Internet DRAFT - draft-li-mip6-ha-init-bootstrap
draft-li-mip6-ha-init-bootstrap
MIP6 Working Group Q. Li
Internet-Draft Beihang University
Expires: January 12, 2006 H. Deng
Hitachi
July 11, 2005
Home Agent Initiated Bootstrap for Mobile IPv6
draft-li-mip6-ha-init-bootstrap-00.txt
Status of this Memo
By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on January 12, 2006.
Copyright Notice
Copyright (C) The Internet Society (2005).
Abstract
This document defined a Home Agent initiated Bootstrap solution as a
complementarity to current Bootstrap solutions. In home agent
reliability problem, current bootstrap solution is not appropriate
because sometimes mobile node would be infeasible to initiate the
bootstrap procedure. However, a Home Agent initiated bootstrap
solution would be suitable in this case.
Li & Deng Expires January 12, 2006 [Page 1]
Internet-Draft HA Initiated Bootstrap for MIPv6 July 2005
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5
3. Components of the solution . . . . . . . . . . . . . . . . . . 6
4. Protocol Operations . . . . . . . . . . . . . . . . . . . . . 7
4.1 Protocol Flow . . . . . . . . . . . . . . . . . . . . . . 7
4.2 IKEv2 exchange . . . . . . . . . . . . . . . . . . . . . . 8
4.3 Home Agent Switch message . . . . . . . . . . . . . . . . 9
4.4 Home Address Configuration . . . . . . . . . . . . . . . . 11
5. Performance Considerations . . . . . . . . . . . . . . . . . . 12
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13
7. Security Considerations . . . . . . . . . . . . . . . . . . . 14
8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 15
8.1 Normative References . . . . . . . . . . . . . . . . . . . 15
8.2 Informative References . . . . . . . . . . . . . . . . . . 15
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 16
Intellectual Property and Copyright Statements . . . . . . . . 18
Li & Deng Expires January 12, 2006 [Page 2]
Internet-Draft HA Initiated Bootstrap for MIPv6 July 2005
1. Introduction
[I-D.ietf-mip6-bootstrap-ps] described Mobile IPv6 bootstrapping
problem. In this draft, Mobile Node is assumed to be the initiator
of the Bootstrap procedure. This assumption is appropriate in many
scenarios, but there still exist some exceptions.
In Home Agent reliability problem[I-D.jfaizan-mipv6-ha-reliability],
Mobile Node will probability lose its Home Agent due to failure or
other reasons. The failure of Home Agent would result in the loss of
mobility with the Mobile Node. Under such condition, the Mobile Node
would lose its Home Agent, as well as Home Address and IPsec Security
Association with the Home Agent. It is obvious that Mobile will need
to re-bootstrap from another Home Agent to keep its mobility.
However, in this case, the Mobile Node will be infeasible to initiate
bootstrap procedure, because it could be slow for a Mobile Node
detecting whether its current serving Home Agent is still working or
not. Meanwhile, when another Home Agent which has detected this
event tries to notify the Mobile Node about this failure, providing
security protection to the failure notification signal without
manually configured IPsec Security Associations between the new Home
Agent and Mobile Node is diffcult.
In order to inform Mobile Node about Home Agent failure, [I-D.haley-
mip6-ha-switch] and [I-D.wakikawa-mip6-nemo-haha-spec] has defined
similiar Home Agent switch message as new Mobility Header type. This
message must be protected by IPsec in order to prevent malicious host
from applying Denial of Service to Mobile Node. However, according
to [RFC3776], all Mobile IPv6 message must be protected by IPsec SA
between Home Address of Mobile Node and Home Agent.
[I-D.devarapalli-mip6-nemo-local-haha] also propose that if there is
no existing security association, the Home Agent must negotiate an
IPsec SA.
then here has a contradiction between bootstrap and failure
notifcation message, for Mobile Node, it must firstly bootstrap from
the new Home Agent before the new Home Agent can send the
notification message to the Mobile Node. On the contrary, only after
Mobile node received nofitication message the mobile node can
initiate boostrap procedure with its new home agent. In this case,
Mobile Node is not appropriate for the initator of bootstrap
procedure. Therefore the solution defined in [I-D.ietf-mip6-
bootstrapping-split] is not appropriate for home agent realibilty and
load balance.
[I-D.jfaizan-mipv6-vhar] defined a synchronization solution for IPsec
SAD and SPD among multiple Home Agents sharing the same virtual HA
Li & Deng Expires January 12, 2006 [Page 3]
Internet-Draft HA Initiated Bootstrap for MIPv6 July 2005
address. In this case Mobile Node would not need to re-bootstrap and
re-establish IPsec SA with new Home Agent. But IPsec SA is not
designed in a way that can be easily synchronized among many hosts.
Also the synchronization signal will increase the traffic load on
Home Agent. Due to the packet loss of the synchronization signal,
its also difficult to maintain consistancy of SAD among different
Home Agents.
When and how a specific Home Agent know a Mobile Node current serving
Home Agent is unavailable and need to re-bootstrap from another Home
Agent is not covered in this solution. [I-D.deng-mip6-vrrp-
homeagent-reliability]would be useful in this case.
Li & Deng Expires January 12, 2006 [Page 4]
Internet-Draft HA Initiated Bootstrap for MIPv6 July 2005
2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
General mobility terminology can be found in [RFC3753]. The
following additional terms are used here:
Failed HA
A Failed HA is a Home Agent which is currently unavailable to
Mobile Nodes due to failure or some other reasons.
Initiator HA
An Initiator HA is a Home Agent which needs to initiate a
bootstrap proccedure with a Mobile Node in this solution.
MSA
Mobility Service Authorizer. A service provider that authorizes
Mobile IPv6 service.
MSP
Mobility Service Provider. A service provider that provides
Mobile IPv6 service. In order to obtain such service, the mobile
host must be authenticated and prove authorization to obtain the
service.
Split scenario
A scenario where mobility service and network access service are
authorized by different entities.
Li & Deng Expires January 12, 2006 [Page 5]
Internet-Draft HA Initiated Bootstrap for MIPv6 July 2005
3. Components of the solution
The following includes four different sub-problems in bootstrap as
discussed in [I-D.ietf-mip6-bootstrapping-split]. This list is a
brief overview of this solution.
o HA assginment - HA assignment is out of scope of this solution.
The assigned HA will initiate the bootstrap procedure with the
Mobile Node in this solution. HA assignment could be done within
a speicific HA reliability solution, such as a new Home Agent
detects the failure of other Home Agent takes over all the MN
served by the failed HA
o HA switch - In this scenario, this Mobile Node is previously
served by another HA, during bootstrap, the Mobile Node should de-
register from its old HA and bind to newly assigned HA. This
solution extend the HA switch message defined in [I-D.haley-mip6-
ha-switch]
o IPsec Security Associations setup - IPsec SA is negotiated through
IKEv2 exchanges initiated by HA. This solution defines a similiar
mechanism as provided in [I-D.ietf-mip6-ikev2-ipsec].
o HoA assignment - If the initiator HA and the failed HA locate in
the same home link and have the same network prefix, HoA
assignment is not necessary. Otherwise, a HoA configuration
solution is provided within IKEv2 exchanged
o Authentication and Authorization with MSA - Mobile Node in this
solution must be athenticated and authorized by MSA. The
authentication and authorization model in this solution could also
be referred as the split scenenario which is defined in [I-D.ietf-
mip6-bootstrapping-split].
Li & Deng Expires January 12, 2006 [Page 6]
Internet-Draft HA Initiated Bootstrap for MIPv6 July 2005
4. Protocol Operations
In a typical Home Agent initiated Bootstrap scenario, an initiator HA
will try to initiate Bootstrap with an MN when it detects the failure
of MN's current Home Agent.
Sometimes, the initiator HA and the failed HA are located in the same
link, therefore share the same network prefix. In this case, it is
possible for MN to keep its HoA previously registered with the failed
HA. When network prefix of the initiator HA and the failed HA are
different, the following Bootstrap procedure must configure HoA for
the MN.
This bootstrap scenario is also a split scenario as defined in
[I-D.ietf-mip6-bootstrapping-split].
4.1 Protocol Flow
HA initiated Bootstrap with new HoA configuration
+----+ +----+ +-----+
| MN | | HA | | DNS |
+----+ +----+ +-----+
IKEv2 exchange
(HoA configuration)
<======================>
HAS message
<-----------------------
BU (DNS update option)
----------------------->
DNS update
<------------------->
BA (DNS update option)
<-----------------------
Li & Deng Expires January 12, 2006 [Page 7]
Internet-Draft HA Initiated Bootstrap for MIPv6 July 2005
HA initiated Bootstrap without HoA configuration
+----+ +----+
| MN | | HA |
+----+ +----+
IKEv2 exchange
<======================>
HAS message
<-----------------------
BU
----------------------->
BA
<-----------------------
4.2 IKEv2 exchange
[I-D.ietf-mip6-ikev2-ipsec] described IKEv2 exchange that is
initiated by MN. IKEv2 exchange in this solution MUST be inititated
by HA.
IKE_AUTH exchange flow in a HA initiated Bootstrap is depicted as
following:
Home Agent Mobile Node
---------- -----------
HDR, SAi1, KEi, Ni -->
<-- HDR, SAr1, KEr, Nr, [CERTREQ]
HDR, SK {IDi, [CERT,] [CERTREQ,] [IDr,]
AUTH, SAi2, TSi, TSr}
-->
<-- HDR, SK {IDr, [CERT,] AUTH,
SAr2, TSi, TSr}
In IKE_AUTH exchange, the home agent MUST includes its identity in
the IDi payload. Three different types of identities could be used
for Home Agent to identify itself to Mobile Node.
Li & Deng Expires January 12, 2006 [Page 8]
Internet-Draft HA Initiated Bootstrap for MIPv6 July 2005
o Home Agent Address - The home agent could use its address as the
identifier and set the ID Type field to ID_IPV6_ADDR
o FQDN - The mobile node can use a Fully Qualified Domain Name as
the identifier and set the ID Type field to ID_FQDN.
o RFC 822 identifier - If the mobile node uses a RFC 822 identifier
[RFC0822], it sets the ID Type field to ID_RFC822_ADDR.
The mobile node MUST includes its identity in the IDr payload during
IKE_AUTH exchange. Different types of identities could be used for
Mobile Node to identify itself for bootstrap.
o FQDN - The mobile node can use a Fully Qualified Domain Name as
the identifier and set the ID Type field to ID_FQDN.
o RFC 822 identifier - If the mobile node uses a RFC 822 identifier
[RFC0822], it sets the ID Type field to ID_RFC822_ADDR.
When IKE_AUTH exchange completes, the Home Agent MUST initiate
CREATE_CHILD_SA messages to negotiate SA for protecting undergoing
Home Agent Switch message defined in [I-D.haley-mip6-ha-switch], as
well as other Mobile IPv6 messages as specified in [I-D.ietf-mip6-
ikev2-ipsec].
CREATE_CHILD_SA exchange flow in a HA initiated Bootstrap is depicted
as following:
Home Agent Mobile Node
---------- -----------
HDR, SK {[N], SA, Ni, [KEi],
[TSi, TSr]} -->
<-- HDR, SK {SA, Nr, [KEr],
[TSi, TSr]}
The home agent MUST set the TSr (Traffic Selector-responder) payload
to the mobile node's home address in the CREATE_CHILD_SA request
message, so that the security associations are created based on the
home address of mobile node.
4.3 Home Agent Switch message
After IKE exhanges, the initiator Home Agent MUST send Home Agent
Switch signal to the mobile node on behalf of the failed Home Agent
in order to inform the mobile node that it should register to the
Li & Deng Expires January 12, 2006 [Page 9]
Internet-Draft HA Initiated Bootstrap for MIPv6 July 2005
initiator Home Agent itself.
