GENWiki

Premier IT Outsourcing and Support Services within the UK

User Tools

Site Tools


rfc:rfc6611

Internet Engineering Task Force (IETF) K. Chowdhury, Ed. Request for Comments: 6611 Radio Mobile Access, Inc. Category: Standards Track A. Yegin ISSN: 2070-1721 Samsung

                                                              May 2012
   Mobile IPv6 (MIPv6) Bootstrapping for the Integrated Scenario

Abstract

 Mobile IPv6 bootstrapping can be categorized into two primary
 scenarios: the split scenario and the integrated scenario.  In the
 split scenario, the mobile node's mobility service is authorized by a
 different service authorizer than the network access authorizer.  In
 the integrated scenario, the mobile node's mobility service is
 authorized by the same service authorizer as the network access
 service authorizer.  This document defines a method for home agent
 information discovery for the integrated scenario.

Status of This Memo

 This is an Internet Standards Track document.
 This document is a product of the Internet Engineering Task Force
 (IETF).  It represents the consensus of the IETF community.  It has
 received public review and has been approved for publication by the
 Internet Engineering Steering Group (IESG).  Further information on
 Internet Standards is available in Section 2 of RFC 5741.
 Information about the current status of this document, any errata,
 and how to provide feedback on it may be obtained at
 http://www.rfc-editor.org/info/rfc6611.

Copyright Notice

 Copyright (c) 2012 IETF Trust and the persons identified as the
 document authors.  All rights reserved.
 This document is subject to BCP 78 and the IETF Trust's Legal
 Provisions Relating to IETF Documents
 (http://trustee.ietf.org/license-info) in effect on the date of
 publication of this document.  Please review these documents
 carefully, as they describe your rights and restrictions with respect
 to this document.  Code Components extracted from this document must
 include Simplified BSD License text as described in Section 4.e of
 the Trust Legal Provisions and are provided without warranty as
 described in the Simplified BSD License.

Chowdhury & Yegin Standards Track [Page 1] RFC 6611 MIPv6 Bootstrapping Integrated Scenario May 2012

 This document may contain material from IETF Documents or IETF
 Contributions published or made publicly available before November
 10, 2008.  The person(s) controlling the copyright in some of this
 material may not have granted the IETF Trust the right to allow
 modifications of such material outside the IETF Standards Process.
 Without obtaining an adequate license from the person(s) controlling
 the copyright in such materials, this document may not be modified
 outside the IETF Standards Process, and derivative works of it may
 not be created outside the IETF Standards Process, except to format
 it for publication as an RFC or to translate it into languages other
 than English.

Table of Contents

 1. Introduction and Scope ..........................................2
 2. Terminology .....................................................3
 3. Assumptions and Conformance .....................................4
 4. Solution Overview ...............................................5
    4.1. Logical View of the Integrated Scenario ....................5
    4.2. Bootstrapping Message Sequence .............................6
         4.2.1. Home Agent Allocation in the MSP ....................7
         4.2.2. Home Agent Allocation in the ASP ....................9
    4.3. Bootstrapping Message Sequence: Fallback Case .............10
    4.4. HoA and IKEv2 SA Bootstrapping in the Integrated
         Scenario ..................................................10
 5. Security Considerations ........................................10
 6. Acknowledgements ...............................................11
 7. Contributors ...................................................11
 8. References .....................................................11
    8.1. Normative References ......................................11
    8.2. Informative References ....................................12

1. Introduction and Scope

 The Mobile IPv6 protocol [RFC6275] requires the mobile node to have
 the following information:
 o  the Home Address (HoA),
 o  the home agent address, and
 o  the cryptographic materials for establishing an IPsec security
    association with the home agent.

