Network Working Group X. Qin Internet-Draft C. Wan Expires: November 2, 2006 Huawei Nanjing China May 2006 Bootstrapping of mobile entity with an ipv6 home address roaming into the ipv4 network draft-qin-mip6-dsbootstrapping-00 Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on November 2, 2006. Copyright Notice Copyright (C) The Internet Society (2006). Abstract DSMIPv6 [V4TRAVERSAL] defines how the dual-stack mobile node roams in the IPv4 network. It assumes that home agent and mobile node support mipv4 and mipv6 protocol, and home agent could assign an IPv4 address for the mobile node. This assumption works during many scenarios. However, as the IPv4 address is a scarce resource in many countries, the mobile IPv6 home agent does not own Ipv4 address pools, not support IPv4 protocol and mobile IP4 protocol. In such scenario, a Qin & Wan Expires November 2, 2006 [Page 1] Internet-Draft MIPv6 Bootstrapping in ipv4 network May 2006 temporary ipv4 home address is more useful. [Routing] Focuses on the solution to such scenario. In this solution, mobile nodes get temporary IPv4 home addresses from the foreign home agent . The scenarios and solutions defined in [Routing] are the preliminary of this document. This document describes the bootstrapping of the dual-stack MIPv6-homed mobile entity in Mobile IPv4 network. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. Assumption . . . . . . . . . . . . . . . . . . . . . . . . . . 5 4. Protocol Overview . . . . . . . . . . . . . . . . . . . . . . 6 4.1. Integrated ASP Scenario . . . . . . . . . . . . . . . . . 7 4.1.1. Co-located Mobile Node . . . . . . . . . . . . . . . . 7 4.1.2. Registration through a Foreign Agent . . . . . . . . . 8 4.2. Mobile Service Subscription Scenario . . . . . . . . . . . 9 4.2.1. Co-located Mobile Node . . . . . . . . . . . . . . . . 10 4.2.2. Registration through a Foreign Agent . . . . . . . . . 11 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 6. Security Considerations . . . . . . . . . . . . . . . . . . . 14 7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 15 7.1. Normative References . . . . . . . . . . . . . . . . . . . 15 7.2. Informative References . . . . . . . . . . . . . . . . . . 15 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 16 Intellectual Property and Copyright Statements . . . . . . . . . . 17 Qin & Wan Expires November 2, 2006 [Page 2] Internet-Draft MIPv6 Bootstrapping in ipv4 network May 2006 1. Introduction The solution defined in [Routing] requires the MIPv6-homed dual stack mobile node to have knowledge of its IPv6 home address, the temporary Ipv4 home address, the home agent address, the foreign home agent address and security parameters. The mechanism via which the mobile node obtains these information is called dual stack bootstrapping. In order to allow a flexible deployment model for mobile IPv6 protocol traversing over mobile IPv4 protocol, it is desirable to define a bootstrapping mechanism for the mobile node to acquire these parameters dynamically. [INTEGRATEDV6] and [SPLITV6] described several scenarios and methods on Mobile IPv6 bootstrapping in detail. As an protocol extension, this document depicts the scheme to facilitate dual stack bootstrapping via the AAA structure. Qin & Wan Expires November 2, 2006 [Page 3] Internet-Draft MIPv6 Bootstrapping in ipv4 network May 2006 2. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 RFC 2119 [STANDARDS]. Foreign Home Agent Foreign Home Agent is a function entity that can provide temporary ipv4 address for the mobile entity. THOAv4 Temporary ipv4 Home Address Dual-Stack ASP Access Service Provider that provides Mobile IPv6 and Mobile IPv4 service. The ASP could assign an IPv4 address for the mobile node. Mobile Service Provider (MSP) A service provider that provides Mobile IPv6 service. In order to obtain such service, the mobile node must be authenticated and prove authorization to obtain the service. Mobile Node (MN) The mobile node is defined in mobile IPv6 or mobile IPv4 protocol. Home AAA server (AAAH) The AAAH is a AAA server that operates in the home network. The home network is the network that holds the user record. Foreign AAA server (AAAF) The AAAF resides in the same domain that hosts the foreign agent in the foreign IPv4 network. Other Broker AAA "proxy servers" may exist between the AAAF and the AAAH. The role of these "proxy servers" is not germane to this document and will not be discussed henceforth. Qin & Wan Expires November 2, 2006 [Page 4] Internet-Draft MIPv6 Bootstrapping in ipv4 network May 2006 3. Assumption This document