In this solution, Message format defined in [I-D.haley-mip6-ha-
switch] is extened as following:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|# of Addresses |B| Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ +
. .
. Home Agent Addresses .
. .
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ +
. .
. Mobility options .
. .
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
B bit - The letter 'B' stands for bootstrap. With this bit set in HA
switch message, mobile node MUST NOT send Binding Update signal to
its origal Home Agent to de-register from the binding cache.
The initiator Home Agent in this solution MUST set the 'B' bit to 1,
and SHOULD include and only include its own address in the Home Agent
switch message.
Upon receiving the Home Agent switch message by the mobile node with
'B' bit set to 1, the mobile node MUST delete its local binding
state, without sending a Binding Update message to its orignal Home
Agent, and the mobile node MUST send Binding Update signal to the
home agent address specified in the HA switch message.
The HA switch message sent by the initiator HA and the following BU
meesage sent by the MN MUST be protected by IPsec SA negotiated
during IKE exchanges as defined in [RFC3776].
Li & Deng Expires January 12, 2006 [Page 10]
Internet-Draft HA Initiated Bootstrap for MIPv6 July 2005
4.4 Home Address Configuration
When the initiator HA and the failed HA are located separately with
different network prefix, the Mobile Node served by the failed HA
MUST be assigned with new home address during Bootstrap.
Home Address configuration takes place in IKE_AUTH exchanges:
Home Agent Mobile Node
---------- -----------
HDR, SK {IDi, [CERT,] [CERTREQ,]
[IDr,] AUTH, CP(CFG_REPLY),
SAi2, TSi, TSr}
-->
<-- HDR, SK {IDr, [CERT,] AUTH,
SAr2, TSi, TSr}
As depicted in above figure, an unsolicited CFG_REPLY with
INTERNAL_IP6_ADDRESS is included in the IKE_AUTH message sent by Home
Agent. Mobile Node should use the address specified in
INTERNAL_IP6_ADDRESS attribute in CFG_REPLY payload as its new Home
Address. Note that this unsolicited CFG_REPLY violates the
specification in [I-D.ietf-ipsec-ikev2], but it is necessary in this
solution.
The Home Agent could use a similiar method as defined in [I-D.ietf-
mip6-ikev2-ipsec] to allocate Home Address to Mobile Node.
Home Address auto-configuration defined in [I-D.ietf-mip6-
bootstrapping-split] may not applicable in this solution because no
CFG_REQUEST payload appears in this procotol.
Li & Deng Expires January 12, 2006 [Page 11]
Internet-Draft HA Initiated Bootstrap for MIPv6 July 2005
5. Performance Considerations
Home Agent may have many Mobile Nodes registered to it. When HA
fails, all the MN that were served by the failed HA should re-
register to other HAs. Without careful design, severe performance
problem would occur due to multiple IKE negotiation taking place on
HA simultaneously.
An initiator Home Agent SHOULD control the number of IKE exchange
simultaneously to prevent Denial of Service due to overloaded by
cryptographic algorithm. An initiator Home Agent SHOULD also bring
best effort to recover those MN that were served by the failed HA.
Li & Deng Expires January 12, 2006 [Page 12]
Internet-Draft HA Initiated Bootstrap for MIPv6 July 2005
6. IANA Considerations
This document requires no action from IANA.
Li & Deng Expires January 12, 2006 [Page 13]
Internet-Draft HA Initiated Bootstrap for MIPv6 July 2005
7. Security Considerations
This document describes a security mechanism used in a particular
bootstrap scenario of Mobile IPv6.
Please refer to [RFC3776] [I-D.ietf-mip6-bootstrapping-split]
[I-D.ietf-mip6-ikev2-ipsec] for further security considerations
Li & Deng Expires January 12, 2006 [Page 14]
Internet-Draft HA Initiated Bootstrap for MIPv6 July 2005
8. References
8.1 Normative References
[RFC0822] Crocker, D., "Standard for the format of ARPA Internet
text messages", STD 11, RFC 822, August 1982.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3753] Manner, J. and M. Kojo, "Mobility Related Terminology",
RFC 3753, June 2004.