Chowdhury & Yegin Standards Track [Page 2] RFC 6611 MIPv6 Bootstrapping Integrated Scenario May 2012

 The cryptographic materials need to be established prior to
 initiating the registration process.  The mechanism via which the
 mobile node obtains this information is called "Mobile IPv6
 bootstrapping".  In order to allow a flexible deployment model for
 Mobile IPv6, it is desirable to define a bootstrapping mechanism for
 the mobile node to acquire these parameters dynamically.  [RFC4640]
 describes the problem statement for Mobile IPv6 bootstrapping.  It
 also defines the bootstrapping scenarios based on the relationship
 between the entity that authenticates and authorizes the mobile node
 for network access (i.e., the Access Service Authorizer, ASA) and the
 entity that authenticates and authorizes the mobile node for mobility
 service (i.e., the Mobility Service Authorizer, MSA).  The scenario
 in which the Access Service Authorizer is not the Mobility Service
 Authorizer is called the "split" scenario.  The bootstrapping
 solution for the split scenario is defined in [RFC5026].  The
 scenario in which the Access Service Authorizer is also the Mobility
 Service Authorizer is called the "integrated" scenario.  This
 document defines a bootstrapping solution for the integrated
 scenario.
 [RFC5026] identifies four different components of the bootstrapping
 problem: home agent address discovery, HoA assignment, IPsec Security
 Association [RFC4301] setup, and Authentication and Authorization
 with the MSA.  This document defines a mechanism for home agent
 address discovery.  The other components of bootstrapping are as per
 [RFC5026].
 In the integrated scenario, the bootstrapping of the home agent
 information can be achieved via DHCPv6.  This document defines the
 MIPv6 bootstrapping procedures for the integrated scenario.  It
 enables home agent assignment in the integrated scenario by utilizing
 DHCP and Authentication, Authorization, and Accounting (AAA)
 protocols.  The specification utilizes DHCP and AAA options and
 attribute-value pairs (AVPs) that are defined in [RFC6610] and
 [RFC5447].  This document specifies the interworking among Mobile
 Node (MN), Network Access Server (NAS), DHCP, and AAA entities for
 the bootstrapping procedure in the integrated scenario.

2. Terminology

 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
 document are to be interpreted as described in [RFC2119].

Chowdhury & Yegin Standards Track [Page 3] RFC 6611 MIPv6 Bootstrapping Integrated Scenario May 2012

 General mobility terminology can be found in [RFC3753].  The
 following additional terms, as defined in [RFC4640], are used in this
 document:
 Access Service Authorizer (ASA): A network operator that
 authenticates a mobile node and establishes the mobile node's
 authorization to receive Internet service.
 Access Service Provider (ASP): A network operator that provides
 direct IP packet forwarding to and from the mobile node.
 Mobility Service Authorizer (MSA): A service provider that authorizes
 Mobile IPv6 service.
 Mobility Service Provider (MSP): A service provider that provides
 Mobile IPv6 service.  An MSP is called a "home MSP" when MSP == MSA.
 In this document, the term MSP means a Mobility Service Provider that
 has a roaming relationship with the MSA but it is not the MSA.
 Split Scenario: A scenario where the mobility service and the network
 access service are authorized by different entities.
 Integrated Scenario: A scenario where the mobility service and the
 network access service are authorized by the same entity.

3. Assumptions and Conformance

 The following assumptions are made in this document:
 (a)  MSA == ASA.
 (b)  MSA and MSP have a roaming relationship.
 (c)  DHCP relay and NAS are either co-located or there is a mechanism
      to transfer received AAA information from the NAS to the DHCP
      relay.
         Note: If assignment of a home agent in the home MSP is not
         required by a deployment, co-location of the NAS and the DHCP
         relay functions or a mechanism to transfer received AAA
         information from the NAS to the DHCP relay won't be
         necessary.  In such a case, only the implementation of the
         options and procedures defined in [RFC6610] should suffice.
 (d)  The NAS shall support MIPv6-specific AAA attributes as specified
      in [RFC5447].

Chowdhury & Yegin Standards Track [Page 4] RFC 6611 MIPv6 Bootstrapping Integrated Scenario May 2012

 (e)  The AAA server in the home domain (AAAH) used for network access
      authentication (ASA) has access to the same database as the AAAH
      used for the mobility service authentication (MSA).
 If home agent assignment is required only in the ASP by the
 deployment, a minimal implementation of this specification MAY only
 support the delivery of information from the DHCP server to the DHCP
 client through [RFC6610].  However, if home agent assignment in the
 MSP is required by the deployment, an implementation conforming to
 this specification SHALL be able to transfer the information received
 from the AAA server to the NAS, and from the NAS to the DHCP relay
 function.  This can be achieved either by co-locating the NAS and the
 DHCP relay functions or via an interface between these functions.
 The details of this interface are out of the scope of this
 specification.

4. Solution Overview

4.1. Logical View of the Integrated Scenario

 In the integrated scenario, the mobile node utilizes the network
 access authentication process to bootstrap Mobile IPv6.  It is
 assumed that the access service authorizer is mobility service aware.
 This allows for Mobile IPv6 bootstrapping at the time of access
 authentication and authorization.  Also, the mechanism defined in
 this document requires the NAS to support MIP6-specific AAA
 attributes and a co-located DHCP relay agent.
 Figure 1 shows the AAA infrastructure with a AAA client (NAS), a AAA
 proxy in the visited network (AAAV), and a AAA server in the home
 network (AAAH).

Chowdhury & Yegin Standards Track [Page 5] RFC 6611 MIPv6 Bootstrapping Integrated Scenario May 2012

                                    |
                ASP(/MSP)           |   ASA/MSA(/MSP)
                                    |
                                    |
                +-------+           |        +-------+
                |       |           |        |       |
                |AAAV   |-----------|--------|AAAH   |
                |       |           |        |       |
                +-------+           |        +-------+
                    |               |
                    |               |
                    |               |
                    |               |
                +-----+    +------+ |
    +----+      | NAS/|    |DHCP  | |
    | MN |------|DHCP |----|Server| |
    +----+      |Relay|    |      | |
                +-----+    +------+ |
                                    |
                                    |
                +--------+          |      +--------+
                | HA     |          |      | HA     |
                | in ASP |          |      |in MSP  |
                +--------+          |      +--------+
    Figure 1: Integrated Scenario, Network Diagram with DHCP Server
 The user's home network authorizes the mobile node for network access
 and mobility services.  Note that usage of a home agent with the
 mobile node might be selected in the access service provider's
 network or alternatively in the mobility service provider's network.
 The MSP may be co-located with the ASP, or the ASA/MSA, or
 independent of the two.
 The mobile node interacts with the DHCP server via the relay agent
 after the network access authentication as part of the mobile node
 configuration procedure.

4.2. Bootstrapping Message Sequence

 In this case, the mobile node is able to acquire the home agent
 address via a DHCPv6 query.  In the integrated scenario, the ASA and
 the MSA are the same; it can be safely assumed that the AAAH used for
 network access authentication (ASA) has access to the same database
 as the AAAH used for the mobility service authentication (MSA).
 Hence, the same AAAH can authorize the mobile node for network access

Chowdhury & Yegin Standards Track [Page 6] RFC 6611 MIPv6 Bootstrapping Integrated Scenario May 2012

 and mobility service at the same time.  When the MN performs Mobile
 IPv6 registration, the AAAH ensures that the MN is accessing the
 assigned home agent for that MSP.
 Figure 2 shows the message sequence for home agent allocation in both
 scenarios -- HA in the ASP (which is co-located with the MSP), or HA
 in an MSP that is separate from ASP and possibly from the ASA/MSA as
 well.
                                       |
               --------------ASP------>|<--ASA+MSA--
                                       |
 +----+        +------+      +-------+   +-----+
 |    |        |      |      |       |   |     |
 | MN/|        |NAS/  |      | DHCP  |   |AAAH |
 |User|        |DHCP  |      | Server|   |     |
 |    |        |relay |      |       |   |     |
 +----+        +------+      +-------+   +-----+
   |               |             |          |
   |     1         |          1  |          |
   |<------------->|<---------------------->|
   |               |             |          |
   |               |             |          |
   |     2         |             |          |
   |-------------->|             |          |
   |               |             |          |
   |               |       3     |          |
   |               |------------>|          |
   |               |             |          |
   |               |       4     |          |
   |               |<------------|          |
   |               |             |          |
   |     5         |             |          |
   |<--------------|             |          |
   |               |             |          |
         Figure 2: Message Sequence for Home Agent Allocation

4.2.1. Home Agent Allocation in the MSP

 This section describes a scenario where the home agent is allocated
 in the mobile node's MSP network(s) that is (are) not co-located with
 the ASP.  In order to provide the mobile node with information about
 the assigned home agent, the AAAH conveys the assigned home agent's
 information to the NAS via a AAA protocol, e.g., [RFC5447].
 Figure 2 shows the message sequence for home agent allocation.  In
 the scenario with HA in the MSP, the following details apply.

Chowdhury & Yegin Standards Track [Page 7] RFC 6611 MIPv6 Bootstrapping Integrated Scenario May 2012

 (1)  The mobile node executes the network access authentication
      procedure (e.g., IEEE 802.11i/802.1X), and it interacts with the
      NAS.  The NAS is in the ASP, and it interacts with the AAAH,
      which is in the ASA/MSA, to authenticate the mobile node.  In
      the process of authorizing the mobile node, the AAAH verifies in
      the AAA profile that the mobile node is allowed to use the
      Mobile IPv6 service.  The AAAH assigns a home agent in the home
      MSP, and it assigns one or more home agents in other authorized
      MSPs and returns this information to the NAS.  The NAS may keep
      the received information for a configurable duration, or it may
      keep the information for as long as the MN is connected to the
      NAS.
 (2)  The mobile node sends a DHCPv6 Information-request message
      [RFC3315] to the All_DHCP_Relay_Agents_and_Servers multicast
      address.  In this message, the mobile node (DHCP client) SHALL
      include the following:
  • the Option Code for the Visited Home Network Information

option [RFC6610] in the OPTION_ORO.

  • Client Home Network ID FQDN option identifying the MSP.
  • the OPTION_CLIENTID to identify itself to the DHCP server
 (3)  The relay agent intercepts the Information Request from the
      mobile node and forwards it to the DHCP server.  The relay agent
      also includes the received home agent information from the AAAH
      in the Relay-Supplied Options option [RFC6610].  If a NAS
      implementation does not store the received information as long
      as the MN's session remains in the ASP, and if the MN delays
      sending a DHCP request, the NAS/DHCP relay does not include the
      Relay-Supplied Options option in the Relay Forward message.
 (4)  The DHCP server:
  • identifies the client by looking at the DHCP Unique

Identifier (DUID) for the client in the OPTION_CLIENTID.

  • determines that the mobile node is requesting home agent

information in the MSP by looking at the Home Network ID FQDN

         option.
  • determines that the home agent is allocated by the AAAH by

looking at the Relay-Supplied Options option.

Chowdhury & Yegin Standards Track [Page 8] RFC 6611 MIPv6 Bootstrapping Integrated Scenario May 2012

  • extracts the allocated home agent information from the Relay-

Supplied Options option and includes it in the Identified

         Home Network Information option [RFC6610] in the Reply
         Message.  If the requested information is not available in
         the DHCP server, it follows the behavior described in
         [RFC6610].
 (5)  The relay agent relays the Reply Message from the DHCP server to
      the mobile node.  At this point, the mobile node has the home
      agent information that it requested.

4.2.2. Home Agent Allocation in the ASP

 This section describes a scenario where the mobile node requests home
 agent allocation in the ASP by setting the id-type field to zero in
 the Home Network Identifier Option [RFC6610] in the DHCPv6 request
 message.  In this scenario, the ASP becomes the MSP for the duration
 of the network access authentication session.
 Figure 2 shows the message sequence for home agent allocation.  In
 the scenario with HA in the ASP, the following details apply.
 (1)  The mobile node executes the network access authentication
      procedure (e.g., IEEE 802.11i/802.1X) and interacts with the
      NAS.  The NAS is in the ASP, and it interacts with the AAAH,
      which is in the ASA/MSA, to authenticate the mobile node.  In
      the process of authorizing the mobile node, the AAAH verifies in
      the AAA profile that the mobile node is allowed to use the
      Mobile IPv6 services.  The AAAH assigns a home agent in the home
      MSP, and it assigns one or more home agents in other authorized
      MSPs and returns this information to the NAS.  Note that the
      AAAH is not aware of the fact that the mobile node prefers a
      home agent allocation in the ASP.  Therefore, the assigned home
      agent may not be used by the mobile node.  This leaves the
      location of the mobility anchor point decision to the mobile
      node.
 (2)  The mobile node sends a DHCPv6 Information Request message
      [RFC3315] to the All_DHCP_Relay_Agents_and_Servers multicast
      address.  In this message, the mobile node (DHCP client) SHALL
      include the following:
  • the Option Code for the Home Network Identifier Option

[RFC6610] in the OPTION_ORO.

  • the OPTION_CLIENTID to identify itself to the DHCP server.

Chowdhury & Yegin Standards Track [Page 9] RFC 6611 MIPv6 Bootstrapping Integrated Scenario May 2012

 (3)  The relay agent (which is the NAS) intercepts the Information
      Request from the mobile node and forwards it to the DHCP server.
      The relay agent also includes the received AAA AVP from the AAAH
      in the Relay-Supplied Options option [RFC6610].
 (4)  The DHCP server identifies the client by looking at the DUID for
      the client in the OPTION_CLIENTID.  The DHCP server also
      determines that the mobile node is requesting home agent
      information in the ASP by looking at the Visited Home Network
      Information option.  If configured to do so, the DHCP server
      allocates a home agent from its configured list of home agents
      and includes it in the Visited Home Network Information Option
      [RFC6610] in the Reply Message.  Note that in this case, the
      DHCP server does not use the received information in the Relay-
      Supplied Options option.
 (5)  The relay agent relays the Reply Message from the DHCP server to
      the mobile node.  At this point, the mobile node has the home
      agent information that it requested.

4.3. Bootstrapping Message Sequence: Fallback Case

 In the fallback case, the mobile node is not able to acquire the home
 agent information via DHCPv6.  The mobile node MAY perform DNS
 queries to discover the home agent address as defined in [RFC5026].
 To perform DNS-based home agent discovery, the mobile node needs to
 know the DNS server address.  The details of how the MN is configured
 with the DNS server address are outside the scope of this document.

4.4. HoA and IKEv2 SA Bootstrapping in the Integrated Scenario

 In the integrated scenario, the HoA, IPsec Security Association
 setup, and Authentication and Authorization with the MSA are
 bootstrapped via the same mechanism as described in the bootstrapping
 solution for the split scenario [RFC5026].

5. Security Considerations

 The transport of the assigned home agent information via the AAA
 infrastructure (i.e., from the AAA server to the AAA client) to the
 NAS may only be integrity protected as per standard Diameter or other
 AAA protocol security mechanisms.  No additional security
 considerations are imposed by the usage of this document.  The
 security mechanisms provided by [RFC3588] are applicable for this
 purpose.  This document does not introduce any new security issues to
 Mobile IPv6.

