Responder Initiated IP Addresses Update in MOBIKE
draft-smyslov-ipsecme-ikev2-r-mobike-00

Document Type Active Internet-Draft (individual)
Last updated 2017-05-30
Stream (None)
Intended RFC status (None)
Formats plain text pdf html bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                         V. Smyslov
Internet-Draft                                                ELVIS-PLUS
Updates: 4555, 6311 (if approved)                           May 30, 2017
Intended status: Standards Track
Expires: December 1, 2017

           Responder Initiated IP Addresses Update in MOBIKE
                draft-smyslov-ipsecme-ikev2-r-mobike-00

Abstract

   IKEv2 Mobility and Multihoming Protocol (MOBIKE) allows peers to
   update their IP addresses without re-establishing IKE and IPsec
   Security Associations (SAs).  In the MOBIKE protocol it is the
   Initiator of the IKE SA, who is responsible for selecting new SA
   addresses and for initiating the IP addresses update procedure.  This
   document presents an extension to the MOBIKE protocol that allows the
   Responder to initiate the update.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on December 1, 2017.

Copyright Notice

   Copyright (c) 2017 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must

Smyslov                 Expires December 1, 2017                [Page 1]
Internet-Draft                  R-MOBIKE                        May 2017

   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Terminology and Notation  . . . . . . . . . . . . . . . . . .   3
   3.  Protocol Overview . . . . . . . . . . . . . . . . . . . . . .   3
   4.  Protocol Description  . . . . . . . . . . . . . . . . . . . .   4
     4.1.  Capability Advertising  . . . . . . . . . . . . . . . . .   4
     4.2.  Responder Initiated IP Address Update . . . . . . . . . .   5
       4.2.1.  High Availability Cluster Scenario  . . . . . . . . .   7
   5.  Payload Formats . . . . . . . . . . . . . . . . . . . . . . .   8
     5.1.  MOBIKE_SUPPORTED Notification . . . . . . . . . . . . . .   8
     5.2.  SWITCH_TO_IP_ADDRESS Notification . . . . . . . . . . . .   9
   6.  Security Considerations . . . . . . . . . . . . . . . . . . .   9
   7.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   9
   8.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   9
     8.1.  Normative References  . . . . . . . . . . . . . . . . . .   9
     8.2.  Informative References  . . . . . . . . . . . . . . . . .  10
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .  10

1.  Introduction

   The Internet Key Exchange protocol version 2 (IKEv2), specified in
   [RFC7296], is a key part of the IP Security (IPsec) architecture.  It
   allows peers to perform authenticated key exchange, which results in
   establishing IKE Security Association (IKE SA) and to create a data
   protection channels called IPsec Security Associations (IPsec SAs).
   In original IKEv2 the IKE and IPsec SAs are established between the
   IP addresses used in IKEv2 negotiation.  The IKEv2 Mobility and
   Multihoming Protocol (MOBIKE), specified in [RFC4555], extends the
   IKEv2 functionality by allowing peers to dynamically change IP
   addresses of the established SAs without the need to re-establish
   these SAs.

   The main use case for the MOBIKE protocol is a remote access user
   that travels and moves from one from one IP address to another
   without re-establishing existing SAs with the VPN gateway.  However,
   the MOBIKE also supports more complex scenarios when VPN gateway is
   multihomed and its addresses may change over time.

   In the MOBIKE it is the Initiator (e.g. the remote access client) who
   is responsible for detecting the working IP addresses pairs and for
Show full document text