Diameter Maintenance and J. Korhonen Extensions (DIME) TeliaSonera Internet-Draft October 27, 2008 Intended status: Informational Expires: April 30, 2009 Diameter MIP6 Feature Vector Additional Bit Allocations draft-korhonen-dime-mip6-feature-bits-00.txt Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on April 30, 2009. Copyright Notice Copyright (C) The IETF Trust (2008). Abstract During the Mobile IPv6 Split Scenario bootstrapping the Mobile IPv6 Home Agent and the Authentication, Authorization, and Accounting server may exchange a set of capabilities as defined in. This document defines additional capability flag bits that are used to authorize per Mobile Node route optimization, Multiple Care-of Address and user plane traffic encryption support. Furthermore, this document also defines a capability flag bit of indicating whether the Korhonen Expires April 30, 2009 [Page 1] Internet-Draft Diameter MIP6 Feature Vector Bits October 2008 Home Agent is authorized to act as a stand alone Virtual Private Network gateway. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Flag definitions for the MIP6-Feature-Vector AVP . . . . . . . 3 3.1. Route Optimization Support . . . . . . . . . . . . . . . . 3 3.2. Multiple Care-of Addresses Support . . . . . . . . . . . . 4 3.3. User Traffic Encryption Support . . . . . . . . . . . . . . 4 3.4. VPN Gateway Mode Support . . . . . . . . . . . . . . . . . 4 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 5 4.1. Capability Flag Bits . . . . . . . . . . . . . . . . . . . 5 4.2. Mobile IPv6 Status Codes . . . . . . . . . . . . . . . . . 5 5. Security Considerations . . . . . . . . . . . . . . . . . . . . 5 6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 5 6.1. Normative References . . . . . . . . . . . . . . . . . . . 5 6.2. Informative References . . . . . . . . . . . . . . . . . . 6 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 6 Intellectual Property and Copyright Statements . . . . . . . . . . 7 Korhonen Expires April 30, 2009 [Page 2] Internet-Draft Diameter MIP6 Feature Vector Bits October 2008 1. Introduction During the Mobile IPv6 [3] Split Scenario bootstrapping [4] the Mobile IPv6 Home Agent (HA) and the Authentication, Authorization, and Accounting (AAA) server MAY exchange a set of capabilities as defined in [5]. This document defines additional capability flag bits that are used to authorize per Mobile Node (MN) route optimization, Multiple Care-of Address (MCoA) [6] and user plane traffic encryption support. Furthermore, this document also defines a capability flag bit of indicating whether the HA is authorized to act as a stand alone IPsec Virtual Private Network (VPN) gateway for remote VPN clients. These new capability flag bits allow Mobility Service Provider (MSP) to control the supported services on the HA. Additionally, the HA SHOULD inform the MN whether the route optimization, the use of MCoA or the user plane encryption is allowed. This allows the MN to learn the MSP service policies in a clean way. 2. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [1]. 3. Flag definitions for the MIP6-Feature-Vector AVP The MIP6-Feature-Vector AVP is defined in [2]. This document defines new additional capability bits for signaling the support of Mobile IPv6 route optimization and the support of Multiple Care-of Addresses. These new capability bits are intended to be used between the HA and the AAA server during the Mobile IPv6 Split Scenario bootstrapping Diameter interactions [5]. However, the defined flag bits MAY also be used in other scenarios and deployments outside the Mobile IPv6 Split Scenario. In addition to the capability flag bits this document also defines corresponding Mobile IPv6 Binding Acknowledgement Status Codes. 3.1. Route Optimization Support Route optimization support is indicated by using the RO_SUPPORTED (value 0x0000000200000000) capability flag bit. When the HA sets this bit, it indicates support for the route optimization. If this bit is unset in the returned MIP6-Feature-Vector AVP, the AAA server does not authorize route optimization for the MN. Korhonen Expires April 30, 2009 [Page 3] Internet-Draft Diameter MIP6 Feature Vector Bits October 2008 In a case the HA or the AAA server cannot authorize the use of route optimization then the HA SHOULD send a Binding Acknowledgement with a Status Code set to ACCEPTED_BUT_NO_ROUTE_OPTIMIZATION (status code TBD). This Status Code indicates that the binding registration succeeded but the HA will fail all possible subsequent route optimization attempts because of subscription or operator policy. 3.2. Multiple Care-of Addresses Support Multiple Care-of Addresses (MCoA) [6] support is indicated by using the MCOA_SUPPORTED (value 0x0000001000000000) capability flag bit. When the HA sets this bit, it indicates support for the MCoA. If this bit is unset in the returned MIP6-Feature-Vector AVP, the AAA server does not authorize the use of MCoA for the MN. In a case the HA or the AAA server cannot authorize the use of the MCoA then the HA SHOULD send a Binding Acknowledgement with a Status Code set to ACCEPTED_BUT_NO_MCOA (status code TBD). This Status Code indicates that the binding registration succeeded but the HA will fail all possible subsequent attempts to use MCoA because of subscription or operator policy. 3.3. User Traffic Encryption Support User plane traffic encryption support is indicated by using the USER_TRAFFIC_ENCRYPTION (value 0x0000000400000000) capability flag bit. When the HA sets this bit, it indicates support for the user plane traffic encryption between the MN and the HA. If this bit is unset in the returned MIP6-Feature-Vector AVP, the AAA server does not authorize user plane traffic encryption because of subscription or operator policy. In the case the AAA server cannot authorize the use of user plane traffic encryption then the HA SHOULD send a Binding Acknowledgement with a Status Code set to ACCEPTED_BUT_NO_TRAFFIC_ENCRYPTION (status code TBD). This Status Code indicates that the binding registration succeeded but the HA will silently discard all encrypted user plane packets sent by the MN to the HA. 3.4. VPN Gateway Mode Support The HA MAY act as a IPsec VPN gateway for the user and the support is indicated by the VPN_GW_MODE (value 0x0000000800000000) capability flag bit. When the HA sets this bit, it indicates support for acting as a standalone IPsec VPN gateway. If this bit is unset in the returned MIP6-Feature-Vector AVP, the AAA server does not authorize the HA to act as a standalone IPsec VPN gateway for the MN because of subscription or operator policy. Korhonen Expires April 30, 2009 [Page 4] Internet-Draft Diameter MIP6 Feature Vector Bits October 2008 4. IANA Considerations This section contains the namespaces that have either been created in this specification or had their values assigned to existing namespaces managed by IANA. 4.1. Capability Flag Bits This specification defines new values to the "Mobility Capability" registry (see [2]) for use with the MIP6-Feature-Vector AVP: Token | Value | Description ---------------------------------+----------------------+------------ RO_SUPPORTED | 0x0000000200000000 | RFC TBD USER_TRAFFIC_ENCRYPTION | 0x0000000400000000 | RFC TBD VPN_GW_MODE | 0x0000000800000000 | RFC TBD MCOA_SUPPORTED | 0x0000001000000000 | RFC TBD 4.2. Mobile IPv6 Status Codes This specification defines new Mobile IPv6 [3] Status Code values. The Status Code must be allocated from the range 0-127: Status Code | Value | Description ----------------------------------------+---------------+------------ ACCEPTED_BUT_NO_ROUTE_OPTIMIZATION | is set to TBD | RFC TBD ACCEPTED_BUT_NO_MCOA | is set to TBD | RFC TBD ACCEPTED_BUT_NO_TRAFFIC_ENCRYPTION | is set to TBD | RFC TBD 5. Security Considerations This document has no additional security consideration to those already described for the Mobile IPv6 Integrated Scenario Diameter interactions [2] and Mobile IPv6 Split Scenario Diameter interactions [5]. 6. References 6.1. Normative References [1] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [2] Korhonen, J., Bournelle, J., Tschofenig, H., Perkins, C., and K. Chowdhury, "Diameter Mobile IPv6: Support for Network Access Server to Diameter Server Interaction", Korhonen Expires April 30, 2009 [Page 5] Internet-Draft Diameter MIP6 Feature Vector Bits October 2008 draft-ietf-dime-mip6-integrated-10 (work in progress), September 2008. 6.2. Informative References [3] Johnson, D., Perkins, C., and J. Arkko, "Mobility Support in IPv6", RFC 3775, June 2004. [4] Giaretta, G., Kempf, J., and V. Devarapalli, "Mobile IPv6 Bootstrapping in Split Scenario", RFC 5026, October 2007. [5] Korhonen, J., Tschofenig, H., Bournelle, J., Giaretta, G., and M. Nakhjiri, "Diameter Mobile IPv6: Support for Home Agent to Diameter Server Interaction", draft-ietf-dime-mip6-split-12 (work in progress), September 2008. [6] Wakikawa, R., Devarapalli, V., Ernst, T., and K. Nagami, "Multiple Care-of Addresses Registration", draft-ietf-monami6-multiplecoa-09 (work in progress), August 2008. Author's Address Jouni Korhonen TeliaSonera Email: jouni.nospam@gmail.com Korhonen Expires April 30, 2009 [Page 6] Internet-Draft Diameter MIP6 Feature Vector Bits October 2008 Full Copyright Statement Copyright (C) The IETF Trust (2008). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Intellectual Property The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Acknowledgment Funding for the RFC Editor function is provided by the IETF Administrative Support Activity (IASA). Korhonen Expires April 30, 2009 [Page 7]