Mobile IP Working Group Jahanzeb Faizan
Internet-Draft Hesham El-Rewini
Expires: October, 2004 Southern Methodist University
Mohammad Khalil
Nortel Networks
April, 2004
Virtual Home Agent Reliability Protocol (VHAR)
draft-jfaizan-mipv6-vhar-02.txt
Status of this Memo
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that other
groups may also distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at http://
www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on October, 2004.
Copyright Notice
Copyright (C) The Internet Society (2003). All Rights Reserved.
Abstract
Current specifications of Mobile IPv6 does not provide Home Agent
Reliability in the home link. The aim of this draft is to introduce
Virtual Home Agent Reliability Protocol as the solution. In this
protocol multiple Home Agents coexist on the same home link and share
the same Global IP address. Only one of them is active at a time and
serves the Mobile Node. The Home Agent failure and failover
mechanisms are completely transparent to the Mobile Node which is
required for minimal service interruption time. This protocol does
not introduce any new Mobile IPv6 message over the air interface and
thus helps reducing the overall overhead.
Faizan. Expires October, 2004 [Page 1]
Internet-Draft VHAR Protocol April, 2004
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . .. . . . . . . . . . . . . . . . . . . . . . 3
3. Related Work . . . . . . . . . . . . . . . . . . . . . . . . . 5
4. Virtual Home Agent Reliability Protocol Overview . . . . . . . 5
4.1 VHAR Deployment Scenario . . . . . . . . . . . . . . . . .5
4.2 VHAR State Diagram. . . . . . . . . . . . . . . . . . . . 6
4.3 Mobile Node Registration . . . . . . . . . . . . . . . . .8
4.4 VHAR Failure Detection and Recovery . . . . . . . . . . . 9
4.4.1 Active Home Agent Failure . . . . . . . . . . . . .10
4.4.2 Backup Home Agent Failure . . . . . . . . . . . . .12
5. Security Issues in VHAR. . . . . . . . . . . . . . . . . . . .14
5.1 IPsec SAs Synchronization among Home Agents. . . . . . . 14
5.2 Correct Ordering of Binding Updates . . . . . . . . . . .14
6. New ICMP Messages . . . . . . . . . . . . . . . . . . . . . . 15
6.2 Modified Router Advertisement Message. . . . . . . . . . 15
6.3 MN Release Request Message . . . . . . . . . . . . . . . 16
6.4 MN Release Reply Message . . . . . . . . . . . . . . . . 17
6.5 MN Context Update Request Message . . . . . . . . . . . .18
6.6 MN Context Update Reply Message . . . . . . . . . . . . .19
6.7 SP Synch Message . . . . . . . . . . . . . . . . . . . . 20
6.8 SP Reply Message . . . . . . . . . . . . . . . . . . . . 21
6.9 SeqNo Synch Message . . . . . . . . . . . . . . . . . . .22
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 23
8. Security Considerations . . . . . . . . . . . . . . . . . . . 23
References . . . . . . . . . . . . . . . . . . . . . . . . . .23
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . .24
Intellectual Property and Copyright Statements . . . . . . . .24
Acknowledgment . . . . . . . . . . . . . . . . . . . . . . . .25
Faizan. Expires October, 2004 [Page 2]
Internet-Draft VHAR Protocol April, 2004
1. Introduction
Mobile IPv6 [1] is designed to allow a Mobile Node(MN) to change its
point of IP subnet attachment in the Internet at the network or IP
layer. MN is always identified by it Home Address regardless of its
current location. Its mobility is not limited by conventional IP
network boundaries. In Mobile IPv6 system the Home Agent(HA) remains
at conventional IPv6 subnet called the home link and when the MN is
at the home link packets sent to it are routed through conventional
IPv6 [3] routing mechanisms. When the MN is not at home link it
registers its remote point of attachment address called Care-of
Address with the HA. This allows HA to forward packets, addressed to
the MN at its home link, to its current location.
In Mobile IPv6 system, as currently specified, a single HA services
multiple MNs. Mobile IPv6 also allows deployment of multiple HAs on
the same link so that if the serving HA fails then any other HA
on the link can provide service to the MN.
