INTERNET DRAFT Pat R. Calhoun
Category: Standards Track Gabriel Montenegro
Title: draft-ietf-mobileip-reg-tunnel-00.txt Charles E. Perkins
Date: November 1998 Sun Laboratories, Inc.
Mobile IP Regionalized Tunnel Management
Status of this Memo
This document is a submission by the Mobile IP Working Group of the
Internet Engineering Task Force (IETF). Comments should be submitted
to the mobile-ip@smallworks.com mailing list.
Distribution of this memo is unlimited.
This document is an Internet-Draft. Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas,
and its working groups. Note that other groups may also distribute
working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet- Drafts as reference
material or to cite them other than as ``work in progress.''
To view the entire list of current Internet-Drafts, please check the
``1id-abstracts.txt'' listing contained in the Internet-Drafts Shadow
Directories on ftp.is.co.za (Africa), ftp.nordu.net (Northern
Europe), ftp.nis.garr.it (Southern Europe), munnari.oz.au (Pacific
Rim), ftp.ietf.org (US East Coast), or ftp.isi.edu (US West Coast).
Abstract
RFC2002 defines a method for a Mobile Node to be assigned a Home
Agent dynamically through the use of a limited broadcast message.
However, most corporate networks do not allow such packets to
traverse through their firewall, which renders this feature difficult
to use. This draft introduces new entity named the Home Domain
Allocation Agency (HDAA) that can dynamically assign a Home Address
to the Mobile Node. This draft also proposes a method for the HDAA to
assign a dynamic Home Agent to the Mobile Node.
Calhoun, Perkins expires April 1999 [Page 1]
INTERNET DRAFT November 1998
Table of Contents
1.0 Introduction
2.0 Router Discovery Extensions
2.1 PFA IP Address
3.0 Mobile IP Registration Extensions
3.1 Hierarchical Mobility Agent Extension
4.0 Security Considerations
5.0 References
6.0 Acknowledgements
7.0 Chairs' Addresses
8.0 Author's Address
1.0 Introduction
RFC2002 [2] assumes that the Foreign Agent and the Home Agent
interact directly during the registration process. This assumption
creates two problems; first the Mobility Agents can not exist on a
private networks and this does not allow for efficient smooth hand-
off of the Mobile Node between Foreign Agents.
+------------------------------------+
| Private Foreign Network |
| +------+ +------+ +-------+ |
| | MN |---| FA |------| PFA | |
| +------+ +------+ +---+---+ |
| | |
+------------------------------|-----+
+-------|--------+
| | |
| Public Network |
| | |
+-------|--------+
|
+------------------------------|-----+
| Private Home Network | |
| +------+ +---+---+ |
| | HA |------| PHA | |
| +------+ +-------+ |
| |
+------------------------------------+
Figure 1: Proxy Mobility Agents
The figure above depicts the Foreign Agent and the Home Agent on a
private network. The Proxy Foreign Agent (PFA) and the Proxy Home
Agent (PHA) each have one routable address that is accessible from
Calhoun, Perkins expires April 1999 [Page 2]
INTERNET DRAFT November 1998
the public network and one address that resides on the private
network. In order to reach either the FA or the HA from the public
network, the request must be sent through the appropriate Proxy Agent
(PA). In this figure the PHA can be viewed as the HDAA as described
in [4] and [5].
Note that although the figure only shows one level of hierarchy, this
document does not limit the number. It is possible for a complex
network to contain many levels before reaching the Proxy Agent.
The Mobile IP Challenge Draft [5] describes smooth hand-off and how
the short-lived session keys are transferred from one Foreign Agent
to another within a given Administrative Domain. When using
regionalized tunnels, the Foreign Agent's session key generated by
the HDAA belongs to the PFA since this is the only known Mobility
Agent to the HDAA. Since the session key is owned by the PFA, the
Mobility Agent can move from one Foreign Agent to another within the
same foreign network without having to redistribute the session keys.
This of course assumes that all of the foreign agents share some form
of security association.
We will describe the message flow of the Mobile Node's registration
as shown in figure 1. The Foreign Agent announces his presences via
the Router Advertisement message, which includes the PFA's publicly
routable address in the PFA IP Address extension as describe in
section 2.1. Upon receipt of this message the Mobile Node must
determine whether to use the FA or the PFA address. The Router
Advertisement also MUST include the FA's NAI [5], which is used by
the Mobile Node to determine if it is on its home or a foreign
network. If the Mobile Network determines that it is visiting a
foreign network, it MUST use the PFA's IP Address in the care-of-
address field of the Registration Request.
The Mobile Node must then register with the Home Domain, and since it
had determined that it was visiting it MUST use its configured PHA
address in the Registration Request's Home Agent field. The message
is then forwarded to the Foreign Agent, which adds a Hierarchical
Mobility Agent Extension to the message and forwads the request to
the PFA. The PFA must authenticate the message in the Mobile-Foreign
Authentication extension (if present). If the Hierarchical Mobility
Agent extension is present, the PFA must retain the Mobile Node's
current point of attachment and remove the extension from the
request. The PFA then adds the Foreign-Home Authentication extension
to the request and forwards the request to the PHA.
The PHA must authenticate the request from the PFA and determine the
Mobile Node's true Home Agent within the private network. This can be
statically configured on the PHA, or this can be retrieved from an
Calhoun, Perkins expires April 1999 [Page 3]
INTERNET DRAFT November 1998
Authentication, Authorization and Accounting protocol such as [6].
The PHA then adds the Hierarchical Mobility Agent extension to the
Registration Request and forward the request to the Home Agent. The
Home Agent uses the Hierarchical Mobility Agent extension to find the
next Mobility Agent to use in order to contact the Mobile Node. The
Registration Request is processed by the Home Agent as desribed in
[2] and the Registration Reply is forwarded to the PHA. The PHA adds
the necessary Foreign-Home Authentication extension and forwards the
request to the PFA.
The PFA then authenticates the packet and must find the Foreign Agent
within its network to use in order that is serving the Mobile Node.
It uses the information that was in the Hierarchical Mobility Agent
extension of the Registration Request, which it had cached. The PFA
removes the Foreign-Home Authentication extension and forwards the
reply to the Foreign Agent, which hands it off to the Mobile Node.
In the event that the Mobile Node moves to another Foreign Agent
within the same foreign domain, the Mobile Node issues another
Registration Request (similar to the one previously described). The
Foreign Agent will forward this request to the PFA, which will update
the Mobile Node's current point of attachment through the
Hierarchical Mobility Agent extension. The PFA can then issue a
Registration Reply directly to the Mobile Node through the Foreign
Agent.
2.0 Router Discovery Extensions
This section will define the extensions necessary to the Router
Discovery Protocol [7]. The Mobile Node can assume that the Foreign
Agent supports this specification if the extensions in this section
are part of the Router Advertisements.
2.1 PFA IP Address
The PFA IP Address Extension is present in the Router Advertisements
by the Foreign Agent in order to provide the Mobile Node with the
publicly routable address for the Proxy Foreign Agent. The Mobile
Node MUST use this address as the care-of-address in the Registration
Request if the Foreign Agent does not belong to the same
administrative domain. This is known by comparing the domain in the
Foreign Agent's NAI [5] with the Mobile Node's NAI.
The PFA IP Address Extension is defined as follows:
Calhoun, Perkins expires April 1999 [Page 4]
INTERNET DRAFT November 1998
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | PFA IP Address ....
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
PFA IP Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
TDB
Length
4
PFA IP Address
The PFA IP Address field contains the Foreign Domains' Proxy
Foreign Agent's publicly routable address.
3.0 Mobile IP Registration Extensions
This section will define new Mobile IP Registration Extensions that
must be used in order to use the functionality described in this
document.
3.1 Hierarchical Mobility Agent Extension
One or more Hierarchical Mobility Agent Extension MAY be present in
a Registration Request or Reply. If more than one Hierarchical
Mobility Agent Extension is present, the order of these extensions
MUST be maintained through the hierarchy.
When replying with a Registration Reply, the Home Agent MUST
ensure that the order of the Hierarchical Mobility Agent
extensions are reversed from the order found in the Registration
Request.
If the Hierarchical Mobility Agent Extension is present in the
Request, Each foreign agent MUST check to make sure that its
address is Included in the list of tunnel agents. If not, it rejects
the Request with a status code of 70.
Otherwise, the foreign agent makes note of the address of the
next lower-level tunnel agent, for future association with the
mobile node's network address.
Calhoun, Perkins expires April 1999 [Page 5]
INTERNET DRAFT November 1998
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | MA IP Address ....
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
MA IP Address .... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
TDB
Length
4
MA IP Address
The IP Address of the Mobility Agent in the hierarchy.
4.0 Security Considerations
This document proposes methods for Mobility Agents on private
networks to communicate with other agents on public or private
networks. It assumes that any security authentication extensions used
are defined either in [2] or [5].
5.0 References
[1] P. Calhoun, G. Montenegro, C. Perkins, "Tunnel Establishment
Protocol", draft-ietf-mobileip-calhoun-tep-01.txt,
Work in Progress, March 1998.
[2] C. Perkins, Editor. IP Mobility Support. RFC 2002, October
1996.
[3] B. Aboba. "The Network Access Identifier." Internet-Draft,
Work in Progress, August 1997.
[4] P. Calhoun, C. Perkins, "DIAMETER Dynamic Home Address
Allocation",
draft-ietf-mobileip-home-addr-alloc-00.txt, Work in Progress,
November 1998.
[5] P. Calhoun, C. Perkins, "DIAMETER Challenge Extension",
draft-ietf-mobileip-challenge-00.txt, Work in Progress,
Calhoun, Perkins expires April 1999 [Page 6]
INTERNET DRAFT November 1998
November 1998.
[6] P. Calhoun, C. Perkins, "DIAMETER Mobile IP Extension",
draft-calhoun-diameter-mobileip-00.txt, July 1998.
[7] Deering, S., Editor, "ICMP Router Discovery Messages",
RFC 1256, September 1991.
6.0 Acknowledgements
The author would like to thank Vipul Gupta for useful discussions.
7.0 Chairs' Addresses
The working group can be contacted via the current chairs:
Jim Solomon
RedBack Networks
1389 Moffett Park Drive
Sunnyvale, CA 94089-1134
USA
Phone: +1 408 548-3583
Fax: +1 408 548-3599
E-mail: solomon@rback.com
Erik Nordmark
Sun Microsystems, Inc.
901 San Antonio Road
Mailstop UMPK17-202
Mountain View, California 94303
Phone: +1 650 786-5166
Fax: +1 650 786-5896
E-Mail: erik.nordmark@eng.sun.com
8.0 Author's Address
Questions about this memo can be directed to:
Pat R. Calhoun
Network and Security Center
Sun Microsystems Laboratories, Inc.
15 Network Circle
Menlo Park, California, 94025
Calhoun, Perkins expires April 1999 [Page 7]
INTERNET DRAFT November 1998
USA
Phone: 1-650-786-7733
Fax: 1-650-786-6445
E-mail: pat.calhoun@eng.sun.com
Gabriel E. Montenegro
Network and Security Center
Sun Microsystems Laboratories, Inc.
15 Network Circle
Menlo Park, California, 94025
USA
Phone: 1-650-786-6288
Fax: 1-650-786-6445
E-mail: gabriel.montenegro@Eng.Sun.Com
Charles E. Perkins
Network and Security Center
Sun Microsystems Laboratories, Inc.
15 Network Circle
Menlo Park, California, 94025
USA
Phone: 1-650-786-6464
Fax: 1-650-786-6445
E-mail: charles.perkins@eng.sun.com
Calhoun, Perkins expires April 1999 [Page 8]