it Parameter Problem, Code 2, message from some node indicating that it
skipping to change at page 119, line 49 skipping to change at page 121, line 42
to register its primary care-of address. Otherwise, if no such to register its primary care-of address. Otherwise, if no such
registrations have been made, it SHOULD be the mobile node's registrations have been made, it SHOULD be the mobile node's
stored home agent address, if one exists. Otherwise, if the stored home agent address, if one exists. Otherwise, if the
mobile node has not yet discovered its home agent's address, it mobile node has not yet discovered its home agent's address, it
MUST NOT accept Mobile Prefix Advertisements. MUST NOT accept Mobile Prefix Advertisements.
o The packet MUST have a type 2 routing header and SHOULD be o The packet MUST have a type 2 routing header and SHOULD be
protected by an IPsec header as described in Section 5.4 and protected by an IPsec header as described in Section 5.4 and
Section 6.8. Section 6.8.
o If a solicitation has been sent recently, the ICMP Identifier o If the ICMP Identifier value matches the ICMP Identifier value of
value MUST be the same as in the solicitation. the most recently sent Mobile Prefix Solicitation and no other
advertisement has yet been received for this value, then the
advertisement is considered to be solicited and will be processed
further.
Otherwise, the advertisement is unsolicited, and MUST be silently
discarded. In this case the mobile node SHOULD send a Mobile
Prefix Solicitation.
Any received Mobile Prefix Advertisement not meeting these tests MUST Any received Mobile Prefix Advertisement not meeting these tests MUST
be silently discarded. be silently discarded.
If the advertisement was unsolicited, the mobile node SHOULD send a
Mobile Prefix Solicitation.
For an accepted Mobile Prefix Advertisement, the mobile node MUST For an accepted Mobile Prefix Advertisement, the mobile node MUST
process Managed Address Configuration (M), Other Stateful process Managed Address Configuration (M), Other Stateful
Configuration (O), and the Prefix Information Options as if they Configuration (O), and the Prefix Information Options as if they
arrived in a Router Advertisement [12] on the mobile node's home arrived in a Router Advertisement [12] on the mobile node's home
link. (This specification does not, however, describe how to acquire link. (This specification does not, however, describe how to acquire
home addresses through stateful protocols.) Such processing may home addresses through stateful protocols.) Such processing may
result in the mobile node configuring a new home address, although result in the mobile node configuring a new home address, although
due to separation between preferred lifetime and valid lifetime, such due to separation between preferred lifetime and valid lifetime, such
changes should not affect most communications by the mobile node, in changes should not affect most communications by the mobile node, in
the same way as for nodes that are at home. the same way as for nodes that are at home.
skipping to change at page 120, line 34 skipping to change at page 122, line 31
pre-configured in the mobile node. Note that while dynamic key pre-configured in the mobile node. Note that while dynamic key
management avoids the need to create new security associations, it is management avoids the need to create new security associations, it is
still necessary to add policy entries to protect the communications still necessary to add policy entries to protect the communications
involving the home address(es). Mechanisms for automatic set-up of involving the home address(es). Mechanisms for automatic set-up of
these entries are outside the scope of this specification. these entries are outside the scope of this specification.
11.5 Movement 11.5 Movement
11.5.1 Movement Detection 11.5.1 Movement Detection
The primary movement detection mechanism for Mobile IPv6 defined in The primary goal of movement detection is to detect L3 handovers.
this section uses the facilities of IPv6 Neighbor Discovery, This section does not attempt to specify a fast movement detection
including Router Discovery and Neighbor Unreachability Detection. algorithm which will function optimally for all types of
The mobile node SHOULD supplement this mechanism with other applications, link-layers and deployment scenarios; instead, it
describes a generic method that uses the facilities of IPv6 Neighbor
Discovery, including Router Discovery and Neighbor Unreachability
Detection. At the time of this writing, this method is considered
well enough understood to recommend for standardization, however it
is expected that future versions of this specification or other
specifications may contain updated versions of the movement detection
algorithm that have better performance.
Generic movement detection uses Neighbor Unreachability Detection to
detect when the default router is no longer bi-directionally
reachable, in which case the mobile node must discover a new default
router (usually on a new link). However, this detection only occurs
when the mobile node has packets to send, and in the absence of
frequent Router Advertisements or indications from the link-layer,
the mobile node might become unaware of an L3 handover that occurred.
Therefore, the mobile node should supplement this method with other
information whenever it is available to the mobile node (e.g., from information whenever it is available to the mobile node (e.g., from
lower protocol layers). The description here is based on the lower protocol layers).
conceptual model of the organization and data structures defined by
Neighbor Discovery [12].
Mobile nodes SHOULD use Router Discovery to discover new routers and When the mobile node detects an L3 handover, it performs Duplicate
on-link subnet prefixes; a mobile node MAY send Router Solicitations, Address Detection [13] on its link-local address, selects a new
or MAY wait for unsolicited (periodic) multicast Router default router as a consequence of Router Discovery, and then
Advertisements, as specified for Router Discovery [12]. Based on performs Prefix Discovery with that new router to form new care-of
received Router Advertisements, a mobile node maintains an entry in address(es) as described in Section 11.5.2. It then registers its
its Default Router List for each router, and an entry in its Prefix new primary care-of address with its home agent as described in
List for each subnet prefix that it currently considers to be Section 11.7.1. After updating its home registration, the mobile
on-link. Each entry in these lists has an associated invalidation node then updates associated mobility bindings in correspondent nodes
timer value. While away from home, a mobile node typically selects that it is performing route optimization with as specified in Section
one default router and one subnet prefix to use as the subnet prefix 11.7.2.
in its primary care-of address. A mobile node MAY also have
associated additional care-of addresses, using other subnet prefixes
from its Prefix List. The method by which a mobile node selects and
forms a care-of address from the available subnet prefixes is
described in Section 11.5.2. The mobile node registers its primary
care-of address with its home agent, as described in Section 11.7.1.
While a mobile node is away from home, it is important for the mobile Due to the temporary packet flow disruption and signaling overhead
node to quickly detect when its default router becomes unreachable. involved in updating mobility bindings, the mobile node should avoid
When this happens, the mobile node SHOULD switch to a new default performing an L3 handover until it is strictly necessary.
router and potentially to a new primary care-of address. If, on the Specifically, when the mobile node receives a Router Advertisement
other hand, the mobile node becomes unreachable from its default from a new router that contains a different set of on-link prefixes,
router, it should attempt to become reachable through some other if the mobile node detects that the currently selected default router
router. To detect when its default router becomes unreachable, a on the old link is still bi-directionally reachable, it should
mobile node SHOULD use Neighbor Unreachability Detection. generally continue to use the old router on the old link rather than
switch away from it to use a new default router.
For a mobile node to detect when it has become unreachable from its Mobile nodes can use the information in received Router
default router, the mobile node cannot efficiently rely on Neighbor Advertisements to detect L3 handovers. In doing so the mobile node
Unreachability Detection alone, since the network overhead would be needs to consider the following issues:
prohibitively high in many cases. Instead, when a mobile node
receives any IPv6 packets from its current default router at all,
irrespective of the source IPv6 address, it SHOULD use that as an
indication that it is still reachable from the router.
Since the router sends periodic unsolicited multicast Router o There might be multiple routers on the same link, thus hearing a
Advertisements, the mobile node will have an opportunity to check if new router does not necessarily constitute an L3 handover.
it is still reachable from its default router, even in the absence of
other packets to it from the router. If Router Advertisements that
the mobile node receives include an Advertisement Interval option,
the mobile node MAY use its Advertisement Interval field as an
indication of the frequency with which it SHOULD expect to continue
to receive future Advertisements from that router. This field
specifies the minimum rate (the maximum amount of time between
successive Advertisements) that the mobile node SHOULD expect. If
this amount of time elapses without the mobile node receiving any
Advertisement from this router, the mobile node can be sure that at
least one Advertisement sent by the router has been lost. It is thus
possible for the mobile node to implement its own policy for
determining the number of Advertisements from its current default
router it is willing to tolerate losing before deciding to switch to
a different router from which it may currently be correctly receiving
Advertisements.
On some types of network interfaces, the mobile node MAY also o When there are multiple routers on the same link they might
supplement this monitoring of Router Advertisements, by setting its advertise different prefixes. Thus even hearing a new router with
network interface into "promiscuous" receive mode, so that it is able a new prefix might not be a reliable indication of an L3 handover.
to receive all packets on the link, including those not addressed to
it at the link layer (i.e., disabling link-level address filtering).
The mobile node will then be able to detect any packets sent by the o The link-local addresses of routers are not globally unique, hence
router, in order to detect reachability from the router. This use of after completing an L3 handover the mobile node might continue to
promiscuous mode may be useful on very low bandwidth (e.g., wireless) receive Router Advertisements with the same link-local source
links. If this mode is supported, its use MUST be configurable, address. This might be common if routers use the same link-local
since it is likely to consume additional energy resources. address on multiple interfaces. This issue can be avoided when
routers use the Router Address (R) bit, since that provides a
global address of the router.
If the above means do not provide indication that the mobile node is In addition, the mobile node should consider the following events as
still reachable from its current default router (for instance, the indications that an L3 handover may have occurred. Upon receiving
mobile node receives no packets from the router for a period of such indications, the mobile node needs to perform Router Discovery
time), then the mobile node SHOULD attempt to actively probe the to discover routers and prefixes on the new link, as described in
router with Neighbor Solicitations, even if it is not otherwise Section 6.3.7 of RFC 2461 [12].
actively sending packets to the router. If it receives a solicited
Neighbor Advertisement in response from the router, then the mobile
node can deduce that it is still reachable. It is expected that the
mobile node will in most cases be able to determine its reachability
from the router by listening for packets from the router as described
above, and thus, such extra Neighbor Solicitation probes should
rarely be necessary.
With some types of networks, indications about link-layer mobility o If Router Advertisements that the mobile node receives include an
might be obtained from lower-layer protocol or device driver software Advertisement Interval option, the mobile node may use its
within the mobile node. However, all link-layer mobility indications Advertisement Interval field as an indication of the frequency
from lower layers do not necessarily indicate a movement of the with which it should expect to continue to receive future
mobile node to a new link, such that the mobile node would need to Advertisements from that router. This field specifies the minimum
switch to a new default router and primary care-of address. For rate (the maximum amount of time between successive
example, movement of a mobile node from one cell to another in many Advertisements) that the mobile node should expect. If this
wireless LANs can be made transparent to the IP level through use of amount of time elapses without the mobile node receiving any
a link-layer "roaming" protocol, as long as the different wireless Advertisement from this router, the mobile node can be sure that
LAN cells all operate as part of the same IP link with the same at least one Advertisement sent by the router has been lost. The
subnet prefix. Upon lower-layer indication of link-layer mobility, mobile node can then implement its own policy to determine how
the mobile node SHOULD send Router Solicitations to determine if many lost Advertisements from its current default router
additional on-link subnet prefixes are available on its new link. constitute an L3 handover indication.
The mobile node SHOULD also mark its link-local address as tentative,
and follow standard Duplicate Address Detection procedures [13].
Such lower-layer information might also be useful to a mobile node in o Neighbor Unreachability Detection determines that the default
deciding to switch its primary care-of address to one of the other router is no longer reachable.
care-of addresses it has formed from the on-link subnet prefixes
currently available through different routers from which the mobile o With some types of networks, notification that an L2 handover has
node is reachable. For example, a mobile node MAY use signal occurred might be obtained from lower layer protocols or device
strength or signal quality information (with suitable hysteresis) for driver software within the mobile node. While further details
its link with the available routers to decide when to switch to a new around handling L2 indications as movement hints is an item for
primary care-of address using that router rather than its current further study, at the time of writing this specification the
default router (and current primary care-of address). Even though following is considered reasonable:
the mobile node's current default router may still be reachable in
terms of Neighbor Unreachability Detection, the mobile node MAY use An L2 handover indication may or may not imply L2 movement and L2
such lower-layer information to determine that switching to a new movement may or may not imply L3 movement; the correlations might
default router would provide a better connection. be a function of the type of L2 but might also be a function of
actual deployment of the wireless topology.
