PCP Working Group | T. Reddy |
Internet-Draft | P. Patil |
Intended status: Standards Track | R. Chandrasekaran |
Expires: March 02, 2013 | D. Wing |
Cisco | |
August 31, 2012 |
PCP Server Discovery with IPv4 traffic offload for Proxy Mobile IPv6
draft-rpcw-pcp-pmipv6-serv-discovery-01
This document proposes a solution to PCP Server Discovery problems in Proxy Mobile IPv6 (PMIPv6) networks when both home network traffic and traffic off-loaded to local access network require traversing a gateway implementing NAT and/or Firewall. This draft proposes enhancements to DHCPv4 Relay Agent by introducing a new sub-option under DHCPv4 Relay Option and to PMIPv6 signaling through additional options to Proxy Binding Update/Acknowledgement messages.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http:/⁠/⁠datatracker.ietf.org/⁠drafts/⁠current/⁠.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on March 02, 2013.
Copyright (c) 2012 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http:/⁠/⁠trustee.ietf.org/⁠license-⁠info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
Given the exponential growth in the mobile data traffic, Mobile Operators are looking for ways to offload some of the IP traffic flows at the nearest access edge that has an Internet peering point. This approach results in efficient usage of the mobile packet core and helps lower the transport cost. [I-D.ietf-netext-pmipv6-sipto-option] defines a way to signal the Traffic Offload capability of a Mobile Access Gateway (MAG) to the Local Mobility Anchor (LMA) in Proxy Mobile IP Networks. There are scenarios in PMIPv6 Mobile Networks where the traffic going through the Mobile Packet Core as well as the traffic that is off-loaded to the Local Access Networks end up going through a NAT or Firewall gateway. If the mobile node applications desire to find or control the external addresses assigned to the internal address used by the Mobile Node (MN), it could be achieved by having a Port Control Protocol (PCP) Client on the mobile node.
[I-D.ietf-pcp-dhcp] specifies DHCP (IPv4 and IPv6) options to configure hosts with Port Control Protocol (PCP) Server addresses. However, PCP Client on the mobile node will not know whether a flow will traverse the Mobile Packet Core or will get offloaded at the local access network and hence will not know which PCP server to send its queries to. Even if the mobile node tries to find its PCP server using DHCP, it may only find out about the PCP server in the Home Network since the source of information is the DHCP server in the Home Network. The mobile node may never learn the presence of the PCP server in the Local Access Network. This requires mobile access gateway to act as a smart PCP Proxy for the PCP servers in both the mobile node's home network as well as in the Local Access Network. However, this alone does not solve this problem since the mobile node needs to be informed of the PCP proxy on the MAG. This draft proposes an extension to DHCPv4 Relay Information Option and PMIPv6 Options to achieve these objectives.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
All the mobility related terms used in this document are to be interpreted as defined in the Proxy Mobile IPv6 specifications [RFC5213], [RFC5844]. This note also uses terminology defined in [I-D.ietf-pcp-base].
Additionally, this document uses the following abbreviations:
The following illustrates a scenario where the Mobile Node is a PCP client, Mobile Access Gateway in the access network is a PCP server with smart PCP proxy functionality [I-D.bpw-pcp-proxy], Local Mobility Anchor in the home network has a PCP server and PCP proxy functionality. The assumption made for this specification is Mobile Access Gateway is always co-located with NAT.
Mobile access gateway has the ability to offload some of the IPv4 traffic flows based on the traffic selectors it receives from the local mobility anchor. Using IP Traffic Offload Selector option [I-D.ietf-netext-pmipv6-sipto-option] mobile access gateway will negotiate IP Flows that can be offloaded to the local access network. For example, consider a mobile node acting as both client and server for FTP, VoIP and P2P. In this case FTP flows for that mobility session may be offloaded at the mobile access gateway and P2P, Voice over IP (VoIP) flows tunneled back to the local mobility anchor. Mobile node uses PCP to create mappings between external IP address/port and internal IP address/port. These mappings will be used for successful inbound communication destined to the mobile node behind NAT and/or firewall.
