INTERNET-DRAFT Zach D. Shelby VTT Electronics Dionisios Gatzounas Intracom Andrew Campbell Chieh-Yih Wan Columbia University November 2000 Cellular IPv6 Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet- Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Abstract This document updates Cellular IP [6] with IPv6 capability. This protocol will inter operate fully with Mobile IPv6 [1]. The original is improved with an alternative method for semi-soft handoff. Shelby, Gatzounas, Campbell, Wan [Page 1] INTERNET-DRAFT Cellular IPv6 November 2000 What's Changed The following changes have been made to the original protocol presented in : - Control messages use IPv6 extension headers for control information - The Authentication Header is used for all authentication [3] - IPv6 Stateless Auto configuration for obtaining care-of-address - Alternative indirect semi-soft handoff method added (section 4.1.2) In addition, the following minor changes have been made: - Added definitions for registration request and semi-soft handoffs - Mobile hosts are now identified by their IPv6 care-of-address (section 3.4) - Added active-state-timeout as parameter (section 3.1) - Further clarification of paging cache placement (section 2.1) - Misc. text corrections 1. Introduction Hosts connecting to the Internet via a wireless interface are likely to change their point of access frequently. A mechanism is required that ensures that packets addressed to moving hosts are successfully delivered with high probability. A change of access point during active data transmission or reception is called a handoff. During or immediately after a handoff, packet losses may occur due to the delayed propagation of new location information. These losses should be minimized in order to avoid a degradation of service quality as handoff become more frequent. This memo specifies Cellular IP for IPv6, a protocol that provides mobility and handoff support for frequently moving hosts. It is intended to be used on a local level, for instance in a campus or metropolitan area network. Cellular IP can inter work with Mobile IPv6 [1] to support wide area mobility, that is, mobility between Cellular IP Networks. Shelby, Gatzounas, Campbell, Wan [Page 2] INTERNET-DRAFT Cellular IPv6 November 2000 1.1. Applicability Cellular IP supports local mobility, that is, mobility inside an access network. To provide global mobility support, Mobile IPv6 [1] should be used in conjunction. It is designed to support frequently migrating, rarely moving or static hosts as well. It is assumed that a random access L2 protocol covers the air inter- face. Optional support for non-random access wireless interfaces to perform semi-soft handoff is described in 4.1.2. Throughout the draft the term Base Station is used exclusively. This also refers to the Access Point used in WLAN and WPAN networks. 1.2. New Architectural Entities Cellular IP Node A Cellular IP Network consists of interconnected Cellular IP nodes. The role of nodes is twofold. They route IP packets inside the Cellular IP Network and communicate with mobile hosts via a wireless interface. Referring to the latter role, a Cellular IP node that has a wireless interface is also called a Base Station. Cellular IP Base Station See Cellular IP node. Cellular IP Gateway A Cellular IP node that is connected to a regular IP network by at least one of its interfaces. Cellular IP Mobile Host A mobile host that implements the Cellular IP protocol. 1.3. Terminology Active Mobile Host A mobile host is in active state if it is transmitting or receiving IP packets. (Exact definition is given in Section 3.8.) Shelby, Gatzounas, Campbell, Wan [Page 3] INTERNET-DRAFT Cellular IPv6 November 2000 Cellular IP Network Identifier A unique identifier assigned to Cellular IP Networks. Control packet Paging-update, paging-teardown and route-update packet. Data packet An IP packet that is not a control packet. Downlink Directed to a mobile host. Downlink neighbor All neighbors of a Cellular IP node except its Uplink neighbor are referred to as Downlink neighbors. Idle Mobile Host A mobile host is in idle state if it has not recently transmitted or received IP packets. (Exact definition is given in Section 3.8.) Internet A Cellular IP Network provides access to a regular IP network. This IP network in this memo is referred to as "Internet", but it can also be a corporate intranet, for example. Neighbor One Cellular IP node is said to be the neighbor of another if they are connected directly. Neighbors are identified in a Cellular IP node by interface and MAC address. Paging Area A set of Base Stations. Idle mobile hosts crossing cell boundaries within a Paging Area do not need to transmit control packets to update their position. (Exact definition is given in Section 2.1.) Paging Cache A cache maintained by some Cellular IP nodes, used to route packets to mobile hosts. Paging-timeout Validity time of mappings in Paging Caches. Paging-update packet A control packet transmitted by Cellular IP mobile hosts in order to update Paging Cache. Shelby, Gatzounas, Campbell, Wan [Page 4] INTERNET-DRAFT Cellular IPv6 November 2000 Paging-update-time Time between consecutive paging-update packets. Paging-teardown packet A control packet transmitted by Cellular IP mobile hosts in order to explicitly disconnect from the Cellular IP Network. Registration request Type of control message used by a mobile host when it first communicates with the Cellular IP network. Route-timeout Validity time of mappings in Route Cache. Route-update packet A control packet transmitted by Cellular IP mobile hosts in order to update Route Cache. Route-update-time Time between consecutive route-update packets. Route Cache A cache maintained by all Cellular IP nodes, used to route packets to mobile hosts. Semi-soft handoff Handoff method where traffic bound to a mobile host is bi-cast to both the new and old BS simultaneously. Update packet Paging-update and route-update packet. Uplink Originated by a mobile host. Uplink neighbor The neighbor of a Cellular IP node which is the next hop on the shortest path towards the Gateway. 1.4. Protocol Overview The figure shown below presents a schematic view of multiple Cellular IP Networks providing access to the Internet. Shelby, Gatzounas, Campbell, Wan [Page 5] INTERNET-DRAFT Cellular IPv6 November 2000 .............................................. . . . Internet Backbone with Mobile IPv6 . . . .............................................. | | | +--+ +--+ +--+ |GW| |GW| |GW| +--+ +--+ +--+ | | | +-------------+ +--------------------+ +-------------+ | | | | | | | Cellular IP | | Cellular IP | | Cellular IP | | Network | | Network | | Network | | | | __ __ __ | | | +-------------+ +-|BS|---|BS|---|BS|-+ +-------------+ -- -- -- + ... + MH MH In what follows, we present an overview of the operation of Cellular IP, followed by a figure illustrating the functional entities that comprise Cellular IP. Base Stations periodically emit beacon signals. Mobile hosts use these beacon signals to locate the nearest Base Station. A mobile host can transmit a packet by relaying it to the nearest Base Sta- tion. By default all IP packets transmitted by a mobile host are routed from the Base Station to the Gateway by hop-by-hop shortest path routing, regardless of the destination address. Cellular IP nodes maintain a Route Cache. Packets transmitted by the mobile host create and update entries in each node's Cache. An entry maps the mobile host's IP address to the neighbor from which the packet arrived to the node. The chain of cached mappings referring to a single mobile host con- stitutes a reverse path for downlink packets addressed to the same mobile host. As the mobile host migrates, the chain of mappings always points to its current location because its uplink packets create new and change old mappings. IP packets addressed to a mobile host are routed by the chain of cached mappings associated with the said mobile host. Shelby, Gatzounas, Campbell, Wan [Page 6] INTERNET-DRAFT Cellular IPv6 November 2000 To prevent its mappings from timing out, a mobile host can periodi- cally transmit control packets. Control packets are IPv6 packets with Hop-by-Hop extension headers containing Cellular IP control information. Mobile hosts that are not actively transmitting data but want to be reachable for incoming packets, let their Route Cache mappings time out but maintain Paging Cache mappings. IP packets addressed to these mobile hosts will be routed by Paging Caches. Paging Caches have a longer timeout value than Route Caches and are not necessarily maintained in every node. +--------+ |host in | |Internet| +--------+ | Internet | -------------------------- +--------+ Cellular IP Network |Cell. IP| |Gateway | +--------+ | - : | : | :___________ Uplink neighbor A network of | | (=shortest path | +--------+ toward Gateway) Cellular IP | |Cellular| | |IP node | nodes | +--------+ | | ___________ Downlink neighbors | :/ (=all other - : neighbors) : | +--------+ uplink |Cellular| ^ |IP node | | +--------+ | air | | interface| V +--------+ downlink | Mobile | | host | +--------+ Shelby, Gatzounas, Campbell, Wan [Page 7] INTERNET-DRAFT Cellular IPv6 November 2000 1.5. Location Management and Routing Cellular IP uses two parallel cache systems to store the information related to the location of mobile hosts. The two systems basically operate in the same way. This section is intended to clarify why we use two distinct caches. When a mobile host is in active state, the network must follow its movement from Base Station to Base Station to be able to deliver packets without searching for the mobile host. As a consequence active mobile hosts must notify the network about each handoff. For idle mobile hosts exact location tracking is less important, instead minimizing communication to save battery is of higher priority. By deploying two caches, the granularity of location tracking can be different for idle and active mobile hosts. Separating the location tracking for idle and active mobile hosts also has a performance benefit. Supposing there is just one set of cache, for each downlink packet the entire cache must be searched to find the destination mobile host. It is expected, however, that only a portion of the hosts will be in active state at any given time and that most of the packets are destined for active mobile hosts. Thus by separating the caches for active and idle mobile hosts only a smaller cache needs to be searched for most of the packets. This results in faster lookups and better scalability [5]. 2. Cellular IP Functions 2.1. Location Management Cellular IP allows idle mobile hosts to roam large geographic areas without the need to transmit location update packets at cell borders. The network operator can group cells into Paging Areas, each compris- ing of an arbitrary number of (typically adjacent) cells. Each Pag- ing Area has an identifier that is unique in the given Cellular IP Network. Each Base Station transmits its Paging Area Identifier in its periodic beacon signals, thus enabling mobile hosts to notice when they move into a new Paging Area. An idle mobile host that moves into a new Paging Area must transmit a paging-update packet. Paging-update packets are routed from the Base Station to the Gateway using hop-by-hop routing. Selected nodes of the Cellular IP network are equipped with Paging Cache. These nodes monitor passing paging-update packets and update Paging Cache Shelby, Gatzounas, Campbell, Wan [Page 8] INTERNET-DRAFT Cellular IPv6 November 2000 mappings to point toward the new Paging Area. Paging-update packets reach the Gateway and are discarded there to isolate Cellular IP specific operations from the Internet. When the idle mobile host moves within a Paging Area, it transmits a paging-update packet only when the system specific time, paging- update-time expires. Outdated mappings of Paging Caches are cleared if no update arrives before paging-timeout expires. When an IP packet arrives at a Cellular IP node, addressed to a mobile host for which no up-to-date Route Cache mapping is available, the Paging Cache is used to route the packet. This is called "impli- cit paging". If the node has no Paging Cache, it forwards the packet to all Downlink neighbors. A node that has Paging Cache but has no mapping in it for the destination mobile host discards the packet. On the path from the gateway to the mobile host there may be Cellular IP nodes with and without Paging Cache. After the paging packet leaves the last node which has a Paging Cache it is effectively down- link broadcast by all nodes it passes. The set of cells that are reached by the paging packet forms a Paging Area. The number, size and population of Paging Areas in a Cellular IP network are deter- mined by the topology of the network and the placement of Paging Caches. Each interface of the last downlink node with a paging cache must belong to a separate paging area. Based on the configuration of a Paging Area each base station (with Paging Cache configured) could be considered an autonomous Paging Area. The other extreme case is when a Cellular IP Network has no Paging Cache configured in which case the complete network represents a Paging Area where paging devolves to broadcasting throughout the network. When the mobile host receives the paging packet, it moves to active state and creates its Route Cache mappings by sending a route-update packet. Subsequent IP packets addressed to the same host will be routed by Route Caches as long as the mobile host keeps the Route Caches updated. 2.2. Routing Packets transmitted by mobile hosts are routed to the Gateway using shortest path hop-by-hop routing. Cellular IP nodes monitor these passing data packets and use them to create and update Route Cache mappings. These map mobile host IP addresses to Downlink neighbors of the Cellular IP node. Packets addressed to the mobile host are routed along the reverse path, on a hop-by-hop basis, by these Route Shelby, Gatzounas, Campbell, Wan [Page 9] INTERNET-DRAFT Cellular IPv6 November 2000 Cache mappings. The structure and basic operation of routing is similar to that of location management. To clarify the duality between the two, we sum- marize the operation of Paging Caches and Route Caches in the follow- ing table. For the reasons of separating the two functions, see Sec- tion 1.5. --------------------------------------------------------------------- Paging Caches Route Caches --------------------------------------------------------------------- refreshed by all uplink packets (data, data and paging-update, route-update) route-update packets updated by all update packets route-update packets (paging-update, route-update) updated when moving to a new Paging moving to a new Area, or after cell, or after paging-update-time route-update-time scope both idle and active MHs active mobile hosts purpose route downlink packets if route downlink there is no Route Cache entry packets --------------------------------------------------------------------- The mobile host may keep receiving data packets without sending data for possibly long durations. To keep its Route Cache mappings up to date and to avoid repeated paging, mobile hosts in active state that have no data to send must send periodic route-update packets. Like uplink data packets, route-update packets update Route Caches and ensure that the hop-by-hop route from the Gateway to the mobile host does not time out. In addition, active mobile hosts must transmit a route-update packet when they cross cell borders. This is required because the Route Cache mappings associated with the new Base Station can only be created by authenticated route-update packets. Data packets are not required to carry authentication information and hence can refresh, but not modify Route Cache mappings. For reliability and timeliness, Paging Caches also contain mobile hosts that are contained by Route Caches. For this reason, Paging Caches are updated by all uplink update packets and refreshed by all uplink packets including data packets as well. Shelby, Gatzounas, Campbell, Wan [Page 10] INTERNET-DRAFT Cellular IPv6 November 2000 2.3. Handoff Handoff is initiated by the mobile host. As an active host approaches a new Base Station, it transmits a route-update packet and redirects its packets from the old to the new Base Station. The route-update packet will configure Route Caches along the way from the new Base Station to the Gateway. (The paths leading to the old and new Base Stations may overlap. In nodes where the two paths coincide, the route-update packet simply refreshes the old mapping and the handoff remains unnoticed.) An idle mobile host, moving to a new Base Station, transmits a paging-update packet only if the new Base Station is in a new Paging Area. During handoffs between Base Stations within the same Paging Area idle mobile hosts may remain silent, as paging is performed within the entire Paging Area. 2.4. Wide Area Mobility Wide area mobility occurs when the mobile host moves between Cellular IP Networks. The mobile host can identify Cellular IP Networks by the Cellular IP Network Identifier contained in the Base Stations' beacon signals. The beacon signal also contains the IP address of the Gateway. After successful authentication to the Cellular IP net- work the mobile host will invoke the IPv6 Stateless Address Auto con- figuration mechanism to generate a temporary Mobile IPv6 care-of address in the visited Cellular IP network. This address will be assembled by pre pending the IPv6 subnet prefix advertised by Cellu- lar IP beacon signals to the mobile host's interface identifier [8]. To ensure that the configured Mobile IPv6 care-of address is likely to be unique, the mobile host may run a duplicate address detection algorithm before assigning the new Mobile IPv6 address on its inter- face. For security and charging purposes, authentication and other user-related information may need to be provided by the mobile host, when it first contacts a Cellular IP Network. This information will be included in the first paging-update packet and may be repeated in a few subsequent paging-update packets for reliability. Upon receiv- ing the first paging-update packet, the Gateway performs admission control that may involve technical and charging decisions. The Gateway's response is sent to the mobile host in regular IP packet(s). If the request was accepted, the response may also carry the required setting for protocol parameters. Upon successful admis- sion, the mobile host should send binding update messages to its Home Agent and its correspondent nodes notifying them about its new point Shelby, Gatzounas, Campbell, Wan [Page 11] INTERNET-DRAFT Cellular IPv6 November 2000 of attachment [1]. The mobile host may leave the service area at any time without prior notice. Mappings associated to the host will be cleared after the timeout. Alternatively, as a performance optimization the host may send a paging-teardown packet to clear Cache mappings from both Route and Paging Caches. 2.5. Security Cellular IP control packets (paging-update, route-update and paging- teardown packets) carry mandatory Authentication Headers [3]. This prevents malicious mobile hosts from changing location information related to other mobile hosts using a spoofed source address. Data security issues are not discussed in this document. We note that any further authentication or encryption can be performed in addition to control packet authentication built into Cellular IP. 3. Protocol Details 3.1. Protocol Parameters The following parameters shall be set by network management. The values listed here are for information only. Note that in the most typical case a mobile host that is in active state will regularly transmit data packets and hence route-update packets will need to be transmitted at handoffs only. Shelby, Gatzounas, Campbell, Wan [Page 12] INTERNET-DRAFT Cellular IPv6 November 2000 ------------------------------------------------------------------- Name Meaning Typical Value ------------------------------------------------------------------- route-update-time Maximal inter-arrival time 3 sec of packets updating the Route Cache route-timeout Validity of Route 9 sec Cache mappings paging-update-time Maximal inter-arrival time 3 min of packets updating the Paging Cache paging-timeout Validity of Paging 9 min Cache mappings ------------------------------------------------------------------- 3.2. Beacon Signal Structure Cellular IP Base Stations must periodically transmit beacon signals to allow for mobile hosts to identify an available Base Station. Beacons are sent in an IPv6 packet with Destination Options header [7]. This is multicast to FF02:0:0:0:0:0:0:1 (All nodes multicast). Shelby, Gatzounas, Campbell, Wan [Page 13] INTERNET-DRAFT Cellular IPv6 November 2000 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Header | Hdr Ext Len=1 | Option Type=B |Opt Data Len=? | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + Subnet Prefix (8 octets) + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | BS ID | Paging ID | Cellular IP Network ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | + Gateway IP Address (16 octets) + | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + Layer 2 Parameters (Variable) + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Option Type 8-bit type identifier. B=Beacon type. Option Data Length Length of extension header option. Subnet Prefix IPv6 subnet prefix advertisement. A 64 bit global IPv6 address prefix must be used (not site or link-local since this would result in the generation of a locally scoped care-of-address). BS ID Identifier of the advertising base station. Paging Area ID The ID of the current paging area. Cellular IP Network ID Unique ID of the current Cellular IP Network. CU Currently unused field. Gateway IP IP address of the Cellular IP network's Gateway. Shelby, Gatzounas, Campbell, Wan [Page 14] INTERNET-DRAFT Cellular IPv6 November 2000 Layer 2 Parameters Variable length field using the type-length-value (TLV) format for giving any needed L2 parameters to a MT. All parameters can be configured by network management. 3.3. Packet Formats 3.3.1. Data packet Cellular IP forwards regular IP packets without modification, segmen- tation, encapsulation or tunneling. 3.3.2. Route-update packet A route-update packet is an IPv6 packet with a Hop-by-Hop Options extension header [7]. - the source address is the IP address of the sending mobile host; - the destination address is the Gateway; and - the Hop-by-Hop option is of Route-update type. The route-update fields will be held inside a type-length-value (TLV) field inside the extension header. +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Header | Hdr Ext Len=1 | Option Type=R |Opt Data Len=? | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + Timestamp (8 octets) + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | CU |S|I| CU | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | Control information (variable length) | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Option Type 8-bit type identifier. R=Route-update type. Shelby, Gatzounas, Campbell, Wan [Page 15] INTERNET-DRAFT Cellular IPv6 November 2000 Option Data Length Length of extension header option. Timestamp Contains a timestamp used to determine the order in which update packets are sent. The timestamp field is formatted as specified by the Network Time Protocol [2]. The low-order 32 bits of the NTP format represent fractional seconds, and those bits which are not available from a time source should be generated from a good source of randomness. Mobile hosts must ensure that the 64 bit value of timestamps is strictly increasing in consecutive control packets. CU Currently Unused. Must be set to 0. S flag Set to 1 to indicate semi-soft handoff. Default value is 0. Any Cellular IP node that does not support semi-soft handoffs may ignore this bit. (See Section 4.1.1) I flag Used to indicate an indirect semi-soft handoff. Only a Base Station will recognize this flag and act accordingly. Control Information This field uses the same TLV structure as the Hop-by-Hop options. Currently only one is defined: Registration request Used when a mobile host enters the Cellular IP Network. 3.3.3. Paging-update packet A paging-update packet is an IPv6 packet with a Hop-by-Hop Options extension header where - the source address is the IP address of the sending mobile host; - the destination address is the Gateway; and - the Hop-by-Hop option is of Paging-update type. The option of the paging-update packet carries control information in the same format as the route-update packet. The S and I flags must be 0 for paging-update packets. Shelby, Gatzounas, Campbell, Wan [Page 16] INTERNET-DRAFT Cellular IPv6 November 2000 3.3.4. Paging-teardown packet A paging-teardown packet is an IPv6 packet with a Hop-by-Hop Options extension header where - the source address is the IP address of the sending mobile host; - the destination address is the Gateway; and - the Hop-by-Hop option is of Paging-teardown type. The payload of the paging-teardown packet carries control information in the same format as the route-update packet. The S and I flags must be 0 for paging-teardown packets. 3.4. Addressing Cellular IP requires no address space allocation beyond what is present in IPv6. Mobile hosts are identified by their care-of addresses. 3.5. Security Each Cellular IP Network has a secret network key of arbitrary length known to all Cellular IP nodes. The network key is kept secret from mobile hosts and other nodes outside the Cellular IP Network, how- ever. Upon initial registration the Gateway must authenticate and possibly authorize the mobile host. This initial authentication and authorization can be based on any known symmetric or asymmetric method. After authentication the Gateway concatenates the key of the network and the IP address of the mobile host and calculates the PID of the mobile host by an MD5 Hash similarly as in [4]: PID := MD5(network key, IP address of MH) Then it acquires the public key of the mobile host from a trusted party, encrypts the PID and sends it to the mobile host. This way the mobile host and the Cellular IP network have a shared secret. The PID remains the same during handoff and can be easily computed by each Base Station. The PID can be used to authenticate (and optionally to encrypt) IP packets over the air interface. Authentication is performed by Shelby, Gatzounas, Campbell, Wan [Page 17] INTERNET-DRAFT Cellular IPv6 November 2000 creating a short hash from the (PID, timestamp, packet content) tri- ple that is placed into the transmitted packets. The validity of each packet can be easily checked by any Base Station even immedi- ately after a handoff and without prior communication with the mobile host or with the old Base Station. In addition to authenticating control packets, PID can optionally also be used to provide security for data packets transmitted over the wireless link. To this avail, any known shared secret based security mechanism can be used where PID serve as the shared secret. 3.6. Cellular IP Routing Cellular IP nodes need only to implement the algorithm described in this section. They do not need regular IP routing capability. This section describes the routing algorithm in Cellular IP nodes other than the Gateway. The extra functions required only in the Cellular IP Gateway are described in Section 3.7. 3.6.1 Topology In uplink direction (toward the Gateway), packets are routed in the Cellular IP Network on a hop-by-hop basis. The neighbor to which a node will forward a packet toward the Gateway is referred to as the node's Uplink neighbor. The Uplink neighbor at each node may be designated by network management. Alternatively, a simplified shor- test path algorithm can select Uplink neighbors instead of manual configuration. (A regular shortest path algorithm is also applicable but is more complex than required since it determines routes to all nodes in the network.) A simple algorithm that configures Uplink neighbors and automatically reconfigures them if necessary after a topology change is described in Appendix A. A node's neighbors other than the Uplink neighbor are called Downlink neighbors. 3.6.2 Uplink Routing A packet arriving at a node from one of its Downlink neighbors is Shelby, Gatzounas, Campbell, Wan [Page 18] INTERNET-DRAFT Cellular IPv6 November 2000 assumed to be coming from a mobile host. The packet is first used to update the node's Route and Paging Caches and is then forwarded to the node's Uplink neighbor. To update the Caches, the node reads the packet type, port number and the source IP address. Paging-update packets update the Paging Cache only. Route-update packets update both Route and Paging Caches. Data packets only refresh the soft state of both caches, but do not change it. Both types of caches consist of { IPv6 address, interface, MAC address, expiration time, timestamp } 5-tuples, called mappings. The IPv6 address is the address of the mobile host the mapping corresponds to. The interface and the MAC address denote the Downlink neighbor toward the mobile host. The timestamp field contains the timestamp of the control packet that has established the mapping. When a data packet arrives from a Downlink neighbor, the Route Cache entry of the source IP address is searched first. If the data packet is coming from the same neighbor as indicated by the cache entry then it is sent from the direction where the mobile host was last seen. In that case the mapping is only refreshed: the expiration time is set to the current time + route-timeout. If the node has Paging Cache, then the expiration time of the mapping in the Paging Cache is set to current time + paging-timeout as well. If the data packet arrived from a different neighbor than that is in its mapping or no mapping exists for the IP address, then the packet is dropped. When an update packet arrives from a Downlink neighbor then the authentication is first validated. Packets with invalid authentica- tion must be dropped and the event should be logged as a potential tampering attempt. For valid packets the node creates the following 5-tuple: { the newly arrived packet's source IPv6 address, the interface through which it arrived, the source MAC address of the arrived packet, current time + route-timeout, the timestamp in the arrived update packet } This mapping is used to update Route Cache, if the incoming packet is a route-update packet. If a valid mapping for the source IPv6 address already exists, then it is replaced by the new 5-tuple, if the timestamp is newer, otherwise the packet is dropped. If no map- ping exists for the source IP address then the mapping is added to Shelby, Gatzounas, Campbell, Wan [Page 19] INTERNET-DRAFT Cellular IPv6 November 2000 the Route Cache. The Paging Cache is updated in the same way, but using paging-timeout instead of route-timeout. If the node has no Paging Cache then only the Route Cache is updated. If the incoming packet is a paging-update, then only the Paging Cache is updated (if any). If the packet is a paging-teardown packet and the authentication information is valid, then mappings of the mobile host with timestamp earlier than the timestamp of the packet are removed from both the Route and the Paging Cache. After cache modifications the control packet is forwarded to the Uplink neighbor. 3.6.3 Downlink Routing A packet arriving to a Cellular IP node from the Uplink neighbor is assumed to be addressed to a mobile host. The node first checks if the destination IP address has a valid mapping in the Route Cache. If such a mapping exists, the packet is forwarded to the Downlink neighbor found in the mapping. If the Route Cache contains no mapping for the destination IP address and the node has no Paging Cache, then the packet is broadcast on all interfaces of the node except the interface of the Uplink neighbor. If the node has Paging Cache and there is a mapping for the destina- tion IP address, then the packet is forwarded to the neighbor found in that mapping. If the node has Paging Cache, but there is no mapping for the desti- nation IP address, then the packet is dropped. 3.7. Cellular IP Gateway The following figure is a schematic view of a Cellular IP Gateway. The Gateway can logically be divided into three building blocks: a regular Cellular IP node, a Gateway Packet Filter and a Gateway Con- troller. Uplink packets update the Route and/or Paging Caches in the Cellular Shelby, Gatzounas, Campbell, Wan [Page 20] INTERNET-DRAFT Cellular IPv6 November 2000 IP network =================== | +------------------------------|--------+ | | | | +----------+ +-------------+ | | | Gateway |__________| Gateway | | | |Controller| |Packet Filter| | | +----------+ +-------------+ | | |________|___Uplink neighbor | | | | +-------------+ | | Cellular IP |Cellular IP | | | Gateway | node | | | +-------------+ | | | | | | +-------------------------|----|----|---+ <----Downlink neighbors IP node block and are forwarded towards the Gateway filter. The Gateway filter reads the destination IP address. If this is the Gateway's address, the packet is forwarded to the Gateway controller. Most of these packets are control packets with empty control informa- tion field and are immediately dropped. If the packet carries con- trol information, for instance a registration request, it is inter- preted and processed by the Gateway controller. If the destination address is not the Gateway's, the packet is for- warded to the Internet. (This means that a packet sent from a mobile host to another mobile host in the same Cellular IP Network goes through the destination Home Agent. However, this is not the case if route optimization is used. To operate efficiently even without Mobile IP route optimization, the Gateway Packet Filter can also check if the destination address of an uplink packet has a valid map- ping in any of the Gateway's caches. If a mapping is found, the packet is "turned back" and is treated as a downlink packet.) All packets arriving from the Internet are forwarded normally to the Cellular IP node block. The Gateway's Cellular IP node block treats these packets as determined by the Cellular IP Routing algorithm (Section 3.6) according to the mappings in Route and Paging Cache. It is optional whether Cellular IP Nodes have Paging Cache configured or not. However, it is recommended that at least the Gateway's Cellu- lar IP node has a Paging Cache configured. This ensures that packets addressed to hosts currently not connected to the Cellular IP Network do not enter the network and do not load it in vain but are immedi- ately discarded in the Gateway when neither Route, nor Paging Cache mapping is found for the destination address. (It may be advanta- geous to also generate an ICMP message in this case and send it back Shelby, Gatzounas, Campbell, Wan [Page 21] INTERNET-DRAFT Cellular IPv6 November 2000 to the packet's source address.) 3.8. Cellular IP Mobile Host While connected to a Cellular IP Network, a mobile host must be in one of two states: 'active' or 'idle'. The host moves from idle to active state when it receives or wishes to send a data packet. Active state is maintained as long as the host is transmitting or receiving data packets. When the host has not received or transmit- ted any data packets for some time (the value of this timer may be implementation-specific) then it returns to idle state. When the host moves from idle to active state, it must transmit a route-update packet. At the same time, a timer is initiated from a value equal to route-update-time. If the timer expires without any data packet being transmitted from the host, again a route-update packet is transmitted and the timer is re-initiated. Any IP packet transmitted before the timer expires, resets the timer to route- update-time. This ensures that while the mobile host is in active state, the largest interval between two transmitted packets is never longer than route-update-time. The mechanism also ensures that if data packets are transmitted with sufficient frequency, no route- update packets will be generated, which will probably be typical. If the host is in active state, it must immediately transmit a route-update packet whenever it connects to a new base station. This typically happens at migration, but is also the case after a wireless channel black-out or when the host enters the Cellular IP Network. A packet transmitted this way also resets the route-update packet timer. In idle state, the mobile host must transmit paging-update packets periodically, at intervals of paging-update-time. In addition, the host must transmit a paging-update packet when it connects to a new Base Station which has a different Paging Area ID from the previous Base Station. (When connecting to a Base Station that belongs to the same Paging Area as the previous one, the host need not transmit paging-update packet.) Similarly to the route-update packet timer, the paging-update timer is reset if a data packet is transmitted. The mobile host must ensure that the 64 bit value of timestamps is strictly increasing in consecutive control packets. The mobile host processes all IPv6 packets which it receives. If an IPv6 packet carries a Routing extension header then it is processed Shelby, Gatzounas, Campbell, Wan [Page 22] INTERNET-DRAFT Cellular IPv6 November 2000 normally to cause the packet to be delivered to the upper layers (the home address of the mobile host is included in the Routing header as the final destination of the packet). Alternatively, the packet is received encapsulated into an IPv6 tunnel header. In this case the mobile host performs IPv6 decapsulation to extract the original IPv6 packet and then sends a Mobile IPv6 binding update message to the packet sender. 4. Extensions to Cellular IP 4.1. Handoff Extensions 4.1.1. Semi-soft Handoff When a mobile host switches to a new Base Station it sends a route- update packet to make the chain of cache bindings to point to the new Base Station. Packets that are traveling on the old path will be delivered to the old Base Station and will be lost. Although this loss may be small it can potentially degrade TCP throughput. This kind of handoff, when the mobile switches all at once to the new Base Station is called "hard" handoff. For performance details of hard handoff in a Cellular IP network see [5]. To improve the performance of loss sensitive applications, another type of handoff may be introduced, called "semi-soft" handoff. Dur- ing semi-soft handoff a mobile host may be in contact with either of the old and new Base Stations and receive packets from them. Packets intended to the mobile host are sent to both Base Stations, so when the mobile host eventually moves to the new location it can continue to receive packets without interruption. To initiate semi-soft handoff, the moving mobile host transmits a route-update packet to the new Base Station and continues to listen to the old one. The S flag is set in this route-update packet to indicate semi-soft handoff. Semi-soft route-update packets create new mappings in the Route and Paging Cache similarly to regular route-update packets. When the semi-soft route-update packet reaches the cross-over node where the old and new path meet (note that the cross-over node already has a mapping for the mobile host), the new mapping is added to the cache instead of replacing the old one. Packets sent to the mobile host are transmitted to both Downlink neighbors. When the mobile host eventually makes the move then the packets will already be underway to the new Base Station and the handoff can be performed with minimal packet loss. After migration the mobile host sends a route-update packet to the new Base Station with the S bit cleared. This route-update packet will remove all Shelby, Gatzounas, Campbell, Wan [Page 23] INTERNET-DRAFT Cellular IPv6 November 2000 mappings in Route Cache except for the ones pointing to the new Base Station. The semi-soft handoff is then complete. If the path to the new Base Station is longer than to the old Base Station or it takes non negligible time to switch to the new Base Station, then some packets may not reach the mobile host. To over- come the problem, packets sent to the new Base Station can be delayed during the semi-soft handoff. This way a few packets may be delivered twice to the mobile host, but in many cases this results in better performance than a few packets lost. Introduction of packet delay can be best performed in the Cellular IP node that has multiple mappings for the mobile host as a result of a semi-soft route-update packet. Packets that belong to flows that require low delay but can tolerate occasional losses should not be delayed. For performance details of semi-soft handoff in a Cellular IP network see [5]. 4.1.2. Indirect Semi-soft Handoff Not all wireless technologies have simultaneous connection capabil- ity. e.g. They cannot listen to the current BS while sending a route-update packet to the new BS (as required in 4.1.1). For this situation an alternative indirect technique is used. It is assumed the network can obtain the IP address of the new BS. This is the case in many cellular networks. When the mobile decides to make a handoff, instead of sending a route-update packet to the new BS directly (as it cannot), it sends the packet to the current BS. This packet will have as a destination IP address, the IP address of the new BS. Unlike in section 4.1.1. the I flag will be set to indicate indirect semi-soft handoff. The current BS will forward this uplink to the Gateway normally. The Gateway then uses normal IP routing to deliver the packet to the new BS. When the new BS receives the indirect handoff packet, a semi-soft route update packet is created with the IP address of the mobile host. It is then forwarded upstream. The algorithm then proceeds to work as in 4.1.1, just as if the packet had originated through the new BS. A security association is assumed for the new BS. 4.2. Multiple Gateway Networks Cellular IP requires that a mobile host be using exactly one Gateway at a time. This requirement comes from the fact that the Gateway Shelby, Gatzounas, Campbell, Wan [Page 24] INTERNET-DRAFT Cellular IPv6 November 2000 relays its packets both up and downlink. It is also required to make uplink routing unambiguous. The Cellular IP Network can have multi- ple Gateways as long as a single host still uses just one Gateway at any time. (The host can change Gateway, involving a Mobile IPv6 loca- tion updating.) In a Network with multiple Gateways, nodes must be able to determine which Gateway a given mobile host is using. Assignment of Gateways can, for instance, be based on geographical partitioning of the network, or on partitioning the mobile hosts' address space. This issue is for further study. 4.3. Charging Cellular IP Network providers can charge Cellular IP Mobile users for connectivity or for transmitted data or both. Charging information is best collected in the Gateway. The Gateway receives all control packets and can determine the time a mobile host was connected to the network. It can also measure through traffic in both directions. 5. Security Considerations A Cellular IP Network is a single administrative domain. It is con- nected to the Internet through a Gateway that may eventually also serve as a firewall. Hence security issues only need to be con- sidered at the wireless interface. The security of a Cellular IP system will be determined by the wire- less link. Security issues relating to wireless links are not specific to Cellular IP, and are out of the scope of Cellular IP, even though they must be dealt with in practical Cellular IP imple- mentations. A security problem specific to Cellular IP is the security of the control packets, which can be solved by the authentication mechanism described in Section 3.5. 6. Intellectual Property Right Notice Ericsson has filed patent applications that might possibly become essential to the implementation of this contribution. Shelby, Gatzounas, Campbell, Wan [Page 25] INTERNET-DRAFT Cellular IPv6 November 2000 References [1] "Mobility Support in IPv6," D. Johnson, C. Perkins, Work in Progress, , April 2000. [2] "Network Time Protocol (Version 3): Specification, Implementation and Analysis," D. Mills, IETF RFC 1305, March 1992. [3] "IP Authentication Header," S. Kent, R. Atkinson, IETF RFC 2402, November 1998. [4] "IP Authentication using Keyed MD5," P. Metzger, W. Simpson, IETF RFC 1828, August 1995. [5] "Cellular IP Performance," A. T. Campbell, J. Gomez, S. Kim, Z. Turanyi, A. Valko, C-Y Wan, Work in Progress, , October 1999. [6] "Cellular IP," A. T. Campbell, J. Gomez, C-Y. Wan, S. Kim, Z. Turanyi, A. Valko, Work in Progress, , January 2000. [7] "Internet Protocol, Version 6 (IPv6) Specification," IETF RFC 2460, December 1998. [8] "IPv6 stateless address autoconfiguration," Susan Thomson, Thomas Narten, IETF RFC 2462, December 1998. Authors' Addresses Zach D. Shelby Technical Research Center of Finland Wireless Internet Laboratory Kaitov„yl„ 1 FIN-90571 Oulu, Finland phone: +358 8 551 2164 fax : +358 8 551 2320 email: zach.shelby@vtt.fi Dionisios D. Gatzounas INTRACOM S.A. Development Programmes Department Panepistimiou 254 26443 Patras Shelby, Gatzounas, Campbell, Wan [Page 26] INTERNET-DRAFT Cellular IPv6 November 2000 GREECE phone: +30 61 465168 fax: +30 61 465070 email: dgat@intracom.gr Andrew T. Campbell, Chieh-Yih Wan Department of Electrical Engineering, Columbia University Rm. 801 Schapiro Research Building 530 W. 120th Street, New York, N.Y. 10027 phone: (212) 854 3109 fax : (212) 316 9068 email: {campbell,wan}@comet.columbia.edu Appendix A. Uplink Neighbor Selection This algorithm selects the Uplink neighbor of all nodes of a Cellular IPv6 Network and reconfigures them if necessary after a change of topology. An Uplink neighbor is identified by the interface through which it is accessible from the node and its corresponding MAC address. The algorithm also distributes the Cellular IP Network Identifier, the IP address of the Gateway and the Paging Area IDs to the Base Stations. The Gateway periodically creates a control packet called a "Gateway broadcast packet". Packet uses a hop-by-hop extension header. The Gateway broadcast packet contains - the Cellular IP Network Identifier; - the IP address of the Gateway; - a sequence number increased each time by the Gateway; and - a Paging Area ID field initially set to the ID of the Gateway. The Gateway broadcasts the packet on all of its interfaces except those connected to the Internet. A Cellular IP node receiving a Gateway broadcast packet follows the steps below. 1) It drops the packet if the sequence number is lower or equal to the sequence number of one of the previously received Gateway broadcast packets. In this case no further processing is needed. 2) It stores the sequence number of the Gateway broadcast packet for later comparison. 3) It stores the Cellular IP Network Identifier and the IP address of the Gateway. 3) It stores the interface through which the packet arrived together with source MAC address of the packet (if any) to identify the Shelby, Gatzounas, Campbell, Wan [Page 27] INTERNET-DRAFT Cellular IPv6 November 2000 Uplink neighbor. All other interface/MAC address combinations will denote Downlink neighbors. 4) If the node has a Paging Cache, it overwrites the value of the Paging Area ID field in the packet by its own ID. 5) The value of the (possibly overwritten) Paging Area ID field is stored as the Paging Area ID of the node. This value will be used in beacon signals if the node is a Base Station. 6) It stores the Cellular IP Network Identifier and the IP address of the Gateway. These values will be used in beacon signals if the node is a Base Station. 7) After a short random delay, the node broadcasts the packet through all of its interfaces, except the air interface(s) and the interface of the Uplink neighbor. Shelby, Gatzounas, Campbell, Wan [Page 28] INTERNET-DRAFT Cellular IPv6 November 2000 Table of Contents 1. Introduction ................................................... 2 1.1. Applicability ................................................ 3 1.2. New Architectural Entities ................................... 3 1.3. Terminology .................................................. 3 1.4. Protocol Overview ............................................ 5 1.5. Location Management and Routing .............................. 8 2. Cellular IP Functions .......................................... 8 2.1. Location Management .......................................... 8 2.2. Routing ...................................................... 9 2.3. Handoff ...................................................... 11 2.4. Wide Area Mobility ........................................... 11 2.5. Security ..................................................... 12 3. Protocol Details ............................................... 12 3.1. Protocol Parameters .......................................... 12 3.2. Beacon Signal Structure ...................................... 13 3.3. Packet Formats ............................................... 15 3.3.1. Data packet ................................................ 15 3.3.2. Route-update packet ........................................ 15 3.3.3. Paging-update packet ....................................... 16 3.3.4. Paging-teardown packet ..................................... 17 3.4. Addressing ................................................... 17 3.5. Security ..................................................... 17 3.6. Cellular IP Routing .......................................... 18 3.6.1 Topology .................................................... 18 3.6.2 Uplink Routing .............................................. 18 3.6.3 Downlink Routing ............................................ 20 3.7. Cellular IP Gateway .......................................... 20 3.8. Cellular IP Mobile Host ...................................... 22 4. Extensions to Cellular IP ...................................... 23 4.1. Handoff Extensions ........................................... 23 4.1.1. Semi-soft Handoff .......................................... 23 4.1.2. Indirect Semi-soft Handoff ................................. 24 4.2. Multiple Gateway Networks .................................... 24 4.3. Charging ..................................................... 25 5. Security Considerations ........................................ 25 6. Intellectual Property Right Notice ............................. 25 References ........................................................ 26 Authors' Addresses ................................................ 26 Appendix A. Uplink Neighbor Selection ............................. 27 Shelby, Gatzounas, Campbell, Wan [Page 29]