Internet DRAFT - draft-dutta-mip6-ra
draft-dutta-mip6-ra
MIPv6
Internet Draft Sachin Dutta
Document: draft-dutta-mip6-ra-00.txt Deshbandhu Sinha
Expires: January 2006 Suraj Shetty
Mao Shanxiang
Huawei Technologies.
July 2005
Securing Home Agent List in MIP6
<draft-dutta-mip6-ra-00.txt>
Status of this Memo
This document is a submission by the IETF MIPv6 Working Group Working
Group of the Internet Engineering Task Force (IETF). Comments should
be submitted to the mip6@ietf.org mailing list.
This document is an Internet-Draft and is subject to all provisions
of section 3 of RFC 3667. By submitting this Internet-Draft, each
author represents that any applicable patent or other IPR claims of
which he or she is aware have been or will be disclosed, and any of
which he or she becomes aware will be disclosed, in accordance with
Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note
that other groups may also distribute working documents as
Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at
any time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
Abstract
This document identifies one type of the denial of service attack
which can be possible in Mobile IP6 and tries to propose a solution
for same.
Currently in MIP6 each Home Agent is required to maintain a home
agent list. This home agent list is generated by receiving RA
Dutta , et al. Expires - January 2006 [Page 1]
�Internet Draft Securing Home Agent List in MIP6 July 2005
messages on the home link and the addresses learned are sent to
Mobile node when it does Home Agent discovery. On learning this list
MN tries to register with addresses in this list one by one in order
of preference. Now if the home network is flooded with spurious RA
packets having high preference value the home agent list is populated
with non reachable addresses and no mobile node is able to register
from that home network
This document proposes to first carry out reachability confirmation
for each home agent entry before adding to Home Agent list
Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC-2119 [1].
Table of Contents
1. Introduction...................................................2
2. Problem........................................................3
3. Solution.......................................................3
3.1 Receiving RA messages......................................3
3.2 Success of Neighbor reachability detection.................4
3.3 Failure of Neighbor reachability detection.................4
3.4 Receiving Dynamic Home Agent Discovery Request Message.....4
3.5 Interface seize to act as a Home Agent Interface...........5
4. Changes required in MIP6.......................................5
5. Formal Syntax..................................................5
Security Considerations...........................................5
References........................................................5
Acknowledgments...................................................5
Author's Addresses................................................6
1.
Introduction
In Mobile IPv6 each home agent is required to maintain a Home Agent
List, which contain the list of all Home Agents in the network along
with the global addresses
In dynamic home agent discovery mechanism Home Agent replies to Home
Agent discovery request with the addresses present in this home Agent
list. This Home Agent list is populated on receiving RA messages on
the home link.
This document identifies the Denial of service attack due to spurious
RAs and also proposes solution for the same.
Dutta, et al. Expires - January 2006 [Page 2]
�Internet Draft Securing Home Agent List in MIP6 July 2005
2.
Problem
The on-link home Agent list is maintained by each home agent by
getting the information from RA messages
If some malicious node is flooding RA messages on behalf of non-
existent nodes, the Home Agent list will be populated with incorrect
entries.
This is because no verification of RA is done by Home Agent before
updating its home agent list. On receiving the spurious packet, Home
Agent list is updated with these addresses. When any mobile node goes
in foreign network and start the dynamic home agent discovery
process, the Home Agent will return the list of address that it has
learnt through the above mentioned process.
Mobile node will start registering with each of these addresses with
minimum interval of initialBindackTimeoutFirstReg (1.5 Seconds) since
these addresses do not belong to any node, they may not be reachable.
If the first valid address in the list follows after a number of
invalid addresses, the mobile node will get service after a very long
time. If there are no valid addresses in the list, then Mobile Node
will never get the service at all.
3.
Solution
In order to control the spurious Home Agent addresses in the list, we
can deploy a mechanism that shall ensure that Addresses learnt are
reachable belonging to on link Home Agent.
A state needs to be associated for each entry in Home Agent list
The state can either be in STALE or REACHABLE state. The transition
of these states is mentioned in subsequent sub-sections.
3.1
Receiving RA messages
Whenever RA is received on the Home Agent interface with H bit set,
Home Agent SHOULD do the following processing
o If entry already exists with same Link Local address and its
state is REACHABLE then directly update the existing entry
o If entry is not present in Home Agent List then
Dutta, et al. Expires - January 2006 [Page 3]
�Internet Draft Securing Home Agent List in MIP6 July 2005
o Add the entry in Home Agent list and make the state of that
entry as STALE (same as ND, when entry is added in
Neighbor cache through RA, it is added in STALE state).
o After adding the entry start the neighbor reachability
detection as per RFC-2461 [2] for that link local address
o If the entry exists and it state is STALE then simply ignore
this RA message.
