Mobile IP Working Group Milind Kulkarni
INTERNET-DRAFT Alpesh Patel
Category: Standards Track Kent Leung
Date : 28 June 2004 Cisco Systems Inc.
Mobile IPv4 Dynamic Home Agent Assignment
draft-ietf-mip4-dynamic-assignment-02.txt
Status of this Memo
By submitting this Internet-Draft, I certify that any applicable
patent or other IPR claims of which I am aware have been disclosed,
and any of which I become aware will be disclosed, in accordance
with RFC 3668.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other
documents at any time. It is inappropriate to use Internet Drafts
as reference material or to cite them other than as "work in
progress".
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on December 28, 2004.
Copyright Notice
Copyright (C) The Internet Society (2003). All Rights Reserved.
Abstract
Mobile IPv4 [1] uses the Home Agent (HA) to anchor sessions of a
roaming Mobile Node (MN). This draft proposes a messaging mechanism
for dynamic home agent assignment and HA redirection. The goal is
to provide a mechanism to assign an optimal HA for a Mobile IP
session while allowing any suitable method for HA selection.
Kulkarni, Patel, Leung Expires December 28, 2004 [Page 1]
Internet Draft Dynamic HA Assignment 28 June 2004
Table of Contents
1. Introduction.................................................3
2. Requirements Terminology.....................................3
3. Problem Statement............................................4
3.1 Scope.......................................................5
3.2 Dynamic Home Agent Discovery in Mobile IPv4.................5
3.3 NAI usage and dynamic HA assignment.........................5
3.4 Dynamic HA extension........................................6
3.4.1 Requested HA extension....................................6
3.4.2 Redirected HA extension...................................7
4. Messaging mechanism for dynamic HA assignment/redirection....7
4.1 Messaging for dynamic HA assignment.........................7
4.1.1 Example with Message Flow Diagram.........................8
4.2 Messaging for HA redirection................................9
4.2.1 Example with Message Flow Diagram........................10
5. Mobility Agent Considerations...............................12
5.1 Mobile Node Considerations.................................12
5.1.1 MN using FA CoA..........................................12
5.1.2 MN using Collocated CoA..................................13
5.1.3 Refreshing Assigned HA Address on Mobile Node............13
5.2 Foreign Agent Considerations...............................14
5.3 Home Agent Considerations..................................14
5.3.1 Assigned Home Agent Considerations.......................15
6. Requested Home Agent Selection..............................16
7. Error Values................................................17
8. IANA Considerations.........................................17
9. Security Considerations.....................................18
10. Backward Compatibility Considerations......................19
11. Change Log from previous versions..........................19
12. Acknowledgements...........................................20
13. Normative References.......................................20
Authors' Addresses.............................................20
Intellectual Property Statement................................21
Kulkarni, Patel, Leung Expires December 28, 2004 [Page 2]
Internet Draft Dynamic HA Assignment 28 June 2004
1. Introduction
This document adds to the Mobile IP protocol [1], by proposing a
messaging mechanism for dynamic home agent assignment and home
agent redirection during initial registration. The goal is to
assign an optimal HA for a Mobile IP session. The mobile node MUST
use Network Access Identifier (NAI) extension [2] when requesting a
dynamically assigned HA.
MN requests a dynamically assigned HA by setting the HA field in
the initial Registration Request to ALL-ZERO-ONE-ADDR (defined in
section 2). If the request is accepted, the HA field in successful
Registration Reply contains the HA address. The requested HA can
suggest an alternate HA and if so, the Registration Reply is
rejected with a new error code (REDIRECT-HA-REQ) and the alternate
HA address is specified in a new extension (Redirected HA
extension).
If the RRQ is rejected with Redirected HA extension or if the MN
wishes to register at a specific HA, MN can put the HA address in
the Requested HA extension in Registration Request. The HA address
in Requested HA extension is a hint to the network where the MN may
be anchored. The HA field is set to ALL-ZERO-ONE-ADDRESS for
dynamic HA assignment.
The messaging mechanism is defined in this document so that the
MN can request and receive a dynamic HA address in Mobile IP
messages. However, the mechanism by which the network selects
an HA for assignment to the MN is outside the scope of this
document. For example, the selection may be made by any
network node that receives the registration request (or
information about the registration request), such as a Foreign
Agent, AAA server, or Home Agent. The node that selects the
HA may select one based on a number of criteria, including but
not limited to HA load-balancing, geographical proximity,
administrative policy etc..
2. Requirements Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in
this document are to be interpreted as described in RFC 2119 [6].
