Internet DRAFT - draft-qin-mip6-dsbootstrapping
draft-qin-mip6-dsbootstrapping
Network Working Group X. Qin
Internet-Draft C. Wan
Expires: November 2, 2006 Huawei Nanjing China
May 2006
Bootstrapping of mobile entity with an ipv6 home address roaming into
the ipv4 network
draft-qin-mip6-dsbootstrapping-00
Status of this Memo
By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on November 2, 2006.
Copyright Notice
Copyright (C) The Internet Society (2006).
Abstract
DSMIPv6 [V4TRAVERSAL] defines how the dual-stack mobile node roams in
the IPv4 network. It assumes that home agent and mobile node support
mipv4 and mipv6 protocol, and home agent could assign an IPv4 address
for the mobile node. This assumption works during many scenarios.
However, as the IPv4 address is a scarce resource in many countries,
the mobile IPv6 home agent does not own Ipv4 address pools, not
support IPv4 protocol and mobile IP4 protocol. In such scenario, a
Qin & Wan Expires November 2, 2006 [Page 1]
�
Internet-Draft MIPv6 Bootstrapping in ipv4 network May 2006
temporary ipv4 home address is more useful. [Routing] Focuses on the
solution to such scenario. In this solution, mobile nodes get
temporary IPv4 home addresses from the foreign home agent . The
scenarios and solutions defined in [Routing] are the preliminary of
this document. This document describes the bootstrapping of the
dual-stack MIPv6-homed mobile entity in Mobile IPv4 network.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4
3. Assumption . . . . . . . . . . . . . . . . . . . . . . . . . . 5
4. Protocol Overview . . . . . . . . . . . . . . . . . . . . . . 6
4.1. Integrated ASP Scenario . . . . . . . . . . . . . . . . . 7
4.1.1. Co-located Mobile Node . . . . . . . . . . . . . . . . 7
4.1.2. Registration through a Foreign Agent . . . . . . . . . 8
4.2. Mobile Service Subscription Scenario . . . . . . . . . . . 9
4.2.1. Co-located Mobile Node . . . . . . . . . . . . . . . . 10
4.2.2. Registration through a Foreign Agent . . . . . . . . . 11
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13
6. Security Considerations . . . . . . . . . . . . . . . . . . . 14
7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 15
7.1. Normative References . . . . . . . . . . . . . . . . . . . 15
7.2. Informative References . . . . . . . . . . . . . . . . . . 15
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 16
Intellectual Property and Copyright Statements . . . . . . . . . . 17
Qin & Wan Expires November 2, 2006 [Page 2]
�
Internet-Draft MIPv6 Bootstrapping in ipv4 network May 2006
1. Introduction
The solution defined in [Routing] requires the MIPv6-homed dual stack
mobile node to have knowledge of its IPv6 home address, the temporary
Ipv4 home address, the home agent address, the foreign home agent
address and security parameters. The mechanism via which the mobile
node obtains these information is called dual stack bootstrapping.
In order to allow a flexible deployment model for mobile IPv6
protocol traversing over mobile IPv4 protocol, it is desirable to
define a bootstrapping mechanism for the mobile node to acquire these
parameters dynamically. [INTEGRATEDV6] and [SPLITV6] described
several scenarios and methods on Mobile IPv6 bootstrapping in detail.
As an protocol extension, this document depicts the scheme to
facilitate dual stack bootstrapping via the AAA structure.
Qin & Wan Expires November 2, 2006 [Page 3]
�
Internet-Draft MIPv6 Bootstrapping in ipv4 network May 2006
2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in BCP 14 RFC 2119
[STANDARDS].
Foreign Home Agent
Foreign Home Agent is a function entity that can provide temporary
ipv4 address for the mobile entity.
THOAv4
Temporary ipv4 Home Address
Dual-Stack ASP
Access Service Provider that provides Mobile IPv6 and Mobile IPv4
service. The ASP could assign an IPv4 address for the mobile
node.
Mobile Service Provider (MSP)
A service provider that provides Mobile IPv6 service. In order to
obtain such service, the mobile node must be authenticated and
prove authorization to obtain the service.
Mobile Node (MN)
The mobile node is defined in mobile IPv6 or mobile IPv4 protocol.
Home AAA server (AAAH)
The AAAH is a AAA server that operates in the home network. The
home network is the network that holds the user record.
Foreign AAA server (AAAF)
The AAAF resides in the same domain that hosts the foreign agent
in the foreign IPv4 network. Other Broker AAA "proxy servers" may
exist between the AAAF and the AAAH. The role of these "proxy
servers" is not germane to this document and will not be discussed
henceforth.
Qin & Wan Expires November 2, 2006 [Page 4]
�
Internet-Draft MIPv6 Bootstrapping in ipv4 network May 2006
3. Assumption
This document is to introduce the solution to bootstrap the MIPv6-
homed mobile node roamed in foreign mobile IPv4 network.
The following are two basic assumptions:
o One typical way of verifying the trust relationship is using
authentication, authorization, and accounting (AAA)
infrastructure. In real deployments, there must be an AAA server
which provides enough information to bootstrap the Dual-Stack
mobile node in dual stack access service provider. The server
shall assign dynamically the foreign home agent(FHA) to a distinct
user according to its location and the subscription with the
access service provider and mobile service provider. And the
mobile node must be configured with an identity and credentials,
for instance an NAI and a shared secret by some out-of-band means
(i.e. Manual configuration) before bootstrapping.
o Like the scenario mentioned in [Routing], this draft believes
that some of mobile IPv6 home agents have no IPv4 addresses
assigned to the dual stack mobile nodes. So, mobile IPv4 access
service provider provides foreign home agents to support the
mobility management of the dual stack IPv6-homed mobile node.
Qin & Wan Expires November 2, 2006 [Page 5]
�
Internet-Draft MIPv6 Bootstrapping in ipv4 network May 2006
4. Protocol Overview
Mobile IPv4 working group has developed extensions for the
registration process to allow the MN and mobility agents to request
assistance from the AAA server in authentication [MIP4CHAL] and
creation of the key material [MIPKEYS]. [MIP4RD] provide an overview
of how a mobility agent and a RADIUS server can interact during a
mobile node registration process, to perform registration,
authentication and key distribution. This document depends on the
description presented in these drafts. Thus, only this document aims
to present the distinct part.
As we know, mobility service and network access service can be
separate and may be authorized by different entities. As the MSP and
ASP are the same entity, the scenario is Integrated ASP scenario; As
the MSP is different with the ASP, the scenario is called Mobile
Service Subscription Scenario. The taxonomy is similar to [BOOT-PS].
Figure 1 describes the scheme figure of AAA design for integrated ASP
scenario. Figure 4 describes the scheme figure of AAA design for
Mobile Service Subscription Scenario.
When the dual stack mobile node roams in mobile IPv4 network, the
mobile node is bootstrapped from mobile IPv4 protocol. Depending on
the type of Care-of Address and the mobility agents used during
Mobile IPv4 registration there are two possible cases to consider:
1- When the MN acquires a co-located CoA (CCoA), it registers
directly with the FHA without the interaction of a Mobile IP
foreign agent.
2-a) When the MN acquires a CoA from a Mobile IP foreign agent
(FA) on the foreign network, the MN must register through the FA
and use the FA based CoA for Mobile IP registration. The FA
forwards the registration to the FHA for processing. b) When the
MN acquires a CCoA but the FA requires the MN to register via the
FA (R-bit set in Agent Advertisement), the MN must send the
registration request to the FA. The FA forwards the registration
messages to/from the FHA.
The two cases are similar to the cases defined in [MIP4RD]. Only
difference is that the mobile IPv4 registration messages are sent to/
from the FHA. In mobile IPv4 network, FHA is the "home agent" of the
mobile node. The FA or mobile node considers FHA as mobile node's
HA. An IPv4 tunnel is built between mobile node and FHA. When the
mobile node sends IPv6 packets to its home agent or correspondent
node, the IPv6 packets are encapsulated in the IPv4 tunnel. When the
mobile node receives IPv6 packets, the IPv6 packets are encapsulated
in the IPv4 tunnel. The home agent and correspondent node do not
Qin & Wan Expires November 2, 2006 [Page 6]
�
Internet-Draft MIPv6 Bootstrapping in ipv4 network May 2006
know that the mobile node is in the mobile IPv4 network.
4.1. Integrated ASP Scenario
In the integrated ASP scenario dual stack bootstrapping is provided
as part of the network access authentication procedure. Figure 1
shows the participating entity.
-------ASP------->|<--Home MSP--
+--------------------->+------+
| +---->| AAAH |
| | +------+
| | ^
| | |
v v v
+----+ +--------+ +-------+ +------+
| MN |<------->| NAS/FA |<-------->| FHA | | HA |
+----+ +--------+ +-------+ +------+
^ ^
|_________________________________________________|
Figure 1: Integrated ASP scenario
as shown above, the MN attaches to a Access Service Provider's
network. During this network attachment procedure, the NAS/AAA
client interacts with the mobile node. As shown in Figure 1, the
authentication and authorization happens via an AAA infrastructure.
In the integrated ASP scenario, the ASP and MSP are the same entity,
the NAS, FHA and HA send the access request/ response to/from the
same AAAH. The bootstrapping information could be provided by the
AAAH.
4.1.1. Co-located Mobile Node
In the case where the MN acquires a co-located CoA (CCoA), the MN
registers its CCoA with the FHA directly. Figure 2shows the
procedure of dual stack bootstrapping. The FHA supports both IPv6
and MIPv4. At the network access authentication phase, NAS and AAAH
should assign the proper Foreign Home Agent and the co-located
address to the mobile node. The FHA assignment and co-located
address extensions could be appended to authentication response
message in step 3. In step 4,5,6, the Mobile node creates a
registration request (RRQ), and sends to the FHA. At this moment,
the mobile node does not own IPv6 HoA, IPv6 CoA and THOAv4. The
temporary IPv4 home address packed in RRQ is not available, the
procedure of getting the temporary IPv4 home address is depicted in
Qin & Wan Expires November 2, 2006 [Page 7]
�
Internet-Draft MIPv6 Bootstrapping in ipv4 network May 2006
[RFC2794]. After the mobile node is authenticated by the FHA and
AAAH, the IPv6 HoA, HA assignment, temporary IPv4 home address and
IPv6 care-of address should be appended in mobile IPv4 registration
reply(RRP). Finally, the mobile node obtains the mobility in mobile
IPv4 network and the bootstrapping parameters for mobile IPv6
protocol.
MN NAS FHA AAAH HA
|1.Access Req| | |
| --------->| | |
| | 2.Access Request | |
| | ------------------------> | |
| | Access Accept | |
| 3. | <-------------------------| |
|Access Rep. | | |
| <--------- | | |
| | | | |
| 4.Reg Req. | | |
| ------------------->| | |
| | 5.Access Request| |
| | --------------> | |
| | Access Accept | |
| |<----------------| |
| 6.Reg Rep. | | |
| <------------------- | BU | |
| ------------------------------------------------->|
| |Access-Req |
| | --------->|
| |Access-resp|
| |<--------- |
| BA | |
| <------------------------------------------------ |
Figure 2: Co-located Mobile Node Bootstrapping In Integrated ASP
Scenario
4.1.2. Registration through a Foreign Agent
When the MN uses FA based CoA or CcoA with R-bit set, it needs to
send its registration request to the FA. The registration procedure
is defined in [RFC3344]. Moreover, some extensions should be
supported by FA, FHA and AAAH for the requirement from dual stack
bootstrapping, such as, HA assignment,IPv6 HoA, IPv6 CoA and THOAv4.
The Figure 3 shows the procedure of dual stack bootstrapping when the
mobile node obtains the foreign-based CoA or CcoA withe R-bit set.
Qin & Wan Expires November 2, 2006 [Page 8]
�
Internet-Draft MIPv6 Bootstrapping in ipv4 network May 2006
MN NAS/FA FHA AAAH HA
|1.Access Req| | |
| --------->| | |
| | 2.Access Request | |
| | ------------------------> | |
| | Access Accept | |
| 3. | <-------------------------| |
|Access Rep. | | |
| <--------- | | |
| | | | |
| 4.Reg Req.| Relay | | |
| --------->|-------->| | |
| | | 5.Access Req | |
| | | --------------> | |
| | | Access Rep | |
| | |<----------------| |
| 6.Reg Rep | | |
| <----------|<------- | BU | |
| ------------------------------------------------->|
| |Access-Req |
| | --------->|
| |Access-resp|
| |<--------- |
| BA | |
| <------------------------------------------------ |
Figure 3: Foreign-based CoA case Mobile Node Bootstrapping In
Integrated ASP Scenario
4.2. Mobile Service Subscription Scenario
In this scenario, the assumption is the ASP and the home MSP are not
the same entity. The MN has a subscription with the home MSP. The
home MSP have an agreement with the FHA within the ASP, or the home
MSP administrates the FHA and provides service as the mobile IPv4
Home Agent at the border between the mobile IPv4 network and mobile
IPv6 network. Figure 4 shows the scheme of the scenario.
Qin & Wan Expires November 2, 2006 [Page 9]
�
Internet-Draft MIPv6 Bootstrapping in ipv4 network May 2006
-------ASP------->|<--Home MSP--
+------+ +------+
| AAAF | +-------->| AAAH |
+------+ | +------+
^ | ^
| | |
| | |
v v v
+----+ +--------+ +-------+ +------+
| MN |<------->| NAS/FA |<----->| FHA |<-->| HA |
+----+ +--------+ +-------+ +------+
^ ^
|______________________________________________|
Figure 4: Mobile Service Subscription Scenario
4.2.1. Co-located Mobile Node
This section is greatly similar to Section 4.1.1. Only difference is
the mobile node should have the trust relationship with the AAAF in
ASP. The authentication messages are sent to/from AAAF at NAS. The
co-located address and the FHA FQDN or address are assigned by AAAF.
However, the FHA sends the authentication messages to/from AAAH. The
IPv6 HoA, temporary IPv4 home address, IPv6 CoA and the IPv6 Home
Agent address are provided by the AAAH server.
Qin & Wan Expires November 2, 2006 [Page 10]
�
Internet-Draft MIPv6 Bootstrapping in ipv4 network May 2006
AAAH/
MN NAS FHA AAAF HA
|1.Access Req| | |
| --------->| | |
| | 2.Access Request | |
| | ------------------------> | |
| | Access Accept | |
| 3. | <-------------------------| |
|Access Rep. | | |
| <--------- | | |
| | | | |
| 4.Reg Req. | | |
| ------------------->| | |
| | 5.Access Request| |
| | --------------> | |
| | Access Accept | |
| |<----------------| |
| 6.Reg Rep. | | |
| <------------------- | BU | |
| ------------------------------------------------->|
| |Access-Req |
| | --------->|
| |Access-resp|
| |<--------- |
| BA | |
| <------------------------------------------------ |
Figure 5: Co-located Mobile Node Bootstrapping in Mobile Service
Subscription scenario
4.2.2. Registration through a Foreign Agent
This section is greatly similar to Section 4.1.2. Only difference is
the mobile node should have the trust relationship with the AAAF in
ASP. The authentication messages are sent to/from AAAF at NAS. The
care-of address and the FHA FQDN or address are assigned by AAAF.
However, the FHA sends the authentication messages to/from AAAH. The
IPv6 HoA, temporary IPv4 home address, IPv6 CoA and the IPv6 Home
Agent address are provided by the AAAH server.
Qin & Wan Expires November 2, 2006 [Page 11]
�
Internet-Draft MIPv6 Bootstrapping in ipv4 network May 2006
AAAH/
MN NAS/FA FHA AAAF HA
|1.Access Req| | |
| --------->| | |
| | 2.Access Request | |
| | ------------------------> | |
| | Access Accept | |
| 3. | <-------------------------| |
|Access Rep. | | |
| <--------- | | |
| | | | |
| 4.Reg Req.| Relay | | |
| --------->|-------->| | |
| | | 5.Access Req | |
| | | --------------> | |
| | | Access Rep | |
| | |<----------------| |
| 6.Reg Rep | | |
| <----------|<------- | BU | |
| ------------------------------------------------->|
| |Access-Req |
| | --------->|
| |Access-resp|
| |<--------- |
| BA | |
| <------------------------------------------------ |
Figure 6: Foreign-based CoA Case Mobile Node Bootstrapping In Mobile
Service Subscription Scenario
Qin & Wan Expires November 2, 2006 [Page 12]
�
Internet-Draft MIPv6 Bootstrapping in ipv4 network May 2006
5. IANA Considerations
No consideration.
Qin & Wan Expires November 2, 2006 [Page 13]
�
Internet-Draft MIPv6 Bootstrapping in ipv4 network May 2006
6. Security Considerations
[MIPKEYS]can be used to create Mobility Security Associations between
the MN and FHA.
Qin & Wan Expires November 2, 2006 [Page 14]
�
Internet-Draft MIPv6 Bootstrapping in ipv4 network May 2006
7. References
7.1. Normative References
[MIPKEYS] IETF, "AAA Registration Keys for Mobile IP", RFC 3957,
March 2005.
[RFC2794] "Mobile IP Network Access Identifier Extension for IPv4",
RFC 2794, March 2000.
[RFC3344] "IP Mobility Support for IPv4", RFC 3344, August 2002.
[STANDARDS]
"Key words for use in RFCs to Indicate Requirement
Levels", RFC 2119, October 1997,
<ftp://ftp.isi.edu/in-notes/rfc2119.txt>.
7.2. Informative References
[BOOT-PS] "Problem Statement for bootstrapping Mobile IPv6",
January 2006.
[INTEGRATEDV6]
"MIP6-bootstrapping via DHCPv6 for the Integrated
Scenario", June 2006.
[MIP4CHAL]
"Mobile IPv4 Challenge/Response Extensions (revised)",
January 2006.
[MIP4RD] "RADIUS Mobile IPv4 extensions", July 2005.
[Routing] Wan, "Route management of mobile entity with an ipv6 home
address roaming into the ipv4 network", 2006.
[SPLITV6] "Mobile IPv6 bootstrapping in split scenario", March 2006.
[V4TRAVERSAL]
"Dual Stack Mobile IPv6 (DSMIPv6)", March 2006.
Qin & Wan Expires November 2, 2006 [Page 15]
�
Internet-Draft MIPv6 Bootstrapping in ipv4 network May 2006
Authors' Addresses
Xia Qin
Huawei Nanjing China
Email: Alice.Q@huawei.com
Changsheng Wan
Huawei Nanjing China
Email: wanchangsheng@huawei.com
Qin & Wan Expires November 2, 2006 [Page 16]
�
Internet-Draft MIPv6 Bootstrapping in ipv4 network May 2006
Intellectual Property Statement
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
Disclaimer of Validity
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Copyright Statement
Copyright (C) The Internet Society (2006). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights.
Acknowledgment
Funding for the RFC Editor function is currently provided by the
Internet Society.
Qin & Wan Expires November 2, 2006 [Page 17]
�
