Seamoby Working Group Rajeev Koodli
INTERNET DRAFT Charles E. Perkins
30 August 2002 Communication Systems Laboratory
Nokia Research Center
A Context Transfer Protocol for Seamless Mobility
draft-koodli-seamoby-ct-04.txt
Status of This Memo
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at
any time. It is inappropriate to use Internet- Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at:
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at:
http://www.ietf.org/shadow.html.
This memo provides information for the Internet community. This memo
does not specify an Internet standard of any kind. Distribution of
this memo is unlimited.
Abstract
Mobile nodes enhance the performance of their connections
across wireless media by establishing various kinds of state
(context), in order to use the available bandwidth securely and
economically. During handover from one access router to another, a
bandwidth-constrained mobile node needs to have state information
passed from the previous router to the new one. This document
proposes a framework for control structures that enable authorized
context transfers. We demonstrate how the proposed framework could
be applied during handovers so that the applications running on
the mobile node could operate with minimal disruption, by reducing
latency and packet losses.
Koodli, Perkins Expires 1 March 2003 [Page i]
Internet Draft Context Transfers 30 August 2002
Contents
Status of This Memo i
Abstract i
1. Introduction 3
2. Terminology 4
3. Background 5
4. Protocol Overview 7
5. Protocol Messages and Message Formats 10
5.1. Context Transfer Initiate (CTIN) Message . . . . . . . . 11
5.2. Context Transfer Initiate Ack (CTIN-Ack) Message . . . . 13
5.3. Context Transfer Request (CT-Req) Message . . . . . . . . 14
5.4. Context Transfer Reply (CT-Rep) Message . . . . . . . . . 16
5.5. Predictive Context Transfer (PCT) Message . . . . . . . . 17
5.6. Context Transfer Reply Acknowledgment (CT-Ack) Message . 19
6. Protocol Behavior with IP Handovers 20
6.1. Basic Handover Signaling . . . . . . . . . . . . . . . . 21
6.2. Fast Handover Signaling . . . . . . . . . . . . . . . . . 21
7. Transport Considerations 23
7.1. ICMP . . . . . . . . . . . . . . . . . . . . . . . . . . 23
7.2. SCTP . . . . . . . . . . . . . . . . . . . . . . . . . . 24
8. Configurable Parameters 26
9. Security Considerations 26
10. IANA Considerations 26
11. Comparison with the Requirements 27
11.1. General Requirements . . . . . . . . . . . . . . . . . . 27
11.2. Protocol Requirements . . . . . . . . . . . . . . . . . . 29
11.3. Transport Reliability . . . . . . . . . . . . . . . . . . 30
11.4. Security . . . . . . . . . . . . . . . . . . . . . . . . 30
11.5. Timing Requirements . . . . . . . . . . . . . . . . . . . 31
11.6. Context Update and Synchronization . . . . . . . . . . . 32
11.7. Interworking with handover mechanisms . . . . . . . . . . 32
11.8. Partial Handover . . . . . . . . . . . . . . . . . . . . 33
Koodli, Perkins Expires 1 March 2003 [Page 1]
Internet Draft Context Transfers 30 August 2002
Addresses 35
Koodli, Perkins Expires 1 March 2003 [Page 2]
Internet Draft Context Transfers 30 August 2002
1. Introduction
Access Routers typically establish state in order to effect
certain forwarding treatments to packet streams belonging to nodes
sharing the access router. For instance, an access router may
establish a AAA session state and a QoS state for a node's packet
streams. When the link connecting the node and the access router is
bandwidth-constrained, the access router typically also maintains
header compression state. When such a node moves to a different
access router, this state or context relocation during handover
provides many important benefits, including
- seamless operation of application streams. The handover node
(i.e., the Mobile Node) does not need to re-establish its
contexts at the new access router
- performance benefits. When contexts need to be re-established,
performance of transport protocols would suffer until the
contexts are in place. For instance, when the required QoS state
is not present, a stream's packets would not receive the desired
per-hop behavior treatment, subjecting them to higher likelihood
of unacceptable delays and packet losses.
- bandwidth savings. Re-establishing multiple contexts over an
expensive, low-speed link can be avoided by relocating contexts
over a potentially higher-speed wire.
- Reduced susceptibility to errors, since much more of the protocol
operates over reliable networks, replacing renegotiations over a
potentially error-prone link.
In [7], a detailed description of motivation, the need and benefits
of context transfer are outlined. In this document, we describe a
generic context transfer protocol which provides
- representation for feature contexts
- messages to initiate and authorize context transfer, and notify a
MN of the status of the transfer, and
- messages for transferring contexts prior to, during and after
handovers
The protocol is transport and IP version independent. We show how it
can be carried using ICMP and SCTP. The protocol can carry both IPv4
and IPv6 contexts.
The proposed protocol is designed to work in conjunction with other
[seamoby] and [mobile-ip] protocols in order to provide ``seamless
Koodli, Perkins Expires 1 March 2003 [Page 3]
Internet Draft Context Transfers 30 August 2002
mobility''. For example, the messages defined in this protocol are
closely synchronized with Mobile IP fast handover protocols [5]
to achieve improved handover results. Furthermore, the proposed
protocol would make use of the Candidate Access Router selection
protocol [12] to obtain the IP address of the target router to which
the MN will attach to during handover. The protocol described here
satisfies the requirements set forth in [11] in Section 11.
2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", "OPTIONAL", and
"silently ignore" in this document are to be interpreted as described
in RFC 2119 [1].
We define the following terms for use in this document. We also use
Figure 1 as the basis for our handover discussion.
CPT Context Profile Type: a general way to lay out context
parameters, which constitute a particular context, for
use when describing various feature contexts.
ICMP Internet Control Message Protocol
IP Access Address
An IP address used for routing packets to a mobile node
while it is attached to an access network.
Microflow A communication stream of related packets, considered as
a separable and identifiable sequence of packets within
the entire aggregate data communications between two
endpoints.
New Access Router (NAR)
The router to which the MN attaches after handover
Predictive Same as proactive.
