Network Working Group K. Chowdhury
Internet-Draft J. Bharatia
Expires: April 15, 2005 Nortel Networks
October 15, 2004
DHCP Relay Agent Option to Support Mobile IPv6 bootstrapping
draft-chowdhury-dhc-mip6-agentop-00.txt
Status of this Memo
By submitting this Internet-Draft, I certify that any applicable
patent or other IPR claims of which I am aware have been disclosed,
and any of which I become aware will be disclosed, in accordance with
RFC 3668.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as
Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on April 15, 2005.
Copyright Notice
Copyright (C) The Internet Society (2004). All Rights Reserved.
Abstract
This document defines a new DHCPv6 option and number of sub-options
for DHCP Relay Agent to facilitate Mobile IPv6 bootstrapping along
with a AAA infrastructure.
Chowdhury & Bharatia Expires April 15, 2005 [Page 1]
Internet-Draft October 2004
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
2.1 Home Agent . . . . . . . . . . . . . . . . . . . . . . . . 6
2.2 Home Link Prefix . . . . . . . . . . . . . . . . . . . . . 6
2.3 Home Address . . . . . . . . . . . . . . . . . . . . . . . 6
2.4 Home Link Prefix Length . . . . . . . . . . . . . . . . . 6
3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 7
4. DHC Relay Agent Option to carry Mobile IPv6 parameters . . . . 8
4.1 Home Agent sub-option . . . . . . . . . . . . . . . . . . 8
4.2 Home Link Prefix sub-option . . . . . . . . . . . . . . . 9
4.3 Home Address sub-option . . . . . . . . . . . . . . . . . 9
4.4 Home Link Prefix Length sub-option . . . . . . . . . . . . 10
4.5 Authenticity sub-option . . . . . . . . . . . . . . . . . 10
5. DHC Client Operation Considerations . . . . . . . . . . . . . 12
6. DHC Relay agent Considerations . . . . . . . . . . . . . . . . 13
7. Security Considerations . . . . . . . . . . . . . . . . . . . 14
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15
9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 16
10. Normative References . . . . . . . . . . . . . . . . . . . . 16
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 16
Intellectual Property and Copyright Statements . . . . . . . . 17
Chowdhury & Bharatia Expires April 15, 2005 [Page 2]
Internet-Draft October 2004
1. Introduction
In an access network, typically the user's device (Mobile Node)
provides authentication credentials to the Access Device for
authentication and authorization (e.g. PAP/CHAP). This Access
Device may be the Network Access Server (NAS) or an Access Router
(AR). Upon receipt of this authentication and authorization
information from the user, the Access Device relays it to the Home
AAA server.
Based on the home network's policy, the Home AAA server verifies the
user's profile and includes a set of Mobile IPv6 specific information
in the resulting response to the Access Device. Upon receiving the
set of information from the Home AAA server, the Access Device needs
to convey them to the user.
In the networks where DHCPv6 [RFC3315] is used for configuration
purposes, the Access Device may act as a DHCPv6 relay agent. In this
context the Access Device can relay the received information to the
DHCP Client (MN) while sending REPLY message or ADVERTISE message to
the DHCP client.
An example call flow is shown below:
Chowdhury & Bharatia Expires April 15, 2005 [Page 3]
Internet-Draft October 2004
MN/DHCC NAS/DHCR AAA DHCS
| 1. access auth-req | | |
|---------------------->| 2.auth-req | |
| |--------------------->| |
| | | |
| | 3.auth-rep[HA, HoA] | |
| 4.access auth-rep |<---------------------| |
|<----------------------| | |
| | | |
| 5.Store [HA,HoA] | |
| | | |
| 6.DHC Request | | |
|---------------------->| | |
| | | |
| | 7.RELAY-FORW | |
| |------------------------------->|
| | | |
| | 8.RELAY-REPL | |
| |<-------------------------------|
| | | |
| 9.DHC Reply [HA, HoA]| | |
|<----------------------| | |
| | | |
In this example call flow:
1. The Mobile Node sends an access-authentication request to the
NAS.
2. The NAS sends an authentication and authorization request (e.g.
Access-Request for RADIUS or AA-Request for DIAMETER).
3. The AAA server authenticates and authorizes the MN and assigns
Home Agent (HA) and Home Address for the Mobile Node(MN)'s subsequent
Mobile IPv6 access.
4. The NAS responds to the MN. At this step the network access
authentication and authorization is complete.
5. The NAS stores the received HA and HoA information.
6. The DHC client (DHCC) in the MN sends a DHCP Request to the DHC
relay agents anycast address. The NAS/DHC Relay Agent (DHCR)
receives the request.
7. The DHCR relays the Request to the DHC Server (DHCS).
Chowdhury & Bharatia Expires April 15, 2005 [Page 4]
Internet-Draft October 2004
8. The DHCS responds back to the DHCR.
9. The DHCR responds back to the DHCC with a DHC Reply message.
Along with the message the DHCR appends the DHC Relay Agent Option
for Mobile IPv6 to convey HA and HoA information to the MN.
The AAA procedures using RADIUS is defined in [MIP6-RADIUS].
Chowdhury & Bharatia Expires April 15, 2005 [Page 5]
Internet-Draft October 2004
2. Overview
In the typical Mobile IPv6 access scenario, the MN attaches in an
access network for IPv6 service prior to performing Mobile IPv6 home
registration. During this attach procedure, the NAS authenticates
and authorizes the MN for IPv6 access service.
At the time of authorizing the user, the Home AAA server detects that
the user is authorized for Mobile IPv6 access. Based on Home network
providers policy, the Home AAA server may allocate several parameters
to the MN for user during the subsequent Mobile IPv6 access. A list
of such parameters is described in this section.
2.1 Home Agent
The Home network provider may decide to assign a Home Agent to the MN
which is in close proximity to the point of attachment (NAS-ID).
There may be other reasons for assigning Home Agents to the MN, e.g.
load sharing in the network. The Home network may also assign a list
of Home Agents for the MN to choose.
2.2 Home Link Prefix
The Home network may assign a Home Link that is in close proximity to
the point of attachment (NAS-ID). The reason for doing that are
similar to that of the HA. The MN can perform [RFC3775] specific
procedures to discover other information for Mobile IPv6
registration.
2.3 Home Address
The Home AAA server may assign Home Address to the MN. This allows
the network operator to support mobile devices that are not
configured with static addresses.
2.4 Home Link Prefix Length
The Home AAA server may indicate the prefix length of Mobile's
assigned Home Link when assigning the Home Agent and/or Home Address
to the MN. This assists the MN to infer the Home Link (HL) prefix
information from the assigned HA and/or HoA values.
Chowdhury & Bharatia Expires April 15, 2005 [Page 6]
Internet-Draft October 2004
3. Terminology
The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in
this document are to be interpreted as described in RFC 2119.
Chowdhury & Bharatia Expires April 15, 2005 [Page 7]
Internet-Draft October 2004
4. DHC Relay Agent Option to carry Mobile IPv6 parameters
This section defines format and syntax for the option that carries
the Mobile IPv6 parameters described in section 2.
The Relay Agent MAY append these options with the REPLY, ADVERTISE
messages.
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_MIP6-Option | option-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
. sub-options .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
option-code OPTION_MIP6_option (TBD by IANA).
option-len Length of OPTION_MIP6-Option.
sub-options A series of sub-options carrying MIP6
information such as HA address, HoA,
HL etc.
4.1 Home Agent sub-option
This sub-option carries the assigned Home Agent to the DHCP Client.
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| sub-option=1 | sub-option-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
. .
. assigned-MIP6-HA .
. .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
sub-option-code MIP6 Home Agent (1).
option-len Length of assigned HA fields.
assigned-MIP6-HA The address of the Home Agent
Chowdhury & Bharatia Expires April 15, 2005 [Page 8]
Internet-Draft October 2004
assigned by the AAA server.
4.2 Home Link Prefix sub-option
This sub-option carries the assigned Home Link prefix to the DHC
Client.
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| sub-option = 2 | sub-option-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
. .
. assigned-MIP6-HL .
. .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
sub-option-code MIP6 Home Link Prefix (2).
option-len Length of assigned HL fields.
assigned-MIP6-HL The prefix of the Home Link that is
assigned by the AAA server.
4.3 Home Address sub-option
This sub-option carries the assigned Home Address by the AAA server
to the DHC Client.
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| sub-option = 3 | sub-option-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
. .
. assigned-MIP6-HoA .
. .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
sub-option-code MIP6 Home Address (3).
Chowdhury & Bharatia Expires April 15, 2005 [Page 9]
Internet-Draft October 2004
option-len Length of assigned HoA field.
assigned-MIP6-HoA HoA assigned by the AAA server.