The Mobile IP related terminology described in RFC 3344 [1] is used
in this document. In addition, the following terms are used:
ALL-ZERO-ONE-ADDR: IP address 0.0.0.0 or 255.255.255.255. An
address of 255.255.255.255 would indicate
assigning HA in home domain. An address of
0.0.0.0 would mean MN just needs a dynamic
Kulkarni, Patel, Leung Expires December 28, 2004 [Page 3]
Internet Draft Dynamic HA Assignment 28 June 2004
HA, it does not care whether in home or visited
domain.
Requested HA: Destination IP address of Home Agent that the
first Registration Request is sent to. Must be
a unicast IP address. This address can be
obtained as described in section 6.
Assigned HA: If registration is successful, this Home Agent
address field is obtained from successful
Registration Reply.
Redirected HA: If the registration is rejected with error code
(REDIRECT-HA-REQ), the HA being referred to is
specified in a new extension (Redirected HA
extension).
AAA server: Authentication, Authorization and Accounting
Server.
DNS: Domain Name System.
DHCP: Dynamic Host Configuration Protocol.
MN: Mobile Node as defined in Mobile IPv4 [1].
HA: Home Agent as defined in Mobile IPv4 [1].
FA: Foreign Agent as defined in Mobile IPv4 [1].
CoA: Care of Address.
CCoA: Collocated Care of Address.
MN HoA: Mobile Node's Home Address.
NAI: Network Access Identifier [2].
Src IP: Source IP address of the packet.
Dest IP: Destination IP address of the packet.
3. Problem Statement
Mobile IPv4 NAI Extension for IPv4 [2] introduced the concept of
identifying a MN by the NAI and enabling dynamic home address
assignment. When the home address is dynamically assigned, it is
desirable to discover the Home Agent dynamically or inform the MN
about an optimal HA to use for a multitude of reasons, such as:
Kulkarni, Patel, Leung Expires December 28, 2004 [Page 4]
Internet Draft Dynamic HA Assignment 28 June 2004
- If the distance between the visited network and the home network
of the mobile node is large, the signaling delay for these
registrations may be long. In such a case the MN will be anchored
to its distant home agent, resulting in tunneled traffic traveling
a long distance between home agent and the mobile node. When a
Mobile IP session initiates, if the mobile node can be assigned a
home agent that is close to the mobile node it can drastically
reduce the latency between the home agent and mobile node.
- In a large scale Mobile IP deployment, it is cumbersome to
provision MNs with multiple HA addresses.
- It is desirable to achieve some form of load balancing between
multiple HAs in the network. Dynamic HA assignment and/or HA
redirection lets the network select the optimal HA from among a set
of HAs and thus achieve load balancing among a group of HAs.
- Local administrative policies.
3.1 Scope
This specification does not address the problem of distributing a
security association between the MN and HA, and it can either be
statically preconfigured or dynamically distributed using other
mechanisms [7].
The draft introduces the terms Requested/Assigned/Redirected HA
(section 6). The discovery of Requested/Assigned/Redirected HA can
be done by various means, which are network and/or deployment
specific and hence this discovery/assignment of
Requested/Assigned/Redirected HA is kept outside the scope of this
specification.
3.2 Dynamic Home Agent Discovery in Mobile IPv4
Mobile IPv4 [1] specifies the mechanism for discovering the mobile
node's home agent using subnet-directed broadcast IP address in the
home agent field of the Registration Request. This mechanism was
designed for mobile nodes with a static home address and subnet
prefix, anchored on fixed home network. But using subnet-directed
broadcast as the destination IP address of the Registration
Request, it is unlikely that the Registration Request will reach
the home subnet because routers will drop these packets by default.
See CERT Advisory CA-1998-01 Smurf IP Denial-of-Service Attacks
[3].
3.3 NAI usage and dynamic HA assignment
Mobile IPv4 NAI Extension for IPv4 [2] introduced the
Kulkarni, Patel, Leung Expires December 28, 2004 [Page 5]
Internet Draft Dynamic HA Assignment 28 June 2004
concept of identifying a MN by the NAI and enabling dynamic
home address assignment. This document mandates that while
using dynamic HA assignment, MN MUST use NAI and obtain a home
address. MN can still suggest a static home address in Registration
Request, but must take the address in Registration Reply as the
home address for the session. This is compatible with the
procedures documented in the NAI specification [2].
3.4 Dynamic HA extension
The Dynamic HA extension, shown in figure 1, contains the address
of the HA. This is a generic extension and can be used in
Registration Request and Reply messages. It is a skippable
extension.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Sub-Type | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| HA-Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 1: The Dynamic HA address Extension
Type DYNAMIC-HA-ADDRESS (skippable) (to be assigned
by IANA) is the type, which specifies the
dynamic HA address.
Sub-Type Defines the use of this extension as:
sub-type 1 = Requested HA extension
2 = Redirected HA extension
Length Indicates the length of the extension not
including the type, sub-type and length fields.
Length is always 4 bytes.
HA-Address Address of the Home Agent.