Unless it is well-known that an L2 handover indication is likely
to imply L3 movement, instead of immediately multicasting a router
solicitation it may be better to attempt to verify whether the
default router is still bi-directionally reachable. This can be
accomplished by sending a unicast Neighbor Solicitation and
waiting for a Neighbor Advertisement with the solicited flag set.
Note that this is similar to Neighbor Unreachability detection but
it does not have the same state machine, such as the STALE state.
If the default router does not respond to the Neighbor
Solicitation it makes sense to proceed to multicasting a Router
Solicitation.
11.5.2 Forming New Care-of Addresses 11.5.2 Forming New Care-of Addresses
After detecting that it has moved from one link to another (i.e., its After detecting that it has moved a mobile node SHOULD generate a new
current default router has become unreachable and it has discovered a primary care-of address using normal IPv6 mechanisms. This SHOULD
new default router), a mobile node SHOULD generate a new primary also be done when the current primary care-of address becomes
care-of address using normal IPv6 mechanisms. A mobile node MAY form deprecated. A mobile node MAY form a new primary care-of address at
a new primary care-of address at any time, but a mobile node MUST NOT any time, but a mobile node MUST NOT send a Binding Update about a
send a Binding Update about a new care-of address to its home agent new care-of address to its home agent more than MAX_UPDATE_RATE times
more than MAX_UPDATE_RATE times within a second. within a second.
In addition, a mobile node MAY form new non-primary care-of addresses In addition, a mobile node MAY form new non-primary care-of addresses
even when it has not switched to a new default router. A mobile node even when it has not switched to a new default router. A mobile node
can have only one primary care-of address at a time (which is can have only one primary care-of address at a time (which is
registered with its home agent), but it MAY have an additional registered with its home agent), but it MAY have an additional
care-of address for any or all of the prefixes on its current link. care-of address for any or all of the prefixes on its current link.
Furthermore, since a wireless network interface may actually allow a Furthermore, since a wireless network interface may actually allow a
mobile node to be reachable on more than one link at a time (i.e., mobile node to be reachable on more than one link at a time (i.e.,
within wireless transmitter range of routers on more than one within wireless transmitter range of routers on more than one
separate link), a mobile node MAY have care-of addresses on more than separate link), a mobile node MAY have care-of addresses on more than
one link at a time. The use of more than one care-of address at a one link at a time. The use of more than one care-of address at a
time is described in Section 11.5.3. time is described in Section 11.5.3.
As described in Section 4, in order to form a new care-of address, a As described in Section 4, in order to form a new care-of address, a
mobile node MAY use either stateless [13] or stateful (e.g., DHCPv6 mobile node MAY use either stateless [13] or stateful (e.g., DHCPv6
[28]) Address Autoconfiguration. If a mobile node needs to use a [29]) Address Autoconfiguration. If a mobile node needs to use a
source address (other than the unspecified address) in packets sent source address (other than the unspecified address) in packets sent
as a part of address autoconfiguration, it MUST use an IPv6 as a part of address autoconfiguration, it MUST use an IPv6
link-local address rather than its own IPv6 home address. link-local address rather than its own IPv6 home address.
RFC 2462 [13] specifies that in normal processing for Duplicate RFC 2462 [13] specifies that in normal processing for Duplicate
Address Detection, the node SHOULD delay sending the initial Neighbor Address Detection, the node SHOULD delay sending the initial Neighbor
Solicitation message by a random delay between 0 and Solicitation message by a random delay between 0 and
MAX_RTR_SOLICITATION_DELAY. Since delaying DAD can result in MAX_RTR_SOLICITATION_DELAY. Since delaying DAD can result in
significant delays in configuring a new care-of address when the significant delays in configuring a new care-of address when the
Mobile Node moves to a new link, the Mobile Node preferably SHOULD Mobile Node moves to a new link, the Mobile Node preferably SHOULD
skipping to change at page 124, line 22 skipping to change at page 126, line 15
Registration (H) and Acknowledge (A) bits set its home agent, as Registration (H) and Acknowledge (A) bits set its home agent, as
described on Section 11.7.1. described on Section 11.7.1.
To assist with smooth handovers, a mobile node SHOULD retain its To assist with smooth handovers, a mobile node SHOULD retain its
previous primary care-of address as a (non-primary) care-of address, previous primary care-of address as a (non-primary) care-of address,
and SHOULD still accept packets at this address, even after and SHOULD still accept packets at this address, even after
registering its new primary care-of address with its home agent. registering its new primary care-of address with its home agent.
This is reasonable, since the mobile node could only receive packets This is reasonable, since the mobile node could only receive packets
at its previous primary care-of address if it were indeed still at its previous primary care-of address if it were indeed still
connected to that link. If the previous primary care-of address was connected to that link. If the previous primary care-of address was
allocated using stateful Address Autoconfiguration [28], the mobile allocated using stateful Address Autoconfiguration [29], the mobile
node may not wish to release the address immediately upon switching node may not wish to release the address immediately upon switching
to a new primary care-of address. to a new primary care-of address.
Whenever a mobile node determines that it is no longer reachable Whenever a mobile node determines that it is no longer reachable
through a given link, it SHOULD invalidate all care-of addresses through a given link, it SHOULD invalidate all care-of addresses
associated with address prefixes that it discovered from routers on associated with address prefixes that it discovered from routers on
the unreachable link which are not in the current set of address the unreachable link which are not in the current set of address
prefixes advertised by the (possibly new) current default router. prefixes advertised by the (possibly new) current default router.
11.5.4 Returning Home 11.5.4 Returning Home
skipping to change at page 125, line 35 skipping to change at page 127, line 28
a home agent for it. By processing this Binding Update, the home a home agent for it. By processing this Binding Update, the home
agent will cease defending the mobile node's home address for agent will cease defending the mobile node's home address for
Duplicate Address Detection and will no longer respond to Neighbor Duplicate Address Detection and will no longer respond to Neighbor
Solicitations for the mobile node's home address. The mobile node is Solicitations for the mobile node's home address. The mobile node is
then the only node on the link receiving packets at the mobile node's then the only node on the link receiving packets at the mobile node's
home address. In addition, when returning home prior to the home address. In addition, when returning home prior to the
expiration of a current binding for its home address, and configuring expiration of a current binding for its home address, and configuring
its home address on its network interface on its home link, the its home address on its network interface on its home link, the
mobile node MUST NOT perform Duplicate Address Detection on its own mobile node MUST NOT perform Duplicate Address Detection on its own
home address, in order to avoid confusion or conflict with its home home address, in order to avoid confusion or conflict with its home
agent's use of the same address. If the mobile node returns home agent's use of the same address. This rule also applies to the
after the bindings for all of its care-of addresses have expired, derived link-local address of the mobile node, if the Link Local
then it SHOULD perform DAD. Address Compatibility (L) bit was set when the binding was created.
If the mobile node returns home after the bindings for all of its
care-of addresses have expired, then it SHOULD perform DAD.
After the Mobile Node sends the Binding Update, it MUST be prepared After the Mobile Node sends the Binding Update, it MUST be prepared
to reply to Neighbor Solicitations from its home agent. The replies to reply to Neighbor Solicitations for its home address. Such
MUST be sent using a unicast Neighbor Advertisement to the home replies MUST be sent using a unicast Neighbor Advertisement to the
agent's link-layer address. sender's link-layer address. It is necessary to reply, since sending
the Binding Acknowledgement from the home agent may require
performing Neighbor Discovery, and the mobile node may not be able to
distinguish Neighbor Solicitations coming from the home agent from
other Neighbor Solicitations. Note that a race condition exists
where both the mobile node and the home agent respond to the same
solicitations sent by other nodes; this will be only temporary,
however, until the Binding Update is accepted.
After receiving the Binding Acknowledgement for its Binding Update to After receiving the Binding Acknowledgement for its Binding Update to
its home agent, the mobile node MUST multicast onto the home link (to its home agent, the mobile node MUST multicast onto the home link (to
the all-nodes multicast address) a Neighbor Advertisement [12], to the all-nodes multicast address) a Neighbor Advertisement [12], to
advertise the mobile node's own link-layer address for its own home advertise the mobile node's own link-layer address for its own home
address. The Target Address in this Neighbor Advertisement MUST be address. The Target Address in this Neighbor Advertisement MUST be
set to the mobile node's home address, and the Advertisement MUST set to the mobile node's home address, and the Advertisement MUST
include a Target Link-layer Address option specifying the mobile include a Target Link-layer Address option specifying the mobile
node's link-layer address. The mobile node MUST multicast such a node's link-layer address. The mobile node MUST multicast such a
Neighbor Advertisement for each of its home addresses, as defined by Neighbor Advertisement for each of its home addresses, as defined by
skipping to change at page 126, line 46 skipping to change at page 128, line 48
without any messages at all, if the mobile node has a recent home without any messages at all, if the mobile node has a recent home
keygen token and and has previously visited the same care-of address keygen token and and has previously visited the same care-of address
so that it also has a recent care-of keygen token. If the mobile so that it also has a recent care-of keygen token. If the mobile
node intends to send a Binding Update with the Lifetime set to zero node intends to send a Binding Update with the Lifetime set to zero
and the care-of address equal to its home address - such as when and the care-of address equal to its home address - such as when
returning home - sending a Home Test Init message is sufficient. In returning home - sending a Home Test Init message is sufficient. In
this case, generation of the binding management key depends this case, generation of the binding management key depends
exclusively on the home keygen token (Section 5.2.5). exclusively on the home keygen token (Section 5.2.5).
A Home Test Init message MUST be created as described in Section A Home Test Init message MUST be created as described in Section
6.1.3. A Care-of Test Init message MUST be created as described in 6.1.3.
Section 6.1.4. When sending a Home Test Init or Care-of Test Init
message the mobile node MUST record in its Binding Update List the A Care-of Test Init message MUST be created as described in Section
following fields from the messages: 6.1.4. When sending a Home Test Init or Care-of Test Init message
the mobile node MUST record in its Binding Update List the following
fields from the messages:
o The IP address of the node to which the message was sent. o The IP address of the node to which the message was sent.
o The home address of the mobile node. This value will appear in o The home address of the mobile node. This value will appear in
the Source Address field of the Home Test Init message. When the Source Address field of the Home Test Init message. When
sending the Care-of Test Init message, this address does not sending the Care-of Test Init message, this address does not
appear in the message, but represents the home address for which appear in the message, but represents the home address for which
the binding is desired. the binding is desired.
o The time at which each of these messages was sent. o The time at which each of these messages was sent.
o The cookies used in the messages. o The cookies used in the messages.
Note that a single Care-of Test Init message may be sufficient even Note that a single Care-of Test Init message may be sufficient even
when there are multiple home addresses. In this case the mobile node when there are multiple home addresses. In this case the mobile node
MAY record the same information in multiple Binding List entries. MAY record the same information in multiple Binding Update List
entries.
11.6.2 Receiving Test Messages 11.6.2 Receiving Test Messages
Upon receiving a packet carrying a Home Test message, a mobile node Upon receiving a packet carrying a Home Test message, a mobile node
MUST validate the packet according to the following tests: MUST validate the packet according to the following tests:
o The Source Address of the packet belongs to a correspondent node o The Source Address of the packet belongs to a correspondent node
for which the mobile node has a Binding Update List entry with a for which the mobile node has a Binding Update List entry with a
state indicating that return routability procedure is in progress. state indicating that return routability procedure is in progress.
