MIP6 Working Group Q. Li Internet-Draft Beihang University Expires: January 12, 2006 H. Deng Hitachi July 11, 2005 Home Agent Initiated Bootstrap for Mobile IPv6 draft-li-mip6-ha-init-bootstrap-00.txt Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on January 12, 2006. Copyright Notice Copyright (C) The Internet Society (2005). Abstract This document defined a Home Agent initiated Bootstrap solution as a complementarity to current Bootstrap solutions. In home agent reliability problem, current bootstrap solution is not appropriate because sometimes mobile node would be infeasible to initiate the bootstrap procedure. However, a Home Agent initiated bootstrap solution would be suitable in this case. Li & Deng Expires January 12, 2006 [Page 1] Internet-Draft HA Initiated Bootstrap for MIPv6 July 2005 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 3. Components of the solution . . . . . . . . . . . . . . . . . . 6 4. Protocol Operations . . . . . . . . . . . . . . . . . . . . . 7 4.1 Protocol Flow . . . . . . . . . . . . . . . . . . . . . . 7 4.2 IKEv2 exchange . . . . . . . . . . . . . . . . . . . . . . 8 4.3 Home Agent Switch message . . . . . . . . . . . . . . . . 9 4.4 Home Address Configuration . . . . . . . . . . . . . . . . 11 5. Performance Considerations . . . . . . . . . . . . . . . . . . 12 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 7. Security Considerations . . . . . . . . . . . . . . . . . . . 14 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 15 8.1 Normative References . . . . . . . . . . . . . . . . . . . 15 8.2 Informative References . . . . . . . . . . . . . . . . . . 15 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 16 Intellectual Property and Copyright Statements . . . . . . . . 18 Li & Deng Expires January 12, 2006 [Page 2] Internet-Draft HA Initiated Bootstrap for MIPv6 July 2005 1. Introduction [I-D.ietf-mip6-bootstrap-ps] described Mobile IPv6 bootstrapping problem. In this draft, Mobile Node is assumed to be the initiator of the Bootstrap procedure. This assumption is appropriate in many scenarios, but there still exist some exceptions. In Home Agent reliability problem[I-D.jfaizan-mipv6-ha-reliability], Mobile Node will probability lose its Home Agent due to failure or other reasons. The failure of Home Agent would result in the loss of mobility with the Mobile Node. Under such condition, the Mobile Node would lose its Home Agent, as well as Home Address and IPsec Security Association with the Home Agent. It is obvious that Mobile will need to re-bootstrap from another Home Agent to keep its mobility. However, in this case, the Mobile Node will be infeasible to initiate bootstrap procedure, because it could be slow for a Mobile Node detecting whether its current serving Home Agent is still working or not. Meanwhile, when another Home Agent which has detected this event tries to notify the Mobile Node about this failure, providing security protection to the failure notification signal without manually configured IPsec Security Associations between the new Home Agent and Mobile Node is diffcult. In order to inform Mobile Node about Home Agent failure, [I-D.haley- mip6-ha-switch] and [I-D.wakikawa-mip6-nemo-haha-spec] has defined similiar Home Agent switch message as new Mobility Header type. This message must be protected by IPsec in order to prevent malicious host from applying Denial of Service to Mobile Node. However, according to [RFC3776], all Mobile IPv6 message must be protected by IPsec SA between Home Address of Mobile Node and Home Agent. [I-D.devarapalli-mip6-nemo-local-haha] also propose that if there is no existing security association, the Home Agent must negotiate an IPsec SA. then here has a contradiction between bootstrap and failure notifcation message, for Mobile Node, it must firstly bootstrap from the new Home Agent before the new Home Agent can send the notification message to the Mobile Node. On the contrary, only after Mobile node received nofitication message the mobile node can initiate boostrap procedure with its new home agent. In this case, Mobile Node is not appropriate for the initator of bootstrap procedure. Therefore the solution defined in [I-D.ietf-mip6- bootstrapping-split] is not appropriate for home agent realibilty and load balance. [I-D.jfaizan-mipv6-vhar] defined a synchronization solution for IPsec SAD and SPD among multiple Home Agents sharing the same virtual HA Li & Deng Expires January 12, 2006 [Page 3] Internet-Draft HA Initiated Bootstrap for MIPv6 July 2005 address. In this case Mobile Node would not need to re-bootstrap and re-establish IPsec SA with new Home Agent. But IPsec SA is not designed in a way that can be easily synchronized among many hosts. Also the synchronization signal will increase the traffic load on Home Agent. Due to the packet loss of the synchronization signal, its also difficult to maintain consistancy of SAD among different Home Agents. When and how a specific Home Agent know a Mobile Node current serving Home Agent is unavailable and need to re-bootstrap from another Home Agent is not covered in this solution. [I-D.deng-mip6-vrrp- homeagent-reliability]would be useful in this case. Li & Deng Expires January 12, 2006 [Page 4] Internet-Draft HA Initiated Bootstrap for MIPv6 July 2005 2. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. General mobility terminology can be found in [RFC3753]. The following additional terms are used here: Failed HA A Failed HA is a Home Agent which is currently unavailable to Mobile Nodes due to failure or some other reasons. Initiator HA An Initiator HA is a Home Agent which needs to initiate a bootstrap proccedure with a Mobile Node in this solution. MSA Mobility Service Authorizer. A service provider that authorizes Mobile IPv6 service. MSP Mobility Service Provider. A service provider that provides Mobile IPv6 service. In order to obtain such service, the mobile host must be authenticated and prove authorization to obtain the service. Split scenario A scenario where mobility service and network access service are authorized by different entities. Li & Deng Expires January 12, 2006 [Page 5] Internet-Draft HA Initiated Bootstrap for MIPv6 July 2005 3. Components of the solution The following includes four different sub-problems in bootstrap as discussed in [I-D.ietf-mip6-bootstrapping-split]. This list is a brief overview of this solution. o HA assginment - HA assignment is out of scope of this solution. The assigned HA will initiate the bootstrap procedure with the Mobile Node in this solution. HA assignment could be done within a speicific HA reliability solution, such as a new Home Agent detects the failure of other Home Agent takes over all the MN served by the failed HA o HA switch - In this scenario, this Mobile Node is previously served by another HA, during bootstrap, the Mobile Node should de- register from its old HA and bind to newly assigned HA. This solution extend the HA switch message defined in [I-D.haley-mip6- ha-switch] o IPsec Security Associations setup - IPsec SA is negotiated through IKEv2 exchanges initiated by HA. This solution defines a similiar mechanism as provided in [I-D.ietf-mip6-ikev2-ipsec]. o HoA assignment - If the initiator HA and the failed HA locate in the same home link and have the same network prefix, HoA assignment is not necessary. Otherwise, a HoA configuration solution is provided within IKEv2 exchanged o Authentication and Authorization with MSA - Mobile Node in this solution must be athenticated and authorized by MSA. The authentication and authorization model in this solution could also be referred as the split scenenario which is defined in [I-D.ietf- mip6-bootstrapping-split]. Li & Deng Expires January 12, 2006 [Page 6] Internet-Draft HA Initiated Bootstrap for MIPv6 July 2005 4. Protocol Operations In a typical Home Agent initiated Bootstrap scenario, an initiator HA will try to initiate Bootstrap with an MN when it detects the failure of MN's current Home Agent. Sometimes, the initiator HA and the failed HA are located in the same link, therefore share the same network prefix. In this case, it is possible for MN to keep its HoA previously registered with the failed HA. When network prefix of the initiator HA and the failed HA are different, the following Bootstrap procedure must configure HoA for the MN. This bootstrap scenario is also a split scenario as defined in [I-D.ietf-mip6-bootstrapping-split]. 4.1 Protocol Flow HA initiated Bootstrap with new HoA configuration +----+ +----+ +-----+ | MN | | HA | | DNS | +----+ +----+ +-----+ IKEv2 exchange (HoA configuration) <======================> HAS message <----------------------- BU (DNS update option) -----------------------> DNS update <-------------------> BA (DNS update option) <----------------------- Li & Deng Expires January 12, 2006 [Page 7] Internet-Draft HA Initiated Bootstrap for MIPv6 July 2005 HA initiated Bootstrap without HoA configuration +----+ +----+ | MN | | HA | +----+ +----+ IKEv2 exchange <======================> HAS message <----------------------- BU -----------------------> BA <----------------------- 4.2 IKEv2 exchange [I-D.ietf-mip6-ikev2-ipsec] described IKEv2 exchange that is initiated by MN. IKEv2 exchange in this solution MUST be inititated by HA. IKE_AUTH exchange flow in a HA initiated Bootstrap is depicted as following: Home Agent Mobile