In Mobile IPv6, MN registers and establishes a connection with only
one HA. The MN is reliant on this HA for its connectivity. Thus the
HA represents the possibility of a single point of failure for Mobile
IPv6. A HA may be responsible for multiple MNs on the home link. The
failure of a single HA may then result in the loss of connectivity
for numerous MNs located throughout the Internet. Thus the HA and MN
taken together have a shared fate. A MN cannot afford the loss of its
HA. To overcome this problem Mobile IPv6 allows deployment of
multiple HAs on the home link so that upon the failure of serving HA,
another HA can take over the functions of failed HA and thus provide
continuous service to the MN(s) registered with failed HA. This
transfer of service from the failed HA to a new working HA is
problematic and the current specification of Mobile IPv6 does not
provide solution to these problems. In [7] these problems were
discussed and guidelines for the possible solutions were proposed.
The goal of this draft is to propose "Virtual Home Agent Reliability"
protocol which provides HA Reliability in the Mobile IPv6 networks.
2 Terminology
The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [6].
Following terms are not re-defined. They are included for the
convenience of the readers.
Faizan. Expires October, 2004 [Page 3]
Internet-Draft VHAR Protocol April, 2004
Mobile IPv6
Mobile IP for IPv6 [1]
Mobile Node (MN)
A node that can change its point of attachment from one link
to another, while still being reachable via its home address.
IP
Internet Protocol Version 6 (IPv6).[3]
Home Address
A unicast routable address assigned to a MN, used as the
permanent address of the MN. This address is within the MN's
home link. Standard IP routing mechanisms will deliver
packets destined for a MN's home address to its home
link. MNs can have multiple home addresses, for instance when
there are multiple home prefixes on the home link.
Home Link
The link on which a MN's home subnet prefix is defined.
Home Agent (HA)
A router on a MN's home link with which the MN has registered
its current Care-of address. While the MN is away from home,
the HA intercepts packets on the home link destined to the
MN's home address, encapsulates them, and tunnels them to the
MN's registered Care-of address.
Care-of Address
A unicast routable address associated with a MN while
visiting a foreign link; the subnet prefix of this IP address
is a foreign subnet prefix. Among the multiple
Care-of addresses that a MN may have at any given time (e.g.,
with different subnet prefixes), the one registered with the
MN's HA for a given home address is called its "primary"
Care-of address.
IPsec Security Association
An IPsec security association is a cooperative relationship
formed by the sharing of cryptographic keying material and
associated context. Security associations are simplex. That
is, two security associations are needed to protect
bidirectional traffic between two nodes, one for each
direction.
Home Registration
A registration between the MN and its HA, authorized by the
use of IPsec.
Faizan. Expires October, 2004 [Page 4]
Internet-Draft VHAR Protocol April, 2004
3. Related Work
HAHA [4] protocol provides HA Reliability for Mobile IPv6. In this
protocol multiple HAs are provided over different links and MN has to
register its binding in them. MN selects one of the HAs as its
primary HA. Primary HA or any other HA can tunnel packets from
Correspondant Node to MN. On failure of the primary HA the MN can
switch its service to any other HA on any link. In this protocol the
MN has burden to detect the failure of its primary HA and then
recover from this failure. Since HAs are located at different
physical links to provide service in case of home link failure the MN
has burden of doing multiple Home Registrations. Also the failure of
the primary HA is not transparent to the MN and it is delayed by a
considerable amount of time which results in service interruption and
message overhead. MN also has to re-establish IPsec Security
Associations (SAs) with all the HAs.
4. Virtual Home Agent Reliability Protocol Overview
Virtual HA Reliability Protocol (VHAR) provides HA reliability in the
Mobile IPv6 by introducing some modifications in the operation of
HAs. Except some modifications, the Mobile IPv6 operation remains
unchanged. VHAR uses multiple HAs on the same home link. All the HAs
have different link-local IP addresses but exactly same Global IP
address, referred as Global Home Agent address (modification in
Mobile IPv6). Unlike Mobile IPv6, MN is only aware of the Global Home
Agent address and uses this address as the destination IP address for
the packets destined to its home network. Also the HA send packets to
the MN using the Global Home Agent address as the source IP address.
In short all the communication between the MN and HA is based on the
Global Home Agent address. This provide seamless HA failure and
failover and helps keeping the message overhead and service
interruption time minimized. On the home link all the HAs communicate
with each other using link-local IP addresses according to normal
Mobile IPv6 operation.
4.1 VHAR Deployment Scenario
We will consider a basic deployment scenario where six HAs (HA_1..6)
coexist on the same home link to provide continuous service to the
MN. Currently HA_1 is Active HA and responsible for all the Mobile
IPv6 HA functions.
