Netext Working Group Rajeev Koodli Internet-Draft Cisco Systems Intended status: Informational October 18, 2010 Expires: April 21, 2011 Multi-access Indicator for Flow Mobility draft-koodli-netext-multiaccess-indicator-00.txt Abstract When a Mobile Node attaches to the mobile network using multiple access networks, it is important for the Mobile Network Gateway to know whether the Mobile Node is capable of simultaneous multi-access, so that the former can distribute the traffic flows using the most appropriate interface. This document defines a new EAP attribute which can be used for such an indication to the Mobile Network Gateway. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on April 21, 2011. Copyright Notice Copyright (c) 2010 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of Koodli Expires April 21, 2011 [Page 1] Internet-Draft Multi-access Indicator for Flow Mobility October 2010 the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Protocol Overview and Extensions . . . . . . . . . . . . . . . 3 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 5 4. Security Considerations . . . . . . . . . . . . . . . . . . . . 5 5. Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . . 5 6. Informative References . . . . . . . . . . . . . . . . . . . . 5 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 6 Koodli Expires April 21, 2011 [Page 2] Internet-Draft Multi-access Indicator for Flow Mobility October 2010 1. Introduction With multi-access, a Mobile Node (MN) may be simultaneously attached to a mobile network. For instance, in the 3GPP architecture, a MN may be attached to the same Mobile Network Gateway (called PGW) via 4G cellular LTE technology as well as the Wireless LAN (WiFI) technology. Such simultaneous access provides opportunity to distribute traffic based on the most appropriate access for the type of traffic in question (and potentially based on the Time Of the Day). In order to accomplish this flow distribution (or flow mobility), the MNG needs to know that the MN's attachment is for multi-access (and not handover) purposes and that the MN has necessary host abstractions to support prefix sharing across access interfaces. This document defines an attribute to be used during the EAP-AKA authentication process so that the 3GPP AAA server understands the MN's capabilities. Subsequently, the 3GPP AAA server provides the MN's capabilities in the Diameter message to the PGW, which can then make the policy decision to perform flow mobility accordingly. 2. Protocol Overview and Extensions In the 3GPP architecture [3gpp.4g-2], two types of "non-3GPP" accesses are supported. In the trusted access model, the access network is considered trustworthy by the 3GPP network operator. An example of a trusted network is another cellular network such as CDMA or WiMax, but may also include broadband wireline network with WiFi access (such as a residential access network operated by the 3GPP cellular service provider). In the untrusted access model, the 3GPP service provider does not possess a trust relationship with the non- 3GPP access provider. An example includes WiFi hot spot access. In the trusted access model, the MN communicates with an Access Network Gateway (ANG). In the untrusted access model, the MN communicates with a node called ePDG that serves as a secure data termination point. In both the trusted and untrusted access models, the MN performs EAP-AKA or EAP-AKA' authentication. In the trusted access model, the EAP-AKA messages are transported from the MN to the ANG over a protocol specific to the access network. In the untrusted access model, the EAP-AKA messages are transported from the MN to the ePDG over IKEv2. Both the ANG and the ePDG communicate with the (3GPP) AAA server using Diameter. This is shown in Figure 1, which we explain further below. Koodli Expires April 21, 2011 [Page 3] Internet-Draft Multi-access Indicator for Flow Mobility October 2010 MN ANG/ePDG AAA MNG (PGW) | | | | |---- EAP ------->|--- AAA[EAP] -->| | | | | | |<--- EAP --------|<--- AAA[EAP] --| | | | | | | |----------------|---- PBU ---------->| | | | | | | |<----- AAA ---------| | | | | | | |------ AAA -------->| | | | | | |<---------------|----- PBA ----------| | | | | Figure 1: Authentication and Registration o The MN attaches to the non-3GPP access network o The MN performs EAP-AKA or EAP-AKA' authentication. The EAP messages are sent over IKEv2 when the MN is connected using untrusted access. o As a part of the EAP-AKA procedure, the MN responds with EAP- Response/AKA-Challenge message. In this message, the MN includes a new attribute AT_MA_IND which indicates that the MN's attachment is for multi-access purposes, and that the MN supports the necessary abstraction (Logical Interface) for flow mobility. o The ANG/ePDG forward the EAP message to the AAA server using the Diameter protocol message Authorization Request (AAR) message specified in [RFC4005]. o The 3GPP AAA server verifies through subscription records (at HSS) that the the MN is allowed to use flow mobility. Subsequently, the AAA server provides the result in a new EAP attribute AT_MA_STATUS in the EAP-Request/AKA-Notification message (which is used for indicating the IP Mobility Selection mode). The EAP message sent using the Diameter Authorization Answer (AAA) message to the ANG/ePDG, which forwards the EAP message to the MN. o The ANG/ePDG sends the PMIP6 PBU message Koodli Expires April 21, 2011 [Page 4] Internet-Draft Multi-access Indicator for Flow Mobility October 2010 o The PGW contacts the AAA server to update the PGW's address for the MN's connection o The AAA server provides the MN's multi-access indication and Logical Interface capability in a new MN_MULTIACCESS (0x0000000000000003) flag in the MIP6-Feature-Vector AVP [RFC5447]. o The PGW now understands that the MN is capable of flow mobility. It provides a prefix in the PBA accordingly. For instance, it may provide a new prefix as well as one or more of the already- assigned prefixes in the PBA. o The ANG/ePDG MUST be able to provide forwarding support for the prefixes provided in the PBA, regardless of the type of attachment indicated in the PBU message. 3. IANA Considerations This document defines a new flag for the MIP6-Feature-Vector AVP in RFC 5447, which may need IANA assignment. 4. Security Considerations This documents defines a new EAP attribute to extend the capability of EAP-AKA protocol as specified in Section 8.2 of RFC 4187 [RFC4187]. This attribute is passed from the MN to the AAA server. The document does not specify any new messages or options to the EAP- AKA protocol. 5. Acknowledgement Thanks to Aeneas-Dodd Noble for flow mobility discussions. 6. Informative References [3gpp.4g-2] "Architecture Enhancements for non-3GPP accesses, 3GPP TS 23.402 8.7.0, December 2009.", . [RFC4005] Calhoun, P., Zorn, G., Spence, D., and D. Mitton, "Diameter Network Access Server Application", RFC 4005, Koodli Expires April 21, 2011 [Page 5] Internet-Draft Multi-access Indicator for Flow Mobility October 2010 August 2005. [RFC4187] Arkko, J. and H. Haverinen, "Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA)", RFC 4187, January 2006. [RFC5447] Korhonen, J., Bournelle, J., Tschofenig, H., Perkins, C., and K. Chowdhury, "Diameter Mobile IPv6: Support for Network Access Server to Diameter Server Interaction", RFC 5447, February 2009. Author's Address Rajeev Koodli Cisco Systems USA Email: rkoodli@cisco.com Koodli Expires April 21, 2011 [Page 6]