3.4.1 Requested HA extension
The Requested HA extension is a Dynamic HA extension of subtype 1.
MN may include the Requested HA extension in the registration
request as a hint to the network where it wishes to be anchored.
This extension contains the address of the HA. A valid unicast IP
address MUST be used as HA address in this extension.
Kulkarni, Patel, Leung Expires December 28, 2004 [Page 6]
Internet Draft Dynamic HA Assignment 28 June 2004
In absence of an FA, the RRQ is forwarded to this HA. In presence
of an FA, FA MUST forward RRQ to the HA address in this extension.
3.4.2 Redirected HA extension
The Redirected HA extension is a Dynamic HA extension of subtype 2.
The Redirected HA extension, contains the address of the HA where
the MN should attempt the next registration. The HA receiving a
Registration Request can suggest an alternate HA and if so, the
Registration Reply is rejected with a new error code (REDIRECT-HA-
REQ) and the alternate HA address is specified in this extension.
The Redirected HA extension MUST be included in Registration Reply
when the reply code is REDIRECT-HA-REQ.
4. Messaging mechanism for dynamic HA assignment/redirection
This specification presents two alternatives for home agent
assignment. The two alternatives are:
(a) Dynamic HA assignment (described in section 4.1) and
(b) HA redirection (described in section 4.2).
4.1 Messaging for dynamic HA assignment
The following sequence of events occurs when the Requested HA
accepts the Registration Request and returns a Registration Reply
to the mobile node.
1. MN sets the Home Agent address field in the Registration
Request to ALL-ZERO-ONE-ADDR. If the MN is aware of the HA
address, it can add that address in the Requested HA extension
in Registration Request.
2. The MN (if using collocated CoA) or FA (if using FA CoA) sends
the Registration Request to the "Requested HA". If the
Requested HA extension is present, Requested HA is specified in
the "HA Address" of this extension.
3. "Requested HA" is the home agent, which processes the
Registration Request in accordance with Mobile IPv4 [1] and as
per the specification in this document. It creates mobility
binding for successful Registration Request. It also sends
Registration Reply to the MN.
4. The MN obtains an "Assigned HA" address from the HA field in
the successful Registration Reply and uses it for the remainder
of the session. (Note that the "Assigned HA" will be same as
the "Requested HA").
5. Subsequent Registration Request messages for renewal are sent
to the Assigned HA.
Kulkarni, Patel, Leung Expires December 28, 2004 [Page 7]
Internet Draft Dynamic HA Assignment 28 June 2004
Section 5.3.1 describes the Assigned HA in detail. Some ideas on
how to select the Requested HA are briefly covered in section 6.
4.1.1 Example with Message Flow Diagram
Detailed explanation of this alternative is best described with the
help of a message flow diagram and description.
Figure 2 shows one specific example of a Mobile Node using FA Care
of Address.
Other scenarios such as mobile node using collocated care of
address are not described below, but the behavior is similar.
MN FA Requested/Assigned HA
| 1 | |
|------------>| 2 |
| |--------------->|
| | |
| | |
| | 3 |
| 4 |<---------------|
|<------------| |
| | |
| | 5 |
|----------------------------->|
| | |
Figure 2: Example of message flows for dynamic HA assignment
1. MN sets the Home Agent address field in the Registration Request
to ALL-ZERO-ONE-ADDR. Since MN is using FA CoA in this example, it
sends the Registration Request to the FA. The Registration Request
looks as follows:
+-----------------------------------------------------------+
| Src IP=| Dest IP = | MN HoA | HA Address = | CoA = |
| MN | FA | | ALL-ZERO-ONE-ADDR |FA CoA |
+-----------------------------------------------------------+
If the MN is aware of an HA address, it can add that address in the
Requested HA extension in Registration Request as a hint. That
extension is not shown above.
2. The FA sends the Registration Request to the Requested HA. The
Registration Request looks as follows:
Kulkarni, Patel, Leung Expires December 28, 2004 [Page 8]
Internet Draft Dynamic HA Assignment 28 June 2004
+-----------------------------------------------------------+
| Src IP=| Dest IP = | MN HoA | HA Address = | CoA = |
| FA |Requested HA| | ALL-ZERO-ONE-ADDR |FA CoA |
+-----------------------------------------------------------+
(If MN includes the Requested HA extension, the FA copies that
extension. The FA then forwards the Registration Request, along
with the Requested HA extension, to the HA address specified in
Requested HA extension.)
3. HA processes the Registration Request in accordance with Mobile
IPv4 [1] and the messaging defined in this document. HA creates
mobility binding for successful request. HA then sends Registration
Reply to the FA, which looks as follows. The Assigned HA address
corresponds to the HA receiving and processing the request (and is
same as Requested HA, only the name is changed for registration
reply).
+-----------------------------------------------------------+
| Src IP=| Dest IP = | MN HoA | HA Address = | CoA = |
|Assigned| Src IP of | | Assigned HA |FA CoA/|
| HA | the RRQ | | | |
+-----------------------------------------------------------+
4. The FA relays the Registration Reply to the MN, as follows.
+-----------------------------------------------------------+
| Src IP=| Dest IP = | MN HoA | HA Address = | CoA = |
| FA | MN | | Assigned HA |FA CoA/|
+-----------------------------------------------------------+
5. The MN obtains Assigned HA address from the HA field in the
successful Registration Reply and uses it for the remainder of the
session. MN sends subsequent Re-Registration or De-Registration
Requests for the remaining session directly to the Assigned HA.
Note that the Assigned HA is the same as the Requested HA.
4.2 Messaging for HA redirection
This section describes the events that occur when the Requested HA
does not accept the Registration Request and redirects the mobile
node to another HA (aka Redirected HA) instead.
1. MN sets the Home Agent address field in the Registration Request
to ALL-ZERO-ONE-ADDR.
2. The MN (if using collocated CoA) or FA (if using FA CoA) sends
the Registration Request to the "Requested HA". If the MN is
aware of an HA address, it can add that address in the Requested
HA extension in Registration Request.
Kulkarni, Patel, Leung Expires December 28, 2004 [Page 9]
Internet Draft Dynamic HA Assignment 28 June 2004
3. When HA receives the Registration Request, if the HA field is
set to ALL-ZERO-ONE-ADDR, HA may reject the request with Reply
code REDIRECT-HA-REQ and suggest an alternate HA.
HA may reject the Request for a number of reasons, which are
outside the scope of this specification. If the HA rejects the
Request, the HA field in the Reply is set to this HAs address.
The IP address of the HA that is the target of the redirection
is specified in Redirected HA extension. The presence of this
extension is mandatory when the reply code is set to REDIRECT-
HA-REQ. HA sends the Reply to the FA/MN.
4. FA sends the Reply to the MN.
5. If the error code is set to REDIRECT-HA-REQ, MN obtains the HA
address from Redirected HA extension. The MN then sends a
Registration Request to Redirected HA, unless it has already
received a redirection response from this HA while processing
this Registration Request.
4.2.1 Example with Message Flow Diagram
Figure 3 shows one specific example of a Mobile Node using FA Care
of Address.
MN FA Requested HA Redirected HA
| 1 | | |
|------------>| 2 | |
| |--------------->| |
| | | |
| | | |
| | 3 | |
| 4 |<---------------| |
|<------------| | |
| | | |
| | 5 | |
|--------------------------------------------->|
| | | |
Figure 3: Example of message flows for HA redirection
1. MN sets the Home Agent address field in the Registration Request
to ALL-ZERO-ONE-ADDR address. Since MN is using FA CoA in this
example, it sends the Registration Request to the FA. The
Registration Request looks as follows:
Kulkarni, Patel, Leung Expires December 28, 2004 [Page 10]
Internet Draft Dynamic HA Assignment 28 June 2004
+-----------------------------------------------------------+
| Src IP=| Dest IP = | MN HoA | HA Address = | CoA = |
| MN | FA | | ALL-ZERO-ONE-ADDR |FA CoA |
+-----------------------------------------------------------+
If the MN is aware of an HA address, it can add that address in the
Requested HA extension in Registration Request as a hint. That
extension is not shown above.
2. The FA sends the Registration Request to the Requested HA. If
Requested HA extension is present, Requested HA is the HA address
in this extension. The Registration Request looks as follows:
+-----------------------------------------------------------+
| Src IP=| Dest IP = | MN HoA | HA Address = | CoA = |
| FA |Requested HA| | ALL-ZERO-ONE-ADDR |FA CoA |
+-----------------------------------------------------------+
3. HA processes the Registration Request in accordance with Mobile
IPv4 [1] and the messaging defined in this document. If the
registration is successful, but local configuration/ administrative
policy etc. directs HA to refer the MN to another HA, HA rejects
the Request with error code REDIRECT-HA-REQ. HA fills in the
address of the Redirected HA in the Redirected HA extension. HA
then sends Registration Reply reject to the FA, which looks as
follows:
+-----------------------------------------------------------+
| Src IP=| Dest IP = | MN HoA | HA Address = | CoA = |
| | Src IP of | | HA |FA CoA |
| HA | the RRQ | | | |
+-----------------------------------------------------------+
| Redirected HA extension ... |
+-----------------------------------------------------------+
4. The FA relays the Registration Reply to the MN, as follows.
+-----------------------------------------------------------+
| Src IP=| Dest IP = | MN HoA | HA Address = | CoA = |
| FA | MN | | HA |FA CoA/|
+-----------------------------------------------------------+
| Redirected HA extension ... |
+-----------------------------------------------------------+
5. If MN can authenticate the Reply, MN extracts the HA address
from Redirected HA extension. The MN then sends Registration
Request to Redirected HA, unless it has already received a
redirection response from this HA while processing the Registration
Request.
Kulkarni, Patel, Leung Expires December 28, 2004 [Page 11]
Internet Draft Dynamic HA Assignment 28 June 2004
5. Mobility Agent Considerations
Following sections describe the behavior of each mobility agent in
detail.
5.1 Mobile Node Considerations
The mobile node MUST use NAI extension for home address assignment
when using the messaging mechanism in this document. Since MN uses
NAI extension, the Home Address field is set to 0.0.0.0.
While dynamic HA assignment is in progress and MN has not
successfully anchored at a Home Agent, mobile node MUST set the
Home Agent field in the Registration Request to an ALL-ZERO-ONE-
ADDR, which is either 255.255.255.255 or 0.0.0.0.
The Registration Request MUST be protected by a valid authenticator
as specified in Mobile IPv4 [1] or Mobile IPv4 Challenge/Response
Extensions [5]. Configuring security associations is deployment
specific and hence outside the scope of this specification. The
security associations between a MN and an individual HA may also be
dynamically derived during the dynamic HA assignment, based on a
shared secret between MN and AAA infrastructure [7].
The mobile node MUST maintain the remaining Mobile IP session with
the Assigned HA.
Following sections describe MN behavior in FA CoA mode and
collocated CoA mode.
5.1.1 MN using FA CoA
When a mobile node initiates Mobile IP session requesting dynamic
HA assignment, it MUST set the home agent address field in the
Registration Request to ALL-ZERO-ONE-ADDR. The destination IP
address of Registration Request is the FA. The FA will determine
the Requested HA and forward the Registration Request to the
Requested HA. Registration Request processing takes place on the
Requested HA as per the specification in this draft.
The Registration Request MUST be appropriately authenticated for
the HA to validate the Request.
If successful Registration Reply is received, MN obtains Assigned
HA from the HA field of Reply. Assigned HA address is the same as
Requested HA address.
If Registration Reply is received with code REDIRECT-HA-REQ, MN
MUST authenticate the Reply based on HA address in HA field of
Reply and attempt Registration with the HA address specified in the
Kulkarni, Patel, Leung Expires December 28, 2004 [Page 12]
Internet Draft Dynamic HA Assignment 28 June 2004
Redirected HA extension. MN MUST put the Redirected HA in the HA
address of the Requested HA extension.
In some cases, for the first Registration Request MN may want to
hint to the network to be anchored at a specific HA and the MN MUST
put that address in the HA address of the Requested HA extension.
If the Registration Request contains the Requested HA extension,
the HA address in that extension must match the destination IP of
the Request.
5.1.2 MN using Collocated CoA
Mobile Node in collocated CoA mode requesting dynamic HA assignment
MUST set the home agent address field in the Registration Request
to ALL-ZERO-ONE-ADDR. The destination IP address of the
Registration Request is the Requested HA. Some ideas on how to
select a Requested HA are briefly covered in section 6.
If successful Reply is received, the MN obtains Assigned HA address
from successful Registration Reply. The Assigned HA will be same as
Requested HA. The MN MUST cache the Assigned HA address for the
length of the Mobile IP session. The mobile node then MUST use this
previously cached Assigned HA address as the home agent address in
subsequent re-registration and de-registration request(s). This
will make sure that for the duration of the Mobile IP session, the
mobile node will always be anchored to the assigned home agent with
which it was initially registered.
If Registration Reply is received with code REDIRECT-HA-REQ, MN
MUST authenticate the Reply based on HA address in HA field of
Reply and attempt Registration with the HA address specified in the
Redirected HA extension. MN MUST put the Redirected HA in the HA
address of the Requested HA extension.
In some cases, for the first Registration Request MN may want to
hint to the network to be anchored at a specific HA and the MN MUST
put that address in the HA address of the Requested HA extension.
While requesting dynamic HA assignment in collocated CoA mode,
Requested HA extension must always be included.
5.1.3 Refreshing Assigned HA Address on Mobile Node
When the Mobile IP session terminates, the mobile node MAY clear
the Assigned HA address cached as the home agent address. It MAY
request a new HA address for the new Mobile IP session by not
including the Requested HA extension. The advantage of this
approach is that the mobile node will be always anchored to an
optimal home agent from where it initiated Mobile IP session.
Kulkarni, Patel, Leung Expires December 28, 2004 [Page 13]
Internet Draft Dynamic HA Assignment 28 June 2004
Alternately, MN may save the Assigned HA address and use it in the
Requested HA extension along with ALL-ZERO-ONE-ADDR address in
Registration Request.
5.2 Foreign Agent Considerations
When the mobile node is using foreign agent CoA or MN using CCoA
finds R bit is set in the FA advertisement, it sends the
Registration Request to the foreign agent.
When the FA receives a Registration Request with HA address field
set to ALL-ZERO-ONE-ADDR and it doesn't contain the Requested HA
extension, FA obtains the Requested HA address to forward the
Registration Request. Some ideas on how to select a Requested HA
are briefly covered in section 6.
If the FA cannot obtain the Requested HA to forward a Registration
Request from MN, it MUST reject request with error code NONZERO-HA-
REQD.
If the MN has included the Requested HA extension, FA MUST forward
Registration Request to the address in this extension. If the HA
address in this extension is not a routable unicast address, FA
MUST reject request with error code NONZERO-HA-REQD.
If the Registration Request contains the Requested HA extension,
the HA address in that extension must match the destination IP of
the Request.
Backward compatibility issues related to the mobility agents are
addressed in section 10.
5.3 Home Agent Considerations
Home Agent can process an incoming Registration Request in one of
the following two ways:
1. MN or FA sends the Registration Request to the Requested HA. The
term Requested HA has meaning in context of the Registration
Request message. When the Requested HA successfully processes
Registration Request and creates a binding and sends a Reply with
its address, it becomes the Assigned HA. The term Assigned HA is
meaningful in context of a Registration Reply message.
2. Home Agent receiving the Registration Request with HA field set
to ALL-ZERO-ONE-ADDR MAY reject the request even if successfully
authenticated and suggest an alternate HA address in Reply. In such
a case, the HA puts its own address in HA field of Reply and sets
the Reply code to REDIRECT-HA-REQ and adds the Redirected HA
extension.
Kulkarni, Patel, Leung Expires December 28, 2004 [Page 14]
Internet Draft Dynamic HA Assignment 28 June 2004
If the Registration Request contains the Requested HA extension,
the HA address in that extension must match the destination IP of
the Request. If it does not match, the Requested HA must reject the
Registration Request with error code 136.
5.3.1 Assigned Home Agent Considerations
The HA that processes the incoming Registration Request fully in
accordance with Mobile IPv4 [1] and this specification becomes the
Assigned HA. The Registration Request terminates at the Assigned
HA.
The Assigned HA creates one mobility binding per MN and sends
Registration Reply to the MN by copying its address in the home
agent field and as the source IP address of the Reply.
There are two IP addresses to consider, destination IP address and
Home Agent address field in the Registration Request. When
destination IP address is unicast, only one HA receives the
Registration Request. This HA should unambiguously accept or deny
the registration, regardless of the value in the Home Agent field.
When the Home Agent field is non-unicast, the HA should set the
value to its own IP address in the Registration Reply.
The following table summarizes the behavior of Assigned HA.
Dest IP Addr HA field Processing at Assigned HA
------------ ------------ ----------------------------------
Unicast non-unicast Mobile IPv4 [1]: There is no change
in handling for this case from
(Must be Mobile IPv4. It is mentioned here
equal to the for reference only.
HA receiving HA denies the registration
the RRQ) with error code 136 and sets
HA field to its own IP
address in the reply as per
section 3.8.3.2 in [1].
ALL-ZERO-
ONE-ADDR New Behavior: Accept the RRQ as per
this specification. Authenticate
the RRQ and create mobility binding
if the HA is acting as Assigned HA.
Set HA field to its own IP address
in the Registration Reply.
OR
New Behavior: If authentication is
successful, reject RRQ with a new
Kulkarni, Patel, Leung Expires December 28, 2004 [Page 15]
Internet Draft Dynamic HA Assignment 28 June 2004
error code (REDIRECT-HA-REQ). HA
puts its address in HA address
field of Reject. HA suggests an
alternate HA to use in the new
Redirected HA extension.
Table 1: Registration Request handling at Assigned HA
As per the messaging proposed here, the mobile node (or the foreign
agent) sends the Registration Request to the Requested HA address,
which is a unicast address. Because HA does not receive
Registration Request that is sent to the subnet-directed broadcast
address, Mobile IPv4 [1] section 3.8.2.1 doesn't apply. Although
the Home Agent field in the Registration Request is not a unicast
address, the destination IP address is a unicast address. This
avoids the problem associated with subnet-directed broadcast
destination IP address that may result in multiple HAs responding.
Thus, there is no need to deny the registration as stated in Mobile
IPv4 [1] section 3.8.3.2.
When the destination IP address is a unicast address and Home Agent
field is ALL-ZERO-ONE-ADDR, the HA accepts/denies registration and
sets HA field to its own IP address in the reply (i.e. registration
is not rejected with error code 136).
HA can reject the request with the error code REDIRECT-HA-REQ and
suggest an alternate HA. This redirection can be used for load
balancing, geographical proximity based on care-of-address or other
reasons. HA puts its own address in HA field of the Registration
Reply message and puts the address of the redirected HA in the
Redirected HA extension. If HA accepts the Request, HA field in the
Registration Reply is set to this HA address.
The Assigned HA performs standard validity checks on the
Registration Request. If there is any error, the Registration
Request is rejected with error codes specified in Mobile IPv4 [1].
6. Requested Home Agent Selection
When dynamic HA assignment is requested, the destination IP address
of the Registration Request is the Requested HA. This address MUST
be a unicast IP address. If the MN has included a Requested HA
extension in Registration Request, the HA address in this extension
is the Requested HA.
Some example methods by which the MN or the FA may select the
Requested HA are briefly described below:
Kulkarni, Patel, Leung Expires December 28, 2004 [Page 16]
Internet Draft Dynamic HA Assignment 28 June 2004
DHCP:
MN performs DHCP to obtain an IP address on the visited network.
The Requested HA is learned from the DHCP Mobile IP Home Agent
Option 68 [4]. MN sends Registration Request directly to this HA
and receives the Assigned HA to be used for the remainder of the
Mobile IP session.
AAA:
MN performs challenge/response [5] with the FA. The FA retrieves
the Requested HA from the AAA server and forwards the Registration
Request directly to this HA. The Assigned HA sends Registration
Reply to the FA, which relays it to the MN. MN uses the Assigned
HA for the remainder of the Mobile IP session.
DNS:
In this case hostname of HA is configured on MN or obtained by some
other means e.g. using a service location protocol. MN performs DNS
lookup on the HA hostname. The DNS infrastructure provides resource
record with information to identify the nearest HA to the MN. The
MN sends Registration Request directly to the HA and receives the
Assigned HA to be used for remainder of the Mobile IP session.
Static configuration:
HA address is statically configured on MN. The MN sends the
Registration Request to the configured address.
7. Error Values
Each entry in the following table contains the name and value for
the error code to be returned in a Registration Reply. It also
includes the section in which the error code is first mentioned in
this document.
Error Name Value Section Description
---------- ----- ------- -----------------------------
NONZERO-HA-REQD XX 5.2 Non-zero HA address required
in Registration Request.
REDIRECT-HA-REQ YY 5.3 Reregister with redirected HA.
8. IANA Considerations
Kulkarni, Patel, Leung Expires December 28, 2004 [Page 17]
Internet Draft Dynamic HA Assignment 28 June 2004
The code value NONZERO-HA-REQD is a Mobile IP response code [1]
taken from the range of values associated with rejection by the
foreign agent (i.e. value in the range 64-127).
The code value REDIRECT-HA-REQ is a Mobile IP response code [1]
taken from the range of values associated with rejection by the
home agent (i.e. value in the range 128-192).
The Dynamic HA extension is assigned from the range of values
associated with skippable extensions at the home agent (i.e. value
in the range 128-255).
IANA should record the values as defined in Section 7 and 3.4.
9. Security Considerations
This specification assumes that a security configuration has been
preconfigured between the MN and the HA or is configured along with
the initial RRQ/RRP as per [7].
This specification does not change or degrade the security model
established in Mobile IPv4 [1]. Mobile Nodes are often connected to
the network via wireless link, which may be more prone to passive
eavesdropping, replay attacks. Such an attack might lead to bogus
registrations or redirection of traffic or denial of service.
As per the messaging in this draft, the Assigned Home Agent will
process the incoming Registration Request as per Mobile IPv4 [1].
Hence the Assigned Home Agent will have same security concerns as
that of the Home Agent in Mobile IPv4 [1]. They are addressed in
Section 5 "Security Considerations" of Mobile IPv4 [1].
The Registration Request and Registration Reply messages are
protected by a valid authenticator as specified in Mobile IPv4 [1].
Configuring security associations is a deployment specific issue
and is covered by other specifications in Mobile IP WG. There can
be many ways of configuring security associations, but this
specification does not mandate any specific way.
An example is where the security association between a MN and an
individual HA (Dynamic or Assigned) is dynamically derived during
the dynamic HA assignment, based on a shared secret between MN and
AAA infrastructure, as defined in [7]. The Registration Request is
protected with MN-AAA authentication extension and Registration
Reply is protected with MN-HA Authentication Extension. Since the
security association is shared between MN and AAA, any dynamically
assigned HA in the local domain can proxy authenticate the MN using
AAA as per [7].
The Assigned Home Agent authenticates Registration Request from the
mobile node as specified in Mobile IPv4 [1] and RFC-3012. The MN
Kulkarni, Patel, Leung Expires December 28, 2004 [Page 18]
Internet Draft Dynamic HA Assignment 28 June 2004
also authenticates the Registration Reply from the Assigned HA,
thus the existing trust model in Mobile IPv4 [1] is maintained.
10. Backward Compatibility Considerations
In this section, we examine concerns that may arise when using this
specification in a mixed environment where some nodes implement the
specification and others do not. In each of the examples below, we
consider the case where one node is a "Legacy" node which does not
implement the specification in the context of other nodes which do.
Legacy Home Agent:
Legacy home agents may reject the Registration Request with error
code 136 because the Home Agent field is not a unicast address.
However, some legacy HA implementations may coincidentally process
the Registration Request in accordance with this draft, when the HA
field in RRQ is set to ALL-ZERO-ONE-ADDR.
Legacy Foreign Agent:
Legacy foreign agents may forward Registration Request with home
agent field set to ALL-ZERO-ONE-ADDR by setting the destination IP
address to ALL-ZERO-ONE-ADDR. This will result packet being
dropped or incidentally handled by a next hop HA, adjacent to the
FA.
Legacy Mobile Node:
MN that does not set HA field to ALL-ZERO-ONE-ADDR will continue to
achieve its registrations through statically configured HA. In
collocated mode, the endpoint of the MN's tunnel is the Assigned
HA.
11. Change Log from previous versions
Changes from revision 1 to 2:
1. Editorial changes suggested by the WG, the chair's reviews
and idnits.
Changes from revision 0 to 1:
1. Added subtype field in Redirected HA Address Extension.
2. Aligned the HA address at 4-byte world boundary.
3. The case of handling unicast HA field is removed in section
5.3.1.
Kulkarni, Patel, Leung Expires December 28, 2004 [Page 19]
Internet Draft Dynamic HA Assignment 28 June 2004
12. Acknowledgements
The authors would like to thank Pete McCann for thorough review,
suggestions on security considerations and definition of ALL-ZERO-
ONE-ADDR. Thanks to Kuntal Chowdhury for extensive review and
comments on this draft. Also thanks to Henrik Levkowetz for
detailed reviews and suggestions.
The authors would like to thank Mike Andrews, Madhavi Chandra and
Yoshi Tsuda for their review and suggestions.
13. Normative References
[1] C. Perkins, "IP Mobility Support for IPv4", RFC 3344, August
2002.
[2] P. Calhoun and C. Perkins, "Mobile IP Network Access Identifier
Extension for IPv4", RFC 2794, March 2000.
[3] D. Senie, "Changing the Default for Directed Broadcasts in
Routers", RFC 2644, August 1999.
[4] S. Alexander and R. Droms, "DHCP Options and BOOTP Vendor
Extensions", RFC 2132, March 1997.
[5] C. Perkins and P. Calhoun, "Mobile IPv4 Challenge/Response
Extensions", RFC 3012, November 2000.
[6] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, March 1997.
[7] C. Perkins and P. Calhoun, "AAA Registration Keys for Mobile
IP", draft-ietf-mip4-aaa-key-06.txt, June 2004.
Authors' Addresses
Milind Kulkarni
Cisco Systems Inc.
170 W. Tasman Drive,
San Jose, CA 95134
USA
Email: mkulkarn@cisco.com
Phone:+1 408-527-8382
Alpesh Patel
Cisco Systems Inc.
170 W. Tasman Drive,
San Jose, CA 95134
USA
Email: alpesh@cisco.com
Kulkarni, Patel, Leung Expires December 28, 2004 [Page 20]
Internet Draft Dynamic HA Assignment 28 June 2004
Phone:+1 408-853-9580
Kent Leung
Cisco Systems Inc.
170 W. Tasman Drive,
San Jose, CA 95134
USA
Email: kleung@cisco.com
Phone: +1 408-526-5030
Intellectual Property Statement
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed
to pertain to the implementation or use of the technology described
in this document or the extent to which any license under such
rights might or might not be available; nor does it represent that
it has made any independent effort to identify any such rights.
Information on the procedures with respect to rights in RFC
documents can be found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use
of such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository
at http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention
any copyrights, patents or patent applications, or other
proprietary rights that may cover technology that may be required
to implement this standard. Please address the information to the
IETF at ietf-ipr@ietf.org.
Disclaimer of Validity
This document and the information contained herein are provided on
an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE
REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT
THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR
ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A
PARTICULAR PURPOSE.
Copyright Statement
Kulkarni, Patel, Leung Expires December 28, 2004 [Page 21]
Internet Draft Dynamic HA Assignment 28 June 2004
Copyright (C) The Internet Society (2003). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights.
Acknowledgement
Funding for the RFC Editor function is currently provided by the
Internet Society.
Kulkarni, Patel, Leung Expires December 28, 2004 [Page 22]