Faizan. Expires October, 2004 [Page 5]
Internet-Draft VHAR Protocol April, 2004
Foreign Network Home Link
................... ..............................
. . . .
. +----+ . . +-------+ +-------+ .
. |MN | .<==========>. | HA_1 | | HA_4 | .
. | | . . +-------+ +-------+ .
. +----+ . . .
. . . +-------+ +-------+ .
................... . | HA_2 | | HA_5 | .
. +-------+ +-------+ .
. .
. +-------+ +-------+ .
. | HA_3 | | HA_6 | .
. +-------+ +-------+ .
..............................
Figure 1: VHAR Basic Deployment Scenario
4.2 VHAR State Diagram
Unlike Mobile IPv6, each HA on the link could be in one of the
following states.
Active HA
Active HA is the one which is responsible for all the Mobile
IPv6 HA tasks. It owns the Global Home Agent address. There
could be only one Active HA on the link at a particular instance
of time. When any HA becomes Active HA it multicasts Neighbor
Advertisement message on the link with the Target address equal
to Global Home Agent address and Target link layer address equal
to its own link-local IP address. This way the Active HA inform
all the nodes on the link that the Global Home Agent address is
owned by it. As the result packets received by any node with the
destination IP address equal to that of Global Home Agent
address will be forwarded to the Active HA. The Active HA will
send Router Advertisements on the link by setting 'A' bit along
with the 'H' bit.
Backup HA
There are atleast two HAs always exist on the link serving as
the backup for the mobility bindings. They are known as Backup
HAs. They don't perform any HA operation and serves as the IPv6
router. Upon the Active HA failure one of the available Backup
HAs will become Active HA. Each Backup HA will send Router
Advertisements on the link by setting 'B' bit along with the 'H'
bit.
Faizan. Expires October, 2004 [Page 6]
Internet-Draft VHAR Protocol April, 2004
Inactive HA
Inactive HA is the one which is working as IPv6 router and not
performing any HA task. Initially all HAs are Inactive HAs.
Later on except the Active HA and Backup HAs all other HAs on
the link are Inactive HAs. An Inactive HA can be changed to
Backup HA by the Active HA. They send Router Advertisements on
the link by setting the 'H' bit.
+-------------+
| |
| Inactive HA |
| |
+-------------+
| |
1| |2
| | ------
v v | |
+-----------+ +-----------+ |4
| | | | |
| Active HA |<-----| Backup HA |<---
| | 3 | |
+-----------+ +-----------+
Figure 2: VHAR State Diagram
Transition 1
Initially all HAs are Inactive HAs. When the network is launched
one of the HAs becomes Active HA.
Transition 2
When any Inactive HA receives MN Context Update Request Message
from the Active HA it will become Backup HA.
Transition 3
When the Active HA fails, a Backup HA will become Active HA.
Transition 4
When any Backup HA receives MN Context Update Request Message
from the Active HA it will update its Binding Cache.
Faizan. Expires October, 2004 [Page 7]
Internet-Draft VHAR Protocol April, 2004
4.3 Mobile Node Registration
When MN wants to register its Care-of Address, it sends Binding
Update (BU) using the Global Home Agent address as the destination
address. Any node intercepting this BU will check its neighbor cache
[5] and forward it to the Active HA_1 (in our scenario) which MAY
perform Duplicate Address Detection [5] (DaD) to know if the sending
MN is already registered with any other HA on the home link. If it is
registered then the Active HA_1 will send "MN Release Request"
message to the HA which is holding the binding. In response, "MN
Release Reply" message will be send to the Active HA_1 which will
complete the registration according to normal Mobile IPv6 operation.
Active HA_1 will then select two HAs, HA_4 and HA_5 on the link and
send "MN Context Update Request"(MCUR) messages to them. In response
these HAs will become Backup HAs and send "MN Context Update Reply"
(MCURe) messages to the Active HA_1. If the Backup HAs already exist
then the Active HA_1 will send MCUR messages to them directly. Upon
receiving the replies Active HA_1 will send Binding Acknowledgement
(BA) message to the MN.as shown in figure 3 and figure 4..
Foreign Network Home Link
................... .................................
. . . .
. +----+ . BU . +--------+ MCUR +--------+ .
. | |================> . | Active |------->| Backup | .
. | MN | . . | HA_1 |------ | HA_4 | .
. | |<====================+--------+ MCUR | +--------+ .
. +----+ . BA . | .
. . . +--------+ | +--------+ .
................... . | HA_2 | | | Backup | .
. | | ->| HA_5 | .
. +--------+ +--------+ .
. .
. +--------+ +--------+ .
. | HA_3 | | HA_6 | .
. | | | | .
. +--------+ +--------+ .
.................................
Figure 3: VHAR Mobile Node Registration
Faizan. Expires October, 2004 [Page 8]
Internet-Draft VHAR Protocol April, 2004
......................................
MN . HA_1 HA_2 HA_3 HA_4 HA_5 HA_6 . 0. HA_1 is Active HA.
| . | | | | | | .
|===>. | | | | | | . 1. MN sent BU.
| . | | | | | | .
| . |<--------------------------->| . 2. DaD by Active HA_1.
| . | | | | | | . HA_3 has binding.
| . | | | | | | .
| . |---------->| | | | . 3. Active HA_1 sent to
| . | | | | | | . HA_3 MN Release
| . | | | | | | . Request.
| . | | | | | | .
| . |<----------| | | | . 4. HA_3 sent to Active
| . | | | | | | . HA_1 MN Release Reply.
| . | | | | | | .
| . |---------------->| | | . 5. Active HA_1 sent to
| . |---------------------->| | . HA_4 and HA_5 MCURs.
| . | | | | | | .
| . |<----------------| | | . 6. HA_4 and HA_5 replied
| . |<----------------------| | . to Active HA_1 and
| . | | | | | | . became Backup HAs.
| . | | | | | | .
|<======| | | | | | . 7. Active HA_1 sent BA to
| . | | | | | | . the MN.
......................................
Figure 4: VHAR Mobile Node Registration Signal Flow
The above mentioned signal flow indicates that there is only single
Home Registration done by the MN on the home link and still MN's
binding information is stored on three HAs.
4.4 VHAR Failure Detection and Recovery
According to Mobile IPv6 specifications each HA maintains Home Agent
List(HAL) to keep track of all the HAs on the link. VHAR modifies
this HAL by adding a new field called "Status". This Status field
represents the state of the HA which could be Active, Backup or
Inactive. Unsolicited multicast Router Advertisement messages are
sent periodically on the link according to Mobile IPv6. They help
HAs to maintain their HALs. VHAR modifies the Router Advertisement
message by including two flag bits called the 'A' bit (Active HA) and
the 'B' bit (Backup HA). Also currently specified 'H' bit indicates
Inactive HA. Thus each HA on the link knows about the Active HA,
Backup HAs and Inactive HAs on the home link.
When any HA on the link fails all other HAs will not receive Router
Advertisement messages from it and upon timeout they will send
Faizan. Expires October, 2004 [Page 9]
Internet-Draft VHAR Protocol April, 2004
unicast Router Solicitation messages [5] to it in order to confirm
its failure and if they don't receive Router Advertisement message
from it still, they will delete its entry from their HALs.
4.4.1 Active Home Agent Failure
If the failed HA is Active HA then one of the two Backup HAs will
become Active HA and it will start sending Router Advertisements with
the 'A' bit set along with the 'H' bit. It will make, among the
Inactive HAs, a Backup HA by sending MCUR message and receiving MCURe
message in response.
Figure 5 shows the failure of Active HA_1 which results in changing
the status of Backup HA_4 into Active HA_4. The Active HA_4 will then
send MCUR message to the Inactive HA_2 in order to make it as Backup
HA_2 as shown in figure 6
Foreign Network Home Link
................... .................................
. . . \ / .
. +----+ . . +--\---/-+ +--------+ .
. | | . . | Active | | Backup | .
. | MN | . . | HA_1 | | HA_4 | .
. | | . . +----/\--+ +--------+ .
. +----+ . . / \ .
. . . +--------+ +--------+ .
................... . | HA_2 | | Backup | .
. | | | HA_5 | .
. +--------+ +--------+ .
. .
. +--------+ +--------+ .
. | HA_3 | | HA_6 | .
. | | | | .
. +--------+ +--------+ .
.................................
Figure 5: Failure of the Active HA_1
Faizan. Expires October, 2004 [Page 10]
Internet-Draft VHAR Protocol April, 2004
Foreign Network Home Link
................... .................................
. +----+ . . +--------+ .
. | | . . | Active | .
. | MN | . . ----| HA_4 | .
. | | . . MCUR| +--------+ .
. +----+ . . | .
. . . +--------+ | +--------+ .
................... . | Backup | | | Backup | .
. | HA_2 |<-- | HA_5 | .
. +--------+ +--------+ .
. .