Previous Access Router (PAR)
The MN's default router prior to handover
New access address (Naddr) The IP Access address of the Mobile
Node (MN) when attached to the link served by the New
Router
Previous access address (Paddr)
The IP Access Address of the Mobile Node (MN) when
attached to the link served by the Previous Router
Koodli, Perkins Expires 1 March 2003 [Page 4]
Internet Draft Context Transfers 30 August 2002
v +------------+
+-+ | Previous | <
| | ---------- | Router | ------ > ----\
+-+ | (PAR) | < \
MN | | \
| +------------+ +---------------+
| ^ IP | Correspondent |
| | Network | Node |
V | +---------------+
v /
v +------------+ /
+-+ | New | < /
| | ---------- | Router | ------ > ----/
+-+ | (NAR) | <
MN | |
+------------+
Figure 1: Reference Scenario for Handover
3. Background
There may be multiple features associated with each unidirectional
packet stream (also known as a microflow). Examples are QoS,
security and header compression. Note that each feature itself
may be supported by multiple, co-existing mechanisms, for various
microflows. As an example, a header compression feature may
have separate contexts for IPv6/UDP/RTP and IPv6/TCP compression
mechanisms at the same router. Generally, a feature context
typically needs to identify and refer to the mechanism for which its
state is relevant. One or more feature contexts may belong to a
microflow context, and contexts for several features together form
the overall context for a mobile node. This overall context may also
include contexts that are not microflow-specific; for example, it may
include session-specific contexts such as AAA state. The context
hierarchy, consistent with the nomenclature in [7], is illustrated in
Figure 2 (where feature realizations through one or more mechanisms
are not shown for clarity). This hierarchy indicates the need for a
representation that organizes the diversity of features and feature
realizations. It is also clear from Figure 2 that a feature context
is the unit of data representation for context transfer purposes.
A context transfer protocol operates along with other protocols to
enhance handover experience. One such important protocol is IP
Koodli, Perkins Expires 1 March 2003 [Page 5]
Internet Draft Context Transfers 30 August 2002
+--------------+
| |
| Context |
| |
| |
+--------------+
|
|
+-----------------------------------------+
| | |
+------------+ +------------+ +------------+
| | | | | |
|Microflow-1 | |Microflow-2 | ... |Microflow-n |
| context | | context | | context |
| | | | | |
+------------+ +------------+ +------------+
| | |
+----------+ +----------------+
| | | |
| Feature | +----------+ +----------+
|context X | | | | |
| | | Feature | | Feature |
+----------+ |context Y | |context X |
| | | |
+----------+ +----------+
Figure 2: Context Hierarchy for a Mobile Node
handover protocol which establishes a routing path to the mobile
node's new location, allowing the MN to send and receive IP packets,
including the packets that make up its identified microflows.
As soon as IP connectivity is available, a MN can resume packet
transmission and reception. Each microflow needs to be treated
with appropriate contexts to ensure smooth continuation of the MN's
packet streams. In some networks, an access router may require
authentication from the MN before making connectivity available.
In such networks, the MN's new access router needs appropriate
context to avoid reinitiating time-consuming elaborate authentication
protocol operations.
Context transfer with respect to handover is complementary and very
natural; handover establishes IP connectivity (a routing issue),
while context transfer allows uninterrupted connectivity and smooth
operation of packet streams (a transport issue). Since routing
Koodli, Perkins Expires 1 March 2003 [Page 6]
Internet Draft Context Transfers 30 August 2002
and transport issues are closely related, handover and context
transfer must also interwork closely. If handover fails due to
context transfer protocol, connectivity cannot be established. On
the other hand, if contexts cannot be relocated, they can always
be re-established. This illustrates that handover is a more basic
operation than context transfer.
A context transfer protocol must be capable of carrying all the
feature contexts relevant to a MN. The protocol message data must
accommodate different feature contexts, and be able to aggregate
multiple such contexts. We propose that message data is structured
according to a ``framework'' for carrying individual feature
contexts. Each individual feature context must define its structure
and format for interpreting the context unambiguously. Successful
processing of transferred contexts must produce a result that is
equally useful as establishing the contexts from first principles,
and, from the point of view of the mobile node, just as if it had
stayed at the previous access router.
4. Protocol Overview
Given the diversity of various features and their associated
contexts (See Figure 2), we propose a simple representation that
provides a generic structure, allowing each feature to define its
own context parameters. We define a Context Profile Type (CPT) as
an object that uniquely identifies the type of a feature context.
An instance of a CPT defines the context parameters associated with
the corresponding feature context to facilitate inter-operability.
For example, a QoS Profile Type (QPT) for Diffserv has to identify
the control parameters associated with the QoS feature, and a Header
Compression Profile Type (HPT) for IPv6 has to identify the IPv6
header compression control parameters. Each instance of a CPT can
also be used as a standard object in feature context requests,
feature negotiation etc, which are beyond the scope of this document.
Nevertheless, each feature context itself then consists of the [CPT,
context parameters] tuple along with some generally useful parameters
(such as a filter that identifies the packet stream).
The Context Transfer protocol typically operates between a source
node and a target node. In the future, there may be multiple target
nodes involved; the protocol described here would work with multiple
target nodes. For simplicity, we describe the protocol assuming a
single receiver or target node.
Typically, the source node is a MN's Previous Access Router (PAR)
and the target node is MN's New Access Router (NAR). We assume
that PAR and NAR share an appropriate security association, set
up independently and prior to context transfer. Any appropriate
Koodli, Perkins Expires 1 March 2003 [Page 7]
Internet Draft Context Transfers 30 August 2002
mechanism may be used in setting up this security association; it
enables the CT peers to utilize a secure channel for transferring
contexts, providing authentication, integrity, and (if needed)
confidentiality.
There are two messages associated with initiating the context
transfer, and four messages associated with the actual context
transfer protocol. The context transfer protocol messages use
Context Profile Types that identify the relevant feature contexts.