Node ---------- ----------- HDR, SAi1, KEi, Ni --> <-- HDR, SAr1, KEr, Nr, [CERTREQ] HDR, SK {IDi, [CERT,] [CERTREQ,] [IDr,] AUTH, SAi2, TSi, TSr} --> <-- HDR, SK {IDr, [CERT,] AUTH, SAr2, TSi, TSr} In IKE_AUTH exchange, the home agent MUST includes its identity in the IDi payload. Three different types of identities could be used for Home Agent to identify itself to Mobile Node. Li & Deng Expires January 12, 2006 [Page 8] Internet-Draft HA Initiated Bootstrap for MIPv6 July 2005 o Home Agent Address - The home agent could use its address as the identifier and set the ID Type field to ID_IPV6_ADDR o FQDN - The mobile node can use a Fully Qualified Domain Name as the identifier and set the ID Type field to ID_FQDN. o RFC 822 identifier - If the mobile node uses a RFC 822 identifier [RFC0822], it sets the ID Type field to ID_RFC822_ADDR. The mobile node MUST includes its identity in the IDr payload during IKE_AUTH exchange. Different types of identities could be used for Mobile Node to identify itself for bootstrap. o FQDN - The mobile node can use a Fully Qualified Domain Name as the identifier and set the ID Type field to ID_FQDN. o RFC 822 identifier - If the mobile node uses a RFC 822 identifier [RFC0822], it sets the ID Type field to ID_RFC822_ADDR. When IKE_AUTH exchange completes, the Home Agent MUST initiate CREATE_CHILD_SA messages to negotiate SA for protecting undergoing Home Agent Switch message defined in [I-D.haley-mip6-ha-switch], as well as other Mobile IPv6 messages as specified in [I-D.ietf-mip6- ikev2-ipsec]. CREATE_CHILD_SA exchange flow in a HA initiated Bootstrap is depicted as following: Home Agent Mobile Node ---------- ----------- HDR, SK {[N], SA, Ni, [KEi], [TSi, TSr]} --> <-- HDR, SK {SA, Nr, [KEr], [TSi, TSr]} The home agent MUST set the TSr (Traffic Selector-responder) payload to the mobile node's home address in the CREATE_CHILD_SA request message, so that the security associations are created based on the home address of mobile node. 4.3 Home Agent Switch message After IKE exhanges, the initiator Home Agent MUST send Home Agent Switch signal to the mobile node on behalf of the failed Home Agent in order to inform the mobile node that it should register to the Li & Deng Expires January 12, 2006 [Page 9] Internet-Draft HA Initiated Bootstrap for MIPv6 July 2005 initiator Home Agent itself. In this solution, Message format defined in [I-D.haley-mip6-ha- switch] is extened as following: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |# of Addresses |B| Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + . . . Home Agent Addresses . . . + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + . . . Mobility options . . . + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ B bit - The letter 'B' stands for bootstrap. With this bit set in HA switch message, mobile node MUST NOT send Binding Update signal to its origal Home Agent to de-register from the binding cache. The initiator Home Agent in this solution MUST set the 'B' bit to 1, and SHOULD include and only include its own address in the Home Agent switch message. Upon receiving the Home Agent switch message by the mobile node with 'B' bit set to 1, the mobile node MUST delete its local binding state, without sending a Binding Update message to its orignal Home Agent, and the mobile node MUST send Binding Update signal to the home agent address specified in the HA switch message. The HA switch message sent by the initiator HA and the following BU meesage sent by the MN MUST be protected by IPsec SA negotiated during IKE exchanges as defined in [RFC3776]. Li & Deng Expires January 12, 2006 [Page 10] Internet-Draft HA Initiated Bootstrap for MIPv6 July 2005 4.4 Home Address Configuration When the initiator HA and the failed HA are located separately with different network prefix, the Mobile Node served by the failed HA MUST be assigned with new home address during Bootstrap. Home Address configuration takes place in IKE_AUTH exchanges: Home Agent Mobile Node ---------- ----------- HDR, SK {IDi, [CERT,] [CERTREQ,] [IDr,] AUTH, CP(CFG_REPLY), SAi2, TSi, TSr} --> <-- HDR, SK {IDr, [CERT,] AUTH, SAr2, TSi, TSr} As depicted in above figure, an unsolicited CFG_REPLY with INTERNAL_IP6_ADDRESS is included in the IKE_AUTH message sent by Home Agent. Mobile Node should use the address specified in INTERNAL_IP6_ADDRESS attribute in CFG_REPLY payload as its new Home Address. Note that this unsolicited CFG_REPLY violates the specification in [I-D.ietf-ipsec-ikev2], but it is necessary in this solution. The Home Agent could use a similiar method as defined in [I-D.ietf- mip6-ikev2-ipsec] to allocate Home Address to Mobile Node. Home Address