is to introduce the solution to bootstrap the MIPv6- homed mobile node roamed in foreign mobile IPv4 network. The following are two basic assumptions: o One typical way of verifying the trust relationship is using authentication, authorization, and accounting (AAA) infrastructure. In real deployments, there must be an AAA server which provides enough information to bootstrap the Dual-Stack mobile node in dual stack access service provider. The server shall assign dynamically the foreign home agent(FHA) to a distinct user according to its location and the subscription with the access service provider and mobile service provider. And the mobile node must be configured with an identity and credentials, for instance an NAI and a shared secret by some out-of-band means (i.e. Manual configuration) before bootstrapping. o Like the scenario mentioned in [Routing], this draft believes that some of mobile IPv6 home agents have no IPv4 addresses assigned to the dual stack mobile nodes. So, mobile IPv4 access service provider provides foreign home agents to support the mobility management of the dual stack IPv6-homed mobile node. Qin & Wan Expires November 2, 2006 [Page 5] Internet-Draft MIPv6 Bootstrapping in ipv4 network May 2006 4. Protocol Overview Mobile IPv4 working group has developed extensions for the registration process to allow the MN and mobility agents to request assistance from the AAA server in authentication [MIP4CHAL] and creation of the key material [MIPKEYS]. [MIP4RD] provide an overview of how a mobility agent and a RADIUS server can interact during a mobile node registration process, to perform registration, authentication and key distribution. This document depends on the description presented in these drafts. Thus, only this document aims to present the distinct part. As we know, mobility service and network access service can be separate and may be authorized by different entities. As the MSP and ASP are the same entity, the scenario is Integrated ASP scenario; As the MSP is different with the ASP, the scenario is called Mobile Service Subscription Scenario. The taxonomy is similar to [BOOT-PS]. Figure 1 describes the scheme figure of AAA design for integrated ASP scenario. Figure 4 describes the scheme figure of AAA design for Mobile Service Subscription Scenario. When the dual stack mobile node roams in mobile IPv4 network, the mobile node is bootstrapped from mobile IPv4 protocol. Depending on the type of Care-of Address and the mobility agents used during Mobile IPv4 registration there are two possible cases to consider: 1- When the MN acquires a co-located CoA (CCoA), it registers directly with the FHA without the interaction of a Mobile IP foreign agent. 2-a) When the MN acquires a CoA from a Mobile IP foreign agent (FA) on the foreign network, the MN must register through the FA and use the FA based CoA for Mobile IP registration. The FA forwards the registration to the FHA for processing. b) When the MN acquires a CCoA but the FA requires the MN to register via the FA (R-bit set in Agent Advertisement), the MN must send the registration request to the FA. The FA forwards the registration messages to/from the FHA. The two cases are similar to the cases defined in [MIP4RD]. Only difference is that the mobile IPv4 registration messages are sent to/ from the FHA. In mobile IPv4 network, FHA is the "home agent" of the mobile node. The FA or mobile node considers FHA as mobile node's HA. An IPv4 tunnel is built between mobile node and FHA. When the mobile node sends IPv6 packets to its home agent or correspondent node, the IPv6 packets are encapsulated in the IPv4 tunnel. When the mobile node receives IPv6 packets, the IPv6 packets are encapsulated in the IPv4 tunnel. The home agent and correspondent node do not Qin & Wan Expires November 2, 2006 [Page 6] Internet-Draft MIPv6 Bootstrapping in ipv4 network May 2006 know that the mobile node is in the mobile IPv4 network. 4.1. Integrated ASP Scenario In the integrated ASP scenario dual stack bootstrapping is provided as part of the network access authentication procedure. Figure 1 shows the participating entity. -------ASP------->|<--Home MSP-- +--------------------->+------+ | +---->| AAAH | | | +------+ | | ^ | | | v v v +----+ +--------+ +-------+ +------+ | MN |<------->| NAS/FA |<-------->| FHA | | HA | +----+ +--------+ +-------+ +------+ ^ ^ |_________________________________________________| Figure 1: Integrated ASP scenario as shown above, the MN attaches to a Access Service Provider's network. During this network attachment procedure, the NAS/AAA client interacts with the mobile node. As shown in Figure 1, the authentication and authorization happens via an AAA infrastructure. In the integrated ASP scenario, the ASP and MSP are the same entity, the NAS, FHA and HA send the access request/ response to/from the same AAAH. The bootstrapping information could be provided by the AAAH. 4.1.1. Co-located Mobile Node In the case where the MN acquires a co-located CoA (CCoA), the MN registers its CCoA with the FHA directly. Figure 2shows the procedure of dual stack bootstrapping. The FHA supports both IPv6 and MIPv4. At the network access authentication phase, NAS and AAAH should assign the proper Foreign Home Agent and the co-located address to the mobile node. The FHA assignment and co-located address extensions could be appended to authentication response message in step 3. In step 4,5,6, the Mobile node creates a registration request (RRQ), and sends to the FHA. At this moment, the mobile node does not own IPv6 HoA, IPv6 CoA and THOAv4. The temporary IPv4 home address packed in RRQ is not available, the procedure of getting the temporary IPv4 home address is depicted in Qin & Wan Expires November 2, 2006 [Page 7] Internet-Draft MIPv6 Bootstrapping in ipv4 network May 2006 [RFC2794]. After the mobile node is authenticated by the FHA and AAAH, the IPv6 HoA, HA assignment, temporary IPv4 home address and IPv6 care-of address should be appended in mobile IPv4 registration reply(RRP). Finally, the mobile node obtains the mobility in mobile IPv4 network and the bootstrapping parameters for mobile IPv6 protocol. MN NAS FHA AAAH HA |1.Access Req| | | | --------->| | | | | 2.Access Request | | | | ------------------------> | | | | Access Accept | | | 3. | <-------------------------| | |Access Rep. | | | | <--------- | | | | | | | | | 4.Reg Req. | | | | ------------------->| | | | | 5.Access Request| | | | --------------> | | | | Access Accept | | | |<----------------| | | 6.Reg Rep. | | | | <------------------- | BU | | | ------------------------------------------------->| | |Access-Req | | | --------->| | |Access-resp| | |<--------- | | BA | | | <------------------------------------------------ | Figure 2: Co-located Mobile Node Bootstrapping In Integrated ASP Scenario 4.1.2. Registration through a Foreign Agent When the MN uses FA based CoA or CcoA with R-bit set, it needs to send its registration request to the FA. The registration procedure is defined in [RFC3344]. Moreover, some extensions should be supported by FA, FHA and AAAH for the requirement from dual stack bootstrapping, such as, HA assignment,IPv6 HoA, IPv6 CoA and THOAv4. The Figure 3 shows the procedure of dual stack bootstrapping when the mobile node obtains the foreign-based CoA or CcoA withe R-bit set. Qin & Wan Expires November 2, 2006 [Page 8] Internet-Draft MIPv6 Bootstrapping in ipv4 network May 2006 MN NAS/FA FHA AAAH HA |1.Access Req| | | | --------->| | | | | 2.Access Request | | | | ------------------------> | | | | Access Accept | | | 3. | <-------------------------| | |Access Rep. | | | | <--------- | | | | | | | | | 4.Reg Req.| Relay | | | | --------->|-------->| | | | | | 5.Access Req | | | | | --------------> | | | | | Access Rep | | | | |<----------------| | | 6.Reg Rep | | | | <----------|<------- | BU | | | ------------------------------------------------->| | |Access-Req | | | --------->| | |Access-resp| | |<--------- | | BA | | | <------------------------------------------------ | Figure 3: Foreign-based CoA case Mobile Node Bootstrapping In Integrated ASP Scenario 4.2. Mobile Service Subscription Scenario In this scenario, the assumption is the ASP and the home MSP are not the same entity. The MN has a subscription with the home MSP. The home MSP have an agreement with the FHA within the ASP, or the home MSP administrates the FHA and provides service as the mobile IPv4 Home Agent at the border between the mobile IPv4 network and mobile IPv6 network. Figure 4 shows the scheme of the scenario. Qin & Wan Expires November 2, 2006 [Page 9] Internet-Draft MIPv6 Bootstrapping in ipv4 network May 2006 -------ASP------->|<--Home MSP-- +------+ +------+ | AAAF | +-------->| AAAH | +------+ | +------+ ^ | ^ | | | | | | v v v +----+ +--------+ +-------+ +------+ | MN |<------->| NAS/FA |<----->| FHA |<-->| HA | +----+ +--------+ +-------+ +------+ ^ ^ |______________________________________________| Figure 4: Mobile Service Subscription Scenario 4.2.1. Co-located Mobile Node This section is greatly similar to Section 4.1.1. Only difference is the mobile node should have the trust relationship with the AAAF in ASP. The authentication messages are sent to/from AAAF at NAS. The co-located address and the FHA FQDN or address are assigned by AAAF. However, the FHA sends the authentication messages to/from AAAH. The IPv6 HoA, temporary IPv4 home address, IPv6 CoA and the IPv6 Home Agent address are provided by the AAAH server. Qin & Wan Expires November 2, 2006 [Page 10] Internet-Draft MIPv6 Bootstrapping in ipv4 network May 2006 AAAH/ MN NAS FHA AAAF HA |1.Access Req| | | | --------->| | | | | 2.Access Request | | | | ------------------------> | | | | Access Accept | | | 3. | <-------------------------| | |Access Rep. | | | | <--------- | | | | | | | | | 4.Reg Req. | | | | ------------------->| | | | | 5.Access Request| | | | --------------> | | | | Access Accept | | | |<----------------| | | 6.Reg Rep. | | | | <------------------- | BU | | | ------------------------------------------------->| | |Access-Req | | | --------->| | |Access-resp| | |<--------- | | BA | | | <------------------------------------------------ | Figure 5: Co-located Mobile Node Bootstrapping in Mobile Service Subscription scenario 4.2.2. Registration through a Foreign Agent This section is greatly similar to Section 4.1.2. Only difference is the mobile node should have the trust relationship with the AAAF in ASP. The authentication messages are sent to/from AAAF at NAS. The care-of address and the FHA FQDN or address are assigned by AAAF. However, the FHA sends the authentication messages to/from AAAH. The IPv6 HoA, temporary IPv4 home address, IPv6 CoA and the IPv6 Home Agent address are provided by the AAAH server. Qin & Wan Expires November 2, 2006 [Page 11] Internet-Draft MIPv6 Bootstrapping in ipv4 network May 2006 AAAH/ MN NAS/FA FHA AAAF HA |1.Access Req| | | | --------->| | | | | 2.Access Request | | | | ------------------------> | | | | Access Accept | | | 3. | <-------------------------| | |Access Rep. | | | | <--------- | | | | | | | | | 4.Reg Req.| Relay | | | | --------->|-------->| | | | | | 5.Access Req | | | | | --------------> | | | | | Access Rep | | | | |<----------------| | | 6.Reg Rep | | | | <----------|<------- | BU | | | ------------------------------------------------->| | |Access-Req | | | --------->| | |Access-resp| | |<--------- | | BA | | | <------------------------------------------------ | Figure 6: Foreign-based CoA Case Mobile Node Bootstrapping In Mobile Service Subscription Scenario Qin & Wan Expires November 2, 2006 [Page 12] Internet-Draft MIPv6 Bootstrapping in ipv4 network May 2006 5. IANA Considerations No consideration. Qin & Wan Expires November 2, 2006 [Page 13] Internet-Draft MIPv6 Bootstrapping in ipv4 network May 2006 6. Security Considerations [MIPKEYS]can be used to create Mobility Security Associations between the MN and FHA. Qin & Wan Expires November 2, 2006 [Page 14] Internet-Draft MIPv6 Bootstrapping in ipv4 network May 2006 7. References 7.1. Normative References [MIPKEYS] IETF, "AAA Registration Keys for Mobile IP", RFC 3957, March 2005. [RFC2794] "Mobile IP Network Access Identifier Extension for IPv4", RFC 2794, March 2000. [RFC3344] "IP Mobility Support for IPv4", RFC 3344, August 2002. [STANDARDS] "Key words for use in RFCs to Indicate Requirement Levels", RFC 2119, October 1997, . 7.2. Informative References [BOOT-PS] "Problem Statement for bootstrapping Mobile IPv6", January 2006. [INTEGRATEDV6] "MIP6-bootstrapping via DHCPv6 for the Integrated Scenario", June 2006. [MIP4CHAL] "Mobile IPv4 Challenge/Response Extensions (revised)", January 2006. [MIP4RD] "RADIUS Mobile IPv4 extensions", July 2005. [Routing] Wan, "Route management of mobile entity with an ipv6 home address roaming into the ipv4 network", 2006. [SPLITV6] "Mobile IPv6 bootstrapping in split scenario", March 2006. [V4TRAVERSAL] "Dual Stack Mobile IPv6 (DSMIPv6)", March 2006. Qin & Wan Expires November 2, 2006 [Page 15] Internet-Draft MIPv6 Bootstrapping in ipv4 network May 2006 Authors' Addresses Xia Qin Huawei Nanjing China Email: Alice.Q@huawei.com Changsheng Wan Huawei Nanjing China Email: wanchangsheng@huawei.com Qin & Wan Expires November 2, 2006 [Page 16] Internet-Draft MIPv6 Bootstrapping in ipv4 network May 2006 Intellectual Property Statement The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Disclaimer of Validity This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Copyright Statement Copyright (C) The Internet Society (2006). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. Acknowledgment Funding for the RFC Editor function is currently provided by the Internet Society. Qin & Wan Expires November 2, 2006 [Page 17]