NETLMM Working Group V. Devarapalli (ed.) Internet-Draft WiChorus Intended status: Standards Track R. Koodli (ed.) Expires: April 3, 2009 Starent Networks H. Lim N. Kant Stoke S. Krishnan Ericsson J. Laganier DOCOMO Euro-Labs September 30, 2008 Heartbeat Mechanism for Proxy Mobile IPv6 draft-ietf-netlmm-pmipv6-heartbeat-01.txt Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on April 3, 2009. Abstract Proxy Mobile IPv6 is a network-based mobility management protocol. The mobility entities involved in the Proxy Mobile IPv6 protocol, the Mobile Access Gateway (MAG) and the Local Mobility Anchor (LMA), setup tunnels dynamically to manage mobility for a mobile node within Devarapalli (ed.), et al. Expires April 3, 2009 [Page 1] Internet-Draft PMIPv6 Heartbeat Mechanism September 2008 the Proxy Mobile IPv6 domain. This document describes a heartbeat mechanism between the MAG and the LMA to detect failures quickly and take appropriate action. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Heartbeat Mechanism . . . . . . . . . . . . . . . . . . . . . 3 3.1. Failure Detection . . . . . . . . . . . . . . . . . . . . 4 3.2. Restart Detection . . . . . . . . . . . . . . . . . . . . 4 3.3. Heartbeat Message . . . . . . . . . . . . . . . . . . . . 5 3.4. Restart Counter Mobility Option . . . . . . . . . . . . . 6 4. Exchanging Heartbeat Messages over an IPv4 Transport Network . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 5. Configuration Variables . . . . . . . . . . . . . . . . . . . 7 6. Security Considerations . . . . . . . . . . . . . . . . . . . 7 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 8 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 8 9.1. Normative References . . . . . . . . . . . . . . . . . . . 8 9.2. Informative References . . . . . . . . . . . . . . . . . . 8 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 9 Intellectual Property and Copyright Statements . . . . . . . . . . 11 Devarapalli (ed.), et al. Expires April 3, 2009 [Page 2] Internet-Draft PMIPv6 Heartbeat Mechanism September 2008 1. Introduction Proxy Mobile IPv6 [2] enables network-based mobility for IPv6 hosts that do not implement any mobility protocols. The protocol is described in detail in [2]. In order to facilitate the network-based mobility, the PMIPv6 protocol defines a Mobile Access Gateway (MAG), which acts as a proxy for the Mobile IPv6 [6] signaling, and the Local Mobility Anchor (LMA) which acts similar to a Home Agent, anchoring a Mobile Node's sessions within a Proxy Mobile IPv6 (PMIPv6) domain. The LMA and the MAG establish a bidirectional tunnel for forwarding all data traffic belonging to the Mobile Nodes. In a distributed environment such as a PMIPv6 domain consisting of LMA and MAGs, it is necessary for the nodes to 1) have a consistent state about each others reachability, and 2) quickly inform peers in the event of recovery from node failures. So, when the LMA restarts after a failure, the MAG should (quickly) learn about the restart so that it could take appropriate actions (such as releasing any resources). When there are no failures, a MAG should know about LMA's reachability (and vice versa) so that the path can be assumed to be functioning. This document specifies a heartbeat mechanism between the MAG and the LMA to detect the status of reachability between them. This document also specifies a mechanism to indicate node restarts; the mechanism could be used to quickly inform peers of such restarts. The heartbeat message is a mobility header message (protocol type 135) which is periodically exchanged at a configurable threshold of time or sent unsolicited soon after a node restart. This document does not specify the specific actions (such as releasing resources) that a node takes as a response to processing the heartbeat messages. 2. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [1]. 3. Heartbeat Mechanism The MAG and the LMA exchange heartbeat messages every HEARTBEAT_INTERVAL seconds to detect the current status of reachability between them. The MAG initiates the heartbeat exchange to test if the LMA is reachable by sending a Heartbeat Request message to the LMA. Each Heartbeat Request contains a sequence number that is incremented monotonically. The sequence number on the Devarapalli (ed.), et al. Expires April 3, 2009 [Page 3] Internet-Draft PMIPv6 Heartbeat Mechanism September 2008 last Heartbeat Request message is always recorded by the MAG, and is used to match the corresponding Heartbeat Response. Similarly, the LMA also initiates a heartbeat exchange with the MAG, by sending a Heartbeat Request message, to check if the MAG is reachable. The format of the Heartbeat message is described in Section 3.3. A Heartbeat Request message can be sent only if the MAG has at least one proxy binding cache entry at the LMA for a mobile node attached to the MAG. If there are no proxy binding cache entries at the LMA for any of the mobile nodes attached to the MAG, then the heartbeat message MUST NOT be sent. Similarly, the LMA MUST NOT send a Heartbeat Request message to a MAG if there is no active binding cache