Note that there may be multiple such entries. Note that there may be multiple such entries.
skipping to change at page 127, line 43 skipping to change at page 129, line 48
mobile node, and the packet has been received in a tunnel from the mobile node, and the packet has been received in a tunnel from the
home agent. home agent.
o The Home Init Cookie field in the message matches the value stored o The Home Init Cookie field in the message matches the value stored
in the Binding Update List. in the Binding Update List.
Any Home Test message not satisfying all of these tests MUST be Any Home Test message not satisfying all of these tests MUST be
silently ignored. Otherwise, the mobile node MUST record the Home silently ignored. Otherwise, the mobile node MUST record the Home
Nonce Index and home keygen token in the Binding Update List. If the Nonce Index and home keygen token in the Binding Update List. If the
Binding Update List entry does not have a care-of keygen token, the Binding Update List entry does not have a care-of keygen token, the
mobile node SHOULD continue waiting for additional messages. mobile node SHOULD continue waiting for the Care-of Test message.
Upon receiving a packet carrying a Care-of Test message, a mobile Upon receiving a packet carrying a Care-of Test message, a mobile
node MUST validate the packet according to the following tests: node MUST validate the packet according to the following tests:
o The Source Address of the packet belongs to a correspondent node o The Source Address of the packet belongs to a correspondent node
for which the mobile node has a Binding Update List entry with a for which the mobile node has a Binding Update List entry with a
state indicating that return routability procedure is in progress. state indicating that return routability procedure is in progress.
Note that there may be multiple such entries. Note that there may be multiple such entries.
o The Binding Update List indicates that no care-of keygen token has o The Binding Update List indicates that no care-of keygen token has
skipping to change at page 128, line 18 skipping to change at page 130, line 23
o The Destination Address of the packet is the current care-of o The Destination Address of the packet is the current care-of
address of the mobile node. address of the mobile node.
o The Care-of Init Cookie field in the message matches the value o The Care-of Init Cookie field in the message matches the value
stored in the Binding Update List. stored in the Binding Update List.
Any Care-of Test message not satisfying all of these tests MUST be Any Care-of Test message not satisfying all of these tests MUST be
silently ignored. Otherwise, the mobile node MUST record the Care-of silently ignored. Otherwise, the mobile node MUST record the Care-of
Nonce Index and care-of keygen token in the Binding Update List. If Nonce Index and care-of keygen token in the Binding Update List. If
the Binding Update List entry does not have a home keygen token, the the Binding Update List entry does not have a home keygen token, the
mobile node SHOULD continue waiting for additional messages. mobile node SHOULD continue waiting for the Home Test message.
If after receiving either the Home Test or the Care-of Test message If after receiving either the Home Test or the Care-of Test message
and performing the above actions, the Binding Update List entry has and performing the above actions, the Binding Update List entry has
both the home and the care-of keygen tokens, the return routability both the home and the care-of keygen tokens, the return routability
procedure is complete. The mobile node SHOULD then proceed with procedure is complete. The mobile node SHOULD then proceed with
sending a Binding Update as described in Section 11.7.2. sending a Binding Update as described in Section 11.7.2.
Correspondent nodes from the time before this specification was Correspondent nodes from the time before this specification was
published may not support the Mobility Header protocol. These nodes published may not support the Mobility Header protocol. These nodes
will respond to Home Test Init and Care-of Test Init messages with an will respond to Home Test Init and Care-of Test Init messages with an
skipping to change at page 129, line 14 skipping to change at page 131, line 20
care-of address. care-of address.
Also, if the mobile node wants the services of the home agent beyond Also, if the mobile node wants the services of the home agent beyond
the current registration period, the mobile node should send a new the current registration period, the mobile node should send a new
Binding Update to it well before the expiration of this period, even Binding Update to it well before the expiration of this period, even
if it is not changing its primary care-of address. However, if the if it is not changing its primary care-of address. However, if the
home agent returned a Binding Acknowledgement for the current home agent returned a Binding Acknowledgement for the current
registration with Status field set to 1 (accepted but prefix registration with Status field set to 1 (accepted but prefix
discovery necessary), the mobile node should not try to register discovery necessary), the mobile node should not try to register
again before it has learned the validity of its home prefixes through again before it has learned the validity of its home prefixes through
prefix discovery. This is typically necessary every time this Status mobile prefix discovery. This is typically necessary every time this
value is received, because information learned through prefix Status value is received, because information learned earlier may
discovery on an earlier registration may have changed. have changed.
To register a care-of address or to extend the lifetime of an To register a care-of address or to extend the lifetime of an
existing registration, the mobile node sends a packet to its home existing registration, the mobile node sends a packet to its home
agent containing a Binding Update, with the packet constructed as agent containing a Binding Update, with the packet constructed as
follows: follows:
o The Home Registration (H) bit MUST be set in the Binding Update. o The Home Registration (H) bit MUST be set in the Binding Update.
o The Acknowledge (A) bit MUST be set in the Binding Update. o The Acknowledge (A) bit MUST be set in the Binding Update.
skipping to change at page 131, line 14 skipping to change at page 133, line 19
The last Sequence Number value sent to the home agent in a Binding The last Sequence Number value sent to the home agent in a Binding
Update is stored by the mobile node. If the sending mobile node has Update is stored by the mobile node. If the sending mobile node has
no knowledge of the right Sequence Number value, it may start at any no knowledge of the right Sequence Number value, it may start at any
value. If the home agent rejects the value, it sends back a Binding value. If the home agent rejects the value, it sends back a Binding
Acknowledgement with status code 135, and the last accepted sequence Acknowledgement with status code 135, and the last accepted sequence
number in the Sequence Number field of the Binding Acknowledgement. number in the Sequence Number field of the Binding Acknowledgement.
The mobile node MUST store this information and use the next Sequence The mobile node MUST store this information and use the next Sequence
Number value for the next Binding Update it sends. Number value for the next Binding Update it sends.
If the mobile node has additional home addresses using a different If the mobile node has additional home addresses, then the mobile
interface identifier, then the mobile node SHOULD send an additional node SHOULD send an additional packet containing a Binding Update to
packet containing a Binding Update to its home agent to register the its home agent to register the care-of address for each such other
care-of address for each such other home address (or set of home home address.
addresses sharing an interface identifier).
The home agent will only perform DAD for the mobile node's home The home agent will only perform DAD for the mobile node's home
address when the mobile node has supplied a valid binding between its address when the mobile node has supplied a valid binding between its
home address and a care-of address. If some time elapses during home address and a care-of address. If some time elapses during
which the mobile node has no binding at the home agent, it might be which the mobile node has no binding at the home agent, it might be
possible for another node to autoconfigure the mobile node's home possible for another node to autoconfigure the mobile node's home
address. Therefore, the mobile node MUST treat creation of a new address. Therefore, the mobile node MUST treat creation of a new
binding with the home agent using an existing home address the same binding with the home agent using an existing home address the same
as creation of a new home address. In the unlikely event that the as creation of a new home address. In the unlikely event that the
mobile node's home address is autoconfigured as the IPv6 address of mobile node's home address is autoconfigured as the IPv6 address of
another network node on the home network, the home agent will reply another network node on the home network, the home agent will reply
to the mobile node's subsequent Binding Update with a Binding to the mobile node's subsequent Binding Update with a Binding
Acknowledgement containing a Status of 134 (Duplicate Address Acknowledgement containing a Status of 134 (Duplicate Address
Detection failed). In this case, the mobile node MUST NOT attempt to Detection failed). In this case, the mobile node MUST NOT attempt to
re-use the same home address. It SHOULD continue to register care-of re-use the same home address. It SHOULD continue to register care-of
addresses for its other home addresses, if any. The mobile node MAY addresses for its other home addresses, if any. (Mechanisms outlined
also attempt to acquire a new home address to replace the one for in Appendix B.5 may in the future allow mobile nodes to acquire new
which Status 134 was received, for instance by using the techniques home addresses to replace the one for which Status 134 was received.)
described in Appendix B.5.
11.7.2 Correspondent Binding Procedure 11.7.2 Correspondent Registration
When the mobile node is assured that its home address is valid, it When the mobile node is assured that its home address is valid, it
can initiate a correspondent binding procedure with the purpose of can initiate a correspondent registration with the purpose of
allowing the correspondent node to cache the mobile node's current allowing the correspondent node to cache the mobile node's current
care-of address. This procedure consists of the return routability care-of address. This procedure consists of the return routability
procedure followed by a binding procedure. procedure followed by a registration.
This section defines when to initiate the correspondent binding This section defines when to initiate the correspondent registration,
procedure, and rules to follow when performing it. and rules to follow when performing it.
After the mobile node has sent a Binding Update to its home agent to After the mobile node has sent a Binding Update to its home agent to
register a new primary care-of address (as described in Section register a new primary care-of address (as described in Section
11.7.1), the mobile node SHOULD initiate a correspondent binding 11.7.1), the mobile node SHOULD initiate a correspondent registration
procedure for each node that already appears in the mobile node's for each node that already appears in the mobile node's Binding
Binding Update List. This is necessary in order to ensure that Update List. The initiated procedures can be used to either update
correspondent nodes do not have invalid information about the current or delete binding information in the correspondent node.
location of the mobile node. The initiated procedures can be used to
either update or delete binding information in the correspondent
node.
For nodes that do not appear in the mobile node's Binding Update For nodes that do not appear in the mobile node's Binding Update
List, the mobile node MAY initiate a correspondent binding procedure List, the mobile node MAY initiate a correspondent registration at
at any time after sending the Binding Update to its home agent. any time after sending the Binding Update to its home agent.
Considerations regarding when (and if) to initiate the procedure Considerations regarding when (and if) to initiate the procedure
depend on the specific movement and traffic patterns of the mobile depend on the specific movement and traffic patterns of the mobile
node and are outside the scope of this document. node and are outside the scope of this document.
In addition, when a mobile node receives a packet for which the In addition, the mobile node MAY initiate the procedure in response
mobile node can deduce that the original sender of the packet has a to receiving a packet that meets all of the following tests:
stale Binding Cache entry for the mobile node, the mobile node SHOULD
initiate a correspondent binding procedure. In addition, the mobile
node MAY initiate the procedure in response to receiving a packet
that meets all of the following tests:
o The packet was tunneled using IPv6 encapsulation. o The packet was tunneled using IPv6 encapsulation.
o The Destination Address in the tunnel (outer) IPv6 header is equal o The Destination Address in the tunnel (outer) IPv6 header is equal
to any of the mobile node's care-of addresses. to any of the mobile node's care-of addresses.
o The Destination Address in the original (inner) IPv6 header is o The Destination Address in the original (inner) IPv6 header is
equal to one of the mobile node's home addresses. equal to one of the mobile node's home addresses.
o The Source Address in the tunnel (outer) IPv6 header differs from o The Source Address in the tunnel (outer) IPv6 header differs from
the Source Address in the original (inner) IPv6 header. the Source Address in the original (inner) IPv6 header.
o The packet does not contain a Care-of Test Init message. o The packet does not contain a Home Test, Home Test Init, Care-of
Test, or Care-of Test Init message.
If a mobile node has multiple home addresses, it becomes important to If a mobile node has multiple home addresses, it becomes important to
select the right home address to use in the correspondent binding select the right home address to use in the correspondent
procedure. The used home address MUST be the Destination Address of registration. The used home address MUST be the Destination Address
the original (inner) packet. of the original (inner) packet.
The peer address used in the procedure MUST be determined as follows: The peer address used in the procedure MUST be determined as follows:
o If a Home Address destination option is present in the original o If a Home Address destination option is present in the original
(inner) packet, the address from this option is used. (inner) packet, the address from this option is used.
o Otherwise, the Source Address in the original (inner) IPv6 header o Otherwise, the Source Address in the original (inner) IPv6 header
of the packet is used. of the packet is used.
Note that the validity of the original packet is checked before Note that the validity of the original packet is checked before
attempting to initiate a correspondent binding procedure. For attempting to initiate a correspondent registration. For instance,
instance, if a Home Address destination option appeared in the if a Home Address destination option appeared in the original packet,
original packet, then rules in Section 9.3.1 are followed. then rules in Section 9.3.1 are followed.
A mobile node MAY also choose to keep its location private from A mobile node MAY also choose to keep its topological location
certain correspondent nodes, and thus need not initiate the private from certain correspondent nodes, and thus need not initiate
correspondent binding procedure. the correspondent registration.
Upon successfully completing the return routability procedure, and Upon successfully completing the return routability procedure, and
after receiving a successful Binding Acknowledgement from the Home after receiving a successful Binding Acknowledgement from the Home
Agent, a Binding Update MAY be sent to the correspondent node. Agent, a Binding Update MAY be sent to the correspondent node.
In any Binding Update sent by a mobile node, the care-of address In any Binding Update sent by a mobile node, the care-of address
(either the Source Address in the packet's IPv6 header or the Care-of (either the Source Address in the packet's IPv6 header or the Care-of
Address in the Alternate Care-of Address mobility option of the Address in the Alternate Care-of Address mobility option of the
Binding Update) MUST be set to one of the care-of addresses currently Binding Update) MUST be set to one of the care-of addresses currently
in use by the mobile node or to the mobile node's home address. A in use by the mobile node or to the mobile node's home address. A
mobile node MAY set the care-of address differently for sending mobile node MAY set the care-of address differently for sending
Binding Updates to different correspondent nodes. Binding Updates to different correspondent nodes.
A mobile node MAY also send a Binding Update to such a correspondent A mobile node MAY also send a Binding Update to such a correspondent
node to instruct it to delete any existing binding for the mobile node to instruct it to delete any existing binding for the mobile
node from its Binding Cache, as described in Section 6.1.7. Even in node from its Binding Cache, as described in Section 6.1.7. Even in
this case a successful completion of the return routability procedure this case a successful completion of the return routability procedure
is required first. is required first.
If set to one of the mobile node's current care-of addresses, the If the care-of address is not set to the mobile node's home address,
Binding Update requests the correspondent node to create or update an the Binding Update requests the correspondent node to create or
entry for the mobile node in the correspondent node's Binding Cache update an entry for the mobile node in the correspondent node's
in order to record this care-of address for use in sending future Binding Cache. This is done in order to record a care-of address for
packets to the mobile node. In this case, the value specified in the use in sending future packets to the mobile node. In this case, the
Lifetime field sent in the Binding Update SHOULD be less than or value specified in the Lifetime field sent in the Binding Update
equal to the remaining lifetime of the home registration and the SHOULD be less than or equal to the remaining lifetime of the home
care-of address specified for the binding. The care-of address given registration and the care-of address specified for the binding. The
in the Binding Update MAY differ from the mobile node's primary care-of address given in the Binding Update MAY differ from the
care-of address. mobile node's primary care-of address.
If the Binding Update is sent to request the correspondent node to If the Binding Update is sent to request the correspondent node to
delete any existing Binding Cache entry that it has for the mobile delete any existing Binding Cache entry that it has for the mobile
node, the care-of address is set to the mobile node's home address node, the care-of address is set to the mobile node's home address
and the Lifetime field set to zero. In this case, generation of the and the Lifetime field set to zero. In this case, generation of the
binding management key depends exclusively on the home keygen token binding management key depends exclusively on the home keygen token
(Section 5.2.5). The care-of nonce index SHOULD be set to zero in (Section 5.2.5). The care-of nonce index SHOULD be set to zero in
this case. In keeping with the Binding Update creation rules below, this case. In keeping with the Binding Update creation rules below,
the care-of address MUST be set to the home address if the mobile the care-of address MUST be set to the home address if the mobile
node is at home, or to the current care-of address if it is away from node is at home, or to the current care-of address if it is away from
home. home.
If the mobile node wants to ensure that its new care-of address has If the mobile node wants to ensure that its new care-of address has
been entered into a correspondent node's Binding Cache, the mobile been entered into a correspondent node's Binding Cache, the mobile
node MAY request an acknowledgement by setting the Acknowledge (A) node needs to request an acknowledgement by setting the Acknowledge
bit in the Binding Update. In this case, however, the mobile node (A) bit in the Binding Update.
SHOULD NOT continue to retransmit the Binding Update once the
retransmission timeout period has reached MAX_BINDACK_TIMEOUT.
A Binding Update is created as follows: A Binding Update is created as follows:
o The Source Address of the IPv6 header MUST contain the current o The current care-of address of the mobile node MUST be sent either
care-of address of the mobile node. in the Source Address of the IPv6 header or in the Alternate
Care-of Address mobility option.
o The Destination Address of the IPv6 header MUST contain the o The Destination Address of the IPv6 header MUST contain the
address of the correspondent node. address of the correspondent node.
o The Mobility Header is constructed according to rules in Section o The Mobility Header is constructed according to rules in Section
6.1.7 and Section 5.2.6, including the Binding Authorization Data 6.1.7 and Section 5.2.6, including the Binding Authorization Data
(calculated as defined in Section 6.2.7) and possibly the Nonce (calculated as defined in Section 6.2.7) and possibly the Nonce
Indices mobility options. Indices mobility options.
o The home address of the mobile node MUST be added to the packet in o The home address of the mobile node MUST be added to the packet in
skipping to change at page 134, line 45 skipping to change at page 136, line 39
as the value stays within the window. The last Sequence Number value as the value stays within the window. The last Sequence Number value
sent to a destination in a Binding Update is stored by the mobile sent to a destination in a Binding Update is stored by the mobile
node in its Binding Update List entry for that destination. If the node in its Binding Update List entry for that destination. If the
sending mobile node has no Binding Update List entry, the Sequence sending mobile node has no Binding Update List entry, the Sequence
Number SHOULD start at a random value. The mobile node MUST NOT use Number SHOULD start at a random value. The mobile node MUST NOT use
the same Sequence Number in two different Binding Updates to the same the same Sequence Number in two different Binding Updates to the same
correspondent node, even if the Binding Updates provide different correspondent node, even if the Binding Updates provide different
care-of addresses. care-of addresses.
The mobile node is responsible for the completion of the The mobile node is responsible for the completion of the
correspondent binding procedure, as well as any retransmissions that correspondent registration, as well as any retransmissions that may
may be needed (subject to the rate limiting defined in Section 11.8). be needed (subject to the rate limiting defined in Section 11.8).
11.7.3 Receiving Binding Acknowledgements 11.7.3 Receiving Binding Acknowledgements
Upon receiving a packet carrying a Binding Acknowledgement, a mobile Upon receiving a packet carrying a Binding Acknowledgement, a mobile
node MUST validate the packet according to the following tests: node MUST validate the packet according to the following tests:
o The packet meets the authentication requirements for Binding o The packet meets the authentication requirements for Binding
Acknowledgements, defined in Section 6.1.8 and Section 5. That Acknowledgements, defined in Section 6.1.8 and Section 5. That
is, if the Binding Update was sent to the home agent, underlying is, if the Binding Update was sent to the home agent, underlying
IPsec protection is used. If the Binding Update was sent to the IPsec protection is used. If the Binding Update was sent to the
skipping to change at page 136, line 4 skipping to change at page 137, line 45
of the Binding Update List entry should be of the Binding Update List entry should be
max((L_remain - (L_update - L_ack)), 0) max((L_remain - (L_update - L_ack)), 0)
where max(X, Y) is the maximum of X and Y. The effect of this where max(X, Y) is the maximum of X and Y. The effect of this
step is to correctly manage the mobile node's view of the step is to correctly manage the mobile node's view of the
binding's remaining lifetime (as maintained in the corresponding binding's remaining lifetime (as maintained in the corresponding
Binding Update List entry) so that it correctly counts down from Binding Update List entry) so that it correctly counts down from
the Lifetime value given in the Binding Acknowledgement, but with the Lifetime value given in the Binding Acknowledgement, but with
the timer countdown beginning at the time that the Binding Update the timer countdown beginning at the time that the Binding Update
was sent. Mobile nodes SHOULD send a new Binding Update well was sent.
before the expiration of this period in order to extend the
lifetime. This helps to avoid disruptions in communications, Mobile nodes SHOULD send a new Binding Update well before the
which might otherwise be caused by network delays or clock drift. expiration of this period in order to extend the lifetime. This
helps to avoid disruptions in communications, which might
otherwise be caused by network delays or clock drift.
o Additionally, if the Status field value is 1 (Accepted but prefix o Additionally, if the Status field value is 1 (Accepted but prefix
discovery necessary), the mobile node SHOULD send a Mobile Prefix discovery necessary), the mobile node SHOULD send a Mobile Prefix
Solitation message to update its information about the available Solicitation message to update its information about the available
prefixes. prefixes.
o If the Status field indicates that the Binding Update was rejected o If the Status field indicates that the Binding Update was rejected
(the Status field is greater than or equal to 128), then the (the Status field is greater than or equal to 128), then the
mobile node SHOULD record in its Binding Update List that future mobile node can take steps to correct the cause of the error and
Binding Updates SHOULD NOT be sent to this destination. retransmit the Binding Update (with a new Sequence Number value),
subject to the rate limiting restriction specified in Section
Optionally, the mobile node MAY then take steps to correct the 11.8. If this is not done, or it fails, then the mobile node
cause of the error and retransmit the Binding Update (with a new SHOULD record in its Binding Update List that future Binding
Sequence Number value), subject to the rate limiting restriction Updates SHOULD NOT be sent to this destination.
specified in Section 11.8.
The treatment of a Binding Refresh Advice mobility option within the The treatment of a Binding Refresh Advice mobility option within the
Binding Acknowledgement depends on the where the acknowledgement came Binding Acknowledgement depends on the where the acknowledgement came
from. This option MUST be ignored if the acknowledgement came from a from. This option MUST be ignored if the acknowledgement came from a
correspondent node. If it came from the home agent, the mobile node correspondent node. If it came from the home agent, the mobile node
uses Refresh Interval field in the option as a suggestion that it uses Refresh Interval field in the option as a suggestion that it
SHOULD attempt to refresh its home registration at the indicated SHOULD attempt to refresh its home registration at the indicated
shorter interval. shorter interval.
If the acknowledgement came from the home agent, the mobile node If the acknowledgement came from the home agent, the mobile node
skipping to change at page 137, line 31 skipping to change at page 139, line 25
Binding Update List entry for this node), and lifetime SHOULD again Binding Update List entry for this node), and lifetime SHOULD again
be less than or equal to the remaining lifetime of the home be less than or equal to the remaining lifetime of the home
registration and the care-of address specified for the binding. When registration and the care-of address specified for the binding. When
sending this Binding Update, the mobile node MUST update its Binding sending this Binding Update, the mobile node MUST update its Binding
Update List in the same way as for any other Binding Update sent by Update List in the same way as for any other Binding Update sent by
the mobile node. the mobile node.
11.8 Retransmissions and Rate Limiting 11.8 Retransmissions and Rate Limiting
The mobile node is responsible for retransmissions and rate limiting The mobile node is responsible for retransmissions and rate limiting
in the return routability and binding procedures and for solicited in the return routability procedure, registrations, and in solicited
prefix discovery. prefix discovery.
When the mobile node sends a Mobile Prefix Solicitation, Home Test When the mobile node sends a Mobile Prefix Solicitation, Home Test
Init, Care-of Test Init or Binding Update for which it expects a Init, Care-of Test Init or Binding Update for which it expects a
response, the mobile node has to determine a value for the initial response, the mobile node has to determine a value for the initial
retransmission timer: retransmission timer:
o If the mobile node is sending a Mobile Prefix Solicitation, it o If the mobile node is sending a Mobile Prefix Solicitation, it
SHOULD use an initial retransmission interval of SHOULD use an initial retransmission interval of
INITIAL_SOLICIT_TIMER (see Section 12). INITIAL_SOLICIT_TIMER (see Section 12).
skipping to change at page 143, line 33 skipping to change at page 145, line 33
a victim node in a forged Binding Update sent to a correspondent a victim node in a forged Binding Update sent to a correspondent
node. node.
These pose threats against confidentiality, integrity, and These pose threats against confidentiality, integrity, and
availability. That is, an attacker might learn the contents of availability. That is, an attacker might learn the contents of
packets destined to another node by redirecting the traffic to packets destined to another node by redirecting the traffic to
itself. Furthermore, an attacker might use the redirected packets itself. Furthermore, an attacker might use the redirected packets
in an attempt to set itself as a Man-in-the-Middle between a in an attempt to set itself as a Man-in-the-Middle between a
mobile and a correspondent node. This would allow the attacker to mobile and a correspondent node. This would allow the attacker to
impersonate the mobile node, leading to integrity and availability impersonate the mobile node, leading to integrity and availability
problems. A malicious (mobile) node might also send Binding problems.
Updates in which the care-of address is set to the address of a
victim node. If such Binding Updates were accepted, the malicious A malicious (mobile) node might also send Binding Updates in which
node could lure the correspondent node into sending potentially the care-of address is set to the address of a victim node. If
large amounts of data to the victim; the correspondent node's such Binding Updates were accepted, the malicious node could lure
replies to messages sent by the malicious mobile node will be sent the correspondent node into sending potentially large amounts of
to the victim host or network. This could be used to cause a data to the victim; the correspondent node's replies to messages
Distributed Denial-of-Service attack. For example, the sent by the malicious mobile node will be sent to the victim host
correspondent node might be a site that will send a high-bandwidth or network. This could be used to cause a Distributed
stream of video to anyone who asks for it. Note that the use of Denial-of-Service attack. For example, the correspondent node
flow-control protocols such as TCP does not necessarily defend might be a site that will send a high-bandwidth stream of video to
against this type of attack, because the attacker can fake the anyone who asks for it. Note that the use of flow-control
protocols such as TCP does not necessarily defend against this
type of attack, because the attacker can fake the
acknowledgements. Even keeping TCP initial sequence numbers acknowledgements. Even keeping TCP initial sequence numbers
secret doesn't help, because the attacker can receive the first secret does not help, because the attacker can receive the first
few segments (including the ISN) at its own address, and only then few segments (including the ISN) at its own address, and only then
redirect the stream to the victim's address. These types of redirect the stream to the victim's address. These types of
attacks may also be directed to networks instead of nodes. attacks may also be directed to networks instead of nodes.
Further variations of this threat are described elsewhere Further variations of this threat are described elsewhere
[27, 32]. An attacker might also attempt to disrupt a mobile [27, 34].
node's communications by replaying a Binding Update that the node
had sent earlier. If the old Binding Update was accepted, packets An attacker might also attempt to disrupt a mobile node's
communications by replaying a Binding Update that the node had
sent earlier. If the old Binding Update was accepted, packets
destined for the mobile node would be sent to its old location and destined for the mobile node would be sent to its old location and
not its current location. In conclusion, there are not its current location.
Denial-of-Service, Man-in-the-Middle, Confidentiality, and
Impersonation threats against the parties involved in sending In conclusion, there are Denial-of-Service, Man-in-the-Middle,
legitimate Binding Updates, and Denial-of-Service threats against Confidentiality, and Impersonation threats against the parties
any other party. involved in sending legitimate Binding Updates, and
Denial-of-Service threats against any other party.
o Threats associated with payload packets: Payload packets exchanged o Threats associated with payload packets: Payload packets exchanged
with mobile nodes are exposed to similar threats as regular IPv6 with mobile nodes are exposed to similar threats as regular IPv6
traffic is. However, Mobile IPv6 introduces the Home Address traffic is. However, Mobile IPv6 introduces the Home Address
destination option, a new routing header type (type 2), and uses destination option, a new routing header type (type 2), and uses
tunneling headers in the payload packets. The protocol must tunneling headers in the payload packets. The protocol must
protect against potential new threats involving the use of these protect against potential new threats involving the use of these
mechanisms. mechanisms.
Third parties become exposed to a reflection threat via the Home Third parties become exposed to a reflection threat via the Home
Address destination option, unless appropriate security Address destination option, unless appropriate security
precautions are followed. The Home Address destination option precautions are followed. The Home Address destination option
could be used to direct response traffic toward a node whose IP could be used to direct response traffic toward a node whose IP
address appears in the option. In this case, ingress filtering address appears in the option. In this case, ingress filtering
would not catch the forged "return address" [34, 30]. A similar would not catch the forged "return address" [36, 32].
threat exists with the tunnels between the mobile node and the
home agent. An attacker might forge tunnel packets between the
mobile node and the home agent, making it appear that the traffic
is coming from the mobile node when it is not. Note that an
attacker who is able to forge tunnel packets would typically be
able forge also packets that appear to come directly from the
mobile node. This is not a new threat as such. However, it may
make it easier for attackers to escape detection by avoiding
ingress filtering and packet tracing mechanisms. Furthermore,
spoofed tunnel packets might be used to gain access to the home
network. Finally, a routing header could also be used in
reflection attacks, and in attacks designed to bypass firewalls.
The generality of the regular routing header would allow
circumvention of IP-address based rules in firewalls. It would
also allow reflection of traffic to other nodes. These threats
exist with routing headers in general, even if the usage that
Mobile IPv6 requires is safe.
o Threats associated with dynamic home agent and prefix discovery. A similar threat exists with the tunnels between the mobile node
and the home agent. An attacker might forge tunnel packets
between the mobile node and the home agent, making it appear that
the traffic is coming from the mobile node when it is not. Note
that an attacker who is able to forge tunnel packets would
typically be able forge also packets that appear to come directly
from the mobile node. This is not a new threat as such. However,
it may make it easier for attackers to escape detection by
avoiding ingress filtering and packet tracing mechanisms.
Furthermore, spoofed tunnel packets might be used to gain access
to the home network.
Finally, a routing header could also be used in reflection
attacks, and in attacks designed to bypass firewalls. The
generality of the regular routing header would allow circumvention
of IP-address based rules in firewalls. It would also allow
reflection of traffic to other nodes. These threats exist with
routing headers in general, even if the usage that Mobile IPv6
requires is safe.
o Threats associated with dynamic home agent and mobile prefix
discovery.
o Threats against the Mobile IPv6 security mechanisms themselves: An o Threats against the Mobile IPv6 security mechanisms themselves: An
attacker might, for instance, lure the participants into executing attacker might, for instance, lure the participants into executing
expensive cryptographic operations or allocating memory for the expensive cryptographic operations or allocating memory for the
purpose of keeping state. The victim node would have no resources purpose of keeping state. The victim node would have no resources
left to handle other tasks. left to handle other tasks.
As a fundamental service in an IPv6 stack, Mobile IPv6 is expected to As a fundamental service in an IPv6 stack, Mobile IPv6 is expected to
be deployed in most nodes of the IPv6 Internet. The above threats be deployed in most nodes of the IPv6 Internet. The above threats
should therefore be considered in the light of being applicable to should therefore be considered in the light of being applicable to
skipping to change at page 146, line 32 skipping to change at page 148, line 40
Section 15.7, Section 15.8, and Section 15.9. Section 15.7, Section 15.8, and Section 15.9.
Denial-of-Service threats against Mobile IPv6 security mechanisms Denial-of-Service threats against Mobile IPv6 security mechanisms
themselves concern mainly the Binding Update procedures with themselves concern mainly the Binding Update procedures with
correspondent nodes. The protocol has been designed to limit the correspondent nodes. The protocol has been designed to limit the
effects of such attacks, as will be described in Section 15.4.5. effects of such attacks, as will be described in Section 15.4.5.
15.3 Binding Updates to Home Agent 15.3 Binding Updates to Home Agent
Signaling between the mobile node and the home agent requires message Signaling between the mobile node and the home agent requires message
integrity, correct ordering and replay protection. This is necessary integrity. This is necessary to assure the home agent that a Binding
to assure the home agent that a Binding Update is from a legitimate Update is from a legitimate mobile node. In addition, correct
mobile node. ordering and anti-replay protection are optionally needed.
IPsec ESP protects the integrity of the Binding Updates and Binding IPsec ESP protects the integrity of the Binding Updates and Binding
Acknowledgements, by securing mobility messages between the mobile Acknowledgements, by securing mobility messages between the mobile
node and the home agent. node and the home agent.
However, IPsec can easily provide replay protection only if dynamic IPsec can provide anti-replay protection only if dynamic keying is
security association establishment is used. IPsec also does not used (which may not always be the case). IPsec also does not
guarantee correct ordering of packets, only that they have not been guarantee correct ordering of packets, only that they have not been
replayed. Because of this, sequence numbers with the Mobile IPv6 replayed. Because of this, sequence numbers within the Mobile IPv6
messages ensure correct ordering (see Section 5.1). However, if a messages are used to ensure correct ordering (see Section 5.1).
home agent reboots and loses its state regarding the sequence However, if the 16 bit Mobile IPv6 sequence number space is cycled
numbers, replay attacks become possible. The use of a key management through, or the home agent reboots and loses its state regarding the
mechanism together with IPsec can be used to prevent such replay sequence numbers, replay and reordering attacks become possible. The
attacks. use of dynamic keying, IPsec anti-replay protection, and the Mobile
IPv6 sequence numbers can together prevent such attacks.
A sliding window scheme is used for the sequence numbers. The A sliding window scheme is used for the sequence numbers. The
protection against replays and reordering attacks without a key protection against replays and reordering attacks without a key
management mechanism works when the attacker remembers up to a management mechanism works when the attacker remembers up to a
maximum of 2**15 Binding Updates. maximum of 2**15 Binding Updates.
The above mechanisms do not show that the care-of address given in The above mechanisms do not show that the care-of address given in
the Binding Update is correct. This opens the possibility for the Binding Update is correct. This opens the possibility for
Denial-of-Service attacks against third parties. However, since the Denial-of-Service attacks against third parties. However, since the
mobile node and home agent have a security association, the home mobile node and home agent have a security association, the home
skipping to change at page 147, line 32 skipping to change at page 149, line 42
another mobile node. In general, this leads to the inclusion of home another mobile node. In general, this leads to the inclusion of home
addresses in certificates in the Subject AltName field. This again addresses in certificates in the Subject AltName field. This again
limits the introduction of new addresses without either manual or limits the introduction of new addresses without either manual or
automatic procedures to establish new certificates. Therefore, this automatic procedures to establish new certificates. Therefore, this
specification restricts the generation of new home addresses (for any specification restricts the generation of new home addresses (for any
reason) to those situations where there already exists a security reason) to those situations where there already exists a security
association or certificate for the new address. (Appendix B.4 lists association or certificate for the new address. (Appendix B.4 lists
the improvement of security for new addresses as one of the future the improvement of security for new addresses as one of the future
developments for Mobile IPv6.) developments for Mobile IPv6.)
15.4 Binding Updates to Correspondent Nodes Support for IKE has been specified as optional. The following should
be observed about the use of manual keying:
15.4.1 Overview o As discussed above, with manually keyed IPsec only a limited form
of protection exists against replay and reordering attacks. A
vulnerability exists if either the sequence number space is cycled
through, or if the home agent reboots and forgets its sequence
numbers (and uses volatile memory to store the sequence numbers).
Assuming the mobile node moves continuously every 10 minutes, it
takes roughly 455 days before the sequence number space has been
cycled through. Typical movement patterns today are unlikely to
reach this high frequency. However, if it is expected that this
may happen in a particular deployment scenario, the use of
automated key management is RECOMMENDED.
o A mobile node and its home agent belong to the same domain. If
this were not the case, manual keying would not be possible [28],
but in Mobile IPv6 only these two parties need to know the
manually configured keys. Similarly, we note that Mobile IPv6
employs standard block ciphers in IPsec, and is not vulnerable to
problems associated with stream ciphers and manual keying.
o It is expected that the owner of the mobile node and the
administrator of the home agent agree on the used keys and other
parameters with some off-line mechanism.
The use of IKEv1 with Mobile IPv6 is documented in more detail in
[21]. The following should be observed from the use of IKEv1:
o It is necessary to prevent a mobile node from claiming another
mobile node's home address. The home agent must verify that the
mobile node trying to negotiate the SA for a particular home
address is authorized for that home address. This implies that
even with the use of IKE, a policy entry needs to be configured
for each home address served by the home agent.
It may be possible to include home addresses in the Subject
AltName field of certificate to avoid this. However,
implementations are not guaranteed to support the use of a
particular IP address (care-of address) while another address
(home address) appears in the certificate. In any case, even this
approach would require user-specific tasks in the certificate
authority.
o Nevertheless, even if per-mobile node configuration is required
even with IKE, an important benefit of IKE is that it automates
the negotiation of cryptographic parameters, including the SPIs,
cryptographic algorithms, and so on. Thus less configuration
information is needed.
o If preshared secret authentication is used, IKEv1 main mode cannot
be used. Aggressive mode or group preshared secrets need to be
used instead, with corresponding security implications.
Note that like many other issues, this is a general IKEv1 issue
related to the ability to use different IP addresses, and not
specifically related to Mobile IPv6. For further information, see
Section 4.4 in [21].
o Due to the problems outlined in Section 11.3.2, IKE phase 1
between the mobile node and its home agent is established using
the mobile node's current care-of address. This implies that when
the mobile node moves to a new location, it may have to
re-establish phase 1. A Key Management Mobility Capability (K)
flag is provided for implementations that can update the IKE phase
1 endpoints without re-establishing phase 1, but the support for
this behavior is optional.
o When certificates are used, IKE fragmentation can occur as
discussed in Section 7 in [21].
o Other automatic key management mechanisms exist beyond IKEv1, but
this document does not address the issues related to them. We
note, however, that most of the above discussion applies to IKEv2
[30] as well, at least as it is currently specified.
15.4 Binding Updates to Correspondent Nodes
The motivation for designing the return routability procedure was to The motivation for designing the return routability procedure was to
have sufficient support for Mobile IPv6, without creating significant have sufficient support for Mobile IPv6, without creating significant
new security problems. The goal for this procedure was not to new security problems. The goal for this procedure was not to
protect against attacks that were already possible before the protect against attacks that were already possible before the
introduction of Mobile IPv6. introduction of Mobile IPv6.
The next sections will describe the security properties of the used
method, both from the point of view of possible on-path attackers who
can see those cryptographic values that have been sent in the clear
(Section 15.4.2 and Section 15.4.3) or from the point of view of
other attackers (Section 15.4.6).
15.4.1 Overview
The chosen infrastructureless method verifies that the mobile node is The chosen infrastructureless method verifies that the mobile node is
"live" (that is, it responds to probes) at its home and care-of "live" (that is, it responds to probes) at its home and care-of
addresses. Section 5.2 describes the return routability procedure in addresses. Section 5.2 describes the return routability procedure in
detail. The procedure uses the following principles: detail. The procedure uses the following principles:
o A message exchange verifies that the mobile node is reachable at o A message exchange verifies that the mobile node is reachable at
its addresses i.e. is at least able to transmit and receive its addresses i.e. is at least able to transmit and receive
traffic at both the home and care-of addresses. traffic at both the home and care-of addresses.
o The eventual Binding Update is cryptographically bound to the o The eventual Binding Update is cryptographically bound to the
skipping to change at page 148, line 18 skipping to change at page 152, line 17
always sent to the same address as the request was sent from. always sent to the same address as the request was sent from.
o The correspondent node operates in a stateless manner until it o The correspondent node operates in a stateless manner until it
receives a fully authorized Binding Update. receives a fully authorized Binding Update.
o Some additional protection is provided by encrypting the tunnels o Some additional protection is provided by encrypting the tunnels
between the mobile node and home agent with IPsec ESP. As the between the mobile node and home agent with IPsec ESP. As the
tunnel transports also the nonce exchanges, this limits the tunnel transports also the nonce exchanges, this limits the
ability of attackers to see these nonces. For instance, this ability of attackers to see these nonces. For instance, this
prevents attacks launched from the mobile node's current foreign prevents attacks launched from the mobile node's current foreign
link where no link-layer confidentiality is available. link even when no link-layer confidentiality is available.
The resulting level of security is in theory the same even without The resulting level of security is in theory the same even without
this additional protection: the return routability tokens are this additional protection: the return routability tokens are
still exposed only to one path within the whole Internet. still exposed only to one path within the whole Internet.
However, the mobile nodes are often found on an insecure link, However, the mobile nodes are often found on an insecure link,
such as a public access Wireless LAN. Thus this addition makes a such as a public access Wireless LAN. Thus this addition makes a
practical difference in many cases. practical difference in many cases.
For further information about the design rationale of the return For further information about the design rationale of the return
routability procedure, see [27, 32, 31, 30]. The used mechanisms routability procedure, see [27, 34, 33, 32]. The used mechanisms
have been adopted from these documents. have been adopted from these documents.
15.4.2 Achieved Security Properties 15.4.2 Achieved Security Properties
The return routability procedure protects Binding Updates against all The return routability procedure protects Binding Updates against all
attackers who are unable to monitor the path between the home agent attackers who are unable to monitor the path between the home agent
and the correspondent node. The procedure does not defend against and the correspondent node. The procedure does not defend against
attackers who can monitor this path. Note that such attackers are in attackers who can monitor this path. Note that such attackers are in
any case able to mount an active attack against the mobile node when any case able to mount an active attack against the mobile node when
it is at its home location. The possibility of such attacks is not it is at its home location. The possibility of such attacks is not
skipping to change at page 149, line 41 skipping to change at page 153, line 37
to become a Man-in-the-Middle. to become a Man-in-the-Middle.
Next, we will consider the vulnerabilities that exist when IPv6 is Next, we will consider the vulnerabilities that exist when IPv6 is
used together with Mobile IPv6 and the return routability procedure. used together with Mobile IPv6 and the return routability procedure.
On the local link the vulnerabilities are same as those as in IPv6, On the local link the vulnerabilities are same as those as in IPv6,
but Masquerade and Man-in-the-Middle attacks can now be launched also but Masquerade and Man-in-the-Middle attacks can now be launched also
against future communications, and not just against current against future communications, and not just against current
communications. If a Binding Update was sent while the attacker was communications. If a Binding Update was sent while the attacker was
present on the link, its effects stay during the lifetime of the present on the link, its effects stay during the lifetime of the
binding. This happens even if the attacker moves away from the link. binding. This happens even if the attacker moves away from the link.
In contrast, an attacker who uses only plain IPv6 generally has to be In contrast, an attacker who uses only plain IPv6 generally has to
stay on the link in order to continue the attack. Note that in order stay on the link in order to continue the attack. Note that in order
to launch these new attacks, the IP address of the victim must be to launch these new attacks, the IP address of the victim must be
known. This makes this attack feasible mainly in the context of known. This makes this attack feasible mainly in the context of
well-known interface IDs, such as those already appearing in the well-known interface IDs, such as those already appearing in the
traffic on the link or registered in the DNS. traffic on the link or registered in the DNS.
On-path attackers can exploit similar vulnerabilities as in regular On-path attackers can exploit similar vulnerabilities as in regular
IPv6. There are some minor differences, however. Masquerade, IPv6. There are some minor differences, however. Masquerade,
Man-in-the-Middle, and Denial-of-Service attacks can be launched with Man-in-the-Middle, and Denial-of-Service attacks can be launched with
just the interception of a few packets, whereas in regular IPv6 it is just the interception of a few packets, whereas in regular IPv6 it is
skipping to change at page 150, line 35 skipping to change at page 154, line 32
o However, one difference is that in basic IPv6 an on-path attacker o However, one difference is that in basic IPv6 an on-path attacker
must be constantly present on the link or the path, whereas with must be constantly present on the link or the path, whereas with
Mobile IPv6 an attacker can leave a binding behind after moving Mobile IPv6 an attacker can leave a binding behind after moving
away. away.
For this reason, this specification limits the creation of For this reason, this specification limits the creation of
bindings to at most MAX_TOKEN_LIFETIME seconds after the last bindings to at most MAX_TOKEN_LIFETIME seconds after the last
routability check has been performed, and limits the duration of a routability check has been performed, and limits the duration of a
binding to at most MAX_RR_BINDING_LIFETIME seconds. With these binding to at most MAX_RR_BINDING_LIFETIME seconds. With these
limitation, attackers cannot take practical advantages of this limitation, attackers cannot take practical advantages of this
vulnerability. This limited vulnerability can also be compared to vulnerability.
similar vulnerabilities in IPv6 Neighbor Discovery, with Neighbor
Cache entries having a limited lifetime.
o There are some other minor differences, such as an effect to the o There are some other minor differences, such as an effect to the
Denial-of-Service vulnerabilities. These can be considered to be Denial-of-Service vulnerabilities. These can be considered to be
insignificant. insignificant.
o The path between the home agent and a correspondent node is o The path between the home agent and a correspondent node is
typically easiest to attack on the links at either end, in typically easiest to attack on the links at either end, in
particular if these links are publicly accessible wireless LANs. particular if these links are publicly accessible wireless LANs.
Attacks against the routers or switches on the path are typically Attacks against the routers or switches on the path are typically
harder to accomplish. The security on layer 2 of the links plays harder to accomplish. The security on layer 2 of the links plays
then a major role in the resulting overall network security. then a major role in the resulting overall network security.
Similarly, security of IPv6 Neighbor and Router Discovery on these Similarly, security of IPv6 Neighbor and Router Discovery on these
links has a large impact. If these were secured using some new links has a large impact. If these were secured using some new
technology in the future, this could change the situation technology in the future, this could change the situation
regarding the easiest point of attack. regarding the easiest point of attack.
For a more in-depth discussion of these issues, see [30]. For a more in-depth discussion of these issues, see [32].
15.4.4 Replay Attacks 15.4.4 Replay Attacks
The return routability procedure also protects the participants The return routability procedure also protects the participants
against replayed Binding Updates. The attacker is unable replay the against replayed Binding Updates. The attacker is unable replay the
same message due to the sequence number which is a part of the same message due to the sequence number which is a part of the
Binding Update. It is also unable to modify the Binding Update since Binding Update. It is also unable to modify the Binding Update since
the MAC verification would fail after such a modification. the MAC verification would fail after such a modification.
Care must be taken when removing bindings at the correspondent node, Care must be taken when removing bindings at the correspondent node,
however. If a binding is removed while the nonce used in its however. If a binding is removed while the nonce used in its
creation is still valid, an attacker could replay the old Binding creation is still valid, an attacker could replay the old Binding
Update. Rules outlined in Section 5.2.8 ensure that this cannot Update. Rules outlined in Section 5.2.8 ensure that this cannot
skipping to change at page 152, line 23 skipping to change at page 156, line 18
to send to a peer. An implementation of this specification is not to send to a peer. An implementation of this specification is not
required to make use of information from higher protocol layers, but required to make use of information from higher protocol layers, but
some implementations are likely to be able to manage resources more some implementations are likely to be able to manage resources more
effectively by making use of such information. effectively by making use of such information.
