[Search] [txt|pdfized|bibtex] [Tracker] [Email] [Nits]

Versions: 00                                                            
Network Working Group                                       K. Chowdhury
Internet-Draft                                               J. Bharatia
Expires: April 15, 2005                                  Nortel Networks
                                                        October 15, 2004



      DHCP Relay Agent Option to Support Mobile IPv6 bootstrapping
                draft-chowdhury-dhc-mip6-agentop-00.txt


Status of this Memo


   By submitting this Internet-Draft, I certify that any applicable
   patent or other IPR claims of which I am aware have been disclosed,
   and any of which I become aware will be disclosed, in accordance with
   RFC 3668.


   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as
   Internet-Drafts.


   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."


   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.


   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.


   This Internet-Draft will expire on April 15, 2005.


Copyright Notice


   Copyright (C) The Internet Society (2004).  All Rights Reserved.


Abstract


   This document defines a new DHCPv6 option and number of sub-options
   for DHCP Relay Agent to facilitate Mobile IPv6 bootstrapping along
   with a AAA infrastructure.










Chowdhury & Bharatia     Expires April 15, 2005                 [Page 1]


Internet-Draft                                              October 2004



Table of Contents


   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.  Overview . . . . . . . . . . . . . . . . . . . . . . . . . . .  6
     2.1   Home Agent . . . . . . . . . . . . . . . . . . . . . . . .  6
     2.2   Home Link Prefix . . . . . . . . . . . . . . . . . . . . .  6
     2.3   Home Address . . . . . . . . . . . . . . . . . . . . . . .  6
     2.4   Home Link Prefix Length  . . . . . . . . . . . . . . . . .  6
   3.  Terminology  . . . . . . . . . . . . . . . . . . . . . . . . .  7
   4.  DHC Relay Agent Option to carry Mobile IPv6 parameters . . . .  8
     4.1   Home Agent sub-option  . . . . . . . . . . . . . . . . . .  8
     4.2   Home Link Prefix sub-option  . . . . . . . . . . . . . . .  9
     4.3   Home Address sub-option  . . . . . . . . . . . . . . . . .  9
     4.4   Home Link Prefix Length sub-option . . . . . . . . . . . . 10
     4.5   Authenticity sub-option  . . . . . . . . . . . . . . . . . 10
   5.  DHC Client Operation Considerations  . . . . . . . . . . . . . 12
   6.  DHC Relay agent Considerations . . . . . . . . . . . . . . . . 13
   7.  Security Considerations  . . . . . . . . . . . . . . . . . . . 14
   8.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 15
   9.  Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 16
   10.   Normative References . . . . . . . . . . . . . . . . . . . . 16
       Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 16
       Intellectual Property and Copyright Statements . . . . . . . . 17





























Chowdhury & Bharatia     Expires April 15, 2005                 [Page 2]


Internet-Draft                                              October 2004



1.  Introduction


   In an access network, typically the user's device (Mobile Node)
   provides authentication credentials to the Access Device for
   authentication and authorization (e.g.  PAP/CHAP).  This Access
   Device may be the Network Access Server (NAS) or an Access Router
   (AR).  Upon receipt of this authentication and authorization
   information from the user, the Access Device relays it to the Home
   AAA server.


   Based on the home network's policy, the Home AAA server verifies the
   user's profile and includes a set of Mobile IPv6 specific information
   in the resulting response to the Access Device.  Upon receiving the
   set of information from the Home AAA server, the Access Device needs
   to convey them to the user.


   In the networks where DHCPv6 [RFC3315] is used for configuration
   purposes, the Access Device may act as a DHCPv6 relay agent.  In this
   context the Access Device can relay the received information to the
   DHCP Client (MN) while sending REPLY message or ADVERTISE message to
   the DHCP client.


   An example call flow is shown below:





























Chowdhury & Bharatia     Expires April 15, 2005                 [Page 3]


Internet-Draft                                              October 2004



   MN/DHCC                 NAS/DHCR                AAA       DHCS
     |  1. access auth-req   |                      |         |
     |---------------------->|   2.auth-req         |         |
     |                       |--------------------->|         |
     |                       |                      |         |
     |                       | 3.auth-rep[HA, HoA]  |         |
     |  4.access auth-rep    |<---------------------|         |
     |<----------------------|                      |         |
     |                       |                      |         |
     |                5.Store [HA,HoA]              |         |
     |                       |                      |         |
     |  6.DHC Request        |                      |         |
     |---------------------->|                      |         |
     |                       |                      |         |
     |                       |      7.RELAY-FORW    |         |
     |                       |------------------------------->|
     |                       |                      |         |
     |                       |      8.RELAY-REPL    |         |
     |                       |<-------------------------------|
     |                       |                      |         |
     |  9.DHC Reply [HA, HoA]|                      |         |
     |<----------------------|                      |         |
     |                       |                      |         |



   In this example call flow:


   1.  The Mobile Node sends an access-authentication request to the
   NAS.


   2.  The NAS sends an authentication and authorization request (e.g.
   Access-Request for RADIUS or AA-Request for DIAMETER).


   3.  The AAA server authenticates and authorizes the MN and assigns
   Home Agent (HA) and Home Address for the Mobile Node(MN)'s subsequent
   Mobile IPv6 access.


   4.  The NAS responds to the MN.  At this step the network access
   authentication and authorization is complete.


   5.  The NAS stores the received HA and HoA information.


   6.  The DHC client (DHCC) in the MN sends a DHCP Request to the DHC
   relay agents anycast address.  The NAS/DHC Relay Agent (DHCR)
   receives the request.


   7.  The DHCR relays the Request to the DHC Server (DHCS).





Chowdhury & Bharatia     Expires April 15, 2005                 [Page 4]


Internet-Draft                                              October 2004



   8.  The DHCS responds back to the DHCR.


   9.  The DHCR responds back to the DHCC with a DHC Reply message.
   Along with the message the DHCR appends the DHC Relay Agent Option
   for Mobile IPv6 to convey HA and HoA information to the MN.


   The AAA procedures using RADIUS is defined in [MIP6-RADIUS].













































Chowdhury & Bharatia     Expires April 15, 2005                 [Page 5]


Internet-Draft                                              October 2004



2.  Overview


   In the typical Mobile IPv6 access scenario, the MN attaches in an
   access network for IPv6 service prior to performing Mobile IPv6 home
   registration.  During this attach procedure, the NAS authenticates
   and authorizes the MN for IPv6 access service.


   At the time of authorizing the user, the Home AAA server detects that
   the user is authorized for Mobile IPv6 access.  Based on Home network
   providers policy, the Home AAA server may allocate several parameters
   to the MN for user during the subsequent Mobile IPv6 access.  A list
   of such parameters is described in this section.


2.1  Home Agent


   The Home network provider may decide to assign a Home Agent to the MN
   which is in close proximity to the point of attachment (NAS-ID).
   There may be other reasons for assigning Home Agents to the MN, e.g.
   load sharing in the network.  The Home network may also assign a list
   of Home Agents for the MN to choose.


2.2  Home Link Prefix


   The Home network may assign a Home Link that is in close proximity to
   the point of attachment (NAS-ID).  The reason for doing that are
   similar to that of the HA.  The MN can perform [RFC3775] specific
   procedures to discover other information for Mobile IPv6
   registration.


2.3  Home Address


   The Home AAA server may assign Home Address to the MN.  This allows
   the network operator to support mobile devices that are not
   configured with static addresses.


2.4  Home Link Prefix Length


   The Home AAA server may indicate the prefix length of Mobile's
   assigned Home Link when assigning the Home Agent and/or Home Address
   to the MN.  This assists the MN to infer the Home Link (HL) prefix
   information from the assigned HA and/or HoA values.











Chowdhury & Bharatia     Expires April 15, 2005                 [Page 6]


Internet-Draft                                              October 2004



3.  Terminology


   The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD",  "SHOULD  NOT",  "RECOMMENDED",  "MAY",  and "OPTIONAL" in
   this document are to be interpreted as described in RFC 2119.















































Chowdhury & Bharatia     Expires April 15, 2005                 [Page 7]


Internet-Draft                                              October 2004



4.  DHC Relay Agent Option to carry Mobile IPv6 parameters


   This section defines format and syntax for the option that carries
   the Mobile IPv6 parameters described in section 2.


   The Relay Agent MAY append these options with the REPLY, ADVERTISE
   messages.




    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |       OPTION_MIP6-Option      |          option-len           |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   .                    sub-options                                .
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


         option-code          OPTION_MIP6_option (TBD by IANA).


         option-len           Length of OPTION_MIP6-Option.


         sub-options          A series of sub-options carrying MIP6
                              information such as HA address, HoA,
                              HL etc.





4.1  Home Agent sub-option


   This sub-option carries the assigned Home Agent to the DHCP Client.




    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |      sub-option=1             |      sub-option-len           |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   .                                                               .
   .                    assigned-MIP6-HA                           .
   .                                                               .
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


         sub-option-code      MIP6 Home Agent (1).


         option-len           Length of assigned HA fields.


         assigned-MIP6-HA     The address of the Home Agent




Chowdhury & Bharatia     Expires April 15, 2005                 [Page 8]


Internet-Draft                                              October 2004



                              assigned by the AAA server.





4.2  Home Link Prefix sub-option


   This sub-option carries the assigned Home Link prefix to the DHC
   Client.




    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |      sub-option = 2           |    sub-option-len             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   .                                                               .
   .                    assigned-MIP6-HL                           .
   .                                                               .
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


         sub-option-code      MIP6 Home Link Prefix (2).


         option-len           Length of assigned HL fields.


         assigned-MIP6-HL     The prefix of the Home Link that is
                              assigned by the AAA server.





4.3  Home Address sub-option


   This sub-option carries the assigned Home Address by the AAA server
   to the DHC Client.




    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |      sub-option = 3           |    sub-option-len             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   .                                                               .
   .                    assigned-MIP6-HoA                          .
   .                                                               .
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


         sub-option-code      MIP6 Home Address (3).




Chowdhury & Bharatia     Expires April 15, 2005                 [Page 9]


Internet-Draft                                              October 2004



         option-len           Length of assigned HoA field.


         assigned-MIP6-HoA    HoA assigned by the AAA server.





4.4  Home Link Prefix Length sub-option


   This sub-option carries the Home Link Prefix Length so that the MN
   can infer the Home Link prefix from the assigned HA and/or HoA.




    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |      sub-option = 4           |    sub-option-len             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   .                    Home Link Prefix Length                    .
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


         sub-option-code      Home Link Prefix Length (4).


         option-len           Length of assigned Home Link Prefix
                              Length.


         Home Link Prefix     Length of the Home Link Prefix in
         Length               octets.








4.5  Authenticity sub-option


   This sub-option carries the secure checksum of the assigned values.
   The purpose is to allow the MN to validate that the received
   information is indeed from the Home AAA with which the MN shares a
   secret.  The secure checksum is computed by:


   HMAC-SHA-1 (shared secret between MN and the Home AAA, assigned
   values).








Chowdhury & Bharatia     Expires April 15, 2005                [Page 10]


Internet-Draft                                              October 2004



    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |      sub-option = 5           |    sub-option-len             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   .                     authenticator                             .
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


         sub-option-code      Secure Checksum (6).


         option-len           Length of authenticator.


         authenticator         secure checksum.








































Chowdhury & Bharatia     Expires April 15, 2005                [Page 11]


Internet-Draft                                              October 2004



5.  DHC Client Operation Considerations


   Upon receiving the DHC Relay Agent Option carrying Mobile IPv6
   parameters, the MN MUST look for the Authenticity sub-option.  If
   included, the MN MUST validate the authenticator by computing an
   HMAC-SHA-1 of the received values in other sub-options.  If the
   validation succeeds, the MN SHALL accept the received values for
   Mobile IPv6 registration.












































Chowdhury & Bharatia     Expires April 15, 2005                [Page 12]


Internet-Draft                                              October 2004



6.  DHC Relay agent Considerations


   The DHCP relay agent MUST append the DHC Relay Agent Option defined
   in this document while sending REPLY and ADVERTISEMENT messages to
   the DHC Client when the MIP6 informations are received from the Home
   AAA as per [MIP6-RADIUS].














































Chowdhury & Bharatia     Expires April 15, 2005                [Page 13]


Internet-Draft                                              October 2004



7.  Security Considerations


   The options introduced in this document may be used by a rogue relay
   agent to insert data in the REPLY and ADVERTISE messages.  The result
   could be that the MN may be mislead to send Mobile IPv6 BU to a wrong
   Home Agent.  In this case the MN's security credentials could be
   exposed to a rogue HA.  However, if the Authenticity sub-option is in
   use, the likelihood of a rouge relay agent inserting malicious data
   or modifying received parameters can be greatly mitigated.
   Therefore, it is strongly recommended that the authenticity
   sub-option be included in OPTION_MIP6-Option.









































Chowdhury & Bharatia     Expires April 15, 2005                [Page 14]


Internet-Draft                                              October 2004



8.  IANA Considerations


   IANA needs to assign the option code for OPTION_MIP6-Option.  The
   IANA also needs to assign sub-option-codes for Home Agent, Home Link
   Prefix, Home Address, Home Link Prefix Length, and the Authenticity
   sub-options defined in this document.














































Chowdhury & Bharatia     Expires April 15, 2005                [Page 15]


Internet-Draft                                              October 2004



9.  Acknowledgements


   TBD.


10  Normative References


   [MIP6-RADIUS]
              Chowdhury et. al., K., "RADIUS Attributes for Mobile IPv6
              bootstrapping", draft-chowdhury-mip6-bootstrap-radius-01
              (work in progress), July 2004.


   [RFC3315]  Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C. and
              M. Carney, "Dynamic Host Configuration Protocol for IPv6
              (DHCPv6)", RFC 3315, July 2003.


   [RFC3775]  Johnson, D., Perkins, C. and J. Arkko, "Mobility Support
              in IPv6", RFC 3775, June 2004.



Authors' Addresses


   Kuntal Chowdhury
   Nortel Networks
   2221 Lakeside Blvd.
   Richardson, TX  75082
   US


   Phone: +1 972-685-7788
   EMail: chowdury@nortelnetworks.com



   Jayshree Bharatia
   Nortel Networks
   2221 Lakeside Blvd.
   Richardson, TX  75082
   US


   Phone: +1 972-684-5767
   EMail: jayshree@nortelnetworks.com













Chowdhury & Bharatia     Expires April 15, 2005                [Page 16]


Internet-Draft                                              October 2004



Intellectual Property Statement


   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.


   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.


   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at
   ietf-ipr@ietf.org.



Disclaimer of Validity


   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.



Copyright Statement


   Copyright (C) The Internet Society (2004).  This document is subject
   to the rights, licenses and restrictions contained in BCP 78, and
   except as set forth therein, the authors retain all their rights.



Acknowledgment


   Funding for the RFC Editor function is currently provided by the
   Internet Society.




Chowdhury & Bharatia     Expires April 15, 2005                [Page 17]