Seamoby Working Group S. Gurivireddy Internet Draft B. Sarikaya Document: draft-guri-seamoby-lahap-00.txt A. Krywaniuk Category: Standards track Alcatel USA September 2001 Layer-2 aided mobility independent dormant host alerting protocol Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC 2026. This is an individual draft for consideration by Seamoby Working Group. Internet Drafts are working documents of the Internet Engineering Task Force (IETF), its areas and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet- Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html Convention used in this draft The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC-2119. Abstract This document introduces a new paging protocol nick-named "LAHAP", which makes use of layer 2 triggers to anticipate events related to paging in layer 2. LAHAP uses the architectural entities defined in RFC 3154 to support dormant mode in hosts connected to the Internet. LAHAP is not dependent on any mobility protocol. Tracking agent keeps track of the paging area of the HOST using layer 2 triggers. Dormant monitoring agent intercepts the traffic for the node and queries tracking agent for the last registered paging area. Dormant monitoring agent asks paging agent to page the host. The paging is done in the paging areas if available and on the subnet. The host deregisters its paging registration after entering into the active mode. Gurivireddy,Sarikaya,Krywaniuk 1 Lahap September 2001 Table of contents 1. Terminology 2. Protocol 2.1. When HOST enters dormant mode 2.2. Forwarding traffic to a dormant HOST 2.3. When HOST changes from dormant to active mode 2.4. Triggers for paging 2.4.1 Paging area trigger 2.4.2 New paging mode trigger 2.4.3 Dormant Host not reachable trigger 2.4.4 Dormant Host reachable trigger 2.5. Binding cache 2.6. Mapping between paging areas and IP subnets 2.6.1. When multiple paging areas are part of a single subnet 2.6.2. When multiple subnets are part of a single paging area 2.7. On-link paging 3. Message formats 3.1. Registration request from HOST to DMA 3.2. Registration reply from DMA to HOST 3.3. Tracking request from DMA to TA 3.4. Tracking reply from TA to DMA 3.5. Paging request from DMA to PA 3.6. Paging reply message from PA to DMA 3.7. On-link Paging message 4. Security Issues 5. References 6. Authors' addresses 1. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC-2119 [4]. DMA The Dormant Monitoring Agent is an Internet node, which detects the delivery of packets to a Host that is in Dormant Mode. Once a routable connection to the Host is created, the Dormant Monitoring Agent arranges for delivery of the packet to the Host. [1] TA The Tracking Agent is responsible for tracking a Host's location while it is in dormant mode or active mode, and for determining when Host enters inactive mode. There is a one to one mapping between a Host and a Tracking Agent. Gurivireddy, Sarikaya, Krywaniuk Expires March 2002 2 Lahap September 2001 PA The Paging Agent is responsible for alerting the Host when a packet arrives and the Host is in dormant mode. [1] HOST HOST refers to IPv6 node, which supports dormant mode operation. Paging area Collection of radio access points that is signaled to locate a dormant mode HOST. A paging area does not necessarily correspond to an IP subnet. [3] Paging Area Multicast Address If Layer 3 paging areas are supported then the tracking agents are organized in the form of paging areas. Each region may have one or more paging areas indicated by PA1, PA2, ą, PAn. The tracking agents in paging area i are members of the paging area multicast address (PAMAi). A paging area multicast address is an IPv6 multicast address which is permanently assigned and is of global scope. 2. Protocol This protocol is a network layer protocol for paging. Protocol allows arbitrary mapping between paging areas and IP subnets. Dormant monitoring agent (DMA) maintains binding cache required to page and forward traffic to a dormant host (HOST). HOST sends updates to tracking agent, which caches the paging area in which the HOST is located. +-+-+ +-+-+-+-+-+-+-+-+ +-+-+-+ |DMA|------------| Internet |-----| PA | +-+-+ +-+-+-+-+-+-+-+-+ +-+-+-+ | + | +-+-+-+ +-+-+-+-+ | TA |---| AR | . . . (L3 Paging areas) +-+-+-+ +-+-+-+-+ | + +-+-+-+-+-+-+ | | | L2 L2 L2 Paging paging paging area area area Fig 1: Mapping between paging areas and subnets Gurivireddy, Sarikaya, Krywaniuk Expires March 2002 3 Lahap September 2001 Whenever HOST enters dormant mode, it registers with DMA. HOST registers paging area ID of its visited network with DMA. The host gets the paging area ID from Layer 2 by way of triggers (see Section 2.4). DMA intercepts traffic for HOST. As soon as DMA detects traffic for HOST, DMA sends