The Context Profile Types (CPTs) are standard identifiers (with
IANA Type Numbers) that allow a node to unambiguously determine the
type of context and the context parameters present in the protocol
messages. In addition to the CPT, each message contains a list of
feature contexts each in (Type, Length) format, as well as any IP
addresses necessary to associate the contexts to a particular MN. The
context transfer initiation messages contain parameters that identify
the source and target nodes, the desired list of feature contexts and
IP addresses to identify the contexts. Some of the messages contain
an appropriate token to authorize context transfer.
The Previous Access Router transfers feature contexts under two
general scenarios. First, it may receive a Context Transfer Initiate
(CTIN) message from a trusted entity, which could be the MN whose
feature contexts are to be transferred, a network server overseeing
the MN's handover, or an internally generated trigger (e.g., a
link-layer trigger on the interface to which the MN is connected),
etc. The CTIN message, described in Section 5.1, provides the IP
address of NAR, the IP address of MN on PAR, the list of feature
contexts to be transferred (by default requesting all contexts to
be transferred), and a token authorizing the transfer. It also
includes the MN's new IP address (valid on NAR) whenever it is known.
In response to a CTIN message, PAR transmits a Predictive Context
Transfer (PCT) message that contains feature contexts. The PCT
message, described in Section 5.5, contains the MN's previous IP
address and its new IP address (whenever known). It also includes a
key, and an indication to use a particular algorithm to assist NAR in
computing a token that it could use to check authorization prior to
making the contexts available to the MN.
In the second scenario, PAR receives a Context Transfer Request
(``CT-Req'', described in Section 5.3), message from NAR. In the
CT-Req message, NAR supplies the MN's previous IP address, the
feature contexts to be transferred, and a token (typically generated
by the MN) authorizing context transfer. In response to CT-Req
message, PAR transmits a Context Transfer Reply (CT-Rep) message that
includes the MN's previous IP address and feature contexts. In this
``reactive'' transfer of contexts, PAR verifies authorization token
before transmitting the contexts, and hence does not include the key
and the name of algorithm in CT-Rep message.
Koodli, Perkins Expires 1 March 2003 [Page 8]
Internet Draft Context Transfers 30 August 2002
When context transfer takes place without NAR requesting it (scenario
one above), NAR should require MN to present its authorization
token. Doing this locally at NAR when the MN attaches to it improves
performance, since the contexts may already be present. When context
transfer happens with an explicit request from NAR (scenario two
above), PAR performs such a verification since the contexts are still
present at PAR. In either case, token verification takes place at the
node possessing the contexts.
The New Access Router requests feature contexts when it receives
a CTIN message from, for instance a newly attached MN, a server
overseeing the handover of MN, or a link-layer indication from the
interface to which the MN attaches to. In response to the CTIN
message, NAR generates a CT-Req message to PAR. When it receives
a corresponding CT-Rep message, NAR may generate a CT-Ack message
(See Section 5.6) to report the status of processing the received
contexts.
The node that receives a CTIN message may reply back with Context
Transfer Initiate Ack (CTIN-Ack) message. This message is intended
to report the status resulting from processing the CTIN message.
Furthermore, this message is used to notify the MN if there are
changes to certain feature contexts as a result of context transfer.
The CTIN-Ack message is described in Section 5.2.
Performing context transfer in advance of the MN attaching to NAR
clearly has potential for better performance. For this to take
place, certain conditions must be met. For example, PAR must have
sufficient time and knowledge about the impending handover. This is
feasible for instance in Mobile IP fast handovers; we describe how
in Section 6.2. However, when the advance knowledge of impending
handover is not available, or if a mechanism such as fast handover
fails, retrieving feature contexts after the MN attaches to NAR
is the only available means for context transfer. Performing
context transfer after handover might still better than having to
re-establish all the contexts from scratch. We describe this type
of context transfer that can be employed in conjunction with basic
Mobile IP further in Section 6.1. Finally, some contexts may simply
need to be transferred during handover signaling. For instance,
any context that gets updated on a per-packet basis must clearly be
transferred only after packet forwarding to the MN on its previous
link is terminated. Transfer of such contexts must be properly
synchronized with appropriate handover messages, such as Mobile IP
(Fast) Binding Update. We describe this in Section 6.2.
The context transfer protocol messages described in this document
provide the basic structure necessary for context transfer to work
with other mechanisms, most notably IP handovers. The messages
can carry either IPv4 contexts or IPv6 contexts or both kinds of
Koodli, Perkins Expires 1 March 2003 [Page 9]
Internet Draft Context Transfers 30 August 2002
contexts. The messages are transport protocol independent; we show
how they can be formulated with ICMP or SCTP as examples. They work
just as well with IPv4 and IPv6, as long as the relevant address
fields are sized appropriately.
5. Protocol Messages and Message Formats
In this document, we propose the following messages.
1. Context Transfer Request (CT-Req). A node uses this message to
request feature contexts from another node.
2. Context Transfer Reply (CT-Rep). A node uses this message to
respond to Context Transfer Request or CT-Req message.
3. Predictive Context Transfer (PCT). A node uses this message to
transfer feature contexts without having the CT-Req message
received.
4. Context Transfer Acknowledgment (CT-Ack). A node uses this
message to report status after processing either CT-Rep or PCT
messages. This message is not mandatory.
These messages can be carried over appropriate transport protocol;
we describe ICMP and SCTP as specific examples. See Sections 7.1
and 7.2. The messages can carry IPv4 or IPv6 or both types of
contexts (for dual stack nodes for example). These messages are
also IP version independent, i.e., they work with IPv4 and IPv6.
Furthermore, these messages are independent of the IP version used in
interconnecting the access routers.
In addition to the above messages, we define the following which may
be used to initiate context transfer.
1. Context Transfer Initiate (CTIN) Message. This message serves
as a general-purpose trigger to initiate context transfer. In
response to this message, either CT-Req or PCT messages could be
transmitted.
2. Context Transfer Initiate Ack (CTIN-Ack) Message. This message
is an acknowledgment to CTIN message. This message does not
always have to occur after CTIN. However, when CTIN contains
request for specific feature context transfer, such a request may
require an acknowledgment; in those cases, CTIN-Ack would not be
optional.
Koodli, Perkins Expires 1 March 2003 [Page 10]
Internet Draft Context Transfers 30 August 2002
We first explain the CTIN and CTIN-Ack messages. Note, however, that
in some systems these messages may not be needed, if other triggers
are available to initiate context transfer.
5.1. Context Transfer Initiate (CTIN) Message
The CTIN message contains feature context transfer requests. Each
feature context request is represented in the ``Type, Length, Value''
(TLV) format as a suboption to the CTIN message. The envelope of
these suboptions is prefixed by some fields that are generally
expected to be useful for all suboptions. Finally, this message
contains a token representing the authorization to effect context
transfers.
The CTIN message can be used either by a MN or by some other entity
to initiate context transfer. The message may be generated in
response to specific events such as a link-layer trigger indicating
handover, discovery of a new default router by MN etc. When CTIN is
delivered to the source of the context transfer, the message contains
the new IP addresses of the MN and its New Access Router. When this
message is delivered to the target of the context transfer, the
message contains the previous IP addresses of the MN and its Previous
Access Router. In either case, the authorization token is intended
for the node that currently possesses the feature contexts. For
instance, when CTIN arrives, NAR could verify the authorization token
if it already possesses the feature contexts. When CTIN arrives,
but NAR does not yet possess feature contexts, then NAR includes the
authorization token in CT-Req message for PAR to perform verification
of the authorization token. We rely on a secured data path between
PAR and NAR to insure integrity of the CT-Rep.
The node receiving the CTIN message MAY respond using CTIN-Ack
message. A MN however, must be able to operate its microflows
without necessarily having to wait for the CTIN-Ack message.
The format of CTIN message is shown in Figure 3.
Koodli, Perkins Expires 1 March 2003 [Page 11]
Internet Draft Context Transfers 30 August 2002
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type=CTIN | Length | V |T| Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Previous (New) IP Access Address of MN
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Previous (New) Router Address
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Sub-Option Type| Sub-Option Len| CT Data for Target Router...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|SOType = Auth | Sub-Option Len| Reserved | Replay |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 32-bit Authorization Token |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Sub-Option Type| Sub-Option Len| CT Data for Source Router...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 3: Context Transfer Initiate (CTIN) Message Format
Option Type Context Transfer Initiate (CTIN).
Option Length Variable
Reserved Reserved for future use. Must be set to zero
by the MN.
`V' bits When set to `00', indicate presence of IPv6
Previous (New) address only.
When set to `01' indicate presence of IPv4
Previous (New) Address only.
When set to `10' indicate presence of both
IPv6 and IPv4 Previous (New) addresses.
`T' bit When set to 1 (one), indicates that suboptions
for the target node of CT are present.
Replay A value used to make sure that each use of the
CTIN message is uniquely identifiable.
Authorization Token
An unforgeable value calculated as discussed
below. This authorizes the receiver of CTIN
to perform context transfer.
Koodli, Perkins Expires 1 March 2003 [Page 12]
Internet Draft Context Transfers 30 August 2002
Suboptions Feature suboptions requesting context transfer
included as selected by the requesting node.
A default suboption could include request
for all contexts present. Each suboption
corresponds to one feature context, and is
assigned a unique integer value. So, for each
IP address listed, a maximum of 255 feature
contexts can be requested for transfer. Each
feature context defines its own parameters in
the data field.
These requests are typically meant for the
node possessing the feature contexts. In
some cases however, the node that would be
receiving the feature contexts may be supplied
with additional information to process
feature contexts. In order to facilitate this
programmability, an option is made available
for suboptions addressed to the target node of
context transfer.
In order to make sure that contexts are not transferred or lost
in response to a malicious request, authorization is required for
the context transfer request. The Authorization Token (Auth) is
calculated as follows:
Auth = HMAC (Key, input_data) mod 2^32
where HMAC (Key, Data) is defined (see RFC 2104 [6] for details)
roughly as follows:
HMAC (Key, Data) = MD5 (Key, MD5 (Key || Data))
and MD5 is defined as given in RFC 1321 [9]. The input_data is
defined as follows:
input_data = CT_features || Replay || Paddr
where CT_features includes all the feature suboption data to the node
possessing MN's feature contexts, and Paddr is the mobile node's IP
access address while attached to the network served by PAR. When all
the contexts are already present at the New Access Router, the New
Access Router itself can verify authorization token if it has the
session key (and the knowledge of the algorithm) used in computing
the token.
5.2. Context Transfer Initiate Ack (CTIN-Ack) Message
A CT node receiving the CTIN message MAY respond to the sender of the
CTIN message with CTIN-Ack message. As an example, if NAR receives
CTIN from the MN, it MAY send a CTIN-Ack message to MN containing
status reports for each relevant feature for which context transfer
Koodli, Perkins Expires 1 March 2003 [Page 13]
Internet Draft Context Transfers 30 August 2002
was requested. However, unless a failure has occurred, or else
otherwise required by a specific feature, CTIN-Ack is optional.
On the other hand, the mobile node MUST be prepared to process a
CTIN-Ack even when no error has occurred. The format of CTIN-Ack
message is shown in Figure 4.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type=CTIN | Length | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Sub-Option Type| Sub-Option Len|Response from receiver of CTIN..
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 4: Context Transfer Initiate Acknowledgment
(CTIN-Ack) Message Format
5.3. Context Transfer Request (CT-Req) Message
A MN's New Access Router (NAR) sends this message to retrieve feature
contexts from the MN's Previous Access Router (PAR). The message
contains the MN's IP address on PAR and optionally a token from the
MN authorizing the transfer of contexts. The authorization token
allows PAR to verify if context transfer was actually authorized by
the MN. The format of CT-Req message is shown in 5.
The IP header contains NAR as the Source Address, and PAR as the
Destination Address. These can be either IPv4 of IPv6 addresses.
Option Type Context Transfer Request (CT-Req)
Option Length Variable
Reserved Reserved for future use, set to zero by New
Router.
Previous IP Address The MN's IP (IPv4 or IPv6 or both) address
valid on Previous Router. This address is used as
a key in retrieving the MN's feature contexts.
`V' bits When set to `00', indicate presence of IPv6
Previous address only.
When set to `01' indicate presence of IPv4
Previous Address only.
When set to `10' indicate presence of both IPv6
Koodli, Perkins Expires 1 March 2003 [Page 14]
Internet Draft Context Transfers 30 August 2002
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type=CTREQ | Length | V | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Previous IP Address of MN (Paddr) ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| New IP Address of MN (Naddr) ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Suboption Type| Subopt.Length | Context Profile Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Context Transfer Options Data...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Additional context transfer suboptions as needed...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|SuboptType=Auth| Ctxt Length | Reserved | Replay |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 32-bit Authorization Token from MN |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 5: Context Transfer Request (CT-Req) Message Format
and IPv4 Previous addresses.
Context Transfer Options Data (optional)
Feature context requests included as selected
by the mobile node and the New Router, in the
order specified. These are encoded in Sub-Option
Type and Sub-Option Length format, as in the
structure of CTIN message (See Figure 3). These
are present in the non default scenarios. Each
feature context, following the Context Profile
Type, supplies its own data which could include
parameters that identify the microflow.
Context Profile Type (CPT)
This is a standard identifier for the type of
context whose transfer is desired. Each CPT is
assigned an IANA type number.
Koodli, Perkins Expires 1 March 2003 [Page 15]
Internet Draft Context Transfers 30 August 2002
Replay A value used to make sure that each context
transfer request by the MN is uniquely
identifiable.
Authorization Token
An unforgeable value calculated as discussed
in 5.1.
5.4. Context Transfer Reply (CT-Rep) Message
The MN's Previous Access Router uses this message to respond to
CT-Req message. In this message, providing CT-Req processing is
successful, PAR transmits the requested feature contexts matching the
MN's previous IP address(es). Each feature context is formatted in
the TLV format, and the context data is preceded by a corresponding
Context Profile Type. The format of CT-Rep message is shown in
Figure 6.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type=CTREP | Length | V | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Previous IP Address of MN (Paddr)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Suboption Type| Subopt.Length | Context Profile Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Context Transfer Options Data...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Suboption Type| Subopt.Length | Context Profile Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Context Transfer Options Data...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 6: Context Reply Message Format
Option Type Context Transfer Reply (CT-Rep)
Option Length Variable
Previous IP Address The MN's IP (IPv4 or IPv6) address valid on
Previous Router. This address is used as a key in
retrieving the MN's feature contexts.
Koodli, Perkins Expires 1 March 2003 [Page 16]
Internet Draft Context Transfers 30 August 2002
`V' bits When set to `00', indicate presence of IPv6
Previous address only.
When set to `01' indicate presence of IPv4 Previous
Address only.
When set to `10' indicate presence of both IPv6 and
IPv4 Previous addresses.
Context Profile Type
This is a standard object that identifies the type
of context whose transfer desired. Each CPT is
assigned an IANA type number.
Context Transfer Options Data
Feature contexts (enumerated as suboptions) for
each corresponding suboption present in CT-Req
in the order specified. These are encoded in
Sub-Option Type and Sub-Option Length format, as in
the structure of CTIN message (See Figure 3). When
both IPv4 and IPv6 contexts are present, all the
IPv4 contexts (identified by their respective CPTs)
SHOULD be enumerated before the IPv6 contexts.
Because of retransmissions, the New Router may receive the same
CT-Rep message and suboptions several times as part of the same
seamless handover. Therefore, all context suboptions are required
to be specified in such a way that the effect is the same whether
the New Router receives them one time or several times in a CT-Rep
message as part of the same seamless handover.
5.5. Predictive Context Transfer (PCT) Message
The Previous Access Router uses this message to transfer (typically
all) feature contexts when it has not received a CT-Req message. In
order to do so, PAR must be aware of the New Access Router to which
the MN will attach, and should preferably use this message prior to
the completion of MN's IP connectivity establishment with NAR.
The format of PCT message is similar to that of CT-Rep with the
addition of fields necessary that would allow NAR to verify whether
the MN is authorized to make use of transferred feature contexts.
The Previous Access Router supplies a key and indicates the algorithm
to use in computing a token that NAR could demand from the MN prior
to making the feature contexts available.
Option Type Predictive Context Transfer (PCT)
Option Length Variable
Koodli, Perkins Expires 1 March 2003 [Page 17]
Internet Draft Context Transfers 30 August 2002
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type=PCT | Length | V | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| New IP Address of MN (Naddr)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Previous IP Address of MN (Paddr)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Context Transfer Options Data...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Ctxt Type=Auth | Ctxt Length | Algorithm | Key Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Key...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 7: Predictive Context Transfer Message Format
Previous IP Address The MN's IP (IPv4 or IPv6) address valid on
Previous Router. This address is used as a key in
retrieving the MN's feature contexts.
New IP Address The MN's IP (IPv4 or IPv6) address valid on
New Router. This address is used to update the
received feature contexts.
`V' bits When set to `00', indicate presence of IPv6
Previous address only.
When set to `01' indicate presence of IPv4 Previous
Address only.
When set to `10' indicate presence of both IPv6 and
IPv4 Previous addresses.
Context Profile Type
This is a standard object that identifies the type
of context whose transfer is intended. Each CPT is
assigned an IANA type number.
Context Transfer Options Data
Individual feature contexts in the form of sub
options. These are encoded in Sub-Option Type and
Sub-Option Length format, as in the structure of
CTIN message (See Figure 3). When both IPv4 and
IPv6 contexts are present, all the IPv4 contexts
Koodli, Perkins Expires 1 March 2003 [Page 18]
Internet Draft Context Transfers 30 August 2002
(identified by their respective CPTs) SHOULD be
enumerated before the IPv6 contexts.
Algorithm
8-bit algorithm indication for computing the
Authorization Token (See Section 5.1). Default is
HMAC with MD5.
Key Length
8-bit unsigned integer. The length of the key in
units of 4 octets.
Key Encrypted key. The Key is encrypted using a
pre-existing shared key between the Previous Access
Router and New Access Router.
5.6. Context Transfer Reply Acknowledgment (CT-Ack) Message
The New Access Router MAY use this message to acknowledge receipt of
feature contexts in CT-Rep, and MUST use this message to acknowledge
receipt of feature contexts in PCT message. The format of this
message is shown in Figure 8.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type=CT-Ack | Length | V |S| Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Previous IP Address of MN (Paddr)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Context Transfer Acknowledgment Data...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 8: Context Transfer Reply Ack Message Format
Option Type Context Transfer Reply Ack (CT-Ack).
Option Length Variable
Previous IP Address
The MN's IP (IPv4 or IPv6 or both) address valid on
Previous Router. This address is used as a key in
retrieving the MN's feature contexts.
Koodli, Perkins Expires 1 March 2003 [Page 19]
Internet Draft Context Transfers 30 August 2002
`V' bits When set to `00', indicate presence of IPv6
Previous address only.
When set to `01' indicate presence of IPv4 Previous
Address only.
When set to `10' indicate presence of both IPv6 and
IPv4 Previous addresses.
`S' bit When set to one, this bit indicates that all
the feature contexts sent in CT-Rep or PCT were
received successfully.
Reserved Set to zero.
Context Transfer Options Data
Feature suboptions acknowledgments appropriate
for each suboption present in CT-Rep or PCT. Each
suboption is an 8-bit integer that indicates
an error code corresponding to (successful or
otherwise) receipt of a feature context. The order
of the suboptions must be the same as the order in
which the feature contexts are enumerated in CT-Rep
or PCT message. These suboptions are only present
when the "S" bit is not set to one.
6. Protocol Behavior with IP Handovers
This section specifies the use of protocol messages described in
the previous sections with handover signaling. There are two types
of signaling for context transfer purposes. Sometimes, the context
transfer takes place without being requested by the New Access
Router. In this ``predictive context transfer'' scenario, the
Previous Access Router, perhaps in response to a request from the
mobile node (or some other network entity), transfers contexts to the
New Access Router without explicit request from the latter. Such a
transfer could take place before the mobile node attaches to the New
Router, so that the desired context could be utilized as soon as the
mobile node obtains new IP connectivity. The New Access Router MUST
acknowledge this predictive context transfer, by sending CT-Ack.
Other times, the context transfer takes place as a reaction to
explicit signaling after the MN attaches to its New Router. In this
``reactive context transfer'' case, the New Access Router sends a
CT-req to the Previous Router. This scenario can be considered as an
extension to the basic handover signaling [3]. This also provides a
fallback approach when the fast handover signaling (or the predictive
approach) experiences a failure.
Koodli, Perkins Expires 1 March 2003 [Page 20]
Internet Draft Context Transfers 30 August 2002
6.1. Basic Handover Signaling
Suppose the MN originates the CTIN message after it establishes link
connectivity with NAR. After the mobile node acquires or formulates
a new IP access address, it sends a CTIN message shown in Figure 3
to NAR. When NAR receives this CTIN message, it identifies the
suboptions and constructs a CT-Req message for the Previous Access
Router to request context relocation. In the default case, there
would be no suboptions present, indicating the MN's desire to request
all the contexts. The CT-Req message is described in section 5.3 and
MUST use IPsec AH to assure integrity and authorization.
When the Previous Access Router (PAR) receives the CT-Req message, it
MUST check to see whether it has a security association with NAR. If
so, PAR MUST check for the presence and validity of an Authentication
Option [4]. Then the Previous Access Router MUST check for the
presence and validity of the Authorization Token supplied by
the mobile node to make sure that the context transfer has been
authorized by the mobile node. The Previous Access Router then
constructs a Context Transfer Reply (CT-Rep) message containing the
requested or all feature contexts. These operations are illustrated
in Figure 9.
It is important that context for the mobile node be not destroyed
at the Previous Access Router without authorization. Hence, after
sending the requested state to the New Access Router in the CT-Rep
message, PAR MUST keep the context data for the mobile node intact
for CONTEXT_SAVE_TIME. This allows recovery in case a CT-Rep message
is not received by the router sending the CT-Req message. The
Previous Access Router SHOULD NOT perform garbage collection of
context data until CONTEXT_PURGE_TIME.
6.2. Fast Handover Signaling
In the predictive context transfer scenario, PAR sends a PCT message.
The trigger for this predictive transfer MAY arrive from the mobile
node in a CTIN message. The trigger may also arrive from any other
entity that PAR trusts. See Figure 10.
The PCT message may be embedded in a suitable handover message, such
as the HI message [5] (see sections 7.1, 7.2).
When the New Access Router receives a valid PCT message, it MUST
maintain the contents for at least PRED_CT_TIME, or until it receives
the corresponding CTIN message from the mobile node whichever event
occurs first. In order for the predictive context transfer operation
to be secure, the Previous Access Router MUST have a security
association with the New Access Router, and it MUST include an IPsec
Koodli, Perkins Expires 1 March 2003 [Page 21]
Internet Draft Context Transfers 30 August 2002
+----------+ 2. CT-Req +----------+
| | <--------- | |
| | | |
| PAR |-----------------| NAR |
| | | |
| | ---------> | |
+----------+ 3. CT-Rep +----------+
| ^ |
| | |
~~ 1. CTIN | ~~
|
V V
+-+ +-+
| | movement | |
+-+ -------> +-+
Figure 9: Context Transfer with Basic Handover Signaling
+----------+ 3. CT-Ack +----------+
| | <--------- | |
| | | |
1. CTIN | PAR |-----------------| NAR |
-------> | | | |
| | ---------> | |
+----------+ 2. PCT +----------+
| ^ |
| | |
~~ | ~~
4. CTIN |
V V
+-+ +-+
| | movement | |
+-+ -------> +-+
Figure 10: Context Transfer with Fast Handover Signaling
Authentication Header (AH) in the packet containing the PCT message.
For instance, when the New Access Router receives a HI message with
Koodli, Perkins Expires 1 March 2003 [Page 22]
Internet Draft Context Transfers 30 August 2002
PCT option, it MUST check for the presence and validity of AH using
the security association it has with the Previous Router.
After a NAR has received contexts in PCT, it may not not activate all
necessary contexts until it can verifiably establish the presence
of the MN by processing a CTIN message. The MN SHOULD send a CTIN
message when it connects to NAR in order to present its context
authorization token. The New Access Router MUST compute its own
token using the key supplied in the PCT message and compare it
against that supplied by the MN prior to activating the contexts.
If, due to failure, context is not present at NAR, the CTIN message
triggers context transfer by requiring the New Access Router to send
a CT-Req message.
Subsequent to processing the CTIN message, the New Access Router MAY
send a CTIN-Ack message to the MN. The New Access Router MUST send a
CTIN-Ack if any or all of the feature contexts cannot be established
appropriately.
7. Transport Considerations
7.1. ICMP
The basic ICMP message format is shown in Figure 11.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data ..
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 11: ICMP Message Format
The context transfer protocol messages (CT-Req, CT-Rep, PCT, CT-Ack)
as well as context transfer initiation (CTIN) and notification
(CTIN-Ack) messages are encapsulated within the Data portion.
Appropriate Type and Code values (TBD) are assigned to each message.
For the checksum field, see [2] and [8].
Koodli, Perkins Expires 1 March 2003 [Page 23]
Internet Draft Context Transfers 30 August 2002
7.2. SCTP
We use SCTP Payload Data Chunk to carry the context transfer protocol
messages [10]. The User Data part of each SCTP message contains
an appropriate context transfer protocol message defined in this
document. For instance, the CT-Rep message with all the feature
contexts belonging to a MN is encapsulated within the User Data part
of an SCTP message. In general, each SCTP message can carry feature
contexts belonging to any MN.
We propose a single stream for context transfer without in-sequence
delivery of SCTP messages. Each message, unless fragmented,
corresponds to a disparate MN's feature context. A single stream
provides simplicity. Having un-ordered delivery allows the receiver
to not block for in-sequence delivery of messages that belong to
different Mobile Nodes. The Payload Protocol Identifier is set to
``Context Transfer Protocol'', and serves as a means to identify
the contents of the data chunk as belonging to the context transfer
protocol.
The format of Payload Data Chunk taken from [10] is shown in
Figure 12. The fields of interest to context transfer protocol are
described below.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type = 0 | Reserved|U|B|E| Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| TSN |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Stream Identifier S | Stream Sequence Number n |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Payload Protocol Identifier |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
\ \
/ User Data (seq n of Stream S) /
\ \
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 12: SCTP Payload Data Chunk
`U' bit The Unordered bit. MUST be set to 1 (one).
Koodli, Perkins Expires 1 March 2003 [Page 24]
Internet Draft Context Transfers 30 August 2002
`B' bit The Beginning fragment bit. See [10].
`E' bit The Ending fragment bit. See [10].
TSN Transmission Sequence Number. See [10].
Stream Identifier S
Identifies the context transfer protocol stream.
Stream Sequence Number n
Since the `U' bit is set to one, the receiver ignores
this number. See [10].
Payload Protocol Identifier
Set to an unsigned integer corresponding to ``Context
Transfer Protocol''.
User Data Contains the context transfer protocol messages
CT-Req, CT-Rep, PCT and CT-Ack.
Koodli, Perkins Expires 1 March 2003 [Page 25]
Internet Draft Context Transfers 30 August 2002
8. Configurable Parameters
Every access router supporting the mobility extensions defined
in this document SHOULD be able to configure each parameter in
the following table. Each table entry contains the name of the
parameter, the default value, and the section of the document in
which the parameter first appears.
Parameter Name Default Value Definition
------------------- ---------------------- -------
CT-Req_RETRIES 3 Section 5.3
CT-Req_REXMIT_TIME 1 seconds Section 5.3
CONTEXT_SAVE_TIME 2 * CT-Req_REXMIT_TIME Section 6.1
CONTEXT_PURGE_TIME 5 * CT-Req_REXMIT_TIME Section 6.1
PRED_CT_TIME 3 seconds Section 6.2
9. Security Considerations
The Previous Router and the New Router MUST use authentication for
messages carrying CT-Req, CT-Rep and PCT; the exact algorithms
employed will depend on their security association. In addition,
when Previous Router uses PCT option, it MUST encrypt the Key using a
pre-existing shared secret with the New Router.
Since authentication data is supplied by the mobile node along with
its smooth handover requests, there is substantially no danger of
loss of handover context due to malicious attacks. If a node uses
the same features and Previous_IP_Address (see section 5.1) more than
255 times, then it SHOULD establish a new security association with
the Previous Router (Prtr) (i.e., the mobile node's default router at
the Previous IP Access Address (Paddr)). However, if the mobile node
fails to change its security association with the Previous Router in
this situation, an attacker could keep track of all 256 available
replay protection values and cause a future disconnection the next
time the mobile node acquires the same care-of address at the same
Previous Router.
10. IANA Considerations
The Context Profile Type introduced in this document requires IANA
Type Numbers for each set of feature contexts that make use of
Profile Types.
Koodli, Perkins Expires 1 March 2003 [Page 26]
Internet Draft Context Transfers 30 August 2002
11. Comparison with the Requirements
In this section, we compare the solution we have proposed against the
requirements specified in [11].
11.1. General Requirements
1. ``The context transfer solution MUST define the characteristics
of the IP level trigger mechanisms that initiate the transfer of
context.''
The CTIN message specified in Section 5.1 can be used as a
general-purpose IP trigger to initiate context transfer.
For instance, when the MN's access router recognizes that
the MN has terminated the link connection (through a link
layer specific mechanism for example), an ``upcall''
containing essentially the CTIN structure can be made to
the context transfer process that then begins the actual
transfer process. The essential elements of the IP trigger
would include the IP address of the MN's target access
router, the MN's new IP address and an enumeration of
various feature contexts that need to be transferred. The
default case, that needs no enumeration, allows transfer of
all feature contexts. The authorization token need not be
present for an ``internal'' trigger.
2. ``The IP level context transfer triggers MAY be initiated by a
link level (layer two) event.''
The proposal in this document would inter-work with link
layer triggers (if and when used).
3. ``The IP level trigger mechanisms for context transfer MUST hide
the specifics of any layer 2 trigger mechanisms.''
The CTIN option specified is independent of any link layer
trigger.
4. ``The IP level context transfer triggers MAY be initiated by IP
level (layer three) signaling.''
The CTIN message specified in this document can be carried
in any appropriate IP signaling message, such as a Fast
Binding Update [5], or in an IP message of its own.
5. ``Any IP level signalling for Context Transfer MUST be separated
from the actual transfer of context.''
Koodli, Perkins Expires 1 March 2003 [Page 27]
Internet Draft Context Transfers 30 August 2002
The CT-Rep and PCT messages, which carry the feature
contexts, are different from CTIN.
6. ``The context transfer solution SHOULD support one-to-many
context transfer.''
The source access router can use the CT-Rep or PCT envelope
to send multiple unicast messages or a single multicast
message when there are multiple receivers for the feature
contexts.
7. ``The context transfer solution MUST support context transfer
before, during and after handover.''
In this document, we specifically describe how context
transfer can be performed during and after handovers. The
``Predictive Context Transfer'' message can be used prior
to actual handover.
8. ``The context transfer solution MUST support a distributed
approach in which the Access Routers act as peers during the
context transfer.''
In this document, the access routers transfer appropriate
contexts. These contexts are typically those that are
created locally on the access router. If contexts present
elsewhere need to be transferred by using the access
routers, a separate protocol outside the scope of this
document would be needed to glean all the relevant contexts
and make them available to the source access router.
9. ``The entities transferring context MUST have completed a mutual
authentication process prior to initiating the transfer.''
Our protocol does not propose dynamically establishing
mutual authentication between the context transfer
entities. Mechanisms outside the scope of this document
would be needed to establish the necessary security
associations between the context transfer peers.
10. ``The context transfer solution SHOULD provide mechanisms to
selectively enable or disable context transfer for particular IP
microflows or groups of IP microflows.''
The CTIN structure allows enumeration of only those feature
contexts for which transfer is desired.
11. ``Context information MAY be transferred in phases.''
Koodli, Perkins Expires 1 March 2003 [Page 28]
Internet Draft Context Transfers 30 August 2002
The ``CT-Rep'' or ``PCT'' message can be used multiple
times to effect transfer in phases.
12. ``The context information to be transferred MUST be available
at the AR performing the transfer, prior to the initiation of a
given phase of the context transfer.''
Since we only consider all contexts to be local to the AR,
we expect it to be available during all phases of context
transfer.
13. ``The context information provided for transfer MUST be
reliable.''
Since an access router creates the context, we expect it to
be genuine and reliable. Since it is reasonable to expect
that the MN was making use of the feature (e.g., QoS,
header compression etc), the context itself on the access
router must be useful. Furthermore, since our protocol
does not introduce any operations on the context itself,
we anticipate no scenarios that would malform an otherwise
genuine, useful and reliable context.
14. ``The context transfer solution MUST include methods for
interworking with any IETF IP mobility solutions.''
The proposed protocol readily interworks with Fast
Handovers proposed in Mobile IP working group. See
Section 6.2. The proposed protocol also interworks with
base Mobile IP protocol itself. See Section 6.1.
15. ``The context transfer solution MAY include methods for
interworking with non-IETF mobility solutions.''
While this should be possible, we do not have experiences
to report here.
11.2. Protocol Requirements
1. ``The context transfer protocol MUST be capable of transferring
all of the different types of feature context necessary to
support the MN's traffic at a receiving AR.''
The proposed protocol allows for sending all or a subset
of feature contexts necessary to support the MN's traffic.
Specifically, the sub option structure allows for one
or more feature contexts to be uniquely identified and
included in context transfer.
Koodli, Perkins Expires 1 March 2003 [Page 29]
Internet Draft Context Transfers 30 August 2002
2. ``The context transfer protocol design MUST define a standard
representation for conveying context information that will
be interpreted uniformly and perspicuously by different
implementations.''
The concept of ``Context Profile Types'' introduced in
this proposal is powerful and versatile in capturing the
meaning of context information to enable inter-operability.
We expect each feature to define its own set of Feature
Profile Types that uniquely define the content and
interpretation of individual feature contexts.
3. ``The context transfer protocol MUST operate autonomously from
the content of the context information being transferred.''
There is nothing proposed in this document that would
contradict the above requirement. In other words, the
proposed protocol does not operate in any context-specific
manner.
4. ``The context transfer protocol design MUST define a standard
method for labeling each feature context being transferred.''
Each feature would define a set of ``Feature Profile
Types''. A ``Feature Profile Type'', such as a QoS Profile
Type (QPT) would define the unique characteristics of each
instance of the feature. For instance, a Compression
Profile Type for IPv6/UDP/RTP-voice-G.723.1 would define
all the necessary and sufficient context parameters for
the associated feature. This CPT, which would be an IANA
assigned type number, would precede the associated context
parameters in each transferred context.
5. ``The context transfer protocol design MUST provide for the
future definition of new feature contexts.''
New ``Feature Profile Types'' can be defined as necessary.
11.3. Transport Reliability
11.4. Security
1. ``The protocol MUST provide for "security provisioning".''
We expect the ARs involved in context transfer to
share appropriate security associations. Such security
associations may be set up by means outside the scope of
the context transfer protocol. However, our protocol
Koodli, Perkins Expires 1 March 2003 [Page 30]
Internet Draft Context Transfers 30 August 2002
provides for context authorization mechanism so that only
an authorized MN is allowed to make use of the transferred
contexts.
2. ``The security provisioning for context transfer MUST NOT require
the creation of application layer security.''
We do not propose application layer security.
3. ``The protocol MUST provide for the security provisioning to be
disabled.''
It is up to an appropriate authority to decide whether
security provisioning should be enabled or disabled. The
protocol does not specifically require the presence or
absence of security provisioning.
11.5. Timing Requirements
1. ``A context transfer MUST complete with a minimum number of
protocol exchanges between the source AR and the rest of the
ARs.''
Our protocol proposes two messages to accomplish context
transfer. When contexts are transