Network Working Group B. Sarikaya Internet-Draft F. Xia Intended status: Standards Track Huawei USA Expires: January 2, 2010 July 1, 2009 Local Mobility Anchor Based Prefix Management for PMIPv6 Using DHCPv6PD draft-sarikaya-netext-prefix-delegation-00.txt Status of this Memo This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79. This document may contain material from IETF Documents or IETF Contributions published or made publicly available before November 10, 2008. The person(s) controlling the copyright in some of this material may not have granted the IETF Trust the right to allow modifications of such material outside the IETF Standards Process. Without obtaining an adequate license from the person(s) controlling the copyright in such materials, this document may not be modified outside the IETF Standards Process, and derivative works of it may not be created outside the IETF Standards Process, except to format it for publication as an RFC or to translate it into languages other than English. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on January 2, 2010. Copyright Notice Copyright (c) 2009 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Sarikaya & Xia Expires January 2, 2010 [Page 1] Internet-Draft Prefix Delegation July 2009 Provisions Relating to IETF Documents in effect on the date of publication of this document (http://trustee.ietf.org/license-info). Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Sarikaya & Xia Expires January 2, 2010 [Page 2] Internet-Draft Prefix Delegation July 2009 Abstract In Proxy Mobile IPv6, prefixes can only be assigned to one interface of a mobile node by the local mobility anchor (LMA) and different mobile nodes can not share these home network prefixes. Managing per-MN's interface home network prefixes is likely to increase the processing load at the LMA. Based on the idea that Dynamic Host Configuration Protocol for IPv6 (DHCPv6) servers can manage prefixes, we propose a new technique in which LMA offloads delegation and release tasks of the prefixes to the DHCPv6 server. LMA requests prefixes for an incoming mobile node to the DHCPv6 server. Based on these prefixes, the mobile node can create home addresses for its interface. When the mobile node leaves the network, the prefixes are returned to the DHCPv6 server. Authentication, Authorization and Accounting (AAA) servers can also play a role in prefix authorization. Sarikaya & Xia Expires January 2, 2010 [Page 3] Internet-Draft Prefix Delegation July 2009 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 3. PMIPv6 Home Network Prefix Delegation . . . . . . . . . . . . 5 4. Mobile Node Handover . . . . . . . . . . . . . . . . . . . . . 8 5. Configuration of DHCP Servers . . . . . . . . . . . . . . . . 9 6. AAA Servers in Home Network Prefix Delegation . . . . . . . . 10 7. Prefix Release Procedure . . . . . . . . . . . . . . . . . . . 11 8. Miscellaneous Considerations . . . . . . . . . . . . . . . . . 12 9. Security Considerations . . . . . . . . . . . . . . . . . . . 12 10. IANA considerations . . . . . . . . . . . . . . . . . . . . . 12 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 12 12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 13 12.1. Normative References . . . . . . . . . . . . . . . . . . 13 12.2. Informative References . . . . . . . . . . . . . . . . . 14 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 14 Sarikaya & Xia Expires January 2, 2010 [Page 4] Internet-Draft Prefix Delegation July 2009 1. Introduction Proxy Mobile IPv6 (PMIPv6) provides network-based mobility solution to the mobile nodes (MN). MN configures its interface with an address from the home network prefix (HNP) topologically anchored at MN's local mobility anchor (LMA). PMIPv6 adopted per-MN's interface prefix model where a prefix is only assigned to one interface of MN. Different interfaces of the same MN and other MNs can not share a prefix, and multiple prefixes must be assigned to an interface. The same applies to Mobile IPv6 where due to multi-link subnet issues per-MN's interface prefixes must be used in assigning home link prefixes. However, in per interface prefix model, prefix management is an issue that is addressed in this document for PMIPv6. MIPv6 prefix management is not addressed in this document. When an MN enters the network, its LMA requests prefixes for the MN's interface. The prefixes should be released when MN leaves the network. When an operator wants to renumber its network [RFC4192], the prefixes with different lifetime are advertised to the MN. Identity Association for Prefix Delegation (IA_PD) Option enables DHCP messages to carry IPv6 prefixes. The procedure for prefix delegation with DHCP which is independent of address assignment with DHCP has been defined in [RFC3633]. Therefore DHCPv6 provides a way to manage the prefixes. In this document we propose DHCPv6 based home network prefix allocation to PMIPv6 MNs. Section 3 describes PMIPv6 home network prefix allocation, Section 6 describes PMIPv6 home network prefix allocation with the help of AAA servers, Section 7 describes how prefixes are released and Section 8 presents miscellaneous considerations that apply. 2. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119]. This document uses the terminology defined in [RFC3315], [RFC3633]. All MIPv6 related terms are defined in [RFC3775] and PMIPv6 related terms are defined in [RFC5213]. 3. PMIPv6 Home Network Prefix Delegation We first describe HNP allocation without policy profile/ store Sarikaya & Xia Expires January 2, 2010 [Page 5] Internet-Draft Prefix Delegation July 2009 (defined in [RFC5213]) followed by policy store based HNP allocation using DHCPv6. MN MAG LMA DHCPS |------>| | | 1. RtSol | |------->| | 2. PBU (HNP=0) | | |------->| 3. DHCP Solicit | | |<-------| 4. DHCP Advertise | | |------->| 5. DHCP Request (HNP) | | |<-------| 6. DHCP Reply (HNP) | |<-------| | 7. PBA (HNP) |<------| | | 8. RA(HNP) |------>| | | 9. DAD NS Figure 1: Prefix request procedure 1 Figure 1 illustrates the scenario where MN's interface is assigned home network prefixes without a policy store. In this scenario, LMA has a DHCP Client and DHCP Server is connected directly. DHCPv6 messages need to be relayed using DHCPv6 relay function in the LMA if the LMA and DHCPv6 server are not connected directly. 1. An MN solicits a router advertisement (RtSol) for stateless address configuration. 2. Mobile Access Gateway (MAG) sends Proxy Binding Update (PBU) message to LMA and with HNP set to zero. 3. LMA as the requesting router initiates DHCP Solicit procedure to request prefixes for the MN. LMA creates and transmits a Solicit message as described in sections 17.1.1, "Creation of Solicit Messages" and 17.1.2, "Transmission of Solicit Messages" of RFC 3315. LMA creates an IA_PD and assigns it an IAID. LMA MUST include the IA_PD option in the Solicit message. 4. The DHCP server as the delegating router sends an Advertise message to LMA in the same way as described in section 17.2.2, "Creation and transmission of Advertise messages" of RFC 3315. 5. LMA uses the same message exchanges as described in section 18, "DHCP Client-Initiated Configuration Exchange" of RFC 3315 to obtain or update prefixes from a DHCP server. LMA and the DHCP server use the IA_PD Prefix option to exchange information about prefixes in much the same way as IA Address options are used for assigned addresses. 6. LMA stores the prefix information it received in the Reply message. 7. LMA replies PBU with Proxy Binding Acknowledgement (PBA) and sets MN's prefixes to HNP fields of PBA. 8. MAG advertises prefixes to MN with Router Advertisement (RA) for stateless address configuration. Sarikaya & Xia Expires January 2, 2010 [Page 6] Internet-Draft Prefix Delegation July 2009 9. The MN starts verifying address uniqueness by sending a Duplicate Address Detection (DAD) Neighbor Solicitation (NS) message. Policy store based home network prefix allocation using DHCPv6 can be done as shown in Figure 2. Policy store contains parameters such as the mobile node's home network prefix, permitted address configuration modes, roaming policy related and other parameters. MN MAG LMA AAA |-------|--------|-----------------| 1. Network entry | |<-------|---------------->| 2. IKEv2 SA Establishment | |------->| | 3. IKEv2 CFG_REQUEST | |--------|-----------------| 4. IKEv2 EAP Authentication | | DHCPS | | |------->| | 5. DHCP Solicit | | |<-------| | 6. DHCP Advertise | | |------->| | 7. DHCP Request (HNP) | | |<-------| | 8. DHCP Reply (HNP) | |<-------|<-------|--------| 9. IKEv2/EAP Success |<------| | | | 10. RA (HNP) |------>| | | | 11. DAD NS | |------->| | | 12. PBU (HNP) | |<-------| | | 13. PBA | | | | | Figure 2: Prefix request procedure 2 1. An MN boots up in the network. DHCP Server in Figure 2 is not involved in the network entry procedures. 2. The MAG starts IKEv2 procedures to establish a security association with the LMA [I-D.ietf-dime-mip6-split]. 3. MAG requests prefixes for MN's interface using CFG_REQUEST payload in the IKE_AUTH message. MIP6_HOME_PREFIX attributes are used to request prefixes [RFC5026]. 4. MAG and LMA authenticate each other using EAP. At this moment LMA is ready to assign prefixes using DHCP PD. 5. Step 3 in Figure 1. 6. Step 4 in Figure 1. 7. Step 5 in Figure 1. 8. Step 6 in Figure 1. 9. EAP success is indicated by AAA server to LMA and LMA sends IKEv2 message (IKE_AUTH and CFG_REPLY) with MN's profile containing MN's prefixes to MAG in MIP6_HOME_PREFIX attributes. Successful network entry terminates and MAG gets HNP. 10. MAG advertises prefixes to MN with RA for stateless address configuration. Sarikaya & Xia Expires January 2, 2010 [Page 7] Internet-Draft Prefix Delegation July 2009 11. The MN starts verifying address uniqueness by sending a DAD NS. 12. MAG sends PBU with HNP assigned. 13. LMA replies with PBA and establishes MAG-LMA tunnel. LMA MAY update MN's policy profile with the new prefixes by interacting with AAA server. If stateful address configuration is used in PMIPv6 links, prefix allocation using DHCPv6 can be done as shown in Figure 3. Here it is assumed that MAG and LMA already established a security association. MN MAG LMA AAA |-------|--------|-----------------|1. Network entry |<------|<-------|---------------->|2. EAP Access Authentication | |<-------|-----------------|3. EAP Success + Profile | |------->| |4. PBU (HNP=0) | | DHCPS | | |------->| |5. DHCP Solicit | | |<-------| |6. DHCP Advertise | | |------->| |7. DHCP Request (HNP) | | |<-------| |8. DHCP Reply (HNP) | |<-------| | |9. PBA (HNP) |<------|<-------|<-------|--------|10. Profile Complete |------>| | | |11. DHCP Request |<------| | | |12. DHCP Reply Figure 3: Prefix request procedure 3 In Steps 1-3, MN does network entry and MAG receives the authorization profile from AAA server after successful EAP exchanges. In Step 4, MAG sends a PBU with HNP field set to zero. In Steps 5-8, LMA assigns HNPs using DHCPv6. LMA replies with PBA and sets its HNP parameters in Step 9. IN Step 10, EAP authentication and profile acquisition is completed. In Step 11, MN requests an address from the local DHCP proxy/ server colocated in MAG. DHCP Proxy assigns MN-HoA from this prefix and sends it to MN in DHCP Reply in Step 12. 4-way exchange between LMA as requesting router (RR) and DHCP server as delegating router (DR) in the scenarios above MAY be reduced into a two message exchange using the Rapid Commit option [RFC3315]. LMA includes a Rapid Commit option in the Solicit message. DR then sends a Reply message containing one or more prefixes. 4. Mobile Node Handover When mobile node moves under a new MAG, the new MAG sends a proxy binding update to LMA. In the PBU, MAG sets the home network prefix Sarikaya & Xia Expires January 2, 2010 [Page 8] Internet-Draft Prefix Delegation July 2009 option to the prefix MN was assigned in the previous MAG. Several such HNPs may be included. The new MAG MAY receive the prefix values by some other means such as the context transfer. MAG also sets the handoff indicator field to a value of 3 (Handoff between mobile access gateways for the same interface). LMA then starts prefix renewal procedure as shown in Figure 4. MN MAG LMA DHCPS |------>| | | 1. RtSol | |------->| | 2. PBU (HNP) | | |------->| 3. DHCP Solicit | | |<-------| 4. DHCP Advertise | | |------->| 5. DHCP Renew (HNP) | | |<-------| 6. DHCP Reply (HNP) | |<-------| | 7. PBA (HNP) |<------| | | 8. RA(HNP) |------>| | | 9. DAD NS Figure 4: Prefix renewal after handover 1. An MN solicits a router advertisement (RtSol) for stateless address configuration. 2. Mobile Access Gateway (MAG) sends Proxy Binding Update (PBU) message to LMA and with HNPs set to MN's HNPs from previous MAG and with HI set to the value of 3. 3. LMA as the requesting router initiates DHCP Solicit procedure to request prefixes for the MN. LMA creates and transmits a Solicit message as described in sections 17.1.1, "Creation of Solicit Messages" and 17.1.2, "Transmission of Solicit Messages" of RFC 3315. Using Prefix Table described in Section 8, LMA finds the IA_ID that was assigned to this MN. LMA MUST include the IA_PD option with this IA_ID in the Solicit message. 4. The DHCP server as the delegating router sends an Advertise message to LMA in the same way as described in section 17.2.2, "Creation and transmission of Advertise messages" of RFC 3315. 5. LMA send Renew message of RFC 3315 to renew the prefixes from a DHCP server as the requesting router. The delegating router responds by returning the prefixes with updated lifetimes to LMA. 6. LMA stores the prefix information it received in the Reply message. 7. Step 7 in Figure 1. 8. Step 8 in Figure 1. 9. Step 9 in Figure 1. 5. Configuration of DHCP Servers LMA and the DHCP server communicate over a DHCP Relay Agent if a link Sarikaya & Xia Expires January 2, 2010 [Page 9] Internet-Draft Prefix Delegation July 2009 local DHCP server is not available. If a link local DHCP Relay Agent is not available LMA MUST act as DHCP Relay Agent. This requires DHCP Client and DHCP Relay to be colocated at LMA [I-D.ietf-mext-nemo-pd]. In the PMIP domain the DHCP server which can be contacted by a LMA for prefix delegation can be discovered using DHCPv6 procedures. The LMA SHOULD use its global address in the Client-Initiated Configuration Exchange. 6. AAA Servers in Home Network Prefix Delegation Currently, there is no protocol defined for AAA-based prefix authorization. [RFC4818] defines a RADIUS attribute called Delegated-IPv6-Prefix that carries IPv6 prefixes to be delegated. This attribute is usable within either RADIUS or Diameter. [RFC4818] recommends the delegating router to use AAA server to receive the prefixes to be delegated using Delegated-IPv6-Prefix attribute/AVP. Delegating router for PMIPv6 can use AAA server in two ways: Either it can receive a pool of prefixes from the AAA server initially by way of Delegated-IPv6-Prefix attribute and then delegate prefixes on demand using the scenarios described in Section 3 or it can get the prefixes from the AAA server for each MN's interface separately by way of AAA prefix authorization. Prefix pool approach is shown in Figure 5. Once a pool of prefixes are obtained using Steps 1 & 2 these prefixes can be delegated to MNs as they enter the network. Steps 3 to 6 are executed for each MN entering the network as described in Figure 1. MN MAG LMA DHCPS AAA | | | |------->| 1. AA-Request | | | |<-------| 2. AA-Answer (Prefix pool) |------>| | | | 3. RtSol | |------->| | | 4. PBU (HNP=0) | | |========| | DHCP PD Start | | | | | | | |========| | DHCP PD End | |<-------| | | 5. PBA (HNP) |<------| | | | 6. RA(HNP) |------>| | | | 7. DAD NS Figure 5: AAA-involved Prefix request procedure Sarikaya & Xia Expires January 2, 2010 [Page 10] Internet-Draft Prefix Delegation July 2009 1. DHCP Server as Diameter/Radius client sends AA-Request/Access Request message to AAA server. Delegated-IPv6-Prefix attribute MAY appear in the request messages. 2. Diameter/Radius server sends AA-Answer/Access Accept message with prefix information to the DHCP Server. The Delegated-IPv6-Prefix attribute included in the request message serves as a hint by the DHCP Server to the Diameter server that it would prefer a prefix, for example, a /48 prefix. The Diameter server MAY delegate a /64 prefix which is an extension of the /48 prefix in an AA- Request message containing Delegated-IPv6-Prefix attribute. The attribute MUST appear multiple times when Diameter/Radius server to delegate multiple prefixes in a pool of prefixes. 3. MN solicits a router advertisement. 4. MAG sends PBU to LMA and sets HNP to zero. LMA starts DHCPv6 prefix delegation exchanges with DHCP server as shown above. 5. Step 7 in Figure 1. 6. Step 8 in Figure 1. 7. Step 9 in Figure 1. 7. Prefix Release Procedure MN MAG LMA DHCPS |------>| | | 1. Network exit/deregistration | |------->| | 2. PBU (lifetime=0) | |<-------| | 3. PBA | | |------->| 4. DHCP Release (HNP) | | |<------ | 5. DHCP Reply | | | | Figure 6: PMIPv6 Prefix Release Prefixes can be released in two ways, prefix aging or DHCP release procedure. In the former way, a prefix SHOULD not be used by an MN when the prefix ages, and the DHCP Server can delegate it to another MN. A prefix lifetime is delivered from the DHCPv6 server to the requesting router (LMA) through DHCP IA_PD Prefix option [RFC3633] and RA Prefix Information option [RFC4861]. We describe PMIPv6 prefix release procedure. Figure 6 illustrates how LMA releases prefixes to an DHCP Server: 1. An MN detachment signaling, such as switch-off or handover, triggers prefix release procedure. 2. MAG sends PBU with lifetime set to zero. Sarikaya & Xia Expires January 2, 2010 [Page 11] Internet-Draft Prefix Delegation July 2009 3. LMA replies with PBA. 4. LMA initiates a Release message to give back the prefixes to the DHCP server. 5. The server responds with a Reply message, and then the prefixes can be reused by other MNs. If PMIPv6 and MIPv6 are being used by the same MN and HA also supports LMA functionality as described in [I-D.ietf-netlmm-mip-interactions] the same binding cache entry for the MN is sometimes modified by the MN or by a MAG. Because of this, at Step 4 in Figure 6, if the HA colocated with LMA receives a MIPv6 registration BU, LMA MUST not release the prefix(es). 8. Miscellaneous Considerations IAID is 4 bytes in length and should be unique in an LMA scope. Prefix table SHOULD be maintained. Prefix table contains IAID, MAC address and the prefix(es) assigned to MN. MAC address of the interface SHOULD be stored in the prefix table and this field is used as the key for searching the table. IAID SHOULD be set to Start_IAID, an integer of 4 octets. The following IAID generation algorithm is used: 1. Set this IAID value in IA_PD Prefix Option. Request prefix for this MN as in Figure 1 or Figure 2 or Figure 3. 2. Store IAID, MAC address and the prefix(es) received in the next entry of the prefix table. 3. Increment IAID. 9. Security Considerations This draft introduces no additional messages. Comparing to [RFC3633], [RFC2865] and [RFC3588] there is no additional threats to be introduced. DHCPv6, RADIUS and Diameter security procedures apply. 10. IANA considerations None. 11. Acknowledgements The authors are grateful to Bibi Blocksberg for his comments on an Sarikaya & Xia Expires January 2, 2010 [Page 12] Internet-Draft Prefix Delegation July 2009 earlier version of this document. 12. References 12.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson, "Remote Authentication Dial In User Service (RADIUS)", RFC 2865, June 2000. [RFC2866] Rigney, C., "RADIUS Accounting", RFC 2866, June 2000. [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., and M. Carney, "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", RFC 3315, July 2003. [RFC3576] Chiba, M., Dommety, G., Eklund, M., Mitton, D., and B. Aboba, "Dynamic Authorization Extensions to Remote Authentication Dial In User Service (RADIUS)", RFC 3576, July 2003. [RFC3588] Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J. Arkko, "Diameter Base Protocol", RFC 3588, September 2003. [RFC3633] Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic Host Configuration Protocol (DHCP) version 6", RFC 3633, December 2003. [RFC3775] Johnson, D., Perkins, C., and J. Arkko, "Mobility Support in IPv6", RFC 3775, June 2004. [RFC4818] Salowey, J. and R. Droms, "RADIUS Delegated-IPv6-Prefix Attribute", RFC 4818, April 2007. [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, September 2007. [RFC5026] Giaretta, G., Kempf, J., and V. Devarapalli, "Mobile IPv6 Bootstrapping in Split Scenario", RFC 5026, October 2007. [RFC5213] Gundavelli, S., Leung, K., Devarapalli, V., Chowdhury, K., and B. Patil, "Proxy Mobile IPv6", RFC 5213, August 2008. Sarikaya & Xia Expires January 2, 2010 [Page 13] Internet-Draft Prefix Delegation July 2009 12.2. Informative References [I-D.ietf-dime-mip6-split] Korhonen, J., Tschofenig, H., Bournelle, J., Giaretta, G., and M. Nakhjiri, "Diameter Mobile IPv6: Support for Home Agent to Diameter Server Interaction", draft-ietf-dime-mip6-split-17 (work in progress), April 2009. [I-D.ietf-mext-nemo-pd] Droms, R., Thubert, P., Dupont, F., and W. Haddad, "DHCPv6 Prefix Delegation for NEMO", draft-ietf-mext-nemo-pd-02 (work in progress), March 2009. [I-D.ietf-netlmm-mip-interactions] Giaretta, G., "Interactions between PMIPv6 and MIPv6: scenarios and related issues", draft-ietf-netlmm-mip-interactions-04 (work in progress), June 2009. [RFC4192] Baker, F., Lear, E., and R. Droms, "Procedures for Renumbering an IPv6 Network without a Flag Day", RFC 4192, September 2005. Authors' Addresses Behcet Sarikaya Huawei USA 1700 Alma Dr. Suite 500 Plano, TX 75075 Email: sarikaya@ieee.org Frank Xia Huawei USA 1700 Alma Dr. Suite 500 Plano, TX 75075 Phone: +1 972-509-5599 Email: xiayangsong@huawei.com Sarikaya & Xia Expires January 2, 2010 [Page 14]