Apart from doing existing checks as mentioned by RFC 3775 [4]
following addition check SHOULD be done
o If in the RA H bit is set but it does not contains any global
address then this RA MUST be discarded ( i.e. R flag is not set
in any of the prefix options received )
o If the preference value in received RA is out of range as
mentioned by RFC 3775 [4] then this received RA SHOULD be
discarded
3.2
Success of Neighbor reachability detection
Processing NA messages: Whenever NA is received and home agent
functionality is enabled then Home Agent SHOULD do the following
processing
o ON receiving NA after checking neighbor cache , Home Agent list
is also queried and if the entry exist in Home Agent list and
the state is STALE , it state is changed to REACHABLE state
3.3
Failure of Neighbor reachability detection
If no reply is received for Link layer address and neighbor
reachability detection fails then the corresponding Stale entry MUST
be deleted Home Agent List.
3.4
Receiving Dynamic Home Agent Discovery Request Message
Whenever DHAAD message HA will prepare the DHAAD reply message
adhering to following rules
o HA SHOULD only send back the global addresses from Home Agent
list whose state is REACHABLE
o In case the DHAAD reply message becomes more then PMTU then HA
must include self Home Agent address. This will ensure at least
one valid reachable home agent address
Dutta, et al. Expires - January 2006 [Page 4]
�Internet Draft Securing Home Agent List in MIP6 July 2005
3.5
Interface cease to act as a Home Agent Interface
As the home agent functionality is configurable so by configuration
or otherwise if the interface seize to act as a Home Agent interface
then Home Agent SHOULD send a final RA message with H bit set as 0 to
indicate the other home agents on the link to update there home agent
list and delete the entry corresponding to this home agent.
4.
Changes required in MIP6
o Additional Flag is required in Home Agent list entry to
maintain the state of Entry
5.
Formal Syntax
The following syntax specification uses the augmented Backus-Naur
Form (BNF) as described in RFC-2234.
Security Considerations
This draft enhances the security of RA packets by confirming the Link
Layer address of sender.
Further improvement to this solution can be to carry out NUD for each
of this global address received in RA and maintain the state
corresponding to each of those global addresses
References
[1] S. Bradner. Key words for use in RFCs to Indicate Requirement
Levels. Request for Comments (Best Current Practice) 2119,
Internet Engineering Task Force, March 1997
[2] Narten, T., Nordmark, E., and W. Simpson, "Neighbor Discovery
for IP Version 6 (IPv6)", RFC 2461, December 1998.
[3] Hinden, R. and S. Deering, "Internet Protocol Version 6 (IPv6)
Addressing Architecture", RFC 3513, April 2003.
[4] Johnson, D., Perkins, C., and J. Arkko, "Mobility Support in
IPv6", RFC 3775, June 2004.
Dutta, et al. Expires - January 2006 [Page 5]
�Internet Draft Securing Home Agent List in MIP6 July 2005
All references are normative.
Acknowledgments
Our sincere thanks to Saurabh Rastogi for his constant encouragement
and Keshava A.K. for his guidance and review during the development
of this specification.
Author's Addresses
Sachin Dutta
Huawei Technologies India Pvt, Ltd.
Level-3, Leela Galleria
The Leela Palace, Airport Road
Bangalore-India
Phone: +91-080-25217152
Email: sachind@huawei.com
Deshbandhu Sinha
Huawei Technologies India Pvt, Ltd.
Level-3, Leela Galleria
The Leela Palace, Airport Road
Bangalore-India
Phone: +91-080-25217152
Email: deshbandhus@huawei.com
Suraj Shetty
Huawei Technologies India Pvt, Ltd.
Level-3, Leela Galleria
The Leela Palace, Airport Road
Bangalore-India
Phone: +91-080-25217152
Email: surajs@huawei.com
Mao Shanxiang
Huawei Technologies Co., Ltd.
Shenzhen, China
Email: maoshx@huawei.com
Disclaimer of Validity
"This document and the information contained herein are provided on
Dutta, et al. Expires - January 2006 [Page 6]
�Internet Draft Securing Home Agent List in MIP6 July 2005
an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE
REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE
INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE."
Copyright Statement
Copyright (C) The Internet Society (2005). This document is
subject to the rights, licenses and restrictions contained in BCP
78, and except as set forth therein, the authors retain all their
rights.
APPENDIX A: Home Agent State Machine
State Event Action New state
- RA and H bit set Create entry. STALE
- Any other message
then RA No relationship -
STALE Reachability Timeout Delete the corresponding -
Home Agent Entry
STALE RA and H bit set Discard RA STALE
for that local address
STALE NA for that link Update the state REACHABLE
local address
REACHABLE RA and H bit set Update the global REACHABLE
for that local address addresses and timers
Dutta, et al. Expires - January 2006 [Page 7]
�
