NETLMM WG S. Gundavelli Internet-Draft K. Leung Intended status: Standards Track Cisco Expires: December 20, 2007 V. Devarapalli Azaire Networks K. Chowdhury Starent Networks B. Patil Nokia Siemens Networks June 18, 2007 Proxy Mobile IPv6 draft-ietf-netlmm-proxymip6-01.txt Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on December 20, 2007. Copyright Notice Copyright (C) The IETF Trust (2007). Abstract Host based IPv6 mobility is specified in Mobile IPv6 base specification [RFC3775]. In that model, the mobile node is Gundavelli, et al. Expires December 20, 2007 [Page 1] Internet-Draft Proxy Mobile IPv6 June 2007 responsible for doing the signaling to its home agent to enable session continuity as it moves between subnets. The design principle in the case of host-based mobility relies on the mobile node being in control of the mobility management. Network based mobility allows IP session continuity for a mobile node without its involvement in mobility management. This specification describes a protocol solution for network based mobility management that relies on Mobile IPv6 signaling and reuse of home agent functionality. A proxy mobility agent in the network which manages the mobility for a mobile node is the reason for referring to this protocol as Proxy Mobile IPv6. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Conventions & Terminology . . . . . . . . . . . . . . . . . . 5 2.1. Conventions used in this document . . . . . . . . . . . . 5 2.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 5 3. Proxy Mobile IPv6 Protocol Overview . . . . . . . . . . . . . 7 4. Proxy Mobile IPv6 Protocol Security . . . . . . . . . . . . . 11 4.1. Peer Authorization Database Entries . . . . . . . . . . . 11 4.2. Security Policy Database Entries . . . . . . . . . . . . . 12 5. Local Mobility Anchor Operation . . . . . . . . . . . . . . . 13 5.1. Extensions to Binding Cache Conceptual Data Structure . . 14 5.2. Bi-Directional Tunnel Management . . . . . . . . . . . . . 14 5.3. Routing Considerations . . . . . . . . . . . . . . . . . . 15 5.4. Local Mobility Anchor Address Discovery . . . . . . . . . 16 5.5. Sequence Number and Time-Stamps for Message Ordering . . . 16 5.6. Route Optimizations Considerations . . . . . . . . . . . . 17 5.7. Mobile Prefix Discovery Considerations . . . . . . . . . . 18 5.8. Signaling Considerations . . . . . . . . . . . . . . . . . 18 5.8.1. Initial Proxy Binding Registration . . . . . . . . . . 18 5.8.2. Extending the binding lifetime . . . . . . . . . . . . 20 5.8.3. De-registration of the binding . . . . . . . . . . . . 20 5.9. Local Mobility Anchor Operational Summary . . . . . . . . 20 6. Mobile Access Gateway Operation . . . . . . . . . . . . . . . 21 6.1. Supported Access Link Types . . . . . . . . . . . . . . . 21 6.2. Supported Home Network Prefix Models . . . . . . . . . . . 22 6.3. Supported Address Configuration Models . . . . . . . . . . 22 6.4. Access Authentication & Mobile Node Identification . . . . 23 6.5. Mobile Node's Policy Profile . . . . . . . . . . . . . . . 23 6.6. Conceptual Data Structures . . . . . . . . . . . . . . . . 24 6.7. Home Network Emulation . . . . . . . . . . . . . . . . . . 24 6.7.1. Home Network Prefix Renumbering . . . . . . . . . . . 25 6.8. Link-Local and Global Address Uniqueness . . . . . . . . . 26 6.9. Signaling Considerations . . . . . . . . . . . . . . . . . 27 6.9.1. Initial Attachment and binding registration . . . . . 27 Gundavelli, et al. Expires December 20, 2007 [Page 2] Internet-Draft Proxy Mobile IPv6 June 2007 6.9.2. Extending the binding lifetime . . . . . . . . . . . . 28 6.9.3. De-registration of the binding . . . . . . . . . . . . 28 6.10. Routing Considerations . . . . . . . . . . . . . . . . . . 28 6.10.1. Transport Network . . . . . . . . . . . . . . . . . . 29 6.10.2. Tunneling & Encapsulation Modes . . . . . . . . . . . 29 6.10.3. Routing State . . . . . . . . . . . . . . . . . . . . 30 6.10.4. Local Routing . . . . . . . . . . . . . . . . . . . . 31 6.10.5. Tunnel Management . . . . . . . . . . . . . . . . . . 31 6.10.6. Forwarding Rules . . . . . . . . . . . . . . . . . . . 31 6.11. Interaction with DHCP Relay Agent . . . . . . . . . . . . 32 6.12. Mobile Node Detachment Detection and Resource Cleanup . . 32 6.13. Allowing network access to other IPv6 nodes . . . . . . . 33 7. Mobile Node Operation . . . . . . . . . . . . . . . . . . . . 34 7.1. Booting up in a Proxy Mobile IPv6 Domain . . . . . . . . . 34 7.2. Roaming in the Proxy Mobile IPv6 Network . . . . . . . . . 35 7.3. IPv6 Host Protocol Parameters . . . . . . . . . . . . . . 36 8. Message Formats . . . . . . . . . . . . . . . . . . . . . . . 37 8.1. Proxy Binding Update . . . . . . . . . . . . . . . . . . . 37 8.2. Proxy Binding Acknowledgment . . . . . . . . . . . . . . . 38 8.3. Home Network Prefix Option . . . . . . . . . . . . . . . . 39 8.4. Time Stamp Option . . . . . . . . . . . . . . . . . . . . 40 8.5. Status Codes . . . . . . . . . . . . . . . . . . . . . . . 41 9. Protocol Configuration Variables . . . . . . . . . . . . . . . 42 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 42 11. Security Considerations . . . . . . . . . . . . . . . . . . . 42 12. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 44 13. References . . . . . . . . . . . . . . . . . . . . . . . . . . 44 13.1. Normative References . . . . . . . . . . . . . . . . . . . 44 13.2. Informative References . . . . . . . . . . . . . . . . . . 45 Appendix A. Proxy Mobile IPv6 interactions with AAA Infrastructure . . . . . . . . . . . . . . . . . . . 46 Appendix B. Supporting Shared-Prefix Model using DHCPv6 . . . . . 46 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 47 Intellectual Property and Copyright Statements . . . . . . . . . . 49 Gundavelli, et al. Expires December 20, 2007 [Page 3] Internet-Draft Proxy Mobile IPv6 June 2007 1. Introduction Mobile IPv6 [RFC-3775] is the enabler for IPv6 mobility. It requires Mobile IPv6 client functionality in the IPv6 stack of a mobile node. Signaling between the mobile node and home agent enables the creation and maintenance of a binding between the mobile node's home address and care-of-address. Mobile IPv6 has been designed to be an integral part of the IPv6 stack in a host. However there exist IPv6 stacks today that do not have Mobile IPv6 functionality and there would likely be IPv6 stacks without Mobile IPv6 client functionality in the future as well. It is desirable to support IP mobility for all hosts irrespective of the presence or absence of mobile IPv6 functionality in the IPv6 stack. It is possible to support mobility for IPv6 nodes by extending Mobile IPv6 [RFC-3775] signaling and reusing the home agent via a proxy mobility agent in the network. This approach to supporting mobility does not require the mobile node to be involved in the signaling required for mobility management. The proxy mobility agent in the network performs the signaling and does the mobility management on behalf of the mobile node. Because of the use and extension of Mobile IPv6 signaling and home agent functionality, it is referred to as Proxy Mobile IPv6 (PMIP6) in the context of this document. Network deployments which are designed to support mobility would be agnostic to the capability in the IPv6 stack of the nodes which it serves. IP mobility for nodes which have mobile IP client functionality in the IPv6 stack as well as those hosts which do not, would be supported by enabling Proxy Mobile IPv6 protocol functionality in the network. The advantages of developing a network based mobility protocol based on Mobile IPv6 are: o Reuse of home agent functionality and the messages/format used in mobility signaling. Mobile IPv6 is a mature protocol with several implementations that have been through interoperability testing. o A common home agent would serve as the mobility agent for all types of IPv6 nodes. o Addresses a real deployment need. The problem statement and the need for a network based mobility protocol solution has been documented in [RFC-4830]. Proxy Mobile IPv6 is a solution that addresses these issues and requirements. Gundavelli, et al. Expires December 20, 2007 [Page 4] Internet-Draft Proxy Mobile IPv6 June 2007 2. Conventions & Terminology 2.1. Conventions used in this document The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" used in this document are to be interpreted as described in RFC 2119. 2.2. Terminology All the general mobility related terms used in this document are to be interpreted as defined in the Mobile IPv6 base specification [RFC- 3775]. This document adopts the terms, Local Mobility Anchor (LMA) and Mobile Access Gateway (MAG) from the NETLMM Goals document [RFC- 4831]. This document also provides the following context specific explanation to the following terms used in this document. Proxy Mobile IPv6 Domain (PMIPv6-Domain) Proxy Mobile IPv6 domain refers to the network where the mobility management of a mobile node is handled using Proxy Mobile IPv6 protocol as defined in this specification. The Proxy Mobile IPv6 domain includes local mobility anchors and mobile access gateways between which security associations can be setup and authorization for sending Proxy Binding Updates on behalf of the mobile nodes can be ensured. Local Mobility Anchor (LMA) Local Mobility Anchor is the home agent for the mobile node in the Proxy Mobile IPv6 domain. It is the topological anchor point for the mobile node's home network prefix and is the entity that manages the mobile node's reachability state. It is important to understand that the local mobility anchor has the functional capabilities of a home agent as defined in Mobile IPv6 base specification [RFC-3775] and with the additional required capabilities for supporting Proxy Mobile IPv6 protocol as defined in this specification. Mobile Access Gateway (MAG) Gundavelli, et al. Expires December 20, 2007 [Page 5] Internet-Draft Proxy Mobile IPv6 June 2007 Mobile Access Gateway is a function that manages the mobility related signaling for a mobile node that is attached to its access link. It is responsible for tracking the mobile node's attachment to the link and for signaling the mobile node's local mobility anchor. Mobile Node (MN) Through out this document, the term mobile node is used to refer to an IP node whose mobility is managed by the network. The mobile node may be operating in IPv6 mode, IPv4 mode or in IPv4/ IPv6 dual mode. The mobile node is not required to participate in any mobility related signaling for achieving mobility for an IP address that is obtained in that local domain. This document further uses explicit text when referring to a mobile node that is involved in mobility related signaling as per Mobile IPv6 specification [RFC-3775]. LMA Address (LMAA) The address that is configured on the interface of the local mobility anchor and is the transport endpoint of the tunnel between the local mobility anchor and the mobile access gateway. This is the address to where the mobile access gateway sends the Proxy Binding Update messages. When supporting IPv4 traversal, i.e. when the network between the local mobility anchor and the mobile access gateway is an IPv4 network, this address will be an IPv4 address and will be referred to as IPv4-LMAA, as specified in [ID-IPV4-PMIP6]. Proxy Care-of Address (Proxy-CoA) Proxy-CoA is the address configured on the interface of the mobile access gateway and is the transport endpoint of the tunnel between the local mobility anchor and the mobile access gateway. The local mobility anchor views this address as the Care-of Address of the mobile node and registers it in the Binding Cache entry for that mobile node. When the transport network between the mobile access gateway and the local mobility anchor is an IPv4 network and if the care-of address that is registered at the local mobility anchor is an IPv4 address, the term, IPv4-Proxy-CoA is used, as defined in [ID-IPV4-PMIP6]. Mobile Node's Home Address (MN-HoA) Gundavelli, et al. Expires December 20, 2007 [Page 6] Internet-Draft Proxy Mobile IPv6 June 2007 MN-HoA is the home address of a mobile node in a Proxy Mobile IPv6 domain. It is an address obtained by the mobile node in that domain. The mobile node can continue to use this address as long as it is attached to the network that is in the scope of that Proxy Mobile IPv6 domain. Mobile Node's Home Network Prefix (MN-HNP) This is the on-link IPv6 prefix that the mobile node always sees in the Proxy Mobile IPv6 domain. The home network prefix is topologically anchored at the mobile node's local mobility anchor. The mobile node configures its interface with an address from this prefix. Mobile Node's Home Link This is the link on which the mobile node obtained its initial address configuration after it moved into that Proxy Mobile IPv6 domain. This is the link that conceptually follows the mobile node. The network will ensure the mobile node always sees this link with respect to the layer-3 network configuration, on any access link that it attaches to in that proxy mobile IPv6 domain. Mobile Node Identifier (MN-Identifier) The identity of the mobile node that is presented to the network as part of the access authentication. This is typically an identifier such as Mobile Node NAI [RFC-4283], or any other type of identifier which may be specific to the access technology. Proxy Binding Update (PBU) A signaling message sent by the mobile access gateway to a mobile node's local mobility anchor for establishing a binding between the mobile node's MN-HoA and the Proxy-CoA. Proxy Binding Acknowledgement (PBA) A response message sent by a local mobility anchor in response to a Proxy Binding Update message that it received from a mobile access gateway. 3. Proxy Mobile IPv6 Protocol Overview This specification describes a network-based mobility management protocol. It is called Proxy Mobile IPv6 and is based on Mobile IPv6 [RFC-3775]. This protocol is for providing network-based mobility Gundavelli, et al. Expires December 20, 2007 [Page 7] Internet-Draft Proxy Mobile IPv6 June 2007 management support to a mobile node, within a restricted and topologically localized portion of the network and with out requiring the participation of the mobile node in any mobility related signaling. Every mobile node that roams in a Proxy Mobile IPv6 domain, would typically be identified by an identifier, MN-Identifier, and using that identifier the mobile node's policy profile can be obtained from the policy store. The policy profile typically contains the provisioned network-based mobility service characteristics and other related parameters such as the mobile node's Identifier, local mobility anchor address, permitted address configuration modes, roaming policy and other parameters that are essential for providing the network based mobility service. Once a mobile node enters its Proxy Mobile IPv6 domain and performs access authentication, the network will ensure that the mobile node is always on its home network and can obtain its home address on any access link using any of the address configuration procedures. In other words, there is a home network prefix that is assigned to a mobile node and conceptually that address always follows the mobile node, where ever it roams within that Proxy Mobile IPv6 domain. From the perspective of the mobile node, the entire Proxy Mobile IPv6 domain appears as its home link or a single link. Gundavelli, et al. Expires December 20, 2007 [Page 8] Internet-Draft Proxy Mobile IPv6 June 2007 +----+ +----+ |LMA1| |LMA2| +----+ +----+ LMAA1 -> | | <-- LMAA2 | | \\ //\\ \\ // \\ \\ // \\ +---\\------------- //------\\----+ ( \\ IPv4/IPv6 // \\ ) ( \\ Network // \\ ) +------\\--------//------------\\-+ \\ // \\ \\ // \\ \\ // \\ Proxy-CoA1--> | | <-- Proxy-CoA2 +----+ +----+ |MAG1|-----[MN2] |MAG2| +----+ | +----+ | | | MN-HoA1 --> | MN-HoA2 | <-- MN-HoA3 [MN1] [MN3] Figure 1: Proxy Mobile IPv6 Domain The Proxy Mobile IPv6 scheme introduces a new function, the mobile access gateway. It is a function that is on the access link where the mobile node is anchored and does the mobility related signaling on its behalf. From the perspective of the local mobility anchor, the mobile access gateway is a special element in the network that is authorized to send Mobile IPv6 signaling messages on behalf of other mobile nodes. When the mobile node attaches to an access link connected to the mobile access gateway, the mobile node presents its identity, MN- Identifier, as part of the access authentication procedure. After a successful access authentication, the mobile access gateway obtains the mobile node's profile from the policy store. The mobile access gateway would have all the required information for it to emulate the mobile node's home network on the access link. It sends Router Advertisement messages to the mobile node on the access link advertising the mobile node's home network prefix as the hosted on- link-prefix. Gundavelli, et al. Expires December 20, 2007 [Page 9] Internet-Draft Proxy Mobile IPv6 June 2007 The mobile node on receiving these Router Advertisement messages on the access link will attempt to configure its interface either using stateful or stateless address configuration modes, based on modes that are permitted on that access link. At the end of a successful address configuration procedure, the mobile node would have obtained an address from its home network prefix. If the mobile node is IPv4 capable and if network offers IPv4 network mobility for the mobile node, the mobile node would have obtained an IPv4 address as well. The mobile node can be operating in IPv4-only mode, IPv6-only or in dual-mode and based on the services enabled for that mobile, the mobility is enabled only for those address types. Also, the network between the local mobility anchor and the mobile access gateway can be either IPv4, IPv6 or a private IPv4 with NAT translation devices. For updating the local mobility anchor about the current location of the mobile node, the mobile access gateway sends a Proxy Binding Update message to the mobile node's local mobility anchor. The message will have the mobile node's NAI identifier option and other required options. Upon accepting the Proxy Binding Update message, the local mobility anchor sends a Proxy Binding Acknowledgment message including the mobile node's home network prefix option. It also sets up a route for the mobile node's home network prefix over the tunnel to the mobile access gateway. The mobile access gateway on receiving this Proxy Binding Acknowledgment message sets up a bi-directional tunnel to the local mobility anchor and adds a default route over the tunnel to the local mobility anchor. All traffic from the mobile node gets routed to its local mobility anchor through the bi-directional tunnel. At this point, the mobile node has a valid address from its home network prefix, at the current point of attachment. The serving mobile access gateway and the local mobility anchor also have proper routing states for handling the traffic sent to and from the mobile node using an address from its home network prefix. The local mobility anchor, being the topological anchor point for the mobile node's home network prefix, receives any packet that is sent by any corresponding node to the mobile node. Local mobility anchor forwards the received packet to the mobile access gateway through the bi-directional tunnel. The mobile access gateway on other end of the tunnel, after receiving the packet, removes the outer header and forwards the packet on the access link to the mobile node. The mobile access gateway typically acts as a default router on the access link and any packet that the mobile node sends to any corresponding node is received by the mobile access gateway and it forwards the packet to its local mobility anchor through the bi- Gundavelli, et al. Expires December 20, 2007 [Page 10] Internet-Draft Proxy Mobile IPv6 June 2007 directional tunnel. The local mobility anchor on the other end of the tunnel, after receiving the packet removes the outer header and routes the packet to the destination. 4. Proxy Mobile IPv6 Protocol Security The signaling messages, Proxy Binding Update and Proxy Binding Acknowledgement, exchanged between the mobile access gateway and the local mobility anchor are protected using IPsec and using the established security association between them. The security association of the specific mobile node for which the signaling message is initiated is not required for protecting these messages. ESP in transport mode with mandatory integrity protection is used for protecting the signaling messages. Confidentiality protection is not required. IKEv2 is used to setup security associations between the mobile access gateway and the local mobility anchor to protect the Proxy Binding Update and Proxy Binding Acknowledgment messages. The mobile access gateway and the local mobility anchor can use any of the authentication mechanisms, as specified in IKEv2, for mutual authentication. Mobile IPv6 specification requires the home agent to prevent a mobile node from creating security associations or creating binding cache entries for another mobile node's home address. In the protocol described in this document, the mobile node is not involved in creating security associations for protecting the signaling messages or sending binding updates. Therefore, this is not a concern. However, the local mobility anchor MUST allow only authorized mobile access gateways to create binding cache entries on behalf of the mobile nodes. The actual mechanism by which the local mobility anchor verifies if a specific mobile access gateway is authorized to send Proxy Binding Updates on behalf of a mobile node is outside the scope of this document. One possible way this could be achieved is sending a query to the policy store such as by using AAA infrastructure. 4.1. Peer Authorization Database Entries The following describes PAD entries on the mobile access gateway and the local mobility anchor. The PAD entries are only example configurations. Note that the PAD is a logical concept and a particular mobile access gateway or a local mobility anchor implementation can implement the PAD in an implementation specific Gundavelli, et al. Expires December 20, 2007 [Page 11] Internet-Draft Proxy Mobile IPv6 June 2007 manner. The PAD state may also be distributed across various databases in a specific implementation. mobile access gateway PAD: - IF remote_identity = lma_identity_1 Then authenticate (shared secret/certificate/EAP) and authorize CHILD_SA for remote address lma_addres_1 local mobility anchor PAD: - IF remote_identity = mag_identity_1 Then authenticate (shared secret/certificate/EAP) and authorize CHILD_SAs for remote address mag_address_1 The list of authentication mechanisms in the above examples is not exhaustive. There could be other credentials used for authentication stored in the PAD. 4.2. Security Policy Database Entries The following describes the security policy entries on the mobile access gateway and the local mobility anchor required to protect the Proxy Mobile IPv6 signaling messages. The SPD entries are only example configurations. A particular mobile access gateway or a local mobility anchor implementation could configure different SPD entries as long as they provide the required security. In the examples shown below, the identity of the mobile access gateway is assumed to be mag_1, the address of the mobile access gateway is assumed to be mag_address_1, and the address of the local mobility anchor is assumed to be lma_address_1. mobile access gateway SPD-S: - IF local_address = mag_address_1 & remote_address = lma_address_1 & proto = MH & local_mh_type = BU & remote_mh_type = BAck Then use SA ESP transport mode Initiate using IDi = mag_1 to address lma_1 local mobility anchor SPD-S: - IF local_address = lma_address_1 & remote_address = mag_address_1 & proto = MH & local_mh_type = BAck & remote_mh_type = BU Then use SA ESP transport mode Gundavelli, et al. Expires December 20, 2007 [Page 12] Internet-Draft Proxy Mobile IPv6 June 2007 5. Local Mobility Anchor Operation For supporting the Proxy Mobile IPv6 scheme specified in this document, the Mobile IPv6 home agent entity, defined in Mobile IPv6 specification [RFC-3775], needs some enhancements. The local mobility anchor is an entity that has the functional capabilities of a home agent and with the additional required capabilities for supporting Proxy Mobile IPv6 protocol as defined in this specification. This section describes the operational details of the local mobility anchor. The base Mobile IPv6 specification [RFC-3775], defines home agent and the mobile node as the two functional entities. The Proxy Mobile IPv6 scheme introduces a new entity, the mobile access gateway. This is the entity that will participate in the mobility related signaling. From the perspective of the local mobility anchor, the mobile access gateway is a special element in the network that has the privileges to send mobility related signaling messages on behalf of the mobile node. Typically, the local mobility anchor is provisioned with the list of mobile access gateways authorized to send proxy registrations. When the local mobility anchor receives a Proxy Binding Update message from a mobile access gateway, the message is protected using the IPSec Security Association established between the local mobility anchor and the mobile access gateway. The local mobility anchor can distinguish between a Proxy Binding Update message received from a mobile access gateway from a Binding Update message received directly from a mobile node. This distinction is important for using the right security association for validating the Binding Update and this is achieved by relaxing the MUST requirement for having the Home Address Option presence in Destination Options header and by introducing a new flag in the Binding Update message. The local mobility anchor as a traditional IPSec peer can use the SPI in the IPSec header [RFC-4306] of the received packet for locating the correct security association and for processing the Proxy Binding Update message in the context of the Proxy Mobile IPv6 scheme. For protocol simplicity, the current specification supports the Per- MN-Prefix addressing model. In this addressing model, each mobile node is allocated an exclusively unique home network prefix. The local mobility anchor in this model is just a topological anchor point for that prefix and the prefix is physically hosted on the access link where the mobile node is attached. The local mobility anchor is not required to perform any proxy ND operations [RFC-2461] for defending the mobile node's home address on the home link. However, the local mobility anchor is required to manage the binding cache entry of the mobile node for managing the mobility session and Gundavelli, et al. Expires December 20, 2007 [Page 13] Internet-Draft Proxy Mobile IPv6 June 2007 also the routing state for creating a proper route path for traffic to/from the mobile node. 5.1. Extensions to Binding Cache Conceptual Data Structure The local mobility anchor maintains a Binding Cache entry for each currently registered mobile node. Binding Cache is a conceptual data structure, described in Section 9.1 of [RFC-3775]. For supporting this specification, the conceptual Binding Cache entry needs to be extended with the following additional fields. o A flag indicating whether or not this Binding Cache entry is created due to a proxy registration. This flag is enabled for Binding Cache entries that are proxy registrations and is turned off for all other entries that are direct registrations from the mobile node. o The identifier of the mobile node, MN-Identifier. This MN- Identifier is obtained from the NAI Option present in the Proxy Binding Update request [RFC-4285]. o A flag indicating whether or not the Binding Cache entry has a home address that is on virtual interface. This flag is enabled, if the home prefix of the mobile node is configured on a virtual interface. When the configured home prefix of a mobile is on a virtual interface, the home agent is not required to function as a Neighbor Discovery proxy for the mobile node. o The IPv6 home network prefix of the mobile node. o The IPv6 home network prefix length of the mobile node. o The interface id of the bi-directional tunnel between the local mobility anchor and the mobile access gateway used for sending and receiving the mobile node's traffic. 5.2. Bi-Directional Tunnel Management The bi-directional tunnel between the local mobility anchor and the mobile access gateway is used for routing the traffic to and from the mobile node. The tunnel hides the topology and enables a mobile node to use an IP address that is topologically anchored at the local mobility anchor, from any attached access link in that proxy mobile IPv6 domain. The base Mobile IPv6 specification [RFC-3775], does use the tunneling scheme for routing traffic to and from the mobile that is using its home address. However, there are subtle differences in the way Proxy Mobile IPv6 uses the tunneling scheme. Gundavelli, et al. Expires December 20, 2007 [Page 14] Internet-Draft Proxy Mobile IPv6 June 2007 As in Mobile IPv4 [RFC-3344], the tunnel between the local mobility anchor and the mobile access gateway is typically a shared tunnel and can be used for routing traffic streams for different mobile nodes attached to the same mobile access gateway. This specification extends that 1:1 relation between a tunnel and a binding cache entry to 1:m relation, reflecting the shared nature of the tunnel. The tunnel is creating after accepting a Proxy Binding Update message for a mobile node from a mobile access gateway. The created tunnel may be shared with other mobile nodes attached to the same mobile access gateway and with the local mobility anchor having a binding cache entry for those mobile nodes. Some implementations may prefer to use static tunnels as supposed to creating and tearing them down on a need basis. The one end point of the tunnel is the address configured on the interface of the local mobility anchor, LMAA. The other end point of the tunnel is the address configured on the interface of the mobile access gateway, Proxy-CoA. The details related to the supported encapsulation modes and transport protocols is covered in detail in Section 6.10.2. Implementations typically use a software timer for managing the tunnel lifetime and a counter for keeping a count of all the mobiles that are sharing the tunnel. The timer value will be set to the accepted binding life-time and will be updated after each periodic registrations for extending the lifetime. If the tunnel is shared for multiple mobile node's traffic, the tunnel lifetime will be set to the highest binding life time across all the binding life time that is granted for all the mobiles sharing that tunnel. 5.3. Routing Considerations This section describes how the data traffic to/from the mobile node is handled at the local mobility anchor. When a local mobility anchor is serving a mobile node, it MUST attempt to intercept packets that are sent to any address that is in the mobile node's home network prefix address range. The local mobility anchor MUST advertise a connected route in to the Routing Infrastructure for that mobile node's home network prefix or for an aggregated prefix with a larger scope. This essentially enables routers in the IPv6 network to detect the local mobility anchor as the last-hop router for that prefix. When forwarding any packets that have the destination address matching the mobile node's home network prefix, the local mobility anchor MUST encapsulate the packet with the outer IPv6 header, as Gundavelli, et al. Expires December 20, 2007 [Page 15] Internet-Draft Proxy Mobile IPv6 June 2007 specified in Generic Packet Tunneling in IPv6 specification [RFC- 2473]. If the negotiated encapsulation header is either IPv6-over- IPv4 or IPv6-over-IPv4-UDP, as specified in the companion document, IPv4 support for Proxy Mobile IP6 [ID-Pv4-PMIP6], the packet must be encapsulated and routed as specified in that specification. All the reverse tunneled packets that the local mobility anchor receives from the tunnel, after removing the outer header MUST be routed to the destination specified in the inner packet header. These routed packets will have the source address field set to the address from the mobile node's home network prefix. 5.4. Local Mobility Anchor Address Discovery Dynamic Home Agent Address Discovery, as explained in Section 10.5 of [RFC-3775], allows a mobile node to discover all the home agents on its home link by sending an ICMP Home Agent Address Discovery Request message to the Mobile IPv6 Home-Agents anycast address, derived from its home network prefix. In Proxy Mobile IPv6, the address of the local mobility anchor configured to serve a mobile node can be discovered by the mobility entities in one or more ways. This MAY be a configured entry in the mobile node's policy profile, or it MAY be obtained through mechanisms outside the scope of this document. It is important to note that there is little value in using DHAAD message in the current form for discovering the local mobility anchor address dynamically. As a mobile node moves from one mobile access gateway to the another, the serving mobile access gateway will not predictably be able to locate the serving local mobility anchor for that mobile that has its binding cache entry for the mobile node. Hence, this specification does not support Dynamic Home Agent Address Discovery protocol. 5.5. Sequence Number and Time-Stamps for Message Ordering Mobile IPv6 [RFC-3775] uses the Sequence Number field in registration messages as a way to ensure the correct packet ordering. The local mobility anchor and the mobile node are required to manage this counter over the lifetime of a binding. In Proxy Mobile IPv6, the Proxy Binding Update messages that the local mobility anchor receives on behalf of a specific mobile node may not be from the same mobile access gateway as the previously received message. It creates certain ambiguity and the local mobility anchor will not be predictably order the messages. This could lead to the local mobility anchor processing an older message from a mobile access gateway where the mobile node was previously attached, while ignoring the latest binding update message. Gundavelli, et al. Expires December 20, 2007 [Page 16] Internet-Draft Proxy Mobile IPv6 June 2007 In the Proxy Mobile IPv6, the ordering of packets has to be established across packets received from multiple senders. The sequence number scheme as specified in [RFC-3775] will not be sufficient. A global scale, such as a time stamp, can be used to ensure the correct ordering of the packets. This document proposes the use of a Time Stamp Option, specified in Section 8.4, in all Proxy Binding Update messages sent by mobile access gateways. By leveraging the NTP [RFC-1305] service, all the entities in Proxy Mobile IPv6 domain will be able to synchronize their respective clocks. Having a time stamp option in Proxy Binding Update messages will enable the local mobility anchor to predictably identify the latest message from a list of messages delivered in an out-of-order fashion. The Proxy Mobile IPv6 model, defined in this document requires the Proxy Binding Update messages sent by the mobile access gateway to have the Time Stamp option. The local mobility anchor processing a proxy registration MUST ignore the sequence number field and MUST the value from the Time Stamp option to establish ordering of the received Binding Update messages. If the local mobility anchor receives a Proxy Binding Update message with an invalid Time Stamp Option, the Proxy Binding Update MUST be rejected and a Proxy Binding Acknowledgement MUST be returned in which the Status field is set to 148 (invalid time stamp option). In the absence of Time Stamp option in the Proxy Binding Update, the entities can fall back to Sequence Number scheme for message ordering, as defined in RFC-3775. However, the specifics on how different mobile access gateways synchronize the sequence number is outside the scope of this document. When using the Time Stamp Option, the local mobility anchor or the mobile access gateway MUST set the timestamp field to a 64-bit value formatted as specified by the Network Time Protocol [RFC-1305]. The low-order 32 bits of the NTP format represent fractional seconds, and those bits which are not available from a time source SHOULD be generated from a good source of randomness. 5.6. Route Optimizations Considerations Mobile IPv6 route optimization, as defined in [RFC-3775], enables a mobile node to communicate with a corresponding node directly using its care-of address and further the Return Routability procedure enables the corresponding node to have reasonable trust that the mobile node owns both the home address and care-of address. In the Proxy Mobile IPv6 model, the mobile is not involved in any mobility related signaling and also it does not operate in the dual- Gundavelli, et al. Expires December 20, 2007 [Page 17] Internet-Draft Proxy Mobile IPv6 June 2007 address mode. Hence, the return routability procedure as defined in RFC-3775 is not applicable for the proxy model. 5.7. Mobile Prefix Discovery Considerations The ICMP Mobile Prefix Advertisement message, described in Section 6.8 and Section 11.4.3 of [RFC-3775], allows a home agent to send a Mobile Prefix Advertisement to the mobile node. In Proxy Mobile IPv6, the mobile node's home network prefix is hosted on the access link connected to the mobile access gateway. but topologically anchored on the local mobility anchor. Since, there is no physical home-link for the mobile node's home network prefix on the local mobility anchor and as the mobile is always on the link where the prefix is hosted, any prefix change messages can just be advertised by the mobile access gateway on the access link and thus there is no applicability of this message for Proxy Mobile IPv6. This specification does not use Mobile Prefix Discovery. 5.8. Signaling Considerations 5.8.1. Initial Proxy Binding Registration Upon receiving a Proxy Binding Update message from a mobile access gateway on behalf of mobile node, the local mobility anchor MUST process the request as defined in Section 10, of the base Mobile IPv6 specification [RFC-3775], with one exception that this request is a proxy request, the sender is not the mobile node and so the message has to be processed with the considerations explained in this section. The local mobility anchor MUST apply the required policy checks, as explained in Section 4.0 of this document to verify the sender is a trusted mobile access gateway, authorized to send Proxy Binding Updates requests on behalf of that mobile nodes, using its own identity. The local mobility anchor must check the local/remote policy store to ensure the requesting node is authorized to send Proxy Binding Update messages. The local mobility anchor MUST use the MN-Identifier from the NAI option of the Proxy Binding Update message for identifying the mobile node. The local mobility anchor MUST ignore the sequence number field in the Proxy Binding Updates requests, if the Time-Stamp Option is present in the message. It must also skip all the checks related to sequence number that are required as per the Mobile IPv6 specification [RFC-3775]. However, the received sequence number MUST Gundavelli, et al. Expires December 20, 2007 [Page 18] Internet-Draft Proxy Mobile IPv6 June 2007 be copied and returned in the Proxy Binding Acknowledgement message sent to the mobile access gateway. The local mobility anchor before accepting a Proxy Binding Update request containing the Home Network Prefix Option with a specific prefix, MUST ensure the prefix is owned by the local mobility anchor and further the mobile node is authorized to use that prefix. If the Home Network Prefix Option has the value 0::/0, the local mobility anchor MUST allocate a prefix for the mobile node and send a Proxy Binding Acknowledgement message with the Home Network Prefix Option containing the allocated value. The specific details on how the local mobility anchor allocates the home network prefix is outside the scope of this document. Upon accepting a Proxy Binding Update request from a mobile access gateway, the local mobility anchor must check if there exists a binding cache entry for that mobile node, identified using the MN- Identifier, that was created due to a direct registration from the mobile node. If there exists a binding cache entry with the proxy registration flag turned off, the local mobility anchor MUST NOT modify that binding state, instead it must create a tentative binding cache entry and update the tentative binding cache entry fields of that binding cache entry. Upon receiving a Binding Update request from a mobile node with lifetime value set to 0, from a tunnel between itself and a trusted mobile access gateway, the local mobility anchor upon accepting that de-registration message, MUST forward the Binding Acknowledgement message in the tunnel from where it received the Binding Update request. It must also replace the binding cache entry with the tentative binding cache entry and enable routing for the mobile node's home network prefix through the proxy mobile IPv6 tunnel. Upon accepting this Proxy Binding Update message, the local mobility anchor must create a Binding Cache entry and must set up a tunnel to the mobile access gateway serving the mobile node. This bi- directional tunnel between the local mobility anchor and the mobile access gateway is used for routing the mobile node's traffic. The Proxy Binding Acknowledgment message must be constructed as shown below. IPv6 header (src=LMAA, dst=Proxy-CoA) Mobility header -BA /*P flag is set*/ Mobility Options - Home Network Prefix Option Gundavelli, et al. Expires December 20, 2007 [Page 19] Internet-Draft Proxy Mobile IPv6 June 2007 - TimeStamp Option (optional) - NAI Option Proxy Binding Acknowledgment message contents 5.8.2. Extending the binding lifetime Upon accepting the Proxy Binding Update request for extending the lifetime of a currently active binding, the local mobility anchor MUST update the lifetime for that binding and send a Proxy Binding Acknowledgment message to the mobile access gateway. The Proxy Binding Acknowledgment message MUST be constructed as specified in Section 5.8.1. 5.8.3. De-registration of the binding Upon accepting the Proxy Binding Update request sent with the lifetime value of zero, the local mobility anchor MUST delete the binding from its Binding Cache and MUST send a Proxy Binding Acknowledgment message to the mobile access gateway. The message MUST be constructed as specified in Section 6.9.1. The local mobility anchor MUST also remove the prefix route over the tunnel for that mobile node's home network prefix. 5.9. Local Mobility Anchor Operational Summary o For supporting this scheme, the local mobility anchor MUST satisfy all the requirements listed in Section 8.4 of Mobile IPv6 specification [RFC-3775] with the following considerations. o For supporting the per-MN-Prefix addressing model as defined in this specification, the local mobility anchor service MUST NOT be tied to a specific interface. It SHOULD be able to accept Proxy Binding Update requests sent to any of the addresses configured on any of its interfaces. o The requirement for a home agent to maintain a list of home agents for a mobile node's home link is not applicable for the local mobility anchor, when supporting Per-MN-Prefix addressing model. o The local mobility anchors SHOULD drop all HoTI messages received for a home address that has corresponding Binding Cache entry with the proxy registration flag set. o The local mobility anchor must handle the mobile node's data traffic as explained in the Routing Considerations section of this Gundavelli, et al. Expires December 20, 2007 [Page 20] Internet-Draft Proxy Mobile IPv6 June 2007 document. 6. Mobile Access Gateway Operation The Proxy Mobile IPv6 scheme specified in this document, introduces a new functional entity, the Mobile Access Gateway (MAG). It is the entity that detects the mobile node's movements and initiates the signaling with the mobile node's local mobility anchor for updating the route to the mobile node's home address. In essence, the mobile access gateway performs mobility management on behalf of the mobile node. From the perspective of the local mobility anchor, the mobile access gateway is a special element in the network that sends Mobile IPv6 signaling messages on behalf of a mobile node, but using its own identity. It is the entity that binds the mobile node's home address to an address on its own access interface. The mobile access gateway has the following functional roles. o Responsible for detecting the mobile node's attachment or detachment on the connected access link and for initiating the mobility signaling with the mobile node's local mobility anchor. o Emulation of the mobile node's home link on the access link. o Registering the binding state at the mobile node's local mobility anchor. o Responsible for setting up the data path for enabling the mobile node to use an address from its home network prefix and use it from the access link. The mobile access gateway is a function that typically runs on an access router. However, implementations MAY choose to split this function and run it across multiple systems. The specifics on how that is achieved is beyond the scope of this document. 6.1. Supported Access Link Types This specification supports only point-to-point access link types and thus it assumes that the link between the mobile node and the mobile access gateway is a dedicated link and that the mobile node and the mobile access gateway are the only two nodes present on that link. The assumed properties for the point-to-point link type are just as assumed by the Neighbor Discovery specification [RFC-2461] for that link type. The link is assumed to have multicast capability and the Gundavelli, et al. Expires December 20, 2007 [Page 21] Internet-Draft Proxy Mobile IPv6 June 2007 interfaces connecting to the link can be configured with a link-local address. Support for shared links or other link types is left for the future work. 6.2. Supported Home Network Prefix Models This specification supports Per-MN-Prefix model and does not support Shared-Prefix model. As per the Per-MN-Prefix model, there will be a unique home network prefix assigned for each mobile node and no other host shares an address from that prefix. The prefix is always hosted on the access link where the mobile node is anchored. Conceptually, the prefix follows the mobile node as it moves within the proxy mobile IPv6 domain. However, from the routing perspective, the home network prefix is topologically anchored on the local mobility anchor. 6.3. Supported Address Configuration Models A mobile node in the proxy mobile IPv6 domain can configure one or more IPv6 addresses on its interface using Stateless or Stateful address autoconfiguration procedures. The Router Advertisement messages sent on the access link, specify the address configuration methods permitted on that access link for that mobile node. The exact semantics of the flags that are enabled, the options that are carried in these advertisement messages is as per the Neighbor Discovery specification [RFC-2461]. However, the advertised flags with respect the address configuration will be consistent for a mobile node, on any of the access links in that proxy mobile IPv6 domain. Typically, these configuration settings will be based on the domain wide policy or based on a policy specific to each mobile node. This specification requires that all the mobile access gateways in a given proxy mobile IPv6 domain MUST ensure that the permitted address configuration procedures or the address configuration parameters that are sent in the Router Advertisements are consistent for a mobile node when attached to on any of the access links in the proxy mobile IPv6 domain. When stateless address autoconfiguration is supported on the link, the mobile node can generate one or more IPv6 addresses by combining the network prefix advertised on the access link with an interface identifier, using the techniques described in Stateless Autoconfiguration specification [RFC-2462] or in Privacy extension specification [RFC-3041]. When stateful address autoconfiguration is supported on the link, the mobile node obtains the address configuration from the DHCPv6 server Gundavelli, et al. Expires December 20, 2007 [Page 22] Internet-Draft Proxy Mobile IPv6 June 2007 using DHCPv6 client protocol, as specified in DHCPv6 specification [RFC-3315]. In addition to this, other address configuration mechanisms specific to the access link between the mobile node and the mobile access gateway may also be used for pushing the address configuration to the mobile node. 6.4. Access Authentication & Mobile Node Identification When a mobile node attaches to an access link connected to the mobile access gateway, the deployed access security protocols on that link will ensure that the network-based mobility management service is offered only after authenticating and authorizing the mobile node for that service. The exact specifics on how this is achieved or the interactions between the mobile access gateway and the access security service is outside the scope of this document. This specification goes with the stated assumption of having an established trust and a secured communication link between the mobile node and mobile access gateway, before the protocol operation begins. The specification also requires that the mobile access gateway MUST be able to identify the mobile node by its MN-Identifier and it must also be able to associate this identity to the sender of any IPv4 or IPv6 packets on the access link. The mobile access gateway MUST also be able to obtain the mobile node's policy profile using the MN- Identifier. 6.5. Mobile Node's Policy Profile A mobile node's policy profile contains the essential operational parameters that are required by the network entities for managing the mobile node's mobility service. These policy profiles are stored in a local or a remote policy store, the mobile access gateway and the local mobility anchor MUST be able to obtain a mobile node's policy profile using its MN-Identifier. The policy profile may also be handed over to a serving mobile access gateway as part of a context transfer procedure during a handoff. The exact details on how this achieved is outside the scope of this document. However, this specification requires that a mobile access gateway serving a mobile node MUST have access to its policy profile. The following are the mandatory fields of the policy profile: o The mobile node's identifier (MN-Identifier) o The IPv6 address of the local mobility anchor (LMAA) Gundavelli, et al. Expires December 20, 2007 [Page 23] Internet-Draft Proxy Mobile IPv6 June 2007 o Supported address configuration procedures on the link (Stateful, Stateless or both) The following are the optional fields of the policy profile: o The mobile node's IPv6 home network prefix (MN-HoA) o The mobile node's IPv6 home network prefix length 6.6. Conceptual Data Structures Every mobile access gateway MUST maintain a Binding Update List for each currently attached mobile node. The Binding Update List is a conceptual data structure, described in Section 11.1 of Mobile IPv6 base specification [RFC-3775]. For supporting this specification, the conceptual Binding Update List data structure must be extended with the following new additional fields. o The Identifier of the mobile node, MN-Identifier. o The MAC address of the mobile node's connected interface. o The IPv6 home network prefix of the mobile node. o The IPv6 home network prefix length of the mobile node. o The interface identifier of the point-to-point link to the mobile node. o The interface identifier of the tunnel between the mobile access gateway and the mobile node's local mobility anchor. 6.7. Home Network Emulation One of the key functions of a mobile access gateway is to emulate the mobile node's home network prefix on the access link. It must ensure, the mobile node believes it is still connected to its home link or on the link where it obtained its address configuration after it moved into that proxy mobile IPv6 domain. After detecting new mobile node on its access link and after a successful access authentication and authorization of the mobile node for network-based mobility service, the mobile access gateway MUST to emulate the mobile node's home link by sending the Router Advertisements with the mobile node's home network prefix as the hosted on-link prefix. The Router Advertisement MUST be sent in Gundavelli, et al. Expires December 20, 2007 [Page 24] Internet-Draft Proxy Mobile IPv6 June 2007 response to a Router Solicitation message that it received from the mobile node. The Router Advertisement messages MAY also be sent periodically, based on the interface configuration on the mobile access gateway. For emulating the mobile node's home link on the access link, the mobile access gateway must know the home network prefix of the mobile node for constructing the Router Advertisement. Typically and as a default method, the mobile access gateway learns the mobile node's home network prefix information from the Proxy Binding Acknowledgement message, it received in response to the Proxy Binding Update message that it sent to the mobile node's local mobility anchor for that mobile node. However, it is also possible, the mobile node's home network prefix information may be statically configured in the mobile node's policy profile or it may be handed over to the mobile access gateway as part of a context transfer procedure. If the mobile access gateway can predictably know the mobile node's home network prefix information, it MAY choose to send the Router Advertisement prior to receiving the Proxy Binding Acknowledgement message from the local mobility anchor. However, in the event, the local mobility anchor rejects the Proxy Binding Update message, or if the prefix that is received from the local mobility anchor for that mobile node is a different prefix than what the mobile access gateway previously advertised, the mobile access gateway MUST withdraw the prefix by sending a Router Advertisement message with zero lifetime for the prior advertised prefix. If the access link connecting the mobile access gateway and the mobile node is a point-to-point link, the Router Advertisements advertising a specific home network prefix is received only by the respective mobile node and hence there is clearly a unique link for each mobile node that is attached to that mobile access gateway. 6.7.1. Home Network Prefix Renumbering If the mobile node's home network prefix gets renumbered or becomes invalid during the middle of a mobility session, the mobile access gateway MUST withdraw the prefix by sending a Router Advertisement on the access link with zero prefix lifetime for the mobile node's home network prefix. Also, the local mobility anchor and the mobile access gateway MUST delete the routing state for that prefix. However, the specific details on how the local mobility anchor notifies the mobile access gateway is outside the scope of this document. Gundavelli, et al. Expires December 20, 2007 [Page 25] Internet-Draft Proxy Mobile IPv6 June 2007 6.8. Link-Local and Global Address Uniqueness A mobile node in the proxy mobile IPv6 domain, as it moves from one mobile access gateway to the other, it will continue to detect its home network and thus making the node believe it is still on the same link. Every time the mobile node attaches to a new link, the event related to the interface state change, will trigger the mobile node to perform DAD operation on the link-local and global addresses. However, if the node is DNAv6 enabled, as specified in [ID-DNAV6], it may not detect the link change due to DNAv6 optimizations and hence it will not trigger the duplicate address detection (DAD) procedure for establishing the link-local address uniqueness on that new link. Further, if the mobile node uses an interface identifier that is not based on EUI-64 identifier, such as specified in IPv6 Stateless Autoconfiguration specification [RFC-2462], there is a possibility, with the odds of 1 to billion, of a link-local address collision between the two neighbors, the mobile node and the mobile access gateway. One of the workarounds for this issue is to set the DNAv6 configuration parameter, DNASameLinkDADFlag to TRUE and that will force the mobile node to redo DAD operation every time the interface comes up, even when DNAv6 does detect a link change . However, this issues will not impact point-to-point links based on PPP session. Each time the mobile node moves and attaches to a new mobile access gateway, either the PPP session [RFC-1661] is reestablished or the PPP session may be moved as part of context transfer procedures between the old and the new mobile access gateway. When the mobile node tries to establish a PPP session with the mobile access gateway, the PPP goes through the Network layer Protocol phase and the IPv6 Control Protocol, IPCP6 [RFC-2472] gets triggered. Both the PPP peers negotiate a unique identifier using Interface- Identifier option in IPV6CP and the negotiated identifier is used for generating a unique link-local address on that link. Now, if the mobile node moves to a new mobile access gateway, the PPP session gets torn down with the old mobile access gateway and a new PPP session gets established with the new mobile access gateway, and the mobile node obtains a new link-local address. So, even if the mobile node is DNAv6 capable, the mobile node always configures a new link- local address when ever it moves to a new link. If the PPP session state is moved to the new mobile access gateway, as part of context transfer procedures that are in place, there will not be any change to the interface identifiers of the two nodes on that point-to-point change. The whole link is moved to the new Gundavelli, et al. Expires December 20, 2007 [Page 26] Internet-Draft Proxy Mobile IPv6 June 2007 mobile access gateway and there will not be any need for establishing link-local address uniqueness on that link. This issue is not relevant to the mobile node's global address. Since, there is a unique home network prefix for each mobile node, the uniqueness for the mobile node's global address is ensured on the access link. 6.9. Signaling Considerations 6.9.1. Initial Attachment and binding registration After detecting a new mobile node on its access link after a successful access authentication and authorization, the mobile access gateway MUST send a Proxy Binding Update message to the mobile node's local mobility anchor. The Proxy Binding Update message must be constructed as shown below. IPv6 header (src=Proxy-CoA, dst=LMAA) Mobility header -BU /*P flag is set*/ Mobility Options - Home Network Prefix Option* - TimeStamp Option (optional) - NAI Option *Home Network Prefix option may contain 0::/0 or a specific prefix. Proxy Binding Update message contents The Proxy Binding Update message that the mobile access gateway sends to the mobile node's local mobility anchor MUST have the NAI option, identifying the mobile node, the Home Network Prefix option and optionally the Time Stamp option SHOULD be present. The Time Stamp option is not required if the mobile access gateway can send a valid sequence number that matches the sequence number maintained by the local mobility anchor for that mobile node in its binding cache entry. The message MUST be protected by using IPsec ESP, using the security association existing between the local mobility anchor and the mobile access gateway, created either dynamically or statically. If the mobile access gateway learns the mobile node's home network prefix either from its policy store or from other means, the mobile access gateway MAY choose to specify the same in the Home Network Prefix option for requesting the local mobility anchor to register Gundavelli, et al. Expires December 20, 2007 [Page 27] Internet-Draft Proxy Mobile IPv6 June 2007 that prefix. If the specified value is 0::/0, then the local mobility anchor will allocate a prefix to the mobile node. After receiving a Proxy Binding Acknowledgment with the status code indicating the acceptance of the Proxy Binding Update, the mobile access gateway MUST setup a tunnel to the mobile node's local mobility anchor, as explained in section 6.10. The mobile access gateway MUST also add a policy route for tunneling all the packets that it receives from the mobile node to its local mobility anchor. If the local mobility anchor rejects the Proxy Binding Update message, the mobile access gateways MUST NOT advertise the mobile node's home prefix on the access link and there by denying mobility service to the mobile node. 6.9.2. Extending the binding lifetime For extending the lifetime of a currently existing binding at the local mobility, the mobile access gateway MUST send a Proxy Binding Update message with a specific lifetime. The message MUST be constructed as specified in Section 6.9.1. 6.9.3. De-registration of the binding At any point, the mobile access gateway detects that the mobile node has moved away from its access link, it MUST send a Proxy Binding Update message to the mobile node's local mobility anchor with the lifetime value set to zero. The message MUST be constructed as specified in Section 6.9.1. The mobile access gateway MUST also remove the default route over the tunnel for that mobile node and delete the Binding Update List for that mobile node, either upon receiving an Proxy Binding Acknowledgment message from the local mobility anchor or after a certain timeout waiting for the acknowledgment message. 6.10. Routing Considerations This section describes how the mobile access gateway handles the traffic to/from the mobile node that is attached to one of its access interface. Proxy-CoA LMAA | | +--+ +---+ +---+ +--+ |MN|----------|MAG|======================|LMA|----------|CN| +--+ +---+ +---+ +--+ Gundavelli, et al. Expires December 20, 2007 [Page 28] Internet-Draft Proxy Mobile IPv6 June 2007 IPv6 Tunnel 6.10.1. Transport Network The transport network between the local mobility anchor and the mobile access can be either an IPv6 or IPv4 network. However, this specification only deals with the scenario where the transport network between the mobility entities is IPv6-only and requires reachability between the local mobility anchor and the mobile access gateway over IPv6 transport. Just as in Mobile IPv6 specification [RFC-3775], the negotiated tunnel transport between the local mobility anchor and the mobile access gateway is IPv6, by default. The companion document, IPv4 support for Proxy Mobile IPv6 [IPv4- PMIP6-SPEC] specifies the required extensions for negotiating IPv4 tunneling mechanism and a specific encapsulation mode for supporting this protocol operation over IPv4 transport network. 6.10.2. Tunneling & Encapsulation Modes The IPv6 address that a mobile node uses from its home network prefix is topologically anchored at the local mobility anchor. For a mobile node to use this address from an access network attached to a mobile access gateway, proper tunneling techniques have to be in place. Tunneling hides the network topology and allows the mobile node's IPv6 datagrams to be encapsulated as a payload of another IPv6 packet and be routed between the local mobility anchor and the mobile access gateway. The Mobile IPv6 base specification [RFC-3775] defines the use of IPv6-over-IPv6 tunneling, between the home agent and the mobile node and this specification extends the use of the same tunneling mechanism between the local mobility anchor and the mobile access gateway. On most operating systems, tunnels are implemented as a virtual point-to-point interface. The source and the destination address of the two end points of this virtual interface along with the encapsulation mode are specified for this virtual interface. Any packet that is routed over this interface, get encapsulated with the outer header and the addresses as specified for that point to point tunnel interface. For creating a point to point tunnel to any local mobility anchor, the mobile access gateway may implement a tunnel interface with the source address field set to its Proxy-CoA address and the destination address field set to the LMA address. The following are the supported packet encapsulation modes that can be used by the mobile access gateway and the local mobility anchor for routing mobile node's IPv6 datagrams. Gundavelli, et al. Expires December 20, 2007 [Page 29] Internet-Draft Proxy Mobile IPv6 June 2007 o IPv6-In-IPv6 - IPv6 datagram encapsulated in an IPv6 packet. This mechanism is defined in the Generic Packet Tunneling for IPv6 specification [RFC-2473]. o IPv6-In-IPv4 - IPv6 datagram encapsulation in an IPv4 packet. The details related to this encapsulation mode and the specifics on how this mode is negotiated is specified in the companion document, IPv4 support for Proxy Mobile IPv6 [ID-IPv4-PMIP6]. o IPv6-In-IPv4-UDP - IPv6 datagram encapsulation in an IPv4 UDP packet. The details related to this mode are covered in the companion document, IPv4 support for Proxy Mobile IPv6 [IPv4- PMIP6-SPEC]. 6.10.3. Routing State The following section explain the routing state for a mobile node on the mobile access gateway. This routing state reflects only one specific way of implementation and one MAY choose to implement it in other ways. The policy based route defined below acts as a traffic selection rule for routing a mobile node's traffic through a specific tunnel created between the mobile access gateway and that mobile node's local mobility anchor and with the specific encapsulation mode, as negotiated. The below example identifies the routing state for two visiting mobile nodes, MN1 and MN2 with their respective local mobility anchors LMA1 and LMA2. For all traffic from the mobile node, identified by the mobile node's MAC address, ingress interface or source prefix (MN-HNP) to _ANY_DESTINATION_ route via interface tunnel0, next-hop LMAA. +==================================================================+ | Packet Source | Destination Address | Destination Interface | +==================================================================+ | MAC_Address_MN1, | _ANY_DESTINATION_ | Tunnel0 | | (IPv6 Prefix or |----------------------------------------------| | Input Interface) | Locally Connected | Tunnel0 | +------------------------------------------------------------------+ | MAC_Address_MN2 | _ANY_DESTINATION_ | Tunnel1 | + -----------------------------------------------| | | Locally Connected | direct | +------------------------------------------------------------------+ Example - Policy based Route Table Gundavelli, et al. Expires December 20, 2007 [Page 30] Internet-Draft Proxy Mobile IPv6 June 2007 +==================================================================+ | Interface | Source Address | Destination Address | Encapsulation | +==================================================================+ | Tunnel0 | Proxy-CoA | LMAA1 | IPv6-in-IPv6 | +------------------------------------------------------------------+ | Tunnel1 |IPv4-Proxy-CoA | IPv4-LMA2 | IPv6-in-IPv4 | +------------------------------------------------------------------+ Example - Tunnel Interface Table 6.10.4. Local Routing If there is data traffic between a visiting mobile node and a corresponding node that is locally attached to an access link connected to the mobile access gateway, the mobile access gateway MAY optimize on the delivery efforts by locally routing the packets and by not reverse tunneling them to the mobile node's local mobility anchor. However, this has an implication on the mobile node's accounting and policy enforcement as the local mobility anchor is not in the path for that traffic and it will not be able to apply any traffic policies or do any accounting for those flows. This decision of path optimization SHOULD be based on the configured policy configured on the mobile access gateway, but enforced by the mobile node's local mobility anchor. The specific details on how this is achieved is beyond of the scope of this document. 6.10.5. Tunnel Management All the considerations mentioned in Section 5.2, for the tunnel management on the local mobility anchor apply for the mobile access gateway as well. As explained in Section 5.2, the life of the Proxy Mobile IPv6 tunnel should not be based on a single visiting mobile node's lifetime. The tunnel may get created as part of creating a mobility state for a visiting mobile node and later the same tunnel may be associated with other mobile nodes. So, the tearing down logic of the tunnel must be based on the number of visitors over that tunnel. 6.10.6. Forwarding Rules Upon receipt of an encapsulated packet sent to its configured Proxy- CoA address i.e. on receiving a packet from a tunnel, the mobile access gateway MUST use the destination address of the inner packet for forwarding it to the interface where the prefix for that address is hosted. The mobile access gateway MUST remove the outer header Gundavelli, et al. Expires December 20, 2007 [Page 31] Internet-Draft Proxy Mobile IPv6 June 2007 before forwarding the packet. If the mobile access gateway cannot find the connected interface for that destination address, it MUST silently drop the packet. For reporting an error in such scenario, in the form of ICMP control message, the considerations from Generic Packet Tunneling specification [RFC-2473] apply. On receiving a packet from a mobile node connected to its access link, the mobile access gateway MUST ensure that there is an established binding for that mobile node with its local mobility anchor before forwarding the packet directly to the destination or before tunneling the packet to the mobile node's local mobility anchor. On receiving a packet from a mobile node connected to its access link, to a destination that is locally connected, the mobile access gateway MUST check the configuration variable, EnableMAGLocalRouting, to ensure the mobile access gateway is allowed to route the packet directly to the destination. If the mobile access gateway is not allowed to route the packet directly, it MUST route the packet through the bi-directional tunnel established between itself and the mobile's local mobility anchor. On receiving a packet from the mobile node to any destination i.e. not directly connected to the mobile access gateway, the packet MUST be forwarded to the local mobility anchor through the bi-directional tunnel established between itself and the mobile's local mobility anchor. However, the packets that are sent with the link-local source address MUST not be forwarded. 6.11. Interaction with DHCP Relay Agent If Stateful Address Configuration using DHCP is supported on the link on which the mobile node is attached, the DHCP relay agent [RFC-3315] needs to be configured on the access router. When the mobile node sends a DHCPv6 Request message, the relay agent function on the access router MUST set the link-address field in the DHCPv6 message to the mobile node's home network prefix, so as to provide a prefix hint to the DHCP Server. Since, the access link is a point-to-point link with the configured mobile node's prefix as the on-link prefix, the normal DHCP relay agent configuration on the MAG will ensure the prefix hint is set to the mobile node's home network prefix. 6.12. Mobile Node Detachment Detection and Resource Cleanup Before sending a Proxy Binding Update message to the local mobility anchor for extending the lifetime of a currently existing binding of a mobile node, the mobile access gateway MUST make sure the mobile node is still attached to the connected link by using some reliable Gundavelli, et al. Expires December 20, 2007 [Page 32] Internet-Draft Proxy Mobile IPv6 June 2007 method. If the mobile access gateway cannot predictably detect the presence of the mobile node on the connected link, it MUST NOT attempt to extend the registration lifetime of the mobile node. Further, in such scenario, the mobile access gateway MUST terminate the binding of the mobile node by sending a Proxy Binding Update message to the mobile node's local mobility anchor with lifetime value set to 0. It MUST also remove any local state such as the Binding Update List created for that mobile node. The specific detection mechanism of the loss of a visiting mobile node on the connected link is specific to the access link between the mobile node and the mobile access gateway and is outside the scope of this document. Typically, there are various link-layer specific events specific to each access technology that the mobile access gateway can depend on for detecting the node loss. In general, the mobile access gateway can depend on one or more of the following methods for the detection presence of the mobile node on the connected link: o Link-layer event specific to the access technology o PPP Session termination event on point-to-point link types o IPv6 Neighbor Unreachability Detection event from IPv6 stack o Notification event from the local mobility anchor o Absence of data traffic from the mobile node on the link for a certain duration of time 6.13. Allowing network access to other IPv6 nodes In some proxy mobile IPv6 deployments, network operators may want to provision the mobile access gateway to offer network-based mobility management service only to some visiting mobile nodes and enable just regular IPv6/IPv4 access to some other nodes attached to that mobile access gateway. This requires the network to have the control on when to enable network-based mobility management service to a mobile node and when to enabled a regular IPv6 access. This specification does not disallow such configuration. Upon obtaining the mobile node's profile after a successful access authentication and after a policy consideration, the mobile access gateway MUST determine if the network based mobility service should be offered to that mobile node. If the mobile node is entitled for such service, then the mobile access gateway must ensure the mobile node believes it is on its home link, as explained in various sections of this specification. Gundavelli, et al. Expires December 20, 2007 [Page 33] Internet-Draft Proxy Mobile IPv6 June 2007 If the mobile node is not entitled for the network-based mobility management service, as enforced by the policy, the mobile access gateway MAY choose to offer regular IPv6 access to the mobile node and hence the normal IPv6 considerations apply. If IPv6 access is enabled, the mobile node SHOULD be able to obtain any IPv6 address using normal IPv6 address configuration mechanisms. The obtained address must be from a local visitor network prefix. This essentially ensures, the mobile access gateway functions as any other access router and does not impact the protocol operation of a mobile node attempting to use host-based mobility management service when it attaches to an access link connected to a mobile access gateway in a proxy mobile IPv6 domain. 7. Mobile Node Operation This non-normative section discusses the mobile node's operation in a Proxy Mobile IPv6 domain. Once the mobile node enters a Proxy Mobile IPv6 domain and attaches to an access network and after the access authentication, the network ensures, the mobile using any of the address configuration mechanisms permitted by the network for that mobile node, will be able to obtain an address and move anywhere in that proxy mobile IPv6 domain. From the perspective of the mobile, the entire proxy mobile IPv6 domain appears as a single link, the network ensures the mobile believes it is always on the same link. The mobile node can be operating in an IPv4-only mode, IPv6-only mode or in dual IPv4/IPv6 mode. However, the specific details on how the IPv4 network-based mobility management service is offered to the mobile node is specified in the companion document, IPv4 Support for Proxy Mobile IPv6 [ID-IPV4-PMIP6]. Typically, the configured policy in the network determines if the mobile node is authorized for IPv6, IPv4 or IPv6/IPv4 home address mobility. If the configured policy for a mobile node is for IPv6- only home address mobility, the mobile node will be able to obtain its IPv6 home address, any where in that Proxy Mobile IPv6 domain, otherwise the obtained address will be from a local prefix and not from a prefix that is topologically anchored at the local mobility anchor and hence the mobile will loose that address after it moves to a new link. 7.1. Booting up in a Proxy Mobile IPv6 Domain When a mobile node moves into a proxy mobile IPv6 domain and attaches Gundavelli, et al. Expires December 20, 2007 [Page 34] Internet-Draft Proxy Mobile IPv6 June 2007 to an access link, the mobile node will present its identity, MN- Identity, to the network as part of the access authentication procedure. Once the authentication procedure is complete and the mobile node is authorized to access the network, the network or specifically the mobile access gateway on the access link will have the mobile node's profile and so it would know the mobile node's home network prefix and the permitted address configuration modes. The mobile node's home network prefix may also be dynamically assigned by the mobile node's local mobility anchor and the same may be learnt by the mobile access gateway. If the mobile node is IPv6 enabled, on attaching to the link and after access authentication, the mobile node typically would send a Router Solicitation message. The mobile access gateway on the attached link will respond to the Router Solicitation message with a Router Advertisement. The Router Advertisement will have the mobile node's home network prefix, default-router address and other address configuration parameters. The address configuration parameters such as Managed Address Configuration, Stateful Configuration flag values will typically be consistent through out that domain for that mobile node. If the Router Advertisement has the Managed Address Configuration flag set, the mobile node, as it would normally do, will send a DHCPv6 Request and the mobile access gateway on that access link will ensure, the mobile node gets an address from its home network prefix as a lease from the DHCP server. If the Router Advertisement does not have the Managed Address Configuration flag set and if the mobile node is allowed to use an autoconfigured address, the mobile node will generate an interface identifier, as per the Autoconf specification [RFC-2462] or using privacy extensions as specified in Privacy Extensions specification [RFC-3041]. If the mobile node is IPv4 enabled or IPv4-only enabled, the mobile node after the access authentication, will be able to obtain the IPv4 address configuration for the connected interface by using DHCPv4. Once the address configuration is complete, the mobile node can continue to use the obtained address configuration as long as it is with in the scope of that Proxy Mobile IPv6 domain. 7.2. Roaming in the Proxy Mobile IPv6 Network After booting in the Proxy Mobile IPv6 domain and obtaining the address configuration, the mobile node as it roams in the network between access links, will always detect its home network prefix on Gundavelli, et al. Expires December 20, 2007 [Page 35] Internet-Draft Proxy Mobile IPv6 June 2007 the link, as long as the attached access network is in the scope of that Proxy Mobile IPv6 domain. The mobile node can continue to use its IPv4/IPv6 MN-HoA for sending and receiving packets. If the mobile node uses DHCP for address configuration, it will always be able to obtain its MN-HoA using DHCP. However, the mobile node will always detect a new default-router on each connected link, but still advertising the mobile node's home network prefix as the on-link prefix and with the other configuration parameters consistent with its home link properties. 7.3. IPv6 Host Protocol Parameters This specification assumes the mobile node to be a normal IPv6 node, with its protocol operation consistent with the base IPv6 specification [RFC-2460]. All aspects of Neighbor Discovery Protocol, including Router Discovery, Neighbor Discovery, Address Configuration procedures will just remain consistent with the base IPv6 Neighbor Discovery Specification [RFC-2461]. However, this specification recommends that the following IPv6 operating parameters on the mobile node be adjusted to the below recommended values for protocol efficiency and for achieving faster hand-offs. Lower Default-Router List Cache Time-out: As per the base IPv6 specification [RFC-2460], each IPv6 host will maintain certain host data structures including a Default-Router list. This is the list of on-link routers that have sent Router Advertisement messages and are eligible to be default routers on that link. The Router Lifetime field in the received Router Advertisement defines the life of this entry. In the Proxy Mobile IPv6 scenario, when the mobile node moves from one link to another, the received Router Advertisement messages advertising the mobile's home network prefix will be from a different link-local address and thus making the mobile node believe that there is a new default-router on the link. It is important that the mobile node uses the newly learnt default-router as supposed to the previously learnt default-router. The mobile node must update its default-router list with the new default router entry and must age out the previously learnt default router entry from its cache, just as specified in Section 6.3.5 of the base IPv6 ND specification [RFC- 2461]. This action is critical for minimizing packet losses during a hand off switch. On detecting a reachability problem, the mobile node will certainly detect the neighbor or the default-router unreachability by performing a Neighbor Unreachability Detection procedure, but it is Gundavelli, et al. Expires December 20, 2007 [Page 36] Internet-Draft Proxy Mobile IPv6 June 2007 important that the mobile node times out the previous default router entry at the earliest. If a given IPv6 host implementation has the provision to adjust these flush timers, still conforming to the base IPv6 ND specification, it is desirable to keep the flush-timers to suit the above consideration. However, if the mobile access gateway has the ability to withdraw the previous default-router entry, by sending a Router Advertisement using the link-local address that of the previous mobile access gateway and with the Router Lifetime field set to value 0, then it is possible to force the flush of the Previous Default-Router entry from the mobile node's cache. This certainly requires some context- transfer mechanisms in place for notifying the link-local address of the default-router on the previous link to the mobile access gateway on the new link. There are other solutions possible for this problem, including the assignment of a unique link-local address for all the mobile access gateways in a Proxy Mobile IPv6 domain. In any case, this is an implementation choice and has no bearing on the protocol interoperability. Implementations are free to adopt the best approach that suits their target deployments. 8. Message Formats This section defines extensions to the Mobile IPv6 [RFC-3775] protocol messages. 8.1. Proxy Binding Update 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sequence # | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |A|H|L|K|M|R|P| Reserved | Lifetime | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 9: Proxy Binding Update Message Gundavelli, et al. Expires December 20, 2007 [Page 37] Internet-Draft Proxy Mobile IPv6 June 2007 A Binding Update message that is sent by mobile access gateway is referred to as the Proxy Binding Update message. Proxy Registration Flag (P) The Proxy Registration Flag is set to indicate to the local mobility anchor that the Binding Update is from a mobile access gateway acting as a proxy mobility agent. The flag MUST be set to the value of 1 for proxy registrations and MUST be set to 0 for direct registrations sent by a mobile node when using host-base mobility. For descriptions of other fields present in this message, refer to the section 6.1.7 of Mobile IPv6 specification [RFC3775]. 8.2. Proxy Binding Acknowledgment 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Status |K|R|P|Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sequence # | Lifetime | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 10: Proxy Binding Acknowledgment Message A Binding Acknowledgment message that is sent by the local mobility anchor to the mobile access gateway is referred to as "Proxy Binding Acknowledgement". Proxy Registration Flag (P) A new flag (P) is included in the Binding Acknowledgement message to indicate that the local mobility anchor that processed the corresponding Proxy Binding Update message supports Proxy Registrations. The flag is set only if the corresponding Proxy Binding Update had the Proxy Registration Flag (P) set to value of 1. The rest of the Binding Acknowledgement format remains the same, as defined in [RFC-3775]. Gundavelli, et al. Expires December 20, 2007 [Page 38] Internet-Draft Proxy Mobile IPv6 June 2007 For descriptions of other fields present in this message, refer to the section 6.1.8 of Mobile IPv6 specification [RFC3775]. 8.3. Home Network Prefix Option A new option, Home Network Prefix Option is defined for using it in the Proxy Binding Update and Acknowledgment messages exchanged between the local mobility anchor and the mobile access gateway. This option can be used for exchanging the mobile node's home network prefix information. The home network prefix Option has an alignment requirement of 8n+4. Its format is as follows: Gundavelli, et al. Expires December 20, 2007 [Page 39] Internet-Draft Proxy Mobile IPv6 June 2007 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Reserved | Prefix Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | | + Home Network Prefix + | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type Length 8-bit unsigned integer indicating the length in octets of the option, excluding the type and length fields. This field MUST be set to 18. Reserved This field is unused for now. The value MUST be initialized to 0 by the sender and MUST be ignored by the receiver. Prefix Length 8-bit unsigned integer indicating the prefix length of the IPv6 prefix contained in the option. Home Network Prefix A sixteen-byte field containing the mobile node's IPv6 Home Network Prefix. Figure 11: Home Network Prefix Option 8.4. Time Stamp Option A new option, Time Stamp Option is defined for use in the Proxy Binding Update and Acknowledgement messages. This option can be used in Proxy Binding Update and Proxy Binding Acknowledgement messages. Gundavelli, et al. Expires December 20, 2007 [Page 40] Internet-Draft Proxy Mobile IPv6 June 2007 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Option Type | Option Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + Timestamp + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type Length 8-bit unsigned integer indicating the length in octets of the option, excluding the type and length fields. This field MUST be set to 8. Timestamp 64-bit time stamp Figure 12: Time Stamp Option 8.5. Status Codes This document defines the following new Binding Acknowledgement status values: 145: Proxy Registration not supported by the local mobility anchor 146: Proxy Registrations from this mobile access gateway not allowed 147: Home Network prefix for this NAI is not configured and the Home Network Prefix Option not present in the Proxy Binding Update. 148: Invalid Time Stamp Option in the received Proxy Binding Update message. Status values less than 128 indicate that the Binding Update was processed successfully by the receiving nodes. Values greater than 128 indicate that the Binding Update was rejected by the local mobility anchor. The value allocation for this usage needs to be approved by the IANA Gundavelli, et al. Expires December 20, 2007 [Page 41] Internet-Draft Proxy Mobile IPv6 June 2007 and must be updated in the IANA registry. 9. Protocol Configuration Variables The mobile access gateway MUST allow the following variables to be configured by the system management. EnableMAGLocalrouting This flag indicates whether or not the mobile access gateway is allowed to enable local routing of the traffic exchanged between a visiting mobile node and a corresponding node that is locally connected to one of the interfaces of the mobile access gateway. The corresponding node can be another visiting mobile node as well, or a local fixed node. The default value for this flag is set to "FALSE", indicating that the mobile access gateway MUST reverse tunnel all the traffic to the mobile node's local mobility anchor. When the value of this flag is set to "TRUE", the mobile access gateway MUST route the traffic locally. This aspect of local routing MAY be defined as policy on a per mobile basis and when present will take precedence over this flag. 10. IANA Considerations This document defines a two new Mobility Header Options, the Home Network Prefix Option and the Time Stamp Option. These options are described in Sections 8.3 and 8.5 respectively. The Type value for these options needs to be assigned from the same numbering space as allocated for the other mobility options, as defined in [RFC-3775]. This document also defines new Binding Acknowledgement status values as described in Section 8.5. The status values MUST be assigned from the same space used for Binding Acknowledgement status values, as defined in [RFC-3775]. 11. Security Considerations The potential security threats against any general network-based mobility management protocol are covered in the document, Security Threats to Network-Based Localized Mobility Management [RFC-4832]. This section analyses those vulnerabilities in the context of Proxy Gundavelli, et al. Expires December 20, 2007 [Page 42] Internet-Draft Proxy Mobile IPv6 June 2007 Mobile IPv6 protocol solution and covers all aspects around those identified vulnerabilities. A compromised mobile access gateway can potentially send Proxy Binding Update messages on behalf of the mobile nodes that are not attached to its access link. This threat is similar to an attack on a typical routing protocol or equivalent to the compromise of an on- path router. This threat exists in the network today and this specification does not make this vulnerability any worse than what it is. However, to eliminate this vulnerability, the local mobility anchor before accepting Proxy Binding Update message received from a mobile access gateway, MUST ensure the mobile node is attached to the mobile access gateway that sent the Proxy Binding Update message. This can be achieved using out of band mechanisms and the specifics of how that is achieved is beyond the scope of this document. This document does not cover the security requirements for authorizing the mobile node for the use of the access link. It is assumed that there are proper Layer-2/Layer-3 based authentication procedures, such as EAP, are in place and will ensure the mobile node is properly identified and authorized before permitting it to access the network. It is further assumed that the same security mechanism will ensure the mobile session is not hijacked by malicious nodes on the access link. This specification requires that all the signaling messages exchanged between the mobile access gateway and the local mobility anchor MUST be authenticated by IPsec [RFC-4301]. The use of IPsec to protect Mobile IPv6 signaling messages is described in detail in the HA-MN IPsec specification [RFC-3776] and the applicability of that security model to Proxy Mobile IPv6 protocol is covered in Section 4.0 of this document. As described in the base Mobile IPv6 specification [RFC-3775], both the mobile node (in case of Proxy Mobile IPv6, its the mobile access gateway) and the local mobility anchor MUST support and SHOULD use the Encapsulating Security Payload (ESP) header in transport mode and MUST use a non-NULL payload authentication algorithm to provide data origin authentication, data integrity and optional anti-replay protection. The proxy solution allows one device creating a routing state for some other device at the local mobility anchor. It is important that the local mobility anchor has proper authorization services in place to ensure a given mobile access gateway is permitted to be a proxy for a specific mobile node. If proper security checks are not in place, a malicious node may be able to hijack a session or may do a denial-of-service attacks. Gundavelli, et al. Expires December 20, 2007 [Page 43] Internet-Draft Proxy Mobile IPv6 June 2007 12. Acknowledgements The authors would like to specially thank Julien Laganier, Christian Vogt, Pete McCann, Brian Haley, Ahmad Muhanna, JinHyeock Choi for their thorough review of this document. The authors would also like to thank the Gerardo Giaretta, Kilian Weniger, Alex Petrescu, Mohamed Khalil, Fred Templing, Nishida Katsutoshi, James Kempf, Vidya Narayanan, Henrik Levkowetz, Phil Roberts, Jari Arkko, Ashutosh Dutta, Hesham Soliman, Behcet Sarikaya, George Tsirtsis and many others for their passionate discussions in the working group mailing list on the topic of localized mobility management solutions. These discussions stimulated much of the thinking and shaped the draft to the current form. We acknowledge that ! The authors would also like to thank Ole Troan, Akiko Hattori, Parviz Yegani, Mark Grayson, Michael Hammer, Vojislav Vucetic, Jay Iyer and Tim Stammers for their input on this document. 13. References 13.1. Normative References [RFC-1305] Mills, D., "Network Time Protocol (Version 3) Specification, Implementation", RFC 1305, March 1992. [RFC-2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification", RFC 2460, December 1998. [RFC-2461] Narten, T., Nordmark, E. and W. Simpson, "Neighbor Discovery for IP Version 6 (IPv6)", RFC 2461, December 1998. [RFC-2462] Thompson, S., Narten, T., "IPv6 Stateless Address Autoconfiguration", RFC 2462, December 1998. [RFC-2473] Conta, A. and S. Deering, "Generic Packet Tunneling in IPv6 Specification", RFC 2473, December 1998. [RFC-3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C. and M.Carney, "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", RFC 3315, July 2003. [RFC-3775] Johnson, D., Perkins, C., Arkko, J., "Mobility Support in IPv6", RFC 3775, June 2004. [RFC-3776] Arkko, J., Devarapalli, V., and F. Dupont, "Using IPsec to Gundavelli, et al. Expires December 20, 2007 [Page 44] Internet-Draft Proxy Mobile IPv6 June 2007 Protect Mobile IPv6 Signaling Between Mobile Nodes and Home Agents", RFC 3776, June 2004. [RFC-4283] Patel, A., Leung, K., Khalil, M., Akhtar, H., and K. Chowdhury, "Mobile Node Identifier Option for Mobile IPv6", RFC 4283, November 2005. [RFC-4301] Kent, S. and Atkinson, R., "Security Architecture for the Internet Protocol", RFC 4301, December 2005. [RFC-4303] Kent, S. "IP Encapsulating Security Protocol (ESP)", RFC 4303, December 2005. [RFC-4306] Kaufman, C, et al, "Internet Key Exchange (IKEv2) Protocol", RFC 4306, December 2005. [RFC-4830] Kempf, J., Leung, K., Roberts, P., Nishida, K., Giaretta, G., Liebsch, M., "Problem Statement for Network-based Localized Mobility Management", September 2006. [RFC-4831] Kempf, J., Leung, K., Roberts, P., Nishida, K., Giaretta, G., Liebsch, M., "Goals for Network-based Localized Mobility Management", October 2006. [RFC-4832] Vogt, C., Kempf, J., "Security Threats to Network-Based Localized Mobility Management", September 2006. [ID-IPV4-PMIP6] Wakikawa, R. and Gundavelli, S., "IPv4 Support for Proxy Mobile IPv6", draft-ietf-netlmm-pmip6-ipv4-support-00.txt, May 2007. [ID-DSMIP6] Soliman, H. et al, "Mobile IPv6 support for dual stack Hosts and Routers (DSMIPv6)", draft-ietf-mip6-nemo-v4traversal-03.txt, October 2006. 13.2. Informative References [RFC-1332] McGregor, G., "The PPP Internet Protocol Control Protocol (IPCP)", RFC 1332, May 1992. [RFC-1661] Simpson, W., Ed., "The Point-To-Point Protocol (PPP)", STD 51, RFC 1661, July 1994. [RFC-2472] Haskin, D. and Allen, E., "IP version 6 over PPP", RFC 2472, December 1998. [RFC-2434] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 2434, October 1998. Gundavelli, et al. Expires December 20, 2007 [Page 45] Internet-Draft Proxy Mobile IPv6 June 2007 [RFC-3041] Narten, T. and Draves, R., "Privacy Extensions for Stateless Address Autoconfiguration in IPv6", RFC 3041, January 2001. [RFC-3344] Perkins, C., "IP Mobility Support for IPv4", RFC 3344, August 2002. [RFC-3756] Nikander, P., Kempf, J., and E. Nordmark, "IPv6 Neighbor Discovery (ND) Trust Models and Threats", RFC 3756, May 2004. [ID-DNAV6] Kempf, J., et al "Detecting Network Attachment in IPv6 Networks (DNAv6)", draft-ietf-dna-protocol-03.txt, October 2006. [ID-MIP6-IKEV2] Devarapalli, V. and Dupont, F., "Mobile IPv6 Operation with IKEv2 and the revised IPsec Architecture", draft-ietf-mip6-ikev2-ipsec-08.txt, December 2006. Appendix A. Proxy Mobile IPv6 interactions with AAA Infrastructure Every mobile node that roams in a proxy Mobile IPv6 domain, would typically be identified by an identifier, MN-Identifier, and that identifier will have an associated policy profile that identifies the mobile node's home network prefix, permitted address configuration modes, roaming policy and other parameters that are essential for providing network-based mobility service. This information is typically configured in AAA. It is possible the home network prefix is dynamically allocated for the mobile node when it boots up for the first time in the network, or it could be a statically configured value on per mobile node basis. However, for all practical purposes, the network entities in the proxy Mobile IPv6 domain, while serving a mobile node will have access to this profile and these entities can query this information using RADIUS/DIAMETER protocols. Appendix B. Supporting Shared-Prefix Model using DHCPv6 For supporting shared-prefix model, i.e, if multiple mobile nodes are configured with a common IPv6 network prefix, as in Mobile IPv6 specification, it is possible to support that configuration under the following guidelines: The mobile node is allowed to use stateful address configuration using DHCPv6 for obtaining its address configuration. The mobile nodes is not allowed to use any of the stateless autoconfiguration techniques. The permitted address configuration models for the Gundavelli, et al. Expires December 20, 2007 [Page 46] Internet-Draft Proxy Mobile IPv6 June 2007 mobile node on the access link can be enforced by the mobile access gateway, by setting the relevant flags in the Router Advertisements, as per ND Specification, [RFC-2461]. The Home Network Prefix Option that is sent by the mobile access gateway in the Proxy Binding Update message, must contain the 128-bit host address that the mobile node obtained via DHCPv6. Routing state at the mobile access gateway: For all IPv6 traffic from the source MN-HoA::/128 to _ANY_DESTINATION_, route via tunnel0, next-hop LMAA, where tunnel0 is the MAG to LMA tunnel. Routing state at the local mobility anchor: For all IPv6 traffic to destination MN-HoA::/128, route via tunnel0, next-hop Proxy-CoA, where tunnel0 is the LMA to MAG tunnel. Authors' Addresses Sri Gundavelli Cisco 170 West Tasman Drive San Jose, CA 95134 USA Email: sgundave@cisco.com Kent Leung Cisco 170 West Tasman Drive San Jose, CA 95134 USA Email: kleung@cisco.com Gundavelli, et al. Expires December 20, 2007 [Page 47] Internet-Draft Proxy Mobile IPv6 June 2007 Vijay Devarapalli Azaire Networks 4800 Great America Pkwy Santa Clara, CA 95054 USA Email: vijay.devarapalli@azairenet.com Kuntal Chowdhury Starent Networks 30 International Place Tewksbury, MA Email: kchowdhury@starentnetworks.com Basavaraj Patil Nokia Siemens Networks 6000 Connection Drive Irving, TX 75039 USA Email: basavaraj.patil@nsn.com Gundavelli, et al. Expires December 20, 2007 [Page 48] Internet-Draft Proxy Mobile IPv6 June 2007 Full Copyright Statement Copyright (C) The IETF Trust (2007). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Intellectual Property The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Acknowledgment Funding for the RFC Editor function is provided by the IETF Administrative Support Activity (IASA). Gundavelli, et al. Expires December 20, 2007 [Page 49]