Chowdhury & Yegin Standards Track [Page 10] RFC 6611 MIPv6 Bootstrapping Integrated Scenario May 2012

6. Acknowledgements

 The authors would like to thank Kilian Weniger, Vidya Narayanan, and
 George Tsirtsis for their review and comments.  Thanks to Alfred
 Hoenes for thorough review and valuable suggestions to improve the
 readability of the document.

7. Contributors

 This contribution is a joint effort of the bootstrapping solution
 design team of the MEXT WG.  The contributors include Jari Arkko,
 Julien Bournelle, Kuntal Chowdhury, Vijay Devarapalli, Gopal Dommety,
 Gerardo Giaretta, Junghoon Jee, James Kempf, Alpesh Patel, Basavaraj
 Patil, Hannes Tschofenig, and Alper Yegin.
 The design team members can be reached at the following email
 addresses:
    Jari Arkko            jari.arkko@kolumbus.fi
    Julien Bournelle      julien.bournelle@orange-ftgroup.com
    Kuntal Chowdhury      kc@radiomobiles.com
    Vijay Devarapalli     Vijay.Devarapalli@AzaireNet.com
    Gopal Dommety         dommety@yahoo.com
    Gerardo Giaretta      gerardog@qualcomm.com
    Junghoon Jee          jhjee@etri.re.kr
    James Kempf           kempf@docomolabs-usa.com
    Alpesh Patel          alpesh@cisco.com
    Basavaraj Patil       basavaraj.patil@nsn.com
    Hannes Tschofenig     hannes.tschofenig@nsn.com
    Alper Yegin           alper.yegin@yegin.org

8. References

8.1. Normative References

 [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
            Requirement Levels", BCP 14, RFC 2119, March 1997.
 [RFC3315]  Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C.,
            and M. Carney, "Dynamic Host Configuration Protocol for
            IPv6 (DHCPv6)", RFC 3315, July 2003.
 [RFC3588]  Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J.
            Arkko, "Diameter Base Protocol", RFC 3588, September 2003.

Chowdhury & Yegin Standards Track [Page 11] RFC 6611 MIPv6 Bootstrapping Integrated Scenario May 2012

 [RFC5026]  Giaretta, G., Kempf, J., and V. Devarapalli, "Mobile IPv6
            Bootstrapping in Split Scenario", RFC 5026, October 2007.
 [RFC5447]  Korhonen, J., Bournelle, J., Tschofenig, H., Perkins, C.,
            and K. Chowdhury, "Diameter Mobile IPv6: Support for
            Network Access Server to Diameter Server Interaction",
            RFC 5447, February 2009.
 [RFC6275]  Perkins, C., Johnson, D., and J. Arkko, "Mobility Support
            in IPv6", RFC 6275, July 2011.
 [RFC6610]  Jang, H., Yegin, A., Chowdhury, K., Choi, J., and T.
            Lemon, "DHCP Option for Home Agent Discovery in Mobile
            IPv6 (MIPv6)", RFC 6610, May 2012.

8.2. Informative References

 [RFC3753]  Manner, J. and M. Kojo, "Mobility Related Terminology",
            RFC 3753, June 2004.
 [RFC4301]  Kent, S. and K. Seo, "Security Architecture for the
            Internet Protocol", RFC 4301, December 2005.
 [RFC4640]  Patel, A. and G. Giaretta, "Problem Statement for
            bootstrapping Mobile IPv6 (MIPv6)", RFC 4640,
            September 2006.

Authors' Addresses

 Kuntal Chowdhury (editor)
 Radio Mobile Access, Inc.
 100 Ames Pond Dr.
 Tewksbury MA 01876
 EMail: kc@radiomobiles.com
 Alper Yegin
 Samsung
 Istanbul
 Turkey
 EMail: alper.yegin@yegin.org

Chowdhury & Yegin Standards Track [Page 12]

/data/webs/external/dokuwiki/data/pages/rfc/rfc6611.txt · Last modified: 2012/05/14 23:16 by 127.0.0.1

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki