Network Working Group                                   David B. Johnson
INTERNET DRAFT                                Carnegie Mellon University
28 November 1994                                            Andrew Myles
                                                    Macquarie University
                                                         Charles Perkins
                                                         IBM Corporation


                    Route Optimization in Mobile IP

                    draft-ietf-mobileip-optim-00.txt


Abstract

   This document defines experimental extensions to the operation of
   the basic Mobile IP protocol to allow for optimization of datagram
   routing from a correspondent node to a mobile node.  Without route
   optimization, all datagrams destined to a mobile node are routed
   through that mobile node's home agent, which then tunnels each
   datagram to the mobile node's current location.  The protocol
   extensions described here provide a means for correspondent nodes
   to cache the location of a mobile node and to then tunnel their own
   datagrams for the mobile node directly to that location, bypassing
   the possibly lengthy route for each datagram to and from the mobile
   node's home agent.  Extensions are also provided to optimize the
   handoff from one foreign agent to another as the mobile node moves.
   This draft is currently incomplete and changes to it are in progress.
   We welcome any comments on it from others in the community.


Status of This Memo

   This document is an Internet Draft.  Internet Drafts are working
   documents of the Internet Engineering task Force (IETF), its Areas,
   and its Working Groups.  Note that other groups may also distribute
   working documents as Internet Drafts.

   Internet Drafts are draft documents valid for a maximum of six
   months.  Internet Drafts may be updated, replaced, or obsoleted by
   other documents at any time.  It is not appropriate to use Internet
   Drafts as reference material or to cite them other than as "working
   drafts" or "work in progress".

   Please check lid-abstracts.txt listing contained in the
   internet-drafts Shadow Directories on nic.ddn.mil, nnsc.nsf.net,
   nic.nordu.net, ftp.nisc.sri.com, or munnari.oz.au to learn the
   current status of an Internet Draft.






Johnson, Myles, Perkins           Expires 28 May 1995           [Page i]


Internet Draft     Route Optimization in Mobile IP      28 November 1994




                                Contents



Abstract                                                               i

Status of This Memo                                                    i

 1. Introduction                                                       1

 2. Route Optimization Overview                                        3
     2.1. Location Caching  . . . . . . . . . . . . . . . . . . . .    3
     2.2. Foreign Agent Handoff . . . . . . . . . . . . . . . . . .    3
     2.3. Location Cache Updates  . . . . . . . . . . . . . . . . .    6

 3. Route Optimization Message Formats                                 8
     3.1. Binding Advice Message  . . . . . . . . . . . . . . . . .    9
     3.2. Binding Inquire Message . . . . . . . . . . . . . . . . .   10
     3.3. Binding Update Message  . . . . . . . . . . . . . . . . .   11
     3.4. Binding Acknowledge Message . . . . . . . . . . . . . . .   13

 4. Route Optimization Extension Formats                              14
     4.1. Previous Foreign Agent Notification Extension . . . . . .   15
     4.2. Route Optimization Authentication Extension . . . . . . .   17
     4.3. Mobile Node Registration Key Extension  . . . . . . . . .   18
     4.4. Foreign Agent Registration Key Extension  . . . . . . . .   19

 5. Mobility Security Association Management                          20
     5.1. Motivation  . . . . . . . . . . . . . . . . . . . . . . .   20
     5.2. Mobility Security Associations  . . . . . . . . . . . . .   21
     5.3. Using a Master Key at the Home Agent  . . . . . . . . . .   22

 6. Location Cache Considerations                                     23
     6.1. Cache Management  . . . . . . . . . . . . . . . . . . . .   23
     6.2. Receiving Binding Advice Messages . . . . . . . . . . . .   23
     6.3. Receiving Binding Update Messages . . . . . . . . . . . .   23

 7. Home Agent Considerations                                         24
     7.1. Tunneling Datagrams . . . . . . . . . . . . . . . . . . .   24
     7.2. Receiving Binding Inquire Messages  . . . . . . . . . . .   24

 8. Foreign Agent Considerations                                      25
     8.1. Previous Foreign Agent Notification . . . . . . . . . . .   25
     8.2. Receiving Tunneled Datagrams  . . . . . . . . . . . . . .   25





Johnson, Myles, Perkins          Expires 28 May 1995           [Page ii]


Internet Draft     Route Optimization in Mobile IP      28 November 1994


 9. Mobile Node Considerations                                        26
     9.1. Previous Foreign Agent List . . . . . . . . . . . . . . .   26
     9.2. Previous Foreign Agent Notification . . . . . . . . . . .   26

References                                                            27

Chairs' Addresses                                                     28

Authors' Addresses                                                    29










































Johnson, Myles, Perkins          Expires 28 May 1995          [Page iii]


Internet Draft     Route Optimization in Mobile IP      28 November 1994


1. Introduction

   The basic Mobile IP protocol [2] allows a mobile node to move about,
   changing its point of attachment to the Internet, while continuing
   to be addressed by its home IP address.  Correspondent nodes sending
   IP datagrams to a mobile node address them to the mobile node's home
   address in the same way as any destination.

   While the mobile node is connected to the Internet away from its
   home network, it is served by a "home agent" on its home network
   and is associated with a "care-of address" indicating its current
   location.  The association between a mobile node's home address and
   its care-of address is known as a "mobility binding".  The care-of
   address is generally the address of a "foreign agent" on the network
   being visited by the mobile node, which forwards arriving datagrams
   locally to the mobile node.  Alternatively, the care-of address may
   be temporarily assigned to the mobile node using DHCP [1] or other
   means.  All IP datagrams addressed to the mobile node are routed by
   the normal IP routing mechanisms to the mobile node's home network,
   where they are intercepted by the mobile node's home agent, which
   then tunnels each datagram to the mobile node's current care-of
   address.  Datagrams sent by a mobile node use the foreign agent as a
   default router but require no other special handling or routing.

   This basic scheme allows transparent interoperation with mobile
   nodes, but by forcing all datagrams for a mobile node to be routed
   through its home agent, this basic protocol may often lead to
   routing that is significantly less than optimal.  For example, if a
   mobile node, say MN1, is visiting some subnet, even datagrams from
   a correspondent node on this same subnet must be routed through the
   Internet to MN1's home agent on MN1's home network, only to then
   be tunneled back to the original subnet to MN1's foreign agent for
   delivery to MN1.  This indirect routing can significantly delay the
   delivery of the datagram to MN1 and places an unnecessary burden on
   the networks and routers along this path through the Internet.  If
   the correspondent node in this example is actually another mobile
   node, say MN2, then datagrams from MN1 to MN2 must likewise be routed
   through MN2's home agent on MN2's home network and back to the
   original subnet for delivery to MN1.

   This document defines experimental extensions to the basic Mobile
   IP protocol to allow for the optimization of datagram routing from
   a correspondent node to a mobile node.  These extensions provide a
   means for nodes that implement them to cache the care-of address
   of a mobile node and to then tunnel their own datagrams directly
   there, bypassing the possibly lengthy route to and from that mobile
   node's home agent.  Extensions are also provided to allow datagrams
   in flight when a mobile node moves or datagrams sent based on an



Johnson, Myles, Perkins           Expires 28 May 1995           [Page 1]


Internet Draft     Route Optimization in Mobile IP      28 November 1994


   out-of-date cached care-of address to be forwarded directly to the
   mobile node's new care-of address.

   All operation of route optimization that effects the routing of IP
   datagrams to the mobile node is authenticated using the same type
   of authentication mechanism used in the basic Mobile IP protocol.
   This authentication relies on a "mobility security association"
   established in advance between the node sending a message and the
   node receiving the message that must authenticate it.  When the
   required mobility security association has not been established, a
   Mobile IP implementation using route optimization operates in the
   same way as the basic Mobile IP protocol.

   Section 2 of this document provides an overview of the operation of
   route optimization.  Section 3 defines the message types used by
   route optimization, and Section 4 defines the message extensions
   used.  Section 5 discusses the problem of managing the mobility
   security associations needed to provide authentication of all
   messages that affect the routing of datagrams to a mobile node.  The
   final four sections of this document define in detail the operation
   of route optimization from the point of view of each of the entities
   involved:  location cache considerations are presented in Section 6,
   home agent considerations in Section 7.  foreign agent considerations
   in Section 8, and mobile node considerations in Section 9.



























Johnson, Myles, Perkins           Expires 28 May 1995           [Page 2]


Internet Draft     Route Optimization in Mobile IP      28 November 1994


2. Route Optimization Overview

2.1. Location Caching

   Route optimization provides a means for any node that wishes to
   optimize its own communication with mobile nodes to maintain a
   "location cache" in which it caches the mobility binding of one or
   more mobile nodes.  When sending an IP datagram to a mobile node, if
   the sender has a location cache entry for this mobile node, it may
   tunnel the datagram directly to the care-of address indicated in the
   cached mobility binding.

   In the absence of any location cache entry, datagrams destined for
   a mobile node will be routed to the mobile node's home network in
   the same way as any other IP datagram, and are then tunneled to the
   mobile node's current care-of address by the mobile node's home
   agent.  This is the only routing mechanism supported by the basic
   Mobile IP protocol.  With route optimization, as a side effect of
   this indirect routing of a datagram to a mobile node, the original
   sender of the datagram is informed of the mobile node's current
   mobility binding, giving the sender an opportunity to cache the
   binding.

   A node may create a location cache entry for a mobile node only when
   it has received and authenticated the mobile node's mobility binding.
   Likewise, a node may update an existing location cache entry for a
   mobile node, such as after the mobile node has moved to a new foreign
   agent, only when it has received and authenticated the mobile node's
   new mobility binding.

   A location cache will, by necessity, have a finite size.  Any node
   implementing a location cache may manage the space in its cache
   using any local cache replacement policy.  If a datagram is sent
   to a destination for which the cache entry has been dropped from
   the cache, the datagram will be routed normally through the mobile
   node's home network and will be tunneled to the mobile node's
   care-of address by its home agent.  As when a location cache entry
   is initially created, this indirect routing to the mobile node will
   result in the original sender of the datagram being informed of the
   mobile node's current mobility binding, allowing it to add this entry
   again to its location cache.


2.2. Foreign Agent Handoff

   When a mobile node moves and registers with a new foreign agent, the
   basic Mobile IP protocol does not notify the mobile node's previous
   foreign agent.  IP datagrams intercepted by the home agent after



Johnson, Myles, Perkins           Expires 28 May 1995           [Page 3]


Internet Draft     Route Optimization in Mobile IP      28 November 1994


   the new registration are tunneled to the mobile node's new care-of
   address, but datagrams in flight that had already been intercepted
   by the home agent and tunneled to the old care-of address when the
   mobile node moved are lost and are assumed to be retransmitted by
   higher-level protocols if needed.  The old foreign agent eventually
   deletes the mobile node's registration after the expiration of the
   lifetime period established when the mobile node registered there.

   Route optimization provides a means for the mobile node's previous
   foreign agent to be reliably notified of the mobile node's new
   mobility binding, allowing datagrams in flight to the mobile node's
   previous foreign agent to be forwarded directly to its new care-of
   address.  This notification also allows any datagrams tunneled to the
   mobile node's previous foreign agent from correspondent nodes with
   out-of-date location cache entries for the mobile node (they have not
   yet learned that the mobile node has moved) to be forwarded directly
   to its new care-of address.  Finally, this notification allows any
   resources consumed by the mobile node's registration at the previous
   foreign agent (such as radio channel reservations) to be released
   immediately, rather than waiting for the mobile node's registration
   to expire.

   During registration with a new foreign agent, the mobile node and
   the new foreign agent may establish a "registration key", which acts
   as a session key for this registration.  The mobile node's home
   agent may choose a registration key and include copies of it in the
   Registration Reply message for the foreign agent and for the mobile
   node.  The copy for the mobile node is included in a Mobile Node
   Registration Key extension and is encrypted under a key and algorithm
   shared between the home agent and the mobile node as part of their
   mobility security association.  Likewise, the copy for the foreign
   agent is included in a Foreign Agent Registration Key extension and
   is encrypted under a key and algorithm shared between the home agent
   and the foreign agent as part of their mobility security association.
   If the home agent and foreign agent do not share a mobility security
   association, then no registration key is established.

   When the mobile node later registers with a new foreign agent, it may
   use this registration key from its registration with its previous
   foreign agent to notify it that it has moved.  This notification
   may also optionally include its new mobility binding, allowing the
   previous foreign agent to create a location cache entry for the
   mobile node to serve as a "forwarding pointer" to its new location.
   Any datagrams for the mobile node tunneled to this previous foreign
   agent that arrive after this location cache entry has been created
   will then be re-tunneled to the mobile node's new location at the
   care-of address in this location cache entry.




Johnson, Myles, Perkins           Expires 28 May 1995           [Page 4]


Internet Draft     Route Optimization in Mobile IP      28 November 1994


   To minimize the network bandwidth required for this registration
   over the link between the mobile node and its new foreign agent,
   the mobile node may request its new foreign agent to attempt to
   notify its previous foreign agent on its behalf, by including a
   Previous Foreign Agent Notification extension in its Registration
   Request message sent to the new foreign agent.  The new foreign agent
   then builds a Binding Update message and transmits it to the mobile
   node's previous foreign agent as part of registration, requesting
   an acknowledgement from the previous foreign agent.  The Previous
   Foreign Agent Notification extension includes only those values
   needed to construct the Binding Update message that are not already
   contained in the Registration Request message.  The authenticator for
   the Binding Update message is computed by the mobile node based on
   its registration key shared with its previous foreign agent.

   If the Binding Acknowledgement message acknowledging this Binding
   Update message is received by the new foreign agent before it sends
   the Registration Reply to the mobile node, the new foreign agent
   indicates the acknowledgement in the Registration Reply message to
   the mobile node.  Otherwise, the new foreign agent forwards the
   Binding Acknowledgement message to the mobile node when it arrives;
   the mobile node is responsible for occasionally retransmitting a
   Binding Update message to its previous foreign agent until the
   matching Binding Acknowledge message is received, or until the mobile
   node can be sure of the expiration of its registration with that
   foreign agent.

   The location cache entry created at the mobile node's previous
   foreign agent is treated in the same way as any other location cache
   entry.  In particular, it is possible that this location cache entry
   could be deleted from the cache at any time.  In this case, the
   foreign agent will be unable to re-tunnel subsequently arriving
   tunneled datagrams for the mobile node directly to its new location.

   Suppose a node (such as this previous foreign agent) receives some
   datagram that has been tunneled to this node, but this node is unable
   to deliver the datagram locally to the destination mobile node (it
   is not the mobile node itself, and it is not a foreign agent with a
   visitor list entry for this mobile node).  If this node also has no
   location cache entry for the mobile node, the node re-tunnels the
   datagram using a "special tunnel", in which the destination address
   of the tunnel and the destination address of the datagram carried
   with in the tunnel are both equal to the mobile node's address.
   The tunneled datagram will eventually reach the mobile node's home
   network, where it will be intercepted by the mobile node's home agent
   and tunneled to the mobile node's current care-of address.





Johnson, Myles, Perkins           Expires 28 May 1995           [Page 5]


Internet Draft     Route Optimization in Mobile IP      28 November 1994


   The use of the "special tunnel" enables the home agent to determine
   which node forwarded the datagram to it, allowing it to detect the
   case in which a foreign agent has "forgotten" about one of the
   visiting mobile nodes registered with it.  For example, if a foreign
   agent crashes and reboots, it will generally lose all information
   in its visitor list.  If this were to happen, datagrams destined to
   mobile nodes that were registered with the foreign agent before it
   crashed would instead loop infinitely between that foreign agent and
   the mobile node's home agent.  By allowing the home agent to detect
   this situation, the datagram can instead be dropped by the home agent
   when it receives it in the "special tunnel", rather than retunneling
   it again to the foreign agent.  For compatibility between foreign
   agents that implement route optimization and home agents that do not,
   if the foreign agent receive a tunneled datagram that is itself a
   special tunneled datagram destined for a mobile node not registered
   with this foreign agent, the foreign agent should drop the datagram.


2.3. Location Cache Updates

   When a mobile node's home agent intercepts a datagram from the home
   network and tunnels it to the mobile node, the home agent may deduce
   that the original sender of the datagram has no location cache entry
   for the destination mobile node.  In this case, the home agent may
   send a Binding Update message to the sender, informing it of the
   mobile node's current mobility binding.  No acknowledgement for this
   Binding Update message is needed, since future datagrams intercepted
   by the home agent from this sender for the mobile node will serve
   to cause a retransmission of the Binding Update message.  In order
   for the home agent to send this Binding Update to the sender of
   the datagram, the home agent and this node must have established a
   mobility security association.

   When the foreign agent serving a mobile node (or the mobile node
   itself, when using a temporary local IP address as a care-of address)
   receives a datagram tunneled to it for the mobile node, in which the
   source address of the tunnel differs from the original source address
   of the datagram carried within the tunnel, it may deduce that the
   original sender of the datagram has an out-of-date location cache
   entry for this mobile node.  In this case, the foreign agent (or
   the mobile node itself, when using a temporary local IP address as
   a care-of address) may send a Binding Advice message to the mobile
   node's home agent (the foreign agent learns the home agent address
   during registration), advising it that the original sender of the
   datagram has an out-of-date location cache entry for the mobile node.
   However, if the source address of the tunnel is the mobile node's
   home agent, then no Binding Advice message is needed, since in this
   case, the home agent will have already sent a Binding Update message



Johnson, Myles, Perkins           Expires 28 May 1995           [Page 6]


Internet Draft     Route Optimization in Mobile IP      28 November 1994


   to the original sender when it tunneled the datagram to the foreign
   agent.  As above, no acknowledgement of the Binding Advice message
   is needed, since future datagrams for the mobile node from the same
   sender will serve to cause a retransmissions of the Binding Advice
   message.

   No authentication of the Binding Advice message is necessary, since
   it does not directly affect the routing of IP datagrams to the mobile
   node.  Instead, when a node receives a Binding Advice message, that
   node sends a Binding Inquire message to the indicated mobile node's
   home agent requesting the mobile node's current mobility binding,
   which is answered by a Binding Update message from the home agent.
   When the Binding Update message is received, the node may then create
   a location cache entry for the mobile node.  In order for this node
   and the home agent to exchange these Binding Inquire and Binding
   Update messages, they must have established a mobility security
   association.

   Included in each Binding Update message is an indication of the
   time remaining in the lifetime associated with the mobile node's
   current registration.  Any location cache entry established or
   updated in response to this Binding Update message must be marked
   to be deleted after the expiration of this period.  A node wanting
   to provide continued service with a particular location cache entry
   may attempt to reconfirm that mobility binding before the expiration
   of this lifetime period.  Location cache entry reconfirmation
   may be appropriate when the node has indications (such as an open
   transport-level connection to the mobile node) that the location
   cache entry is still needed.  This reconfirmation is performed by
   the node sending a Binding Inquire message to the mobile node's home
   agent, requesting it to reply with the mobile node's current mobility
   binding in a new Binding Update message.



















Johnson, Myles, Perkins           Expires 28 May 1995           [Page 7]


Internet Draft     Route Optimization in Mobile IP      28 November 1994


3. Route Optimization Message Formats

   Route optimization defines four message types used for management
   of location cache entries.  Each of these messages begins with a
   one-octet field indicating the type of the message.

   The following Type codes are defined in this document:

      16 = Binding Advice message
      17 = Binding Inquire message
      18 = Binding Update message
      19 = Binding Acknowledge message







































Johnson, Myles, Perkins           Expires 28 May 1995           [Page 8]


Internet Draft     Route Optimization in Mobile IP      28 November 1994


3.1. Binding Advice Message

   A Binding Advice message is used to advise a node that it appears
   not to have a current mobility binding cached in a location cache
   entry for some mobile node.  It is sent by a mobile node's current
   foreign agent when the foreign agent receives a tunneled datagram for
   the mobile node, in which the source address of the tunnel differs
   from the original source address of the datagram.  The Binding Advice
   message is sent to the original source of the datagram.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |                   Reserved                    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                    Mobile Node Home Address                   |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      Type

         16

      Reserved

         Sent as 0; ignored on reception.

      Mobile Node Home Address

         The home address of the mobile node to which the Binding Advice
         message refers.





















Johnson, Myles, Perkins           Expires 28 May 1995           [Page 9]


Internet Draft     Route Optimization in Mobile IP      28 November 1994


3.2. Binding Inquire Message

   A Binding Inquire message is used by a node when requesting a mobile
   node's current mobility binding from the mobile node's home agent.
   It is sent by a node upon receiving a Binding Advice message, or by
   a node desiring to update the mobility binding in a location cache
   entry that it holds for the mobile node.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |                  Reserved                     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                    Mobile Node Home Address                   |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   +                         Identification                        +
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      Type

         17

      Reserved

         Sent as 0; ignored on reception.

      Mobile Node Home Address

         The home address of the mobile node to which the Binding
         Inquire refers.

      Identification

         A 64-bit sequence number, assigned by the node sending the
         Binding Inquire message, used to assist in matching requests
         with replies, and in protecting against replay attacks.













Johnson, Myles, Perkins          Expires 28 May 1995           [Page 10]


Internet Draft     Route Optimization in Mobile IP      28 November 1994


3.3. Binding Update Message

   The Binding Update message is used to notify another node of a mobile
   node's current mobility binding.  It may be sent by the mobile
   node's home agent in response to a Binding Inquire message; it may
   also be sent by a mobile node or the foreign agent with which it is
   registering, when notifying the mobile node's previous foreign agent
   that the mobile node has moved.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |A|                  Reserved                   |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                    Mobile Node Home Address                   |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                        Care-of Address                        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                            Lifetime                           |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   +                         Identification                        +
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | Extensions ...
   +-+-+-+-+-+-+-+-

      Type

         18

      Acknowledge (A)

         The Acknowledge (A) bit is set by the node sending the Binding
         Update message to request a Binding Acknowledge message be
         returned acknowledging its receipt.

      Reserved

         Sent as 0; ignored on reception.

      Mobile Node Home Address

         The home address of the mobile node to which the Binding Update
         message refers.






Johnson, Myles, Perkins          Expires 28 May 1995           [Page 11]


Internet Draft     Route Optimization in Mobile IP      28 November 1994


      Care-of Address

         The current care-of address of the mobile node.

      Lifetime

         The number of seconds remaining before the location cache entry
         must be considered expired.  A value of all ones indicates
         infinity.

         When sent by the mobile node's home agent in response to
         a Binding Inquire message, this value should be less than
         or equal to the remaining lifetime of the mobile node's
         registration.  When sent by the mobile node or its new foreign
         agent to the mobile node's previous foreign agent during
         registration, this value is ignored and the lifetime on the
         location cache entry created at the previous foreign agent
         must be set to the remaining lifetime of the mobile node's
         registration with that foreign agent.  When sent by the mobile
         node to its previous foreign agent after completing its new
         registration, this value should be less than or equal to the
         remaining lifetime of the mobile node's current registration.

      Identification

         A 64-bit sequence number, assigned by the node sending the
         Binding Inquire message, used to assist in matching requests
         with replies, and in protecting against replay attacks.

   The Route Optimization Authentication extension (Section 4.2) is
   required.




















Johnson, Myles, Perkins          Expires 28 May 1995           [Page 12]


Internet Draft     Route Optimization in Mobile IP      28 November 1994


3.4. Binding Acknowledge Message

   A Binding Acknowledge message is used to acknowledge receipt of a
   Binding Update message.  It is sent by the node receiving the Binding
   Update message, if the Acknowledge (A) bit is set in the Binding
   Update message.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |                 Reserved                      |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                    Mobile Node Home Address                   |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   +                         Identification                        +
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      Type

         19

      Reserved

         Sent as 0; ignored on reception.

      Mobile Node Home Address

         Copied from the Binding Update message being acknowledged.

      Identification

         Copied from the Binding Update message being acknowledged.

















Johnson, Myles, Perkins          Expires 28 May 1995           [Page 13]


Internet Draft     Route Optimization in Mobile IP      28 November 1994


4. Route Optimization Extension Formats

   Route optimization defines the following two message extensions:

      ??  = Previous Foreign Agent Notification extension
      ??  = Route Optimization Authentication extension
      ??  = Mobile Node Registration Key extension
      ??  = Foreign Agent Registration Key extension











































Johnson, Myles, Perkins          Expires 28 May 1995           [Page 14]


Internet Draft     Route Optimization in Mobile IP      28 November 1994


4.1. Previous Foreign Agent Notification Extension

   The Previous Foreign Agent Notification Extension may be included in
   a Registration Request message sent to a foreign agent.  It is used
   to request this foreign agent to send a Binding Update message to the
   mobile node's previous foreign agent to notify it that the mobile
   node has moved.  The previous foreign agent deletes the mobile node's
   visitor list entry and creates a location cache entry for the mobile
   node pointing to its new care-of address.  The extension contains
   only those values needed to construct the Binding Update message
   that are not otherwise already contained in the Registration Request
   message.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |     Length    |         Cache Lifetime        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                 Previous Foreign Agent Address                |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                         Authenticator ...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      Type

         ???

      Length

         6 plus the length of the Authenticator

      Cache Lifetime

         The number of seconds remaining before the location cache
         entry created by the previous foreign agent must be considered
         expired.  A value of all ones indicates infinity.  A value
         of zero indicates that the previous foreign agent should not
         create a location cache entry for the mobile node once it
         has deleted the mobile node's visitor list entry.  The Cache
         Lifetime value is copied into the Lifetime field of the Binding
         Update message.

      Previous Foreign Agent Address

         The IP address of the mobile node previous foreign agent to
         which the new foreign agent should send a Binding Update
         message on behalf of the mobile node.




Johnson, Myles, Perkins          Expires 28 May 1995           [Page 15]


Internet Draft     Route Optimization in Mobile IP      28 November 1994


      Authenticator

         The authenticator value to be used in the Route Optimization
         Authentication extension in the Binding Update message sent by
         the new foreign agent to the mobile node's previous foreign
         agent.













































Johnson, Myles, Perkins          Expires 28 May 1995           [Page 16]


Internet Draft     Route Optimization in Mobile IP      28 November 1994


4.2. Route Optimization Authentication Extension

   The Route Optimization Authentication Extension is used to
   authenticate certain route optimization management messages.  It
   contains the same fields and is computed in the same way as the
   Mobile-Home Authentication Extension used in the basic Mobile IP
   protocol.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |     Length    |        Authenticator ...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      Type

         ???

      Length

         The length of the Authenticator

      Authenticator

         (variable length) A hash value taken over a stream of bytes
         including the shared secret, all prior extensions in their
         entirety, and the type and length of this extension, but not
         including the Authenticator field itself.























Johnson, Myles, Perkins          Expires 28 May 1995           [Page 17]


Internet Draft     Route Optimization in Mobile IP      28 November 1994


4.3. Mobile Node Registration Key Extension

   The Mobile Node Registration Key extension may be used on
   Registration Reply messages to send a registration key from the
   mobile node's home agent to the mobile node.  The extension is
   authenticated along with the rest of the Registration Reply message,
   and thus no additional authenticator is included in the extension.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |     Length    |        Encrypted Key ...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      Type

         ???

      Length

         The length of the Encrypted Key

      Encrypted Key

         (variable length) The registration key, chosen by the home
         agent, encrypted based on the mobility security association
         between the mobile node and its home agent.
























Johnson, Myles, Perkins          Expires 28 May 1995           [Page 18]


Internet Draft     Route Optimization in Mobile IP      28 November 1994


4.4. Foreign Agent Registration Key Extension

   The Foreign Agent Registration Key extension may be used on
   Registration Reply messages to send a registration key from the home
   agent to the foreign agent.  An authenticator is included in the
   extension to allow the foreign agent to authenticate the received
   registration key.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |     Length    |        Encrypted Key ...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |        Authenticator ...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      Type

         ???

      Length

         The length of the Encrypted Key plus the length of the
         Authenticator

      Encrypted Key

         (variable length) The registration key, chosen by the home
         agent, encrypted based on the mobility security association
         between the foreign agent and the home agent.

      Authenticator

         (variable length) A hash value taken over a stream of bytes
         including the shared secret and the fields in this extension
         other than the Authenticator field itself.















Johnson, Myles, Perkins          Expires 28 May 1995           [Page 19]


Internet Draft     Route Optimization in Mobile IP      28 November 1994


5. Mobility Security Association Management

5.1. Motivation

   One of the most difficult aspects of route optimization for Mobile IP
   in the Internet today is the difficulty of providing authentication
   for all messages that affect the routing of datagrams to a mobile
   node.  In the basic Mobile IP protocol, all routing of datagrams to
   the mobile node while away from its home network is controlled by
   the home agent, since only the home agent is aware of the mobile
   node's mobility binding and only the home agent tunnels datagrams
   to the mobile node.  Authentication is achieved based on a manually
   established "mobility security association" between the home agent
   and the mobile node.  Since the home agent and the mobile node
   are both owned by the same organization (both are assigned IP
   addresses within the same IP subnet), this manual configuration can
   be performed fairly easily, for example while the mobile node is at
   home.

   With route optimization, though, there is a need in general to
   authenticate messages between two nodes belonging to different
   organizations, making establishment of a mobility security
   association more difficult.  Since no general authentication or key
   distribution protocol is available in the Internet today, the route
   optimization procedures defined in this document rely on the same
   type of manually configured mobility security associations as are
   used in the basic Mobile IP protocol.

   For a correspondent node to be able to create a location cache entry
   for a mobile node so that it can tunnel its own IP datagrams directly
   to the mobile node at its current location, the correspondent node
   and the mobile node's home agent must have established a mobility
   security association.  This mobility security association, though,
   may be used in creating and updating location cache entries at this
   correspondent node for all mobile nodes served by this home agent.
   This places the correspondent node in a fairly natural relationship
   with respect to the mobile nodes served by this home agent.  For
   example, these mobile nodes may represent different people affiliated
   with the organization owning the home agent and these mobile nodes,
   with which the user of this correspondent node often collaborates.
   In this case, the effort of establishing the necessary mobility
   security association with this home agent may be justified.

   Similarly, for a mobile node to be able to notify its previous
   foreign agent once it moves and is registering a new care-of
   address, the foreign agent and the mobile node's home agent must
   have established a mobility security association, and this mobility
   security association may be used for all mobile nodes served by this



Johnson, Myles, Perkins          Expires 28 May 1995           [Page 20]


Internet Draft     Route Optimization in Mobile IP      28 November 1994


   home agent that may register with this foreign agent.  This places
   the foreign agent in a fairly natural relationship with respect to
   the mobile nodes served by this home agent.  For example, these
   mobile nodes may represent different people affiliated with the
   organization owning the home agent and these mobile nodes, which
   may often visit the network served by this foreign agent.  In this
   case, the effort of establishing the necessary mobility security
   association with this home agent may be justified.

   In general, if the movement and communication patterns of a mobile
   node or the group of mobile nodes served by the same home agent are
   sufficient to justify establishing a mobility security association
   with the mobile node's home agent, users or network administrators
   are likely to do so.  Establishing a mobility security association
   is not a requirement to using the protocol, though; if no mobility
   security association has been established, the Mobile IP protocol
   with route optimization behaves the same as the basic Mobile
   IP protocol, and all datagrams destined for a mobile node are
   intercepted by the mobile node's home agent and are then tunneled to
   its current location by the home agent.


5.2. Mobility Security Associations

   For use with route optimization, a mobility security association held
   by a correspondent node or a foreign agent must in general include
   the following parameters:

    -  the authentication type (including algorithm and algorithm mode),
    -  the secret (such as a shared key, or appropriate public/private
       key pair),
    -  the home agent address (defining which mobility security
       association this is), and
    -  an indication of which mobile nodes this mobility security
       association applies to, such as by a netmask for the home agent
       address, or by a list of the individual mobile nodes.

   A mobility security association held by a home agent in general must
   include the following parameters:

    -  the authentication type (including algorithm and algorithm mode),
    -  the secret (such as a shared key, or appropriate public/private
       key pair), and
    -  the address of the node with which it has established this
       mobility security association.






Johnson, Myles, Perkins          Expires 28 May 1995           [Page 21]


Internet Draft     Route Optimization in Mobile IP      28 November 1994


5.3. Using a Master Key at the Home Agent

   Rather than storing each mobility security association that it has
   established with many different correspondent nodes and foreign
   agents, a home agent may manage its mobility security associations so
   that each of them can be generated from a single "master" key.  With
   the master key, the home agent could build a key for any given other
   node by computing the node-specific key as

      MD5(node-address || master-key || node-address)

   where node-address is the IP address of the particular node for which
   the home agent is building a key, and master-key is the single master
   key held by the home agent for all mobility security associations it
   has established with correspondent nodes.  The node-specific key is
   built by computing an MD5 hash over a string consisting of the master
   key with the node-address concatenated as a prefix and as a suffix.

   Using this scheme, when establishing each mobility security
   association, the network administrator managing the home agent
   computes the node-specific key and communicates this key to the
   network administrator of the other node through some "secure"
   channel, such as over the telephone.  The mobility security
   association is configured at this other node in the same way as any
   mobility security association.  At the home agent, though, no record
   need be kept that this key has been given out.  The home agent need
   only be configured to know that this scheme is in use for all of its
   mobility security associations.

   When the home agent then needs a mobility security association as
   part of the route optimization protocol, it builds the node-specific
   key based on the master key and the IP address of the other node with
   which it is attempting to authenticate.  If the other node knows
   the correct node-specific key, the authentication will succeed;
   otherwise, it will fail as it should.
















Johnson, Myles, Perkins          Expires 28 May 1995           [Page 22]


Internet Draft     Route Optimization in Mobile IP      28 November 1994


6. Location Cache Considerations

   (This section is incomplete, but will contain a detailed description
   of the data structures and procedures related to managing a location
   cache.)


6.1. Cache Management

   LRU

   Avoiding thrashing

   Refreshing location cache entries:  Binding Inquire and Binding
   Update


6.2. Receiving Binding Advice Messages

   Binding Inquire and Binding Update


6.3. Receiving Binding Update Messages

   authenticating, building cache entry


























Johnson, Myles, Perkins          Expires 28 May 1995           [Page 23]


Internet Draft     Route Optimization in Mobile IP      28 November 1994


7. Home Agent Considerations

   (This section is incomplete, but will contain a detailed description
   of the data structures maintained by a home agent and the route
   optimization procedures from the point of view of a home agent.)


7.1. Tunneling Datagrams

   Sending Binding Update messages

   A home agent must provide some mechanism to limit the rate at which
   it sends Binding Update messages to to the same node about any given
   mobility binding, after tunneling a datagram intercepted on the home
   network.


7.2. Receiving Binding Inquire Messages

































Johnson, Myles, Perkins          Expires 28 May 1995           [Page 24]


Internet Draft     Route Optimization in Mobile IP      28 November 1994


8. Foreign Agent Considerations

   (This section is incomplete, but will contain a detailed description
   of the data structures maintained by a foreign agent and the route
   optimization procedures from the point of view of a foreign agent.)


8.1. Previous Foreign Agent Notification

   sending binding update on behalf of mobile node

   when receive, change to cache, ack

   how to make cache when notified


8.2. Receiving Tunneled Datagrams

   Don't send binding advice if tunneled from home agent; the foreign
   agent knows the home agent address from registration and thus can
   recognize datagrams tunneled from the home agent

   A foreign agent must provide some mechanism to limit the rate at
   which it sends Binding Advice messages about any giving mobility
   binding.


























Johnson, Myles, Perkins          Expires 28 May 1995           [Page 25]


Internet Draft     Route Optimization in Mobile IP      28 November 1994


9. Mobile Node Considerations

   (This section is incomplete, but will contain a detailed description
   of the data structures maintained by a mobile node and the route
   optimization procedures from the point of view of a mobile node.)


9.1. Previous Foreign Agent List

9.2. Previous Foreign Agent Notification

   extension in registration, manage own retransmissions

   periodically retransmit to each foreign agent in previous foreign
   agent list

   need to add status code or bit to Registration Reply from foreign
   agent

































Johnson, Myles, Perkins          Expires 28 May 1995           [Page 26]


Internet Draft     Route Optimization in Mobile IP      28 November 1994


References

   [1] Ralph Droms.  Dynamic Host Configuration Protocol.  Internet
       Request For Comments RFC 1541, October 1993.

   [2] Charles Perkins, editor.  IP mobility support.  Internet Draft,
       October 1994.  Work in progress.












































Johnson, Myles, Perkins          Expires 28 May 1995           [Page 27]


Internet Draft     Route Optimization in Mobile IP      28 November 1994


Chairs' Addresses

   The working group can be contacted via the current chairs:

   Kannan Alagappan
   ???

   Work:   +1-???-???-????
   Fax:    +1-???-???-????
   E-mail: kannan@emc.com


   Tony Li
   170 W. Tasman Dr.
   San Jose, CA  95134

   Work:   +1-408-526-8186
   Fax:    +1-408-???-????
   E-mail: tli@cisco.com
































Johnson, Myles, Perkins          Expires 28 May 1995           [Page 28]


Internet Draft     Route Optimization in Mobile IP      28 November 1994


Authors' Addresses

   Questions about this document can also be directed to the authors:

   David B. Johnson
   Computer Science Department
   Carnegie Mellon University
   5000 Forbes Avenue
   Pittsburgh, PA  15213-3891

   Phone:  +1-412-268-7399
   Fax:    +1-412-268-5576
   E-mail: dbj@cs.cmu.edu


   Andrew Myles
   Electronics Department
   Macquarie University 2109
   Sydney, Australia

   Phone:  +61-2-8059071
   Fax:    +61-2-8059128
   E-mail: andrewm@mpce.mq.edu.au


   Charles Perkins
   Room J1-A25
   T. J. Watson Research Center
   IBM Corporation
   P. O. Box 218
   Yorktown Heights, NY  10598

   Phone:  +1-914-789-7350
   Fax:    +1-914-784-7007
   E-mail: perk@watson.ibm.com
















Johnson, Myles, Perkins          Expires 28 May 1995           [Page 29]