The mobile node learns the PCP server domain name from DHCPv4 server using DHCPv4 option OPTION_PCP_SERVER [I-D.ietf-pcp-dhcp]. If IP Flows are offloaded at the mobile access gateway then the mobile node needs to learn the domain name of the mobile access gateway acting as smart PCP proxy. Mobile access gateway will compare the Remote Peer IP Address and Port fields set in PCP PEER request from the mobile node with the Traffic Selector fields and IP Traffic Offload Mode Flag in IP Traffic Offload Selector Option to determine if the dynamic outbound mapping is to be created in the local access network or home network. In case of PCP MAP request mobile access gateway will compare the Remote Peer IP Address and Port fields in FILTER Option with the Traffic Selector fields and IP Traffic Offload Mode Flag in IP Traffic Offload Selector Option to determine if dynamic outbound mapping is to be created in the local access network or home network. For PCP MAP request without FILTER option since the Remote Peer IP Address is not available the mobile access gateway will function as smart PCP proxy and forward the PCP MAP request to the PCP server in the home network. Mobile Nodes which require communication with well known peers (For e.g. applications like SIP proxy, FTP server) will use PCP MAP with FILTER option. When MNs act as servers (such as P2P server, Web Server) i.e., when the remote peer IP address is not known, PCP client will use PCP MAP request in which case the MAG cannot make a decision as per the traffic selector fields and will hence relay to either PCP server based on local configuration.
If the dynamic outbound mapping is for the local access network then there are two cases to consider - In the first case where there is a nested NAT[I-D.penno-pcp-nested-nat], the mobile access gateway will function as both PCP server and PCP proxy forwarding the accepted PCP request to CGN PCP server. In the second case, where there is no CGN, mobile access gateway will function as a PCP server in the local access network.
If dynamic outbound mapping is for the home network then mobile access gateway will function as smart PCP proxy and forward the accepted PCP request to the PCP server in the home network.
_----_ _( )_ ( Internet ) (_ _) '----' | (IPv4 Traffic Offload Point Ex: FTP Traffic Offloaded) | ...................................................... +--------+ | | Local |-| +----------------------+ |Services| | | Services requiring | +--------+ | | mobility, or service | | | treatment | | +----------------------+ +------------+ | | NAT/FW | | | with | | | PCP server | | +------------+ | | _----_ | +-----+ _( )_ +-----+ +------------+ [MN]----| MAG |=====( IP )=====| LMA |---| NAT/FW |--Internet +-----+ (_ _) +-----+ | with | ( ) | PCP Server | '----' +------------+ . . . [Access Network] . [Home Network] ......................................................
Figure 1: PCP-Enabled Proxy Mobile IPv6
A new mobility option, Capability Exchange Option is defined for use with Proxy Binding Update sent by the mobile access gateway to the local mobility anchor. The option is used for conveying device capabilities such as PCP Sever, smart PCP Proxy.
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Reserved (R) |S|P| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2: Capability Exchange Option
A new mobility option, PCP Server Option is defined for use with Proxy Binding Acknowledgement sent by the local mobility anchor to the mobile access gateway . The option is used to provide PCP server domain name of the home network to the mobile access gateway.
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Reserved (R) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | PCP Server Domain Name | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 3: PCP Server Option
When DHCPv4 Relay Agent is co-located with the mobile access gateway, the proposal is for the relay agent to influence the DHCPv4 Server to opt for the PCP server domain name proposed by the Relay Agent over the one configured on the DHCPv4 Server. The DHCPv4 Relay Agent will insert a a new suboption under relay agent information option indicating the domain name of the appropriate PCP server/proxy only after successful Tunnel/Route setup. For this to happen, the MN MUST ensure that it includes OPTION_PCP_SERVER in the Parameter Request List Option in the DHCPv4 Discover/Request message. The mobile access gateway will also have to act as a smart PCP-Proxy in this case so that it can handle PCP Servers of both the local access network and the home network. This will ensure that the right PCP Server is picked by the proxy based on IP Flow.
MN MAG(DHCP-R) LMA DHCP-S |------>| | | 1. Mobile Node Attach | |------->| | 2. Proxy Binding Update | |<-------| | 3. Proxy Binding Acknowledgement | | | | (IPTS Option) | |========| | 4. Tunnel/Route Setup | + | | 5. Installing the traffic offload rules |<----->|<----------->| 6. DHCP OFFER/REQUEST/ACK exchange | | | | OPTION_PCP_SERVER inserted by DHCP-R |------>| | | 7. IPv4 packet from mobile node | + | | 8. Forwarding rule - Tunnel home/offload | | | |
To realize the mechanism described above, the document proposes a new PCP Server suboption for the DHCPv4 relay agent information option that carries the domain name of PCP Server/Proxy.