. +--------+ +--------+ .
. | HA_3 | | HA_6 | .
. | | | | .
. +--------+ +--------+ .
.................................
Figure 6: Recovery from the failure of the Active HA_1
......................................
MN . HA_1 HA_2 HA_3 HA_4 HA_5 HA_6 .
| . | | | | | | . 0. HA_1 is Active,
| . | | | | | | . HA_4 and HA_5 are
| . | | | | | | . Backup HAs.
| . | | | | | | .
| . |<--------------------------->| . 1. All the HAs
| . | | | | | | . multicast Router
| . | | | | | | . Advertisements.
| . | | | | | | .
| . |--X->| | | | | . 2. Active HA_1 failed.
| . | | | | | | .
| . |<----|-----|-----|-----|-----| . 3. All other HAs unicast
| . | | | | | | . Router Solicitations
| . | | | | | | . to HA_1.
| . | | | | | | .
| . | |<----------| | | . 4. Backup HA_4 became
| . | | | | | | . Active HA_4 and ask
| . | | | | | | . Inactive HA_2 to
| . | | | | | | . become Backup by
| . | | | | | | . sending MCUR
| . | | | | | | .
| . | |---------->| | | . 5. HA_2 replied to the
| . | | | | | | . Active HA_4 and became
| . | | | | | | . Backup HA_2.
......................................
Figure 7: VHAR Active HA Failure Detection and Recovery Signal Flow
Faizan. Expires October, 2004 [Page 11]
Internet-Draft VHAR Protocol April, 2004
4.4.2 Backup Home Agent Failure
VHAR require atleast two Backup HAs always maintained on the home
link. It is unlikely that the both Backup HAs fail at the same time.
There could be more than two Backup HAs but it depends on the
application requirement.
If the failed HA is Backup HA then the Active HA will make an
Inactive HA as another Backup HA by sending MCUR message to it and
receiving MCURe message in response. This newly added Backup HA will
then start sending Router Advertisements by setting the 'B' bit along
with the 'H' bit.
Figure 8 shows the failure of Backup HA_5 as the result of which
Active HA_4 sends MCUR message to Inactive HA_6 in order to make it
as Backup HA_6 as shown in figure 9
Foreign Network Home Link
................... .................................
. . . .
. +----+ . . +--------+ .
. | | . . | Active | .
. | MN | . . | HA_4 | .
. | | . . +--------+ .
. +----+ . . \ / .
. . . +--------+ +\----/--+ .
................... . | Backup | | Backup | .
. | HA_2 | | HA_5 | .
. +--------+ +--/--\--+ .
. / \ .
. +--------+ +--------+ .
. | HA_3 | | HA_6 | .
. | | | | .
. +--------+ +--------+ .
.................................
Figure 8: Failure of the Backup HA_5
Faizan. Expires October, 2004 [Page 12]
Internet-Draft VHAR Protocol April, 2004
Foreign Network Home Link
................... .................................
. . . .
. +----+ . . +--------+ .
. | | . . | Active | .
. | MN | . . | HA_4 | .
. | | . . +--------+ .
. +----+ . . | .
. . . +--------+ | .
................... . | Backup | MCUR | .
. | HA_2 | | .
. +--------+ | .
. V .
. +--------+ +--------+ .
. | HA_3 | | Backup | .
. | | | HA_6 | .
. +--------+ +--------+ .
.................................
Figure 9: Recovery from the failure of the Backup HA_5
......................................
MN . HA_1 HA_2 HA_3 HA_4 HA_5 HA_6 .
| . | | | | | | . 0. HA_4 is Active,
| . | | | | | | . HA_2 and HA_5 are
| . | | | | | | . Backup HAs.
| . | | | | | | .
| . |<--------------------------->| . 1. All the HAs
| . | | | | | | . multicast Router
| . | | | | | | . Advertisements.
| . | | | | | | .
| . | | | |<--X-|--X->| . 2. Backup HA_5 failed.
| . | | | | | | .
| . |-----|-----|-----|---->|<----| . 3. All other HAs unicast
| . | | | | | | . Router Solicitations
| . | | | | | | . to HA_5.
| . | | | | | | .
| . | | | |---------->| . 4. Active HA_4 sent
| . | | | | | | . MCUR to Inactive HA_6
| . | | | | | | . to make it Backup HA_6.
| . | | | | | | .
| . | | | |<----------| . 5. HA_6 sent MCURe to
| . | | | | | | . Active HA_4 and became
| . | | | | | | . Backup HA_6.
......................................
Figure 10: VHAR Backup HA Failure Detection and Recovery Signal Flow
Faizan. Expires October, 2004 [Page 13]
Internet-Draft VHAR Protocol April, 2004
The Signal flows shown above indicate that the failure detection and
recovery mechanism are completely transparent to the MN which is
required to keep the service interruption time minimal. Moreover
there is no operational burden on the MN. All the messages are
exchanged on the home link only. This also helps reducing the message
overhead on the air interface.
5. Security Issues in VHAR
5.1 IPsec SAs Synchronization among Home Agents
As discussed in the HA reliability problem statement draft [7],
re-establishment of IPsec SAs between the MN and the new HA after the
failure of MN's serving HA is problematic. To encounter this problem,
VHAR does not involve MN in this re-establishment of IPsec SAs at
all. This is possible by synchronizing the existing IPsec SAs with
the Backup HAs on the link.
VHAR requires that initially IPsec SAs are always established
dynamically or manually configured in the Active HA which will
synchronize with the Backup HAs. Active HA will send SP Synch message
to the Backup HAs when a new IPsec SA gets established dynamically or
manually configured or any parameter, except Sequence Number Counter
and Anti-reply Window, gets updated or a new Backup HA is assigned by
it as shown in figure 11. The SP Synch message is acknowledged with
SP Reply message. When the Sequence Number and Anti-Reply Window
parameters are changed in the SA Database (SAD) then the Active HA
will send SeqNo Synch message two times to the Backup HAs. This
message is not acknowledged. This is done to minimize the traffic
flow.
.
5.2 Correct Ordering of Binding Updates
During the Home Registration process, the Active HA send MCUR
messages to the Backup HAs which contain complete mobility binding
information including the sequence number. This helps keeping the
sequence number information of binding updates protected in case of
Active HA failure and solves the correct ordering problem.
Faizan. Expires October, 2004 [Page 14]
Internet-Draft VHAR Protocol April, 2004
Foreign Network Home Link
................... .................................
. . . .
. +----+ . . +--------+ SP Synch +--------+ .
. | | . . | Active |--------->| Backup | .
. | MN | . . | HA_1 |------- | HA_4 | .
. | | . . +--------+ | +--------+ .
. +----+ . . SP Synch| .
. . . +--------+ | +--------+ .
................... . | HA_2 | | | Backup | .
. | | -> | HA_5 | .
. +--------+ +--------+ .
. .
. +--------+ +--------+ .
. | HA_3 | | HA_6 | .
. | | | | .
. +--------+ +--------+ .
...................................
Figure 11: VHAR IPsec SA Synchronization
6. New ICMP Messages
6.1 Modified Router Advertisement Message
The Router Advertisement messages as defined in Mobile IPv6 are sent
among HAs to maintain their HALs. The Source and Destination address
fields of the IPv6 header MUST be set to sender's link-local unicast
address and multicast address respectively.
VHAR modifies the format of the Router Advertisement message by the
addition of two flag bits to indicate the status of sending HA. Also
the Reserved field is changed. Router Advertisement message is as
follows:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Cur Hop Limit |M|O|H|A|B|Reser| Router Lifetime |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Reachable Time |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Retrans Timer |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Options ...
+-+-+-+-+-+-+-+-+-+-+-+-
Faizan. Expires October, 2004 [Page 15]
Internet-Draft VHAR Protocol April, 2004
This format represents the following changes over the Router
Advertisement message defined in Mobile IPv6 [1]
Active HA bit (A)
The Active HA bit (A) is set to indicate that the sender of
this message is functioning as Active HA on the link.
Backup HA bit (B)
The Backup HA bit (B) is set to indicate that the sender of
this message is functioning as Backup HA on the link.
Reserved (Reser)
Reduced from a 5-bit field to a 3-bit field to account for
the addition of the above bits.
6.2 MN Release Request Message
The MN Release Request message is sent by the Active HA to another HA
at which MN is currently registered. The purpose of this message is
to request de-registration of the MN's binding at its current HA. The
Source and Destination address fields of the IPv6 header MUST be set
to sender's and receiver's unicast link-local addresses.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identifier | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ +
| |
+ Home Address +
| |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
161 (To Be Assigned by IANA)
Faizan. Expires October, 2004 [Page 16]
Internet-Draft VHAR Protocol April, 2004
Code
0
Checksum
The ICMP checksum [6].
Identifier
An identifier to aid in matching MN Release Reply message to
this MN Release Request message.
Reserved
This field is unused. It MUST be initialized to zero by the
sender and MUST be ignored by the receiver.
Home Address
The Home Address that was contained in the Home Address
destination option of BU.
6.3 MN Release Reply Message
The MN Release Reply message is sent by the current HA of the MN to
the Active HA. The purpose of this message is to confirm the
de-registration of the MN at its current HA. The Source and
Destination address fields of the IPv6 header MUST be set to sender's
and receiver's unicast link-local addresses.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identifier | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
162 (To Be Assigned by IANA)
Code
0
Faizan. Expires October, 2004 [Page 17]
Internet-Draft VHAR Protocol April, 2004
Checksum
The ICMP checksum [6].
Identifier
The identifier from the invoking MN Release Request message.
Reserved
This field is unused. It MUST be initialized to zero by the
sender and MUST be ignored by the receiver.
6.4 MN Context Update Request Message
The MN Context Update Request message is sent by the Active HA to a
Backup HA or an Inactive HA. The purpose of this message is to
request the Backup HA to store the binding of the MN. In case when
the receiver is Inactive HA the purpose of this message is to make it
Backup HA. Source and Destination address fields of the IPv6 header
MUST be set to sender's and receiver's unicast link-local addresses.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identifier | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data..
+-+-+-+-+
Type
163 (To Be Assigned by IANA)
Code
0
Checksum
The ICMP checksum [6].
Identifier
An identifier to aid in matching MN Context Update Reply
message to this MN Context Update Request message.
Faizan. Expires October, 2004 [Page 18]
Internet-Draft VHAR Protocol April, 2004
Reserved
This field is unused. It MUST be initialized to zero by the
sender and MUST be ignored by the receiver.
Data
Data field includes the binding information for a single or
multiple MNs. It has the following format.
Home Address(128 bits), Care-of Address(128-bits),
lifetime(16 bits), Flag(1 bit), Sequence Number(16 bits),
Usage Information(16 bits).
This constitutes complete Binding Cache entry for a single
MN. Data field could be composed of multiple Binding Cache
entries, each separated by a blank. It is terminated by a
terminator
6.5 MN Context Update Reply Message
The MN Context Update Reply message is sent by the Backup HA to the
Active HA. The purpose of this message is to acknowledge the storage
of MN's binding. Source and Destination address fields of the IPv6
header MUST be set to the unicast link-local addresses of the
Backup HA and Active HA respectively.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identifier | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
164 (To Be Assigned by IANA)
Code
0
Checksum
The ICMP checksum [6].
Faizan. Expires October, 2004 [Page 19]
Internet-Draft VHAR Protocol April, 2004
Identifier
The identifier from the invoking MN Context Update Request
message.
Reserved
This field is unused. It MUST be initialized to zero by the
sender and MUST be ignored by the receiver.
6.6 SP Synch Message
The SP Synch message is sent to synchronize the IPsec SAs among the
Active HA and Backup HAs. The Source and Destination address fields
of the IPv6 header MUST be set to sender's and receiver's unicast
link-local addresses.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identifier | Number of SAs |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data...
+-----------+
Type
165 (To Be Assigned by IANA)
Code
0
Checksum
The ICMP checksum [6].
Identifier
An identifier to aid in matching SP Reply message to this SP
Synch message.
Number of SAs
This field represents number of SAs in the Data field.
Faizan. Expires October, 2004 [Page 20]
Internet-Draft VHAR Protocol April, 2004
Data
Data field include single or multiple SAs. Each is of fixed
length. Data field is terminated by a terminator. Each SA
follows the following format.
Direction = 1 bit - (Outgoing =1,Incoming =0)
Protocol = 4 bits - (MH =1, ICMP =2 etc)
Interface = 3 bits - (IPv6 tunnel to Home Agent_1 =1 etc)
IPsec Protocol = 1 bit - (ESP =1, AH =0)
IPsec Mode = 1 bit - (Tunnel =1, Transport =0)
SPI = 32 bits
Source IP Address = 128 bits
Destination IP Address = 128 bits
Sequence Number Counter = 64 bits
Anti-reply Window = 64 bits.
6.7 SP Reply Message
The SP Reply message is sent to acknowledge the SP Synch message. The
Source and Destination address fields of the IPv6 header MUST be set
to sender's and receiver's unicast link-local addresses.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identifier | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
166 (To Be Assigned by IANA)
Code
0
Checksum
The ICMP checksum [6].