paging request to the paging agent. The destination of paging request is paging agent. Paging request contains HOST's home address. Dormant mode host is paged. HOST comes back to active mode and sends dormant mode deregistration message to DMA. Paging agent sends paging reply to DMA. Paging reply contains the result of paging of HOST. HOST MAY obtain IP address using address auto-configuration. Whenever HOST changes paging area, the host and the tracking agent are notified using layer 2 triggers. As long as HOST remains in dormant mode, tracking agent has exact information about the paging area in which the HOST is located. When DMA detects traffic for HOST, DMA MAY send a tracking request message, a datagram with destination options extension header, to tracking agent. Tracking agent replies with the tracking reply message which contains the identification of paging area in which the host is located. DMA maps paging area ID with paging agent's address to identify the paging agent and sends paging request to the paging agent. Paging agent pages the HOST by multicasting the paging request in paging area. HOST replies to DMA by sending "dormant mode deregistration" message. If HOST is not detected by paging, paging agent informs DMA in the paging reply that HOST has not responded to paging. DMA sends ICMP_HOST_UNREACHABLE message to the node, which is trying to deliver datagrams to the host. Even if tracking agent doesn't respond to "tracking request", DMA sends "ICMP HOST UNREACHABLE" message to the node which is trying to deliver datagrams to the host. When HOST changes paging area, paging area trigger is sent up to layer 3 at tracking agent. The trigger contains information about the new paging area ID of the host. Tracking agent caches the paging area ID supplied in the trigger. Tracking agent is located on the subnet to which the host is connected. The subnet also has a router marked as access router (AR) in Figure 1. HOST is pre-configured with DMA's address. 2.1. When HOST enters dormant mode The dormant mode host registers with DMA before entering dormant mode. The host MUST send a dormant mode registration message to DMA. Dormant mode registration message is an IPv6 datagram with destination option extension header. The source address is HOST's registered IPv6 address and the destination address is DMA's IP address. The destination option contains the paging area ID, lifetime of the registration, the hostĘs IPv6 address Gurivireddy, Sarikaya, Krywaniuk Expires March 2002 4 Lahap September 2001 and dormant mode registration options. The options specify the traffic intended to be received by HOST while in dormant mode. Lifetime in the request specifies the time in seconds for which HOST wants the registration to be valid. The lifetime field specified in the reply may be equal to or less than that specified in the request because of DMA's considerations. DMA may limit lifetime due to various considerations like its computing capability and current load. If lifetime field is set to zero it indicates the registration has failed. The messages defined here contain a header with type, code and the sequence number. Sequence numbers for the requests start from zero. Sequence numbers for subsequent requests are incremented by one for each request. The sequence number in the reply matches the one in the corresponding request. If no reply is received within a timeout period then the host MUST retransmit the registration request message. 2.2. Forwarding traffic to a dormant HOST As soon as HOST registers with DMA, DMA starts intercepting the traffic for HOST. DMA checks options specified by HOST in the registrations. When DMA detects any traffic intended to be received by HOST, DMA MAY send the tracking request message to TA, if HOST has moved while in dormant mode. The tracking request contains HOST's IP address. TA MUST reply with a tracking reply message. Tracking reply contains HOST's last registered paging area ID and the mode of the host. The source address and destination addresses of tracking reply are TA and DMA respectively. If TA replies that HOST is in inactive mode, DMA sends ICMP_HOST_UNREACHABLE message to the node, which is trying to communicate with HOST. Otherwise, DMA MUST send a paging request message to paging agent. Paging agent multicasts paging request to all routers multicast address in its paging area. The host is paged using L2 paging means or time-slot paging. HOST replies to DMA with dormant mode deregistration message. Deregistration message is a dormant mode registration message with lifetime field set to zero. Also the host sends its new IPv6 address in the visited network. DMA forwards the traffic to HOST. 2.3. When HOST changes from dormant to active mode When HOST comes back to active mode, HOST invalidates its registration with DMA. HOST invalidates registration by sending a new registration message with lifetime of zero. After the registration is invalidated, DMA stops intercepting the packets for HOST. All fields of registration and invalidation message are the same except the lifetime field. The TA address field in Gurivireddy, Sarikaya, Krywaniuk Expires March 2002 5 Lahap September 2001 the registration message is set to zero. In active mode, the behavior of the protocol is the same as in the underlying network protocol. 2.4. Triggers for paging Some earlier Internet drafts defined triggers related to handoff [2]. This protocol defines triggers related to dormant mode operation of a host in Internet. This protocol takes advantage of triggers from layer-2 at access router and HOST. +-+-+-+-+-+-+-+-+-+-+--+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-++ | L2 trigger | When | To | Parameters | +-------------+---------------------+--------+--------------+ | Paging | As soon as layer 2 | host,TA| New Paging | | area | paging area of host| | area ID, | | | changes | | host L2 | | | | | address | +-------------+---------------------+--------+--------------+ | New paging | As soon as host | host,TA| New mode | | mode | changes its mode | | | | | | | | | | | | | +-------------+---------------------+--------+--------------+ | Dormant host| When host is paged &| | L2 address of| | not | no reply is received| PA | host | | reachable | from Host | | | +-------------+---------------------+--------+--------------+ | Dormant host| When host is paged &| | L2 address of| | reachable | HOST responds to | PA | host | | | paging request | | | +-------------+---------------------+--------+--------------+ 2.4.1. Paging area trigger Whenever HOST changes layer 2 paging area, trigger paging area is sent up to layer-3 at HOST. This trigger is also sent when the host is powered on. The trigger contains the paging area ID. The trigger is also available at TA. TA upon receiving this trigger MUST update binding cache. This trigger helps tracking agent to have updated information about the paging area of the HOST. 2.4.2. New paging mode trigger Whenever HOST changes mode from active to dormant, HOST performs dormant mode registration with DMA. However this registration would not be needed if new paging mode trigger could be used. This trigger issued at DMA could serve as the reception of the Gurivireddy, Sarikaya, Krywaniuk Expires March 2002 6 Lahap September 2001 paging registration request packet from the host. DMA replies with dormant mode registration reply. When host enters inactive mode the trigger is issued at TA. TA MUST remove the host from its binding cache. 2.4.3. Dormant HOST not reachable trigger When HOST is paged in a layer 2 paging area and HOST is not found, this information is passed to the layer 3 at the paging agent by using a trigger from layer 2. The PA MUST send paging reply message back to DMA in which the result field is set to zero and IP address is set to the hostĘs IPv6 address. 2.4.4. Dormant HOST reachable trigger If HOST responds to paging, the trigger "Dormant HOST reachable" is sent up to layer 3 at paging agent. This trigger helps paging agent to determine whether HOST has responded to paging or not. The paging agent MUST send paging reply message to DMA with result field set to 1 and IP address is set to the hostĘs IPv6 address. 2.5. Binding cache maintained by agents HOST and the agents need to maintain some state about the dormant mode of the HOST. They need to remember the status of HOST, number of messages sent to HOST. DMA needs to maintain in its binding cache whether HOST is in dormant mode or in active mode. DMA caches HOST's address, its tracking agent address, its paging area ID and its paging options. Since multiple HOSTS may share a single DMA, DMA needs to maintain a binding cache for each HOST. Tracking agent caches HOST's IP address and its layer 2 paging area ID, if layer 2 paging is supported. All the binding registrations have a lifetime, which specifies the time in seconds after which the respective registration expires. 2.6. Mapping between paging areas and IP subnets This protocol allows arbitrary mapping between IP subnets and paging areas. 2.6.1. When multiple paging areas are part of a single subnet When multiple paging areas are part of a single IP subnet i.e. layer 2 paging areas are supported, tracking agent will request layer 2 entities in its area to start layer 2 paging. When the HOST changes paging area, information is passed to TA using the layer 2 trigger of paging area of Section 2.4.1. So, tracking agent has exact information of which paging area the HOST is located. When the HOST changes the subnet, it selects new TA. HOST registers new TA's address with DMA. Gurivireddy, Sarikaya, Krywaniuk Expires March 2002 7 Lahap September 2001 2.6.2. When multiple subnets are part of a single paging area When multiple subnets are part of a single paging area i.e. layer 3 paging areas are supported, a paging request message is multicast to the paging area multicast address. All the tracking agents in that paging area become members of the multicast group. This paging request in turn will start layer 2 paging of the HOST in all the subnets, which are part of that paging area. After the HOST replies to the layer 2 paging, a paging reply message is delivered to PA by each tracking agent. HOST replies with dormant mode deregistration message to DMA. Paging agent receives paging reply messages from the tracking agent(s). If at least of the replies has the result field set to one then the paging has succeeded. Otherwise PA may continue to page in other paging areas or MAY declare the host inaccessible. Paging agent MUST send paging reply message to DMA, reporting the result of paging. 2.7. Time slotted paging If there is L2 support for paging then on-link paging is used as described in Section 2.8. It is assumed that if there is no L2 support for paging on the subnet, the underlying network supports time slotted paging. In this case the tracking agent takes care of the paging on the subnet. After receiving the paging request message from the Paging Agent, tracking agent pages the HOST by periodically sending router advertisement messages. HOST then replies to the DMA with dormant mode deregistration message. 2.8.On-link paging L2 paging is triggered by sending an on-link paging message. On-link paging message is an IPv6 datagram with destination option extension header. The tracking agent sets the destination address of the message to the HOST's link local address. On-link paging message MUST be sent by the tracking agent only once. This message will trigger L2 paging on the link which will eventually wake up the host. Tracking agent replies to paging agent by sending a paging reply message with the result of paging. HOST responds to on-link paging with dormant mode deregistration message. The sequence number in dormant mode deregistration is obtained by incrementing sequence number in the on-link paging message. Gurivireddy, Sarikaya, Krywaniuk Expires March 2002 8 Lahap September 2001 3. Message formats: All the registration requests and replies are defined by IPv6 destination options. General format of the messages is 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Code | Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sequence number | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | | + Payload + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ -Type: TBD -Code: Each message type is identified with a unique code 0 - Dormant mode registration message 1 - Dormant mode registration reply 2 - Tracking request 3 - Tracking reply 4 - Paging request 5 - Paging reply 6 - On-link paging message -Checksum: Calculated as XOR of all 16 bit blocks. If size is not a multiple of 16, zeros are padded at the end. -Sequence number is a 24-bit number, which is incremented each time a message is exchanged. Sequence number starts from zero when new binding cache is created. Length of message can be calculated from code because each message has a fixed length. Gurivireddy, Sarikaya, Krywaniuk Expires March 2002 9 Lahap September 2001 3.1. Registration request from HOST to DMA 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Code | Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sequence number | Options | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + HOST IP address + | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + TA IP address or + | | + New host IP address + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Paging area ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Lifetime of registration | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - HOST IP address: HOST's home address registered with DMA. i.e. The address for which it wants DMA to intercept the traffic - TA IP address: Address of tracking agent, with which HOST has a valid registration. i.e. A registration whose lifetime has not expired - Lifetime specifies the time in seconds for which HOST wants DMA to keep the binding cache intact - Paging area ID is valid only when HOST is registering for the first time. When HOST registers for the first time, TA IP address field is invalid. In subsequent registrations, TA IP address field is valid, but paging area ID field is not valid. Options define the types of traffic for which DMA should inform HOST. The bits of options field from left to right (first to last) are defined as follows: 0 -> If bit number 0 =1, HOST wishes to receive traffic for unicast address registered with HOST 1 -> If bit number 1 =1, HOST wishes to receive broadcast traffic on the local subnet Gurivireddy, Sarikaya, Krywaniuk Expires March 2002 10 Lahap September 2001 2 -> If bit number 2 =1, HOST wishes to receive multicast traffic destined for the registered address 3,4,5,6,7 -> bits not used, may be used in future extensions 3.2. Registration reply from DMA to HOST 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Code | Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sequence number | Options | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + TA IP address + | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | lifetime | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - Sequence number is incremented by one in the reply. - Tracking agent's address from the request is copied into the reply - DMA decides the time after which HOST's registration will expire. The time depends on factors like DMA's processing power, and current load on DMA. - Options field is copied from request. If DMA does not support any option specified by HOST in the request, that bit is turned off. - Time for which the registration is valid 3.3. Tracking request from DMA to TA 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Code | Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sequence number | Not used | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + HOST IP address + | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Gurivireddy, Sarikaya, Krywaniuk Expires March 2002 11 Lahap September 2001 3.4. Tracking reply from TA to DMA 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Code | Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sequence number | HOST mode | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + Host IP address + | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Paging area ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - Sequence number is incremented by one in the reply. - Paging area ID is a 64-bit ID used to identify layer-2 paging area. -HOST mode - HOST mode =0 for active mode - HOST mode =1 for dormant mode - HOST mode =2 for inactive mode - 3.5. Paging request from DMA to PA 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Code | Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sequence number | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + HOST IP address + | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Gurivireddy, Sarikaya, Krywaniuk Expires March 2002 12 Lahap September 2001 3.6. Paging reply from DMA to PA 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Code | Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sequence number | Result | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + HOST IP address + | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ -Result: 0 if HOST did not respond to paging 1 if HOST responded to paging -HOST IP address: IP address of HOST, which was paged 3.7. On-link paging message 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | Paged Host address | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Paged Host address: IP address of HOST being paged Length : Length of Router advertisement option Type : TBD 4. Security issues Section 3.1 in [1] discusses denial of service amplification. An attacker can exploit paging protocol by sending large number of packets by using bogus correspondent nodes and unnecessarily forcing HOST to enter active mode. Since the filtering of incoming traffic is done at DMA in our protocol, the problem of DoS generated by correspondent nodes in Internet reduces to the problem of solving it for ordinary Internet hosts. The problem of "bogus IP packets" can be solved by any existing security architectures like ingress filtering, IP spoofing and IPSec. Gurivireddy, Sarikaya, Krywaniuk Expires March 2002 13 Lahap September 2001 [1] outlines a number of possible security vulnerabilities of an IP paging protocol. The vast majority of these attacks are prevented if all paging traffic is protected by an IPsec security association (SA). One category of attacks is DoS Amplification attack of section 3.1 in [1], in which bogus paging requests are wide casted across the network. This attack is prevented by taking advantage of the source authentication which IPsec provides. With IPsec, only authorized and authenticated nodes can initiate paging. If an authenticated node misbehaves then it can be removed from the list of authorized users. IPsec source authentication also solves the Queue Overflow attack of section 3.2 in [1]. The remaining problems are the Bogus Paging Area and Forced Battery Consumption attacks described in section 3.3 of [1]. This protocol does not fully solve the Bogus Paging Area problem because we believe that the problem is not solvable without a large-scale PKI and extremely precise clock synchronization. An attacker could simply take the paging messages from one area and rebroadcast them in another area. As for the Forced Battery Consumption attack, there are several reasonable solutions to this problem: 1) On Demand Negotiation: SAs are negotiated on demand (whenever the host is paged or when it crosses a paging area boundary). 