[RFC3775] Johnson, D., Perkins, C., and J. Arkko, "Mobility Support
in IPv6", RFC 3775, June 2004.
[RFC3776] Arkko, J., Devarapalli, V., and F. Dupont, "Using IPsec to
Protect Mobile IPv6 Signaling Between Mobile Nodes and
Home Agents", RFC 3776, June 2004.
8.2 Informative References
[I-D.deng-mip6-vrrp-homeagent-reliability]
Deng, H., Duan, X., Li, Q., and R. Zhang, "Reliability and
Load Balance among multiple Home Agents",
draft-deng-mip6-vrrp-homeagent-reliability-00 (work in
progress), July 2005.
[I-D.devarapalli-mip6-nemo-local-haha]
Devarapalli, V., "Local HA to HA protocol",
draft-devarapalli-mip6-nemo-local-haha-00 (work in
progress), July 2005.
[I-D.haley-mip6-ha-switch]
Haley, B., "Mobility Header Home Agent Switch Message",
draft-haley-mip6-ha-switch-00 (work in progress),
April 2005.
[I-D.ietf-ipsec-ikev2]
Kaufman, C., "Internet Key Exchange (IKEv2) Protocol",
draft-ietf-ipsec-ikev2-17 (work in progress),
October 2004.
[I-D.ietf-mip6-bootstrap-ps]
Patel, A., "Problem Statement for bootstrapping Mobile
IPv6", draft-ietf-mip6-bootstrap-ps-02 (work in progress),
March 2005.
Li & Deng Expires January 12, 2006 [Page 15]
Internet-Draft HA Initiated Bootstrap for MIPv6 July 2005
[I-D.ietf-mip6-bootstrapping-split]
Giaretta, G., "Mobile IPv6 bootstrapping in split
scenario", draft-ietf-mip6-bootstrapping-split-00 (work in
progress), June 2005.
[I-D.ietf-mip6-ikev2-ipsec]
Devarapalli, V., "Mobile IPv6 Operation with IKEv2 and the
revised IPsec Architecture",
draft-ietf-mip6-ikev2-ipsec-01 (work in progress),
February 2005.
[I-D.jfaizan-mipv6-ha-reliability]
Faizan, J., "Problem Statement: Home Agent Reliability",
draft-jfaizan-mipv6-ha-reliability-01 (work in progress),
February 2004.
[I-D.jfaizan-mipv6-vhar]
El-Rewini, H., Khalil, M., and J. Faizan, "Virtual Home
Agent Reliability Protocol (VHAR)",
draft-jfaizan-mipv6-vhar-02 (work in progress),
April 2004.
[I-D.wakikawa-mip6-nemo-haha-spec]
Wakikawa, R., "Inter Home Agents Protocol Specification",
draft-wakikawa-mip6-nemo-haha-spec-00 (work in progress),
October 2004.
Authors' Addresses
Qin Li
Beihang University
No. 35 Xueyuan Road
Haidian District
Beijing 100083
China
Email: liqin@cse.buaa.edu.cn
Li & Deng Expires January 12, 2006 [Page 16]
Internet-Draft HA Initiated Bootstrap for MIPv6 July 2005
Hui Deng
Hitachi
Beijing Fortune Bldg. 1701
5 Dong San Huan Bei-Lu
Chao Yang District
Beijing 100004
China
Email: hdeng@hitachi.cn
Li & Deng Expires January 12, 2006 [Page 17]
Internet-Draft HA Initiated Bootstrap for MIPv6 July 2005
Intellectual Property Statement
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
Disclaimer of Validity
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Copyright Statement
Copyright (C) The Internet Society (2005). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights.
Acknowledgment
Funding for the RFC Editor function is currently provided by the
Internet Society.
Li & Deng Expires January 12, 2006 [Page 18]