We also require that all implementations be capable of We also require that all implementations be capable of
administratively disabling route optimization. administratively disabling route optimization.
15.4.6 Key Lengths 15.4.6 Key Lengths
Attackers can try to break the return routability procedure in many
ways. Section 15.4.2 discusses the situation where the attacker can
see the cryptographic values sent in the clear, and Section 15.4.3
discusses the impact this has on IPv6 communications. This section
discusses whether attackers can guess the right values without seeing
them.
While the return routability procedure is in progress, 64 bit cookies While the return routability procedure is in progress, 64 bit cookies
are used to protect spoofed responses. This is believed to be are used to protect spoofed responses. This is believed to be
sufficient, given that to blindly spoof a response a very large sufficient, given that to blindly spoof a response a very large
number of messages would have to be sent before success would be number of messages would have to be sent before success would be
probable. probable.
The tokens used in the return routability procedure provide together The tokens used in the return routability procedure provide together
128 bits of information. This information is used internally as an 128 bits of information. This information is used internally as an
input to a hash function to produce a 160 bit quantity suitable for input to a hash function to produce a 160 bit quantity suitable for
producing the keyed hash in the Binding Update using the HMAC_SHA1 producing the keyed hash in the Binding Update using the HMAC_SHA1
skipping to change at page 153, line 27 skipping to change at page 157, line 28
mapping the networks easier. For example, if a security threat mapping the networks easier. For example, if a security threat
targeted at routers or even home agents is discovered, having a targeted at routers or even home agents is discovered, having a
simple ICMP mechanism to find out possible targets easily may prove simple ICMP mechanism to find out possible targets easily may prove
to be an additional (though minor) security risk. to be an additional (though minor) security risk.
Apart from discovering the address(es) of home agents, attackers will Apart from discovering the address(es) of home agents, attackers will
not be able to learn much from this information, however, and mobile not be able to learn much from this information, however, and mobile
nodes cannot be tricked into using wrong home agents as all other nodes cannot be tricked into using wrong home agents as all other
communication with the home agents is secure. communication with the home agents is secure.
15.6 Prefix Discovery 15.6 Mobile Prefix Discovery
The prefix discovery function may leak interesting information about The mobile prefix discovery function may leak interesting information
network topology and prefix lifetimes to eavesdroppers, and for this about network topology and prefix lifetimes to eavesdroppers, and for
reason requests for this information have to be authenticated. this reason requests for this information have to be authenticated.
Responses and unsolicited prefix information needs to be Responses and unsolicited prefix information needs to be
authenticated to prevent the mobile nodes from being tricked into authenticated to prevent the mobile nodes from being tricked into
believing false information about the prefixes, and possibly believing false information about the prefixes, and possibly
preventing communications with the existing addresses. Optionally, preventing communications with the existing addresses. Optionally,
encryption may be applied to prevent leakage of the prefix encryption may be applied to prevent leakage of the prefix
information. information.
15.7 Tunneling via the Home Agent 15.7 Tunneling via the Home Agent
Tunnels between the mobile node and the home agent can be protected Tunnels between the mobile node and the home agent can be protected
by ensuring proper use of source addresses, and optional by ensuring proper use of source addresses, and optional
cryptographic protection. These procedures are discussed in Section cryptographic protection. These procedures are discussed in Section
5.5. 5.5.
Binding Updates to the home agents are secure. When receiving Binding Updates to the home agents are secure. When receiving
tunneled traffic the home agent verifies the outer IP address tunneled traffic the home agent verifies the outer IP address
corresponds to the current location of the mobile node. This corresponds to the current location of the mobile node. This acts as
prevents attacks where the attacker is controlled by ingress a weak form of protection against spoofing packets that appear to
filtering. It also prevents attacks when the attacker does not know come from the mobile node. This is particularly useful, if no
the current care-of address of the mobile node. Attackers who know end-to-end security is being applied between the mobile and
the care-of address and are not controlled by ingress filtering could correspondent nodes. The outer IP address check prevents attacks
still send traffic through the home agent. This includes attackers where the attacker is controlled by ingress filtering. It also
on the same local link as the mobile node is currently on. But such prevents attacks when the attacker does not know the current care-of
attackers could also send spoofed packets without using a tunnel. address of the mobile node. Attackers who know the care-of address
and are not controlled by ingress filtering could still send traffic
through the home agent. This includes attackers on the same local
link as the mobile node is currently on. But such attackers could in
any case send packets that appear to come from the mobile node,
without attacking the tunnel; the attacker could simply send packets
with the source address set to the mobile node's home address.
However, this attack does not work if the final destination of the
packet is in the home network, and some form of perimeter defense is
being applied for packets sent to those destinations. In such cases
it is recommended that either end-to-end security or additional
tunnel protection is applied, as is usual in remote access
situations.
Home agents and mobile nodes may use IPsec ESP to protect payload Home agents and mobile nodes may use IPsec ESP to protect payload
packets tunneled between themselves. This is useful to protect packets tunneled between themselves. This is useful to protect
communications against attackers on the path of the tunnel. communications against attackers on the path of the tunnel.
When site local home address are used, reverse tunneling can be used When site local home address are used, reverse tunneling can be used
to send site local traffic from another location. Administrators to send site local traffic from another location. Administrators
should be aware of this when allowing such home addresses. In should be aware of this when allowing such home addresses. In
particular, the outer IP address check described above is not particular, the outer IP address check described above is not
sufficient against all attackers. The use of encrypted tunnels is sufficient against all attackers. The use of encrypted tunnels is
skipping to change at page 154, line 43 skipping to change at page 159, line 8
correspondent nodes using the Home Address option. For these correspondent nodes using the Home Address option. For these
reasons, this specification restricts the use of the Home Address reasons, this specification restricts the use of the Home Address
option. It may only used when a binding has already been established option. It may only used when a binding has already been established
with the participation of the node at the home address, as described with the participation of the node at the home address, as described
in Section 5.5 and Section 6.3. This prevents reflection attacks in Section 5.5 and Section 6.3. This prevents reflection attacks
through the use of the Home Address option. It also ensures that the through the use of the Home Address option. It also ensures that the
correspondent nodes reply to the same address as the mobile node correspondent nodes reply to the same address as the mobile node
sends traffic from. sends traffic from.
No special authentication of the Home Address option is required No special authentication of the Home Address option is required
beyond the above, except that if the IPv6 header of a packet is beyond the above, but note that if the IPv6 header of a packet is
covered by authentication, then that authentication MUST also cover covered by IPsec Authentication Header, then that authentication
the Home Address option; this coverage is achieved automatically by covers the Home Address option as well. Thus, even when
the definition of the Option Type code for the Home Address option authentication is used in the IPv6 header, the security of the Source
(Section 6.3), since it indicates that the option is included in the Address field in the IPv6 header is not compromised by the presence
authentication computation. Thus, even when authentication is used of a Home Address option. Without authentication of the packet, then
in the IPv6 header, the security of the Source Address field in the any field in the IPv6 header, including the Source Address field, and
IPv6 header is not compromised by the presence of a Home Address any other parts of the packet, including the Home Address option, can
option. Without authentication of the packet, then any field in the be forged or modified in transit. In this case, the contents of the
IPv6 header, including the Source Address field, and any other parts Home Address option is no more suspect than any other part of the
of the packet, including the Home Address option, can be forged or packet.
modified in transit. In this case, the contents of the Home Address
option is no more suspect than any other part of the packet.
15.9 Type 2 Routing Header 15.9 Type 2 Routing Header
The definition of the type 2 routing header is described in Section The definition of the type 2 routing header is described in Section
6.4. This definition and the associated processing rules have been 6.4. This definition and the associated processing rules have been
chosen so that the header cannot be used for what is traditionally chosen so that the header cannot be used for what is traditionally
viewed as source routing. In particular, the Home Address in the viewed as source routing. In particular, the Home Address in the
routing header will always have to be assigned to the home address of routing header will always have to be assigned to the home address of
the receiving node. Otherwise the packet will be dropped. the receiving node. Otherwise the packet will be dropped.
skipping to change at page 156, line 10 skipping to change at page 160, line 10
should be able to distinguish between a type 2 routing header and should be able to distinguish between a type 2 routing header and
other routing headers, as required in Section 8.3. This is necessary other routing headers, as required in Section 8.3. This is necessary
in order to allow Mobile IPv6 traffic while still having the option in order to allow Mobile IPv6 traffic while still having the option
to filter out other uses of routing headers. to filter out other uses of routing headers.
16. Contributors 16. Contributors
Tuomas Aura, Mike Roe, Greg O'Shea, Pekka Nikander, Erik Nordmark, Tuomas Aura, Mike Roe, Greg O'Shea, Pekka Nikander, Erik Nordmark,
and Michael Thomas worked on the return routability protocols which and Michael Thomas worked on the return routability protocols which
eventually led to the procedures used in this protocol. The eventually led to the procedures used in this protocol. The
procedures described in [32] were adopted in the protocol. procedures described in [34] were adopted in the protocol.
Significant contributions were made by members of the Mobile IPv6 Significant contributions were made by members of the Mobile IPv6
Security Design Team, including (in alphabetical order) Gabriel Security Design Team, including (in alphabetical order) Gabriel
Montenegro, Erik Nordmark and Pekka Nikander, who have contributed Montenegro, Erik Nordmark and Pekka Nikander, who have contributed
volumes of text to this specification. volumes of text to this specification.
17. Acknowledgements 17. Acknowledgements
We would like to thank the members of the Mobile IP and IPng Working We would like to thank the members of the Mobile IP and IPng Working
Groups for their comments and suggestions on this work. We would Groups for their comments and suggestions on this work. We would
particularly like to thank (in alphabetical order) Fred Baker, Josh particularly like to thank (in alphabetical order) Fred Baker, Josh
Broch, Samita Chakrabarti, Robert Chalmers, Noel Chiappa, Greg Daley, Broch, Samita Chakrabarti, Robert Chalmers, Noel Chiappa, Greg Daley,
Vijay Devarapalli, Rich Draves, Francis Dupont, Thomas Eklund, Vijay Devarapalli, Rich Draves, Francis Dupont, Thomas Eklund,
Jun-Ichiro Itojun Hagino, Brian Haley, Marc Hasson, John Ioannidis, Jun-Ichiro Itojun Hagino, Brian Haley, Marc Hasson, John Ioannidis,
James Kempf, Rajeev Koodli, Krishna Kumar, T.J. Kniveton, Joe Lau, James Kempf, Rajeev Koodli, Krishna Kumar, T.J. Kniveton, Joe Lau,
Jiwoong Lee, Aime Le Rouzic, Vesa-Matti Mantyla, Kevin Miles, Glenn Jiwoong Lee, Aime Le Rouzic, Vesa-Matti Mantyla, Kevin Miles, Glenn
Morrow, Thomas Narten, Karen Nielsen, Simon Nybroe, David Oran, Brett Morrow, Thomas Narten, Karen Nielsen, Simon Nybroe, David Oran, Brett
Pentland, Lars Henrik Petander, Basavaraj Patil, Mohan Parthasarathy, Pentland, Lars Henrik Petander, Basavaraj Patil, Mohan Parthasarathy,
Alexandru Petrescu, Mattias Petterson, Ken Powell, Phil Roberts, Ed Alexandru Petrescu, Mattias Petterson, Ken Powell, Phil Roberts, Ed
Remmell, Patrice Romand, Jeff Schiller, Pekka Savola, Arvind Remmell, Patrice Romand, Luis A. Sanchez, Jeff Schiller, Pekka
Sevalkar, Keiichi Shima, Tom Soderlund, Hesham Soliman, Jim Solomon, Savola, Arvind Sevalkar, Keiichi Shima, Tom Soderlund, Hesham
Tapio Suihko, Dave Thaler, Benny Van Houdt, Jon-Olov Vatn, Carl E. Soliman, Jim Solomon, Tapio Suihko, Dave Thaler, Benny Van Houdt,
Williams, Vladislav Yasevich, Alper Yegin, and Xinhua Zhao, for their Jon-Olov Vatn, Carl E. Williams, Vladislav Yasevich, Alper Yegin,
detailed reviews of earlier versions of this document. Their and Xinhua Zhao, for their detailed reviews of earlier versions of
suggestions have helped to improve both the design and presentation this document. Their suggestions have helped to improve both the
of the protocol. design and presentation of the protocol.
We would also like to thank the participants in the Mobile IPv6 We would also like to thank the participants of the Mobile IPv6
testing event held at Nancy, France, September 15-17, 1999, for their testing event (1999), implementors who participated Mobile IPv6
valuable feedback as a result of interoperability testing of four interoperability testing at Connectathons (2000, 2001, 2002, and
Mobile IPv6 implementations. Further, we would like to thank the 2003), and the participants at the ETSI interoperability testing
feedback from the implementors who participated in the Mobile IPv6 (2000, 2002). Finally, we would like to thank the TAHI project who
interoperability testing at Connectathons 2000, 2001, and 2002 in San has provided test suites for Mobile IPv6.
Jose, California. Similarly, we would like to thank the participants
at the ETSI interoperability testing at ETSI, in Sophia Antipolis,
France, during October 2-6, 2000.
Normative References Normative References
[1] Eastlake, D., Crocker, S. and J. Schiller, "Randomness [1] Eastlake, D., Crocker, S. and J. Schiller, "Randomness
Recommendations for Security", RFC 1750, December 1994. Recommendations for Security", RFC 1750, December 1994.
[2] Bradner, S., "Key words for use in RFCs to Indicate Requirement [2] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, March 1997. Levels", BCP 14, RFC 2119, March 1997.
[3] Hinden, R. and S. Deering, "IP Version 6 Addressing [3] Hinden, R. and S. Deering, "IP Version 6 Addressing
skipping to change at page 159, line 24 skipping to change at page 163, line 24
[19] Reynolds, J., "Assigned Numbers: RFC 1700 is Replaced by an [19] Reynolds, J., "Assigned Numbers: RFC 1700 is Replaced by an
On-line Database", RFC 3232, January 2002. On-line Database", RFC 3232, January 2002.
[20] National Institute of Standards and Technology, "Secure Hash [20] National Institute of Standards and Technology, "Secure Hash
Standard", FIPS PUB 180-1, April 1995, <http:// Standard", FIPS PUB 180-1, April 1995, <http://
www.itl.nist.gov/fipspubs/fip180-1.htm>. www.itl.nist.gov/fipspubs/fip180-1.htm>.
[21] Arkko, J., Devarapalli, V. and F. Dupont, "Using IPsec to [21] Arkko, J., Devarapalli, V. and F. Dupont, "Using IPsec to
Protect Mobile IPv6 Signaling betweenMobile Nodes and Home Protect Mobile IPv6 Signaling betweenMobile Nodes and Home
Agents", draft-ietf-mobileip-mipv6-ha-ipsec-03 (work in Agents", draft-ietf-mobileip-mipv6-ha-ipsec-05 (work in
progress), February 2003. progress), May 2003.
Informative References Informative References
[22] Perkins, C., "IP Mobility Support", RFC 2002, October 1996. [22] Perkins, C., "IP Mobility Support", RFC 2002, October 1996.
[23] Perkins, C., "IP Encapsulation within IP", RFC 2003, October [23] Perkins, C., "IP Encapsulation within IP", RFC 2003, October
1996. 1996.
[24] Perkins, C., "Minimal Encapsulation within IP", RFC 2004, [24] Perkins, C., "Minimal Encapsulation within IP", RFC 2004,
October 1996. October 1996.
skipping to change at page 160, line 25 skipping to change at page 164, line 25
[25] Krawczyk, H., Bellare, M. and R. Canetti, "HMAC: Keyed-Hashing [25] Krawczyk, H., Bellare, M. and R. Canetti, "HMAC: Keyed-Hashing
for Message Authentication", RFC 2104, February 1997. for Message Authentication", RFC 2104, February 1997.
[26] Ferguson, P. and D. Senie, "Network Ingress Filtering: [26] Ferguson, P. and D. Senie, "Network Ingress Filtering:
Defeating Denial of Service Attacks which employ IP Source Defeating Denial of Service Attacks which employ IP Source
Address Spoofing", RFC 2267, January 1998. Address Spoofing", RFC 2267, January 1998.
[27] Aura, T. and J. Arkko, "MIPv6 BU Attacks and Defenses", [27] Aura, T. and J. Arkko, "MIPv6 BU Attacks and Defenses",
draft-aura-mipv6-bu-attacks-01 (work in progress), March 2002. draft-aura-mipv6-bu-attacks-01 (work in progress), March 2002.
[28] Droms, R., "Dynamic Host Configuration Protocol for IPv6 [28] Bellovin, S., "Guidelines for Mandating Automated Key
Management", draft-bellovin-mandate-keymgmt-00 (work in
progress), August 2003.
[29] Droms, R., "Dynamic Host Configuration Protocol for IPv6
(DHCPv6)", draft-ietf-dhc-dhcpv6-28 (work in progress), (DHCPv6)", draft-ietf-dhc-dhcpv6-28 (work in progress),
November 2002. November 2002.
[29] Draves, R., "Default Address Selection for IPv6", [30] Kaufman, C., "Internet Key Exchange (IKEv2) Protocol",
draft-ietf-ipsec-ikev2-07 (work in progress), April 2003.
[31] Draves, R., "Default Address Selection for IPv6",
draft-ietf-ipv6-default-addr-select-09 (work in progress), draft-ietf-ipv6-default-addr-select-09 (work in progress),
August 2002. August 2002.
[30] Nikander, P., Nordmark, E., Montenegro, G. and J. Arkko, [32] Nikander, P., Aura, T., Arkko, J., Montenegro, G. and E.
"Mobile IPv6 Security Design Rationale", Nordmark, "Mobile IP version 6 Route Optimization Security
draft-nikander-mipv6-design-rationale-00.txt (work in Design Background", draft-nikander-mobileip-v6-ro-sec-00.txt
progress), February 2003. (work in progress), April 2003.
[31] Nordmark, E., "Securing MIPv6 BUs using return routability [33] Nordmark, E., "Securing MIPv6 BUs using return routability
(BU3WAY)", draft-nordmark-mobileip-bu3way-00 (work in (BU3WAY)", draft-nordmark-mobileip-bu3way-00 (work in
progress), November 2001. progress), November 2001.
[32] Roe, M., Aura, T., O'Shea, G. and J. Arkko, "Authentication of [34] Roe, M., Aura, T., O'Shea, G. and J. Arkko, "Authentication of
Mobile IPv6 Binding Updates and Acknowledgments", Mobile IPv6 Binding Updates and Acknowledgments",
draft-roe-mobileip-updateauth-02 (work in progress), March draft-roe-mobileip-updateauth-02 (work in progress), March
2002. 2002.
[33] Savola, P., "Use of /127 Prefix Length Between Routers [35] Savola, P., "Use of /127 Prefix Length Between Routers
Considered Harmful", draft-savola-ipv6-127-prefixlen-04 (work Considered Harmful", draft-savola-ipv6-127-prefixlen-04 (work
in progress), June 2002. in progress), June 2002.
[34] Savola, P., "Security of IPv6 Routing Header and Home Address [36] Savola, P., "Security of IPv6 Routing Header and Home Address
Options", draft-savola-ipv6-rh-ha-security-03 (work in Options", draft-savola-ipv6-rh-ha-security-03 (work in
progress), December 2002. progress), December 2002.
[35] Vida, R. and L. Costa, "Multicast Listener Discovery Version 2 [37] Vida, R. and L. Costa, "Multicast Listener Discovery Version 2
(MLDv2) for IPv6", draft-vida-mld-v2-06 (work in progress), (MLDv2) for IPv6", draft-vida-mld-v2-06 (work in progress),
December 2002. December 2002.
Authors' Addresses Authors' Addresses
David B. Johnson David B. Johnson
Rice University Rice University
Dept. of Computer Science, MS 132 Dept. of Computer Science, MS 132
6100 Main Street 6100 Main Street
Houston TX 77005-1892 Houston TX 77005-1892
skipping to change at page 162, line 9 skipping to change at page 166, line 9
Ericsson Ericsson
Jorvas 02420 Jorvas 02420
Finland Finland
EMail: jari.arkko@ericsson.com EMail: jari.arkko@ericsson.com
Appendix A. Changes from Previous Version of the Draft Appendix A. Changes from Previous Version of the Draft
This appendix briefly lists some of the major changes in this draft This appendix briefly lists some of the major changes in this draft
relative to the previous version of this same draft, relative to the previous version of this same draft,
draft-ietf-mobileip-ipv6-20.txt: draft-ietf-mobileip-ipv6-21.txt:
o The lifetime of a binding on a correspondent is now limited to the
lifetime of the home registration, not the lifetime of the home
address (tracked issue 261).
o This specification no longer requires site-local forwarding to be
configurable (tracked issue 258).
o Infinite binding lifetimes have been removed (tracked issue 256).
o This specification now disallows the use of the Binding
Authorization Data option in a home registration, and requires
Binding Updates the home agent with such options to be dropped
(tracked issue 255).
o The verification of Home Address Options without an existing o The required policy checks for protecting return routability
Binding Cache entry has been clarified. IPsec is now sufficient packets have been clarified; the language now allows different
for this verification only in the case of the home agent and a implementations as long as the end result is the same (tracked
home address which the home agent is willing to serve (tracked issue 306).
issue 253).
o Appendix B.6 now describes some potential Neighbor Discovery o The specification no longer discusses the differences of using
enhancements that may be relevant for Mobile IPv6 in the future randomly generated and EUI-64 based interface identifiers for
(tracked issue 252). link-local addresses while away from home (tracked issue 302).
o The Home Address Option rule has been clarified in Section 11.7.2. o The rules for treating IKE cookies when using the Key Management
This rule deals with starting route optimization when a tunneled Capability (K) flag have been specified in Section 10.3.1 (tracked
packet has been received (tracked issue 251). issue 298).
o Binding Cache entries can now be created from non-error ICMP o Section 6.2.7 now makes it clear why the home address does not
messages. This allows Mobile IPv6 to be tested with ping, which need to be a part of the formula for calculating the MAC; the home
uses ICMP echo messages (tracked issue 250). address is taken in account in the construction of the keygen
tokens (tracked issue 298).
o The support for protecting prefix discovery with IPsec has been o The security considerations discuss the need for payload packet
made mandatory, but use is still a SHOULD (tracked issue 249). protection in more depth than previously. In particular, the use
of payload packet protection is now recommended when communicating
with hosts in a home network protected with some form of perimeter
defense (tracked issue 298).
o It is now required that L=0 registrations do not allow the home o The rules for treating IKE cookies when using the Key Management
agent to derive any other address from the home address (tracked Capability (K) flag have been specified in Section 10.3.1 (tracked
issue 248). issue 298).
o Prefix fetching interval constants have now been defined (tracked o Section 11.5.1 has been rewritten as a collection of hints about</