4.4 Home Link Prefix Length sub-option
This sub-option carries the Home Link Prefix Length so that the MN
can infer the Home Link prefix from the assigned HA and/or HoA.
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| sub-option = 4 | sub-option-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
. Home Link Prefix Length .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
sub-option-code Home Link Prefix Length (4).
option-len Length of assigned Home Link Prefix
Length.
Home Link Prefix Length of the Home Link Prefix in
Length octets.
4.5 Authenticity sub-option
This sub-option carries the secure checksum of the assigned values.
The purpose is to allow the MN to validate that the received
information is indeed from the Home AAA with which the MN shares a
secret. The secure checksum is computed by:
HMAC-SHA-1 (shared secret between MN and the Home AAA, assigned
values).
Chowdhury & Bharatia Expires April 15, 2005 [Page 10]
Internet-Draft October 2004
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| sub-option = 5 | sub-option-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
. authenticator .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
sub-option-code Secure Checksum (6).
option-len Length of authenticator.
authenticator secure checksum.
Chowdhury & Bharatia Expires April 15, 2005 [Page 11]
Internet-Draft October 2004
5. DHC Client Operation Considerations
Upon receiving the DHC Relay Agent Option carrying Mobile IPv6
parameters, the MN MUST look for the Authenticity sub-option. If
included, the MN MUST validate the authenticator by computing an
HMAC-SHA-1 of the received values in other sub-options. If the
validation succeeds, the MN SHALL accept the received values for
Mobile IPv6 registration.
Chowdhury & Bharatia Expires April 15, 2005 [Page 12]
Internet-Draft October 2004
6. DHC Relay agent Considerations
The DHCP relay agent MUST append the DHC Relay Agent Option defined
in this document while sending REPLY and ADVERTISEMENT messages to
the DHC Client when the MIP6 informations are received from the Home
AAA as per [MIP6-RADIUS].
Chowdhury & Bharatia Expires April 15, 2005 [Page 13]
Internet-Draft October 2004
7. Security Considerations
The options introduced in this document may be used by a rogue relay
agent to insert data in the REPLY and ADVERTISE messages. The result
could be that the MN may be mislead to send Mobile IPv6 BU to a wrong
Home Agent. In this case the MN's security credentials could be
exposed to a rogue HA. However, if the Authenticity sub-option is in
use, the likelihood of a rouge relay agent inserting malicious data
or modifying received parameters can be greatly mitigated.
Therefore, it is strongly recommended that the authenticity
sub-option be included in OPTION_MIP6-Option.
Chowdhury & Bharatia Expires April 15, 2005 [Page 14]
Internet-Draft October 2004
8. IANA Considerations
IANA needs to assign the option code for OPTION_MIP6-Option. The
IANA also needs to assign sub-option-codes for Home Agent, Home Link
Prefix, Home Address, Home Link Prefix Length, and the Authenticity
sub-options defined in this document.
Chowdhury & Bharatia Expires April 15, 2005 [Page 15]
Internet-Draft October 2004
9. Acknowledgements
TBD.
10 Normative References
[MIP6-RADIUS]
Chowdhury et. al., K., "RADIUS Attributes for Mobile IPv6
bootstrapping", draft-chowdhury-mip6-bootstrap-radius-01
(work in progress), July 2004.
[RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C. and
M. Carney, "Dynamic Host Configuration Protocol for IPv6
(DHCPv6)", RFC 3315, July 2003.
[RFC3775] Johnson, D., Perkins, C. and J. Arkko, "Mobility Support
in IPv6", RFC 3775, June 2004.
Authors' Addresses
Kuntal Chowdhury
Nortel Networks
2221 Lakeside Blvd.
Richardson, TX 75082
US
Phone: +1 972-685-7788
EMail: chowdury@nortelnetworks.com
Jayshree Bharatia
Nortel Networks
2221 Lakeside Blvd.
Richardson, TX 75082
US
Phone: +1 972-684-5767
EMail: jayshree@nortelnetworks.com
Chowdhury & Bharatia Expires April 15, 2005 [Page 16]
Internet-Draft October 2004
Intellectual Property Statement
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
Disclaimer of Validity
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Copyright Statement
Copyright (C) The Internet Society (2004). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights.
Acknowledgment
Funding for the RFC Editor function is currently provided by the
Internet Society.
Chowdhury & Bharatia Expires April 15, 2005 [Page 17]