Identifier
The identifier from the invoking SP Synch message.
Faizan. Expires October, 2004 [Page 21]
Internet-Draft VHAR Protocol April, 2004
Reserved
This field is unused. It MUST be initialized to zero by the
sender and MUST be ignored by the receiver.
6.8 SeqNo Synch Message
The SeqNo Synch message is sent to synchronize the IPsec SA's
Sequence Number and Anti-reply Window information among the
Active HA and Backup HAs. The Source and Destination address fields
of the IPv6 header MUST be set to sender's and receiver's unicast
link-local addresses.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| SPI |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ Sequence Number +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ Anti-reply Window +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
167 (To Be Assigned by IANA)
Code
0
Checksum
The ICMP checksum [6].
SPI
SPI is included for IPsec SA lookup in the SAD.
Sequence Number
Sequence Number of the IPsec SA.
Faizan. Expires October, 2004 [Page 22]
Internet-Draft VHAR Protocol April, 2004
Anti-reply Window
Anti-reply Window of the IPsec SA. In case of outgoing IPsec
SA this field is set to zero.
7. IANA Considerations
This document defines four new ICMP messages
- MN Release Request Message
- MN Release Reply Message
- MN Context Update Request Message
- MN Context Update Reply Message
- SP Synch Message
- SP Reply Message
- SeqNo Synch Message
8. Security Considerations
Security Considerations are discussed in section 6 of this draft.
References
[1] Perkins, C., Johnson, D. and J. Arkko, "Mobility Support in
IPv6", draft-ietf-mobileip-ipv6-24 (work in progress), August
2003.
[2] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, April 1997.
[3] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6)
Specification", RFC 2460, December 1998.
[4] Wakikawa, R., Devarapalli, V. and P.Thubert, "Inter Home Agents
Protocol (HAHA)", draft-wakikawa-mip6-nemo-haha-00.txt (work in
progress), October 2003.
[5] Narten, T., Nordmark, E. and W. Simpson, "Neighbor Discovery
for IP Version 6 (IPv6)", RFC 2461, December 1998.
Faizan. Expires October, 2004 [Page 23]
Internet-Draft VHAR Protocol April, 2004
[6] Conta, A. and S. Deering, "Internet Control Message Protocol
(ICMPv6) for the Internet Protocol Version 6 (IPv6)
Specification", RFC 2463, December 1998.
[7] Faizan, J., El-Rewini, H. and M.Khalil, "Problem Statement:Home
Agent Reliability", draft-jfaizan-mipv6-ha-reliability-01.txt
(work in progress), February 2004.
[8] Faizan, J., El-Rewini, H. and M.Khalil, "Virtual Home Agent
Reliability Protocol (VHAR)", draft-jfaizan-mipv6-vhar-01.txt
(work in progress), February 2004.
Authors' Addresses
Jahanzeb Faizan
Southern Methodist University
Computer Science and Engineering Department.
6425 N Ownby Dr., SIC #300D
Dallas, TX, 75205, USA
Phone +1 214-768-3712, Fax +1 214-768-3085
EMail: jfaizan@smu.edu
Hesham El-Rewini
Southern Methodist University
Computer Science and Engineering Department.
6425 N Ownby Dr., SIC #306C
Dallas, TX, 75205, USA
Phone +1 214-768-3278, Fax +1 214-768-3085
EMail: rewini@engr.smu.edu
Mohammad Khalil
Nortel Networks
Richardson, TX, USA
Phone: +1 972-685-0564
EMail: mkhalil@nortelnetworks
Intellectual Property Statement
The IETF takes no position regarding the validity or scope of any
intellectual property or other rights that might be claimed to
pertain to the implementation or use of the technology described in
Faizan. Expires October, 2004 [Page 24]
Internet-Draft VHAR Protocol April, 2004
this document or the extent to which any license under such rights
might or might not be available; neither does it represent that it
has made any effort to identify any such rights. Information on the
IETF's procedures with respect to rights in standards-track and
standards-related documentation can be found in BCP-11. Copies of
claims of rights made available for publication and any assurances of
licenses to be made available, or the result of an attempt made to
obtain a general license or permission for the use of such
proprietary rights by implementers or users of this specification can
be obtained from the IETF Secretariat.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
Full Copyright Statement
Copyright (C) The Internet Society (2003). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assignees.
This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Acknowledgment
Funding for the RFC Editor function is currently provided by the
Internet Society.
Faizan. Expires October, 2004 [Page 25]