2) Perpetual Connectivity: Before a host enters dormant mode, it ensures that it has an SA with the PA and/or the tracking router. 3) Signed Paging Messages: SAs are negotiated on demand, but only upon reception of a cryptographically signed paging request (signed with the DMA's public key). 4) A hybrid of the above methods. In order to leverage the existing framework for negotiating IPsec SAs, we use a hybrid of solutions 1 and 2. Since it is difficult to prevent an attacker from spoofing bogus paging requests or paging router advertisement messages, we allow the attack to proceed, but we limit its effectiveness. Under normal condition, the operation of the protocol is closer to method 1; under conditions of DoS, the operation is closer to method 2. In general, a host can be paged with an unauthenticated layer 2 or layer 3 paging message. Upon reception of a page, the HOST sets up an SA with the PA. If the wakeup message turns Gurivireddy, Sarikaya, Krywaniuk Expires March 2002 14 Lahap September 2001 out to have been spoofed then the HOST goes into DoS protection mode. In DoS protection mode, the HOST sets up an SA with the TA. Subsequent layer 3 paging requests, i.e. paging RAs from that access router will be ignored unless they are authenticated by the SA. Layer 2 paging cannot be used unless there is an available layer 2 security mechanism with equivalent strength to IPsec (and the key management protocol (KMP) for layer 2 has access to the same authentication infrastructure that is used to create IPsec SAs). When a HOST goes into the active mode and establishes layer 3 communication, it doesn't immediately send a dormant mode deregistration to the DMA. First, it attempts to establish an SA with the paging agent in the new paging area. If that fails, the HOST assumes that the paging agent was spoofed and it enters DoS protection mode. In DoS protection mode, the HOST does not immediately respond to paging messages. Before committing to the new area, HOST allows sufficient time for the PA in the existing paging area to send a competing paging messages. If HOST continues to receive conflicting paging messages, then it MUST periodically wake up and ping the paging agent with which it currently has an SA. If the existing access router is unreachable, then HOST should attempt to establish an SA with any of the other paging agents for which it has received an advertisement. If that fails, then MN should give up and simply enter inactive mode. Some notes on the use of IPsec: When IPsec is being used to protect triggered wakeup messages, the anti-replay feature of ESP/AH MUST be enabled. Also, IPsec SAs can be created by a variety of KMPs, and these have different properties. An IP paging protocol does not have a need for advanced security features such as perfect forward secrecy. With some key management protocols, such as KINK, once the initial SA has been setup, subsequent SA negotiations with other hosts in the domain can be very fast. 5. References [1] RFC 3154, "Requirements and Functional Architecture for an IP Host Alerting Protocol", August 2001 [2] James Kempf. et.al., "Requirements for Layer 2 Protocols to Support Optimized Handover for IP Mobility", July 2001 [3] RFC 3132, "Dormant Mode Host Alerting ("IP Paging") problem Statement", June 2001 Gurivireddy, Sarikaya, Krywaniuk Expires March 2002 15 Lahap September 2001 6. Author's addresses The working group can be contacted via the current chair: Pat R. Calhoun Black Storm Networks 250 Cambridge Avenue Suite 200 Palo Alto, CA 94306 USA Tel. 1-650-617-2932 Email: pcalhoun@btormnetworks.com Questions about the memo can be directed to Sridhar Gurivireddy, Network Strategic Group, Mobile Networking team Alcatel USA 1201 E.Campbell Rd. M/S CT02 Richardson, TX 75081-1536 USA E-mail: sridhar.gurivireddy@alcatel.com Phone: (972) 996.2048 Behcet Sarikaya, Network Strategic Group, Mobile Networking team Alcatel USA 1201 E.Campbell Rd. M/S CT02 Richardson, TX 75081-1536 USA E-mail: behcet.sarikaya@alcatel.com Phone: (972) 996.5075 Andrew Krywaniuk Alcatel Networks Corporation 600 March Road Kanata, ON Canada, K2K 2E6 +1 (613) 784-4237 E-mail: andrew.krywaniuk@alcatel.com Gurivireddy, Sarikaya, Krywaniuk Expires March 2002 16