entry created by the MAG. A PMIPv6 node SHOULD always respond to a Heartbeat Request message with a Heartbeat Response message, irrespective of whether there is an active binding cache entry. The HEARTBEAT_INTERVAL SHOULD NOT be configured to a value less than 30 seconds. Sending heartbeat messages too often may become an overhead on the path between the MAG and the LMA. The HEARTBEAT_INTERVAL can be set to a much larger value on the LMA, if required, to reduce of burden of sending periodic heartbeat messages. If the LMA or the MAG do not support the heartbeat messages, they should respond with an ICMP Parameter Problem, Code 0, message to the initiator. The 'Pointer' field in the ICMP Parameter Problem message SHOULD point to the 'MH Type' field, indicating that the particular Mobility Header message is not supported. When the ICMP Parameter Problem message is received in response to Heartbeat Request message, the initiating MAG or the LMA MUST NOT use heartbeat messages with the other end again. 3.1. Failure Detection A PMIPv6 node, (MAG or LMA) matches every received Heartbeat Response to the Heartbeat Request sent using the sequence number. Before sending the next Heartbeat Request, it increments a local variable MISSING_HEARTBEAT if it has not received a Heartbeat Response for the previous request. When this local variable MISSING_HEARTBEAT exceeds a configurable parameter MISSING_HEARTBEATS_ALLOWED, the PMIPv6 node concludes that the peer PMIPv6 node is not reachable. The PMIPv6 node may then take appropriate actions which are outside the scope of this document. If a Heartbeat Response message is received, the MISSING_HEARTBEATS counter is reset. 3.2. Restart Detection The section describes a mechanism for detecting failure recovery without session persistence. In case the LMA or the MAG crashes and Devarapalli (ed.), et al. Expires April 3, 2009 [Page 4] Internet-Draft PMIPv6 Heartbeat Mechanism September 2008 re-boots and loses all state with respect to the PMIPv6 sessions, it would be beneficial for the peer PMIPv6 node to discover the failure and the loss of session state and establish the sessions again. Each PMIPv6 node (both the MAG and LMA) MUST maintain a monotonically increasing Restart Counter that is incremented every time the node re-boots and looses PMIPv6 session state. The counter MUST NOT be incremented if the recovery happens without losing state for the PMIPv6 sessions active at the time of failure. This counter MUST be stored in non-volatile memory. A PMIPv6 node includes a Restart Counter mobility option, described in Section 3.4 in an Heartbeat Response message to indicate the current value of the Restart Counter. Each PMIPv6 node MUST also store the Restart Counter for all the peer PMIPv6 nodes that it has sessions with currently. Storing the Restart Counter values for peer PMIPv6 nodes does not require non-volatile memory. The PMIPv6 node that receives the Heartbeat Response message compares the Restart Counter value with the previously received value. If the value is different, the receiving node assumes that the peer PMIPv6 node had crashed and recovered. If the Restart Counter value changes or if there was no previously stored value, the new value is stored by the receiving PMIPv6 node. If a PMIPv6 node restarts and looses PMIPv6 session state, it SHOULD send an unsolicited Heartbeat Response message with an incremented Restart Counter to all the PMIPv6 nodes that had previously established PMIPv6 sessions. This allows the peer PMIPv6 nodes to quickly discover the restart. The sequence number field in the unsolicited Heartbeat Response is ignored and no response to necessary; the nodes will synchronize during the next Request and Response exchange. 3.3. Heartbeat Message The following illustrates the message format for the Heartbeat Mobility Header message. The 'MH Type' field in the Mobility Header indicates that it is a Heartbeat message. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Reserved |U|R| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sequence Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Devarapalli (ed.), et al. Expires April 3, 2009 [Page 5] Internet-Draft PMIPv6 Heartbeat Mechanism September 2008 Reserved Set to 0 and ignored by the receiver. 'R' A 1-bit flag that indicates whether the message is a request or a response. When the 'R' flag is set to 0, it indicates that the Heartbeat message is a request. When the 'R' flag is set to 1, it indicates that the Heartbeat message is a response. 'U' Set to 1 in Unsolicited Heartbeat Response. Otherwise set to 0. Sequence Number A 32-bit sequence number used for matching the request to the reply. 3.4. Restart Counter Mobility Option The following shows the message format for a new mobility option for carrying the Restart Counter Value in the Heartbeat message. The Restart Counter Mobility Option is only valid in a Heartbeat Response message. It has an alignment requirement of 4n+2. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Restart Counter | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type A 8-bit field that indicates that it is a Restart Counter mobility option. Length A 8-bit field that indicates the length of the option in octets excluding the 'Type' and 'Length' fields. It is set to '4'. Devarapalli (ed.), et al. Expires April 3, 2009 [Page 6] Internet-Draft PMIPv6 Heartbeat Mechanism September 2008 Restart Counter A 32-bit field that indicates the current Restart Counter value. 4. Exchanging Heartbeat Messages over an IPv4 Transport Network In some deployments, the network between the MAG and the LMA may not be capable of transporting IPv6 packets. In this case, the Heartbeat messages are tunneled over IPv4. If the Proxy Binding Update and Proxy Binding Acknowledgment messages are sent using UDP encapsulation to traverse NATs, then the Heartbeat messages are also sent with UDP encapsulation. The UDP port used would be the same as the port used for the Proxy Binding Update and Proxy Binding Acknowledgement messages. For more details on tunneling Proxy Mobile IPv6 signaling messages over IPv4, see [3]. 5. Configuration Variables The LMA and the MAG must allow the following variables to be configurable. HEARTBEAT_INTERVAL This variable is used to set the time interval in seconds between two consecutive Heartbeat Request messages. The default value is 60 seconds. It SHOULD not be set to less than 30 seconds. MISSING_HEARTBEATS_ALLOWED This variable indicates the maximum number of consecutive Heartbeat Request messages that a PMIPv6 node can miss before concluding that the peer PMIPv6 node is not reachable. The default value for this variable is 3. 6. Security Considerations The heartbeat messages are just used for checking reachability between the MAG and the LMA. They do not carry information that is useful for eavesdroppers on the path. Therefore, confidentiality protection is not required. Integrity protection using IPsec [4] for the heartbeat messages MUST be supported on the MAG and the LMA. If dynamic key negotiation between the MAG and the LMA is required, IKEv2 [5] should be used. Devarapalli (ed.), et al. Expires April 3, 2009 [Page 7] Internet-Draft PMIPv6 Heartbeat Mechanism September 2008 7. IANA Considerations The Heartbeat message defined in Section 3.3 must have the type value allocated from the same space as the 'MH Type' field in the Mobility Header defined in RFC 3775 [6]. The Restart Counter mobility option defined in Section 3.4 must have the type value allocated from the same space as the Mobility Options defined in RFC 3775 [6]. 8. Acknowledgments A heartbeat mechanism for a network-based mobility management protocol was first described in [7]. The authors would like to thank the members of a NETLMM design team that produced that document. The mechanism described in this document also derives from the path management mechanism described in [8]. We would like to thank Alessio Casati for first suggesting a fault handling mechanism for Proxy Mobile IPv6. 9. References 9.1. Normative References [1] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [2] Gundavelli, S., Leung, K., Devarapalli, V., Chowdhury, K., and B. Patil, "Proxy Mobile IPv6", RFC 5213, August 2008. [3] Wakikawa, R. and S. Gundavelli, "IPv4 Support for Proxy Mobile IPv6", draft-ietf-netlmm-pmip6-ipv4-support-04 (work in progress), July 2008. [4] Kent, S. and K. Seo, "Security Architecture for the Internet Protocol", RFC 4301, December 2005. [5] Kaufman, C., "Internet Key Exchange (IKEv2) Protocol", RFC 4306, December 2005. 9.2. Informative References [6] Johnson, D., Perkins, C., and J. Arkko, "Mobility Support in IPv6", RFC 3775, June 2004. Devarapalli (ed.), et al. Expires April 3, 2009 [Page 8] Internet-Draft PMIPv6 Heartbeat Mechanism September 2008 [7] Giaretta, G., "The NetLMM Protocol", draft-giaretta-netlmm-dt-protocol-02 (work in progress), October 2006. [8] 3rd Generation Partnership Project, "3GPP Technical Specification 29.060 V7.6.0: "Technical Specification Group Core Network and Terminals; General Packet Radio Service (GPRS); GPRS Tunnelling Protocol (GTP) across the Gn and Gp interface (Release 7)"", July 2007. Authors' Addresses Vijay Devarapalli WiChorus 3950 North First Street San Jose, CA 95134 USA Email: vijay@wichorus.com Rajeev Koodli Starent Networks USA Email: rkoodli@starentnetworks.com Heeseon Lim Stoke 5403 Betsy Ross Drve Santa Clara, CA 95054 USA Email: hlim@stoke.com Nishi Kant Stoke 5403 Betsy Ross Drive Santa Clara, CA 95054 USA Email: nishi@stoke.com Devarapalli (ed.), et al. Expires April 3, 2009 [Page 9] Internet-Draft PMIPv6 Heartbeat Mechanism September 2008 Suresh Krishnan Ericsson 8400 Decarie Blvd. Town of Mount Royal, QC Canada Email: suresh.krishnan@ericsson.com Julien Laganier DOCOMO Euro-Labs Landsbergerstrasse 312 Munich, D-80687 Germany Email: julien.IETF@laposte.net Devarapalli (ed.), et al. Expires April 3, 2009 [Page 10] Internet-Draft PMIPv6 Heartbeat Mechanism September 2008 Full Copyright Statement Copyright (C) The IETF Trust (2008). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Intellectual Property The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Devarapalli (ed.), et al. Expires April 3, 2009 [Page 11]