Internet DRAFT - draft-perkins-netext-hatunaddr

draft-perkins-netext-hatunaddr





Network-Based Mobility Extensions                             C. Perkins
(netext)                                                  Futurewei Inc.
Internet-Draft                                                  May 2012
Expires: November 2, 2012


         Alternate Tunnel Source Address for LMA and Home Agent
                 draft-perkins-netext-hatunaddr-00.txt

Abstract

   Widely deployed mobility management systems for wireless
   communications have isolated the path for forwarding data from the
   control plane signaling for mobility management.  To realize this
   requirement with Mobile IP requires that the control functions of the
   home agent be addressable at a different IP address than the source
   IP address of the tunnel between the home agent and mobile node.
   Similar considerations hold for mobility anchors implementing
   Hierarchical Mobile IP or PMIP.

Status of this Memo

   This Internet-Draft is submitted to IETF in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on November 2, 2012.

Copyright Notice

   Copyright (c) 2012 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must



Perkins                 Expires November 2, 2012                [Page 1]

Internet-Draft           Alternate LMA/HA Tunnel                May 2012


   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.
















































Perkins                 Expires November 2, 2012                [Page 2]

Internet-Draft           Alternate LMA/HA Tunnel                May 2012


1.  Introduction

   Mobile IP [4] and Mobile IPv6 [5] associate the Home Agent's IP
   address both with the target of control messages form the mobile
   node, and the source IP address for packets tunneled to the mobile
   node from the Home Agent.  However, in most contemporary commercial
   mobility management systems, these two IP addresses are not the same.
   Thus, Mobile IP has been seen as missing an important feature, and
   perhaps for that reason not fully integrated into the mobility
   management systems for commercial wireless ISPs.  In this document,
   we specify a simple extension for Mobile IPv6 to enable a mobile node
   to receive packets tunneled to it from an IP address different from
   the IP address used for sending Binding Updates and other control
   messages from Mobile IPv6.  The extension is applied to the Binding
   Acknowledgement message, which is expected to be processed by the
   mobile node before any packets are tunneled to the mobile node from
   the home agent.  Almost identical considerations hold for Mobile
   IPv4, Proxy MIP [2], Hierarchical Mobile IP [3].  Similar extensions
   to the registration messages in those MIP variations will also be
   specified in this document.































Perkins                 Expires November 2, 2012                [Page 3]

Internet-Draft           Alternate LMA/HA Tunnel                May 2012


2.  Alternate Home Agent Tunnel Address for PMIPv6 and Mobile IPv6

   The "Alternate Home Agent Tunnel Address" option may be included as
   an extension to the Binding Acknowledgement message.  The Alternate
   Home Agent Tunnel Address option has an alignment requirement of
   8n+6.  Its format is as follows:

        0                   1                   2                   3
        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
                                       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                                       |  Type = TBD   |  Length = 16  |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                                                               |
       +                                                               +
       |                                                               |
       +              Alternate Home Agent Tunnel Address              +
       |                                                               |
       +                                                               +
       |                                                               |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   The "Alternate Home Agent Tunnel Address" option may be included as
   an extension to the Binding Acknowledgement message.  When the mobile
   node receives Binding Acknowledgement message including the Alternate
   Home Agent Tunnel Address, it should enable decapsulation for packets
   arriving from that alternate address.  Moreover, the mobile node MUST
   then use the alternate HA tunnel IP address whenever tunneling
   packets (using IPv6-in-IPv6 encapsulation [1]) through that the home
   agent.

   If the Binding Acknowledgement message has the 'P' set, it is being
   sent from the LMA to the MAG, and is called a "Proxy Binding
   Acknowledgement" message[2].  In this case, the "Alternate Home Agent
   Tunnel Address" option may also be included.  When the MAG receives
   such a Proxy Binding Acknowledgement message including the Alternate
   Home Agent Tunnel Address, it should enable decapsulation for packets
   arriving from that alternate address.  Moreover, the MAG MUST then
   use the alternate HA tunnel IP address whenever tunneling the mobile
   node's packets to that LMA.

   If the mobile node sets the 'M' bit in the Binding Update, then the
   effect is to register a regional care-of address with the local MAP
   as defined in Hierarchical Mobile IP [3].  In this case, the Binding
   Acknowledgement message may also include the "Alternate Home Agent
   Tunnel Address" option.  When the mobile node receives such a Binding
   Acknowledgement message including the Alternate Home Agent Tunnel
   Address, it should enable decapsulation for packets arriving from
   that alternate address.  Moreover, the mobile node MUST then use the



Perkins                 Expires November 2, 2012                [Page 4]

Internet-Draft           Alternate LMA/HA Tunnel                May 2012


   alternate HA tunnel IP address whenever tunneling the mobile node's
   packets to that MAP.

















































Perkins                 Expires November 2, 2012                [Page 5]

Internet-Draft           Alternate LMA/HA Tunnel                May 2012


3.  Alternate Home Agent Tunnel Address for Mobile IPv4

   The "Alternate Home Agent Tunnel Address" option may be included as
   an extension to the Registration Reply message.  Its format is as
   follows:

        0                   1                   2                   3
        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |  Type = TBD   |  Length = 6   |           Reserved            |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |            Alternate IPv4 Home Agent Tunnel Address           |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Reserved

      Sent as zero; ignored on reception.

   Alternate IPv4 Home Agent Tunnel Address

      The Alternate IPv4 Home Agent Tunnel Address required by this home
      agent.

   The home agent may include the "Alternate IPv4 Home Agent Tunnel
   Address" as an extension to the Registration Reply message.  When the
   mobile node receives Registration Reply message including the
   Alternate IPv4 Home Agent Tunnel Address, it MUST enable
   decapsulation for packets arriving from that alternate address.
   Moreover, the mobile node MUST then use the alternate HA tunnel IP
   address whenever tunneling packets through that the home agent.





















Perkins                 Expires November 2, 2012                [Page 6]

Internet-Draft           Alternate LMA/HA Tunnel                May 2012


4.  Security Considerations

   This document does not introduce any security mechanisms, and does
   not have any impact on existing security mechanisms.  Since the
   Binding Acknowledgement and Registration Reply messages to the mobile
   node are required to be secured, including the Alternate Home Agent
   Tunnel Address extension will not enable a malicious node to create
   any disruption to the desired tunneling behavior along the data path.

   In cases where confidentiality is required for traffic between the
   mobile node and HA-D [i.e., the data-plane home-agent] tunnel
   termination IP address, a security association will be required.  For
   this, there are at least two options:

   IKEv2

      The mobile node and HA-D can establish a security association
      using IKEv2 [7]

   Update to RFC 3957 (Authentication, Authorization, and Accounting
   (AAA) Registration Keys for Mobile IPv4)

      A new extension for the Binding Acknowledgement and/or
      Registration Reply could be specified for use by the mobile node
      to calculate a shared secret and establish a derived security
      association with the HA-D.  This extension would be similar to the
      "Generalized MN Key Generation Nonce" extensions already specified
      in RFC 3957 [6]

   For the second option, a new calculation is needed in order to ensure
   that the IP addresses of both the HA-D and the mobile node are
   included in the input for the cryptographic hash function.



















Perkins                 Expires November 2, 2012                [Page 7]

Internet-Draft           Alternate LMA/HA Tunnel                May 2012


5.  IANA Considerations

   This document creates a new Mobility Option for Mobile IPv6 that can
   be included in the Binding Acknowledgement message.  The protocol
   number for this new Mobility Option, the "Alternate Home Agent Tunnel
   Address" option, should be allocated from the space of Mobility
   Options for Mobile IPv6.

   This document creates a new Extension for Mobile IPv4 that can be
   included in the Registration Reply message.  The protocol number for
   this new Extension, the "Alternate IPv4 Home Agent Tunnel Address"
   option, should be allocated from the space of non-skippable
   extensions for Mobile IPv4 (i.e., a number within the range 0--127).






































Perkins                 Expires November 2, 2012                [Page 8]

Internet-Draft           Alternate LMA/HA Tunnel                May 2012


6.  References

6.1.  Normative References

   [1]  Conta, A. and S. Deering, "Generic Packet Tunneling in IPv6
        Specification", RFC 2473, December 1998.

   [2]  Gundavelli, S., Leung, K., Devarapalli, V., Chowdhury, K., and
        B. Patil, "Proxy Mobile IPv6", RFC 5213, August 2008.

   [3]  Soliman, H., Castelluccia, C., ElMalki, K., and L. Bellier,
        "Hierarchical Mobile IPv6 (HMIPv6) Mobility Management",
        RFC 5380, October 2008.

   [4]  Perkins, C., "IP Mobility Support for IPv4, Revised", RFC 5944,
        November 2010.

   [5]  Perkins, C., Johnson, D., and J. Arkko, "Mobility Support in
        IPv6", RFC 6275, July 2011.

6.2.  Informative References

   [6]  Perkins, C. and P. Calhoun, "Authentication, Authorization, and
        Accounting (AAA) Registration Keys for Mobile IPv4", RFC 3957,
        March 2005.

   [7]  Kaufman, C., Hoffman, P., Nir, Y., and P. Eronen, "Internet Key
        Exchange Protocol Version 2 (IKEv2)", RFC 5996, September 2010.























Perkins                 Expires November 2, 2012                [Page 9]

Internet-Draft           Alternate LMA/HA Tunnel                May 2012


Author's Address

   Charles E. Perkins
   Futurewei Inc.
   2330 Central Expressway
   Santa Clara, CA 95050
   USA

   Email: charliep@computer.org










































Perkins                 Expires November 2, 2012               [Page 10]