Code Length PCP Server Domain Name +-----+-----+-----+-----+-----+-----+-----+-- | TBA | n | s1 | s2 | s3 | s4 | s5 | ... +-----+-----+-----+-----+-----+-----+-----+--
DHCPv4 relay agents MAY be configured to include a PCP Server suboption if they include a relay agent information option in relayed DHCPv4 messages. The PCP Server Domain name is assigned and configured through mechanisms that are outside the scope of this memo.
This suboption provides additional information to the DHCP server. Upon receiving a DHCPv4 Discover/Request containing the suboption, the DHCPv4 server, if configured to support this suboption, MUST populate the DHCPv4 Offer/Ack with the suggested PCP server domain name overriding any other PCP server domain name configuration that it may already have. There is no special additional processing for this suboption.
When the DHCPv4 Server is co-located with the mobile access gateway, the DHCPv4 Server will have to provide the appropriate PCP server domain name in the DHCP Offer/Ack based on traffic offload negotiation between the mobile access gateway and local mobility anchor.
If traffic offload is successfully negotiated between the mobile access gateway and the local mobility anchor, the proposal is for the DHCPv4 Server to include the domain name of the PCP Proxy in the DHCP Offer/Ack. The mobile access gateway will act as a smart PCP-Proxy in this case to ensure that it can handle PCP Servers of both the local access network and the home network. This will ensure that the right PCP Server is picked by the proxy based on IP Flow.
If traffic offload is not negotiated between the mobile access gateway and the local mobility anchor, the proposal is for the DHCPv4 Server to include the domain name of the home network PCP server in the DHCPv4 Offer/Ack. The domain name of the PCP server in the home network is obtained from Proxy Binding message exchange explained in Section 4. Option OPTION_PCP_SERVER will be used as described in [I-D.ietf-pcp-dhcp].
MN MAG(DHCP-S) LMA |------>| | 1. Mobile Node Attach | |------->| 2. Proxy Binding Update | |<-------| 3. Proxy Binding Acknowledgement | | | (IPTS Option) | |========| 4. Tunnel/Route Setup | + | 5. Installing the traffic offload rules |<----->| | 6. DHCP OFFER/REQUEST/ACK exchange | | | OPTION_PCP_SERVER inserted by DHCP-S |------>| | 7. IPv4 packet from mobile node | + | 8. Forwarding rule - Tunnel home/offload | | |
The Capability Exchange option defined in this specification is for use in Proxy Binding Update messages. The PCP server option defined in this specification is for the Proxy Binding Acknowledgement messages. These options are carried like any other mobility header option as specified in [RFC5213] and does not require any special security considerations. When IPv4 traffic offload support is enabled for a mobile node, the mobile access gateway selectively offloads some of the mobile node's traffic flows to the local access network. Typically, these offloaded flows go through a NAT gateway and that essentially introduces certain vulnerabilities which are common to any NAT deployment. These vulnerabilities and the related considerations have been well documented in the NAT specification [RFC2663]. There are no additional considerations above and beyond what is already documented by the NAT specifications and which are unique to the approach specified in this document.
The security considerations in [I-D.ietf-pcp-base] , [I-D.bpw-pcp-proxy] and section 5 of [RFC3046] also apply to this use.
This specification defines two new Mobility Header options - Capability Exchange option, PCP server option. These options are described in Section 4. The Type value for this option needs to be assigned from the same numbering space as allocated for the other mobility options [RFC6275].
IANA is requested to assign a suboption number for the PCP Server Suboption from the DHCP Relay Agent Information Option [RFC3046] suboption number space.
The authors would like to thank Sri Gundavelli for his valuable comments.
[Note to RFC Editor: Please remove this section prior to publication.]
Updated Section 3
[RFC2663] | Srisuresh, P. and M. Holdrege, "IP Network Address Translator (NAT) Terminology and Considerations", RFC 2663, August 1999. |
[RFC6275] | Perkins, C., Johnson, D. and J. Arkko, "Mobility Support in IPv6", RFC 6275, July 2011. |