NETEXT Working Group R. Wakikawa, Ed. Internet-Draft Toyota ITC Intended status: Standards Track J. Xia, Ed. Expires: February 26, 2010 Huawei August 25, 2009 PMIP extension to Home Agent Reliability Protocol draft-wakikawa-netext-lma-reliability-00 Status of this Memo This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on February 26, 2010. Copyright Notice Copyright (c) 2009 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents in effect on the date of publication of this document (http://trustee.ietf.org/license-info). Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Abstract This document introduces an extension to the Home Agent Reliability protocol standardized in MEXT Working Group for LMA reliability. In Wakikawa & Xia Expires February 26, 2010 [Page 1] Internet-Draft LMA Reliability August 2009 Proxy Mobile IPv6[RFC5213], LMA is an anchor which is similar to Home Agent of Mobile IPv6[RFC3775]. Providing LMA reliability is achieved with the extensions described in this document. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. LMA Failure Detection . . . . . . . . . . . . . . . . . . . . 4 4. LMA Virtual Switch Mode . . . . . . . . . . . . . . . . . . . 5 5. LMA Hard Switch Mode . . . . . . . . . . . . . . . . . . . . . 5 5.1. MAG Operation . . . . . . . . . . . . . . . . . . . . . . 6 5.2. LMA Operation . . . . . . . . . . . . . . . . . . . . . . 7 6. Mobility Option and Message . . . . . . . . . . . . . . . . . 8 6.1. Proxy Binding Cache Information Option . . . . . . . . . . 8 6.2. LMA Failure Indication Mobility Option . . . . . . . . . . 10 6.3. Home Agent Control Message . . . . . . . . . . . . . . . . 11 7. IANA considerations . . . . . . . . . . . . . . . . . . . . . 12 8. Security Considerations . . . . . . . . . . . . . . . . . . . 12 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 12 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 12 10.1. Normative References . . . . . . . . . . . . . . . . . . . 12 10.2. Informative References . . . . . . . . . . . . . . . . . . 13 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 13 Wakikawa & Xia Expires February 26, 2010 [Page 2] Internet-Draft LMA Reliability August 2009 1. Introduction This document specifies small extensions to the Home Agent Reliability protocol[ID-HARELIABILITY]. Local Mobility Anchor (LMA) acts as an anchor point in Proxy Mobile IPv6, while Home Agent (HA) is used in Mobile IPv6 [RFC3775]. Therefore, this specification aims to support LMA reliability for Proxy Mobile IPv6. Since mobility managements are not handled by a mobile node, LMA failure and recovery must be fully transparent to the mobile node. All the operations defined in this specification are completed between LMA and Mobile Access Gateways (MAGs). Figure 1 shows the network configuration of LMAs in a Proxy Mobile IPv6 domain. LMA1' is a standby LMA for LMA1. Besides the failure detection mechanism specified in [ID-HARELIABILITY], there exists other specific mechanism for LMA failure detection. The detail description will be given in Section 3. The Home Agent Reliability protocol has two different operational modes such as hard-switch and virtual-switch. This specification also supports the two modes. All the assumptions are same as [ID-HARELIABILITY] such as IPsec synchronization, same address configuration, etc. For example, if LMAA1 and LMAA1' are same address, the operation can be virtual switch mode. On the other hand, if they are different, it should be hard switch mode. The detail operations will be given in Section 4 and Section 5. While the detail description of new mobility option and message will be given in Section 6. Wakikawa & Xia Expires February 26, 2010 [Page 3] Internet-Draft LMA Reliability August 2009 +----+ +-----+ +----+ +-----+ |LMA1| |LMA1'| |LMA2| |LMA2'| +----+ +-----+ +----+ +-----+ LMAA1 -> | LMAA1'->| LMAA2-> | LMAA2'-> | | | | | \\ || // // \\ || // // \\ || // // +---\\--- ||---------//---- //-------+ ( \\ || // // ) ( \\ \\ // // ) +------\\--||-----//---//----------+ \\ || // // \\|| // // \\\\ //// Proxy-CoA1--> | +----+ |MAG1|-----{MN2} +----+ | | | MN-HNP1 --> | MN-HNP2 {MN1} Figure 1: LMA Network Configuration 2. Terminology The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. All terms in this document are defined in[RFC5213], [ID-HEARTBEAT] and [ID-HARELIABILITY]. In addition or in replacement of these, the following terms are defined or redefined: Current LMA A LMA that is currently serving the MAGs. The LMA maybe still keep active when the tunnel between itself and MAG fail. 3. LMA Failure Detection LMA Failure events used in the Local Mobility Anchor Reliability protocol are listed below. Wakikawa & Xia Expires February 26, 2010 [Page 4] Internet-Draft LMA Reliability August 2009 Detection Mechanism specified in [ID-HARELIABILITY] Three mechanisms are defined in [ID-HARELIABILITY] such as Loss of HA-HELLO, Monitored Server Failure by the Active HA, Routing Peer/ Link Failure. Each LMA should exchange HA-HELLO for failure detection. Heartbeat Mechanism for Proxy Mobile IPv6 [ID-HEARTBEAT] In Proxy Mobile IPv6, both LMA and MAG should involve in detecting LMA failure. Heartbeat mechanism specified in [ID-HEARTBEAT] can be used as an indication of LMA failure. If a MAG detects LMA failure, it can solicit a standby LMA to recover the failed LMA. This solicitation can be sent only in the hard switch mode. In the hard switch mode, MAG cannot reach to the standby LMA until the standby LMA completes taking over the failed LMA. If a LMA detects the tunnel failure with one, some or all MAGs, it can treats this events as a hint of LMA failure. However, the LMA SHOULD NOT start the failover as soon as it detects the failure events by using heartbeat mechanism. It is because the heartbeat mechanism detects only the tunnel failure. The tunnel failure might be caused by transport network failure or other reasons than LMA failure. 4. LMA Virtual Switch Mode In the virtual switch mode, each LMA is configured with a same LMA address (LMAA). A standby LMA MUST support the IPsec states synchronization functionality for this virtual switch mode. As soon as LMA failure is detected, the standby LMA becomes active and takes over the failed LMA as defined in [ID-HARELIABILITY]. 5. LMA Hard Switch Mode In the hard switch mode, each LMA is configured with different LMA address (LMAA). A standby LMA should creates security association with MAGs beforehand. It can also establishes a tunnel with MAGs before LMA failure. In this case that LMA-HELLO mechanism is employed in LMA failure detection, the concrete procedure of LMA Hard Switch is similar to operation specified in [ID-HARELIABILITY]. As soon as LMA failure is detected, the standby LMA sends HA switch message to all the MAGs for which the failed LMA served as defined in [ID-HARELIABILITY]. In this case that Heartbeat Mechanism defined in [ID-HEARTBEAT] is Wakikawa & Xia Expires February 26, 2010 [Page 5] Internet-Draft LMA Reliability August 2009 employed in LMA failure detection, MAG needs to actively involve in detecting LMA failure. After a MAG establishes IPsec/IKE states with all the LMAs in the redundant LMA set beforehand, MAG needs to trigger heartbeat exchanges with each LMA respectively for checking peers reachability. If the transport network between MAG and LMA corrupts than LMA failure, it may result in the loss of connectivity for MAG attached on LMA, however, the LMA is still active. In this case, LMA-HELLO mechanism cannot detect the failure, and more further considerations are needed. The following subsections will only focus on the concrete solution to solve this problem of the tunnel failure. 5.1. MAG Operation MAG needs to discover multiple LMA addresses, the discovery description is specified in [ID-LMADISCOVERY]. MAG authenticates itself to multiple LMAs and creates IPsec SAs with them as defined in [ID-HARELIABILITY]. When MAG sends heartbeat request message to active LMA beyond MISSING_HEARTBEATS_ALLOWED amount without response, MAG concludes that current LMA is unreachable. In this case, MAG indictates current LMA failure to a reachable standby LMA and solicits the standby LMA to takeover the current LMA. MAG initiates proxy binding update message to standby LMA with LMA failure indication. Standby LMA MUST responds proxy binding aknowledge message until standby LMA completes taking over the current LMA. The overview of operation is shown in Figure 2. Wakikawa & Xia Expires February 26, 2010 [Page 6] Internet-Draft LMA Reliability August 2009 MAG LMA1(Current) LMA2(Standby) | | | |<--------------------->| 1. IKEv2 exchange |---------->| | 2. Proxy Binding Update | | | 3. LMA1 allocate MN-HNP, Setup BCE |<----------| | 4. Proxy Binding Acknowledgment | | | |<--------------------->| 5. IKEv2 exchange | | | | |<--------->| 6. State exchange (proxy binding cache) | | | |<--------->X | 7. HeartBeat exchange overtime | X | |---------------------->| 8. Proxy Binding Update (with LMA failure | X | indication) | X | |<----------------------| 9. Proxy Binding Acknowledgment | X | | X | RECOVERY COMPLETE Figure 2: MAG Opertation in LMA Hard Switch 5.2. LMA Operation If a MAG detects the tunnel failure with current LMA by heartbeat mechanism, it should solicit a standby LMA, with which MAG pre- establishes IPsec/IKE state, to recover the failed LMA. Usually the current LMA also can detect the tunnel failure by heartbeat mechanism. However current LMA MUST NOT solicit standby LMA to takeover itself because the unreachability may be caused by MAG failure, and current LMA should not know whether the tunnel between MAG and standby LMA is active or not. Upon receiving PBU message from MAG with LMA failure indication, standby LMA MUST include proxy care-of address of MAG in SwitchOver Request Message as specified in section 6.3 to notify current LMA that packets of MAG will be routed to standby LMA instead of current LMA. Whereas in this case, current LMA should not transit to standby state and still provide mobile service for other reachable MAGs. At that time, two LMA are both available for different MAGs respectively. More details are shown in Figure 3. Wakikawa & Xia Expires February 26, 2010 [Page 7] Internet-Draft LMA Reliability August 2009 MAGs LMA1(Current) LMA2(Standby) | | | | X | |---------------------->| 1. Sending PBU message (with LMA | X | failure indication) | X | | X<----------| 2. LMA2 sends SwitchOver Request (with PCoA option) | X---------->| 3. LMA1 sends SwitchOver Reply | X | |<----------------------| 4. Binding PBA message | X | | X<----------| 5. LMA2 sends SwitchCompl (optional) | X | | X | RECOVERY COMPLETE Figure 3: LMA Opertation in LMA Hard Switch 6. Mobility Option and Message 6.1. Proxy Binding Cache Information Option The LMA Reliability protocol extends Binding Cache Information Option specified in section 5.2.2 of [ID-HARELIABILITY]. The proxy binding cache information option has an alignment requirement of 4n+2. The Proxy Binding Cache Information option is only valid in a State Synchronization message. Its format is as follows: Wakikawa & Xia Expires February 26, 2010 [Page 8] Internet-Draft LMA Reliability August 2009 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type = TBD | Length = 40 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Flags | Sequence Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Lifetime | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Tunnel Interface ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | | + Proxy Care-of Address + | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ ~ ~ ~ ~ Mobile Node Mobility Options ~ ~ ~ + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 4: Proxy Binding Cache Information Option Besides of Tunnel Interface ID Option and Proxy Care-of Address option, each LMA also MUST carry the Mobile Node Mobility Options in Proxy Binding Cache Information Option in the State Synchronization message. Mobile Node Mobility Options are very similar to Mobility Options specified in [RFC5213]. 1. Mobile Node Identifier Option (mandatory) 2. Home Network Prefix option (mandatory) 3. Access Technology Type option (mandatory) 4. Timestamp Option (optional) 5. Mobile Node Link-layer Identifier option (optional) 6. Link-local Address option (optional) All the fields of Mobile Node Mobility Options in Proxy Binding Cache information option are copied from the registered proxy binding of one or more particular mobile nodes. The 8-bit Reserved field MUST Wakikawa & Xia Expires February 26, 2010 [Page 9] Internet-Draft LMA Reliability August 2009 be set to zero. 6.2. LMA Failure Indication Mobility Option The LMA Reliability protocol extends this option in PBU message as an indication to standby LMA that MAG detect the tunnel failure and solicit standby LMA to takeover current LMA's role. The LMA Failure Indication mobility option in the PBU MUST contain the IPv6 addresses of the current LMA. The LMA Failure Indication mobility option in the PBU MAY contain the IPv4 addresses of the current LMA. The LMA Failure Indication mobility option has the alignment requirement of 4n+2. There can zero or only one LMA Failure Indication mobility option in the PBU. The format of the LMA Failure Indication mobility option is shown below: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | IPv6 current LMA Address | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Optional IPv4 current LMA Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 5: LMA Failure Indication Mobility Option Type 8-bit unsigned integer. TBD Length 8-bit unsigned integer indicating the length in octets of the option, excluding the type and length fields. IPv6 current LMA Address the IPv6 address of the current LMA. Optional IPv4 current LMA Address Wakikawa & Xia Expires February 26, 2010 [Page 10] Internet-Draft LMA Reliability August 2009 the IPv4 address of the current LMA. 6.3. Home Agent Control Message The LMA Reliability protocol extends this message for the LMA Hard Switch. When standby LMA receives PBU message from MAG with LMA failure indication, it MUST include proxy care-of address of MAG in MAG Address Option in SwitchOver Request Message (type field of Home Agent Control Message is 0) to notify current LMA that packets of MAG will be routed to standby LMA instead of current LMA from then on. If current LMA also detect the MAG unreachability by heartbeat exchange, current LMA should log the event and respond SwitchOver Reply Message (type field of Home Agent Control Message is 1) to standby LMA as soon as receiving SwitchOver Request Message from a standby LMA. The response operation is same as [ID-HARELIABILITY]. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Status | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | MAG Address | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ . Mobility options . +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 6: Home Agent Control Message Type 8-bit unsigned integer. The type value MUST be 0 to indicate as SwitchOver Request Message. MAG Address The IPv6 or IPv4 address of MAG need to switch LMA, this field value is only valid for SwitchOver Request Message. Standby LMA should take over all sessions of the MNs attached on the current MAG. Wakikawa & Xia Expires February 26, 2010 [Page 11] Internet-Draft LMA Reliability August 2009 7. IANA considerations A new option is used to synchronizing Proxy Binding Cache information of MAG in State Synchronization message between LMAs. This option is specified in section 6.1. A new mobility option is used to indicate current LMA failure to standby LMA. This option is specified in section 6.2. MAG Address Option is used to extend Home Agent Control Message defined in [ID-HARELIABILITY]. This option is specified in section 6.3. 8. Security Considerations No security vulnerability is introduced in this specification. All the signaling are protected as described in [ID-HARELIABILITY] and in [RFC5213]. 9. Acknowledgments The authors would like to thank all colleagues for their review and comments of this draft. 10. References 10.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC3775] Johnson, D., Perkins, C., and J. Arkko, "Mobility Support in IPv6", RFC 3775, June 2004. [RFC5213] Gundavelli, S., Leung, K., Devarapalli, V., Chowdhury, K., and B. Patil, "Proxy Mobile IPv6", RFC 5213, August 2008. [RFC5142] Haley, B., Devarapalli, V., Deng, H., and J. Kempf, "Mobility Header Home Agent Switch Message", RFC 5142, January 2008. [ID-HARELIABILITY] Wakikawa, R., "Home Agent Reliability Protocol", draft-ietf-mip6-hareliability-04.txt (work in progress), July 2008. Wakikawa & Xia Expires February 26, 2010 [Page 12] Internet-Draft LMA Reliability August 2009 [ID-HEARTBEAT] Devarapalli , V., "Heartbeat Mechanism for Proxy Mobile IPv6", draft-ietf-netlmm-pmipv6-heartbeat-04 (work in progress), February 2009. 10.2. Informative References [ID-PMIP6-IPv4] Wakikawa, R. and S. Gundavelli, "IPv4 Support for Proxy Mobile IPv6", draft-ietf-netlmm-pmip6-ipv4-support-09 (work in progress), January 2009. [ID-LMADISCOVERY] Korhonen, J. and V. Devarapalli, "LMA Discovery for Proxy Mobile IPv6", draft-korhonen-netlmm-lma-discovery-00 (work in progress), October 2008. [ID-GENERICSIGNALING] Haley, B. and S. Gundavelli, "Mobile IPv6 Generic Signaling Message", draft-ietf-mext-generic-signaling-message-00 (work in progress), February 2009. Authors' Addresses Ryuji Wakikawa (editor) Toyota ITC 465 Bernardo Avenue Mountain View, CA 94043 USA Email: ryuji@us.toyota-itc.com Jinwei Xia (editor) Huawei Hui Hong Mansion Nanjing, Baixia District 210001 China Phone: +86-025-84565890 Email: xiajinwei@huawei.com Wakikawa & Xia Expires February 26, 2010 [Page 13]