auto-configuration defined in [I-D.ietf-mip6- bootstrapping-split] may not applicable in this solution because no CFG_REQUEST payload appears in this procotol. Li & Deng Expires January 12, 2006 [Page 11] Internet-Draft HA Initiated Bootstrap for MIPv6 July 2005 5. Performance Considerations Home Agent may have many Mobile Nodes registered to it. When HA fails, all the MN that were served by the failed HA should re- register to other HAs. Without careful design, severe performance problem would occur due to multiple IKE negotiation taking place on HA simultaneously. An initiator Home Agent SHOULD control the number of IKE exchange simultaneously to prevent Denial of Service due to overloaded by cryptographic algorithm. An initiator Home Agent SHOULD also bring best effort to recover those MN that were served by the failed HA. Li & Deng Expires January 12, 2006 [Page 12] Internet-Draft HA Initiated Bootstrap for MIPv6 July 2005 6. IANA Considerations This document requires no action from IANA. Li & Deng Expires January 12, 2006 [Page 13] Internet-Draft HA Initiated Bootstrap for MIPv6 July 2005 7. Security Considerations This document describes a security mechanism used in a particular bootstrap scenario of Mobile IPv6. Please refer to [RFC3776] [I-D.ietf-mip6-bootstrapping-split] [I-D.ietf-mip6-ikev2-ipsec] for further security considerations Li & Deng Expires January 12, 2006 [Page 14] Internet-Draft HA Initiated Bootstrap for MIPv6 July 2005 8. References 8.1 Normative References [RFC0822] Crocker, D., "Standard for the format of ARPA Internet text messages", STD 11, RFC 822, August 1982. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC3753] Manner, J. and M. Kojo, "Mobility Related Terminology", RFC 3753, June 2004. [RFC3775] Johnson, D., Perkins, C., and J. Arkko, "Mobility Support in IPv6", RFC 3775, June 2004. [RFC3776] Arkko, J., Devarapalli, V., and F. Dupont, "Using IPsec to Protect Mobile IPv6 Signaling Between Mobile Nodes and Home Agents", RFC 3776, June 2004. 8.2 Informative References [I-D.deng-mip6-vrrp-homeagent-reliability] Deng, H., Duan, X., Li, Q., and R. Zhang, "Reliability and Load Balance among multiple Home Agents", draft-deng-mip6-vrrp-homeagent-reliability-00 (work in progress), July 2005. [I-D.devarapalli-mip6-nemo-local-haha] Devarapalli, V., "Local HA to HA protocol", draft-devarapalli-mip6-nemo-local-haha-00 (work in progress), July 2005. [I-D.haley-mip6-ha-switch] Haley, B., "Mobility Header Home Agent Switch Message", draft-haley-mip6-ha-switch-00 (work in progress), April 2005. [I-D.ietf-ipsec-ikev2] Kaufman, C., "Internet Key Exchange (IKEv2) Protocol", draft-ietf-ipsec-ikev2-17 (work in progress), October 2004. [I-D.ietf-mip6-bootstrap-ps] Patel, A., "Problem Statement for bootstrapping Mobile IPv6", draft-ietf-mip6-bootstrap-ps-02 (work in progress), March 2005. Li & Deng Expires January 12, 2006 [Page 15] Internet-Draft HA Initiated Bootstrap for MIPv6 July 2005 [I-D.ietf-mip6-bootstrapping-split] Giaretta, G., "Mobile IPv6 bootstrapping in split scenario", draft-ietf-mip6-bootstrapping-split-00 (work in progress), June 2005. [I-D.ietf-mip6-ikev2-ipsec] Devarapalli, V., "Mobile IPv6 Operation with IKEv2 and the revised IPsec Architecture", draft-ietf-mip6-ikev2-ipsec-01 (work in progress), February 2005. [I-D.jfaizan-mipv6-ha-reliability] Faizan, J., "Problem Statement: Home Agent Reliability", draft-jfaizan-mipv6-ha-reliability-01 (work in progress), February 2004. [I-D.jfaizan-mipv6-vhar] El-Rewini, H., Khalil, M., and J. Faizan, "Virtual Home Agent Reliability Protocol (VHAR)", draft-jfaizan-mipv6-vhar-02 (work in progress), April 2004. [I-D.wakikawa-mip6-nemo-haha-spec] Wakikawa, R., "Inter Home Agents Protocol Specification", draft-wakikawa-mip6-nemo-haha-spec-00 (work in progress), October 2004. Authors' Addresses Qin Li Beihang University No. 35 Xueyuan Road Haidian District Beijing 100083 China Email: liqin@cse.buaa.edu.cn Li & Deng Expires January 12, 2006 [Page 16] Internet-Draft HA Initiated Bootstrap for MIPv6 July 2005 Hui Deng Hitachi Beijing Fortune Bldg. 1701 5 Dong San Huan Bei-Lu Chao Yang District Beijing 100004 China Email: hdeng@hitachi.cn Li & Deng Expires January 12, 2006 [Page 17] Internet-Draft HA Initiated Bootstrap for MIPv6 July 2005 Intellectual Property Statement The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Disclaimer of Validity This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Copyright Statement Copyright (C) The Internet Society (2005). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. Acknowledgment Funding for the RFC Editor function is currently provided by the Internet Society. Li & Deng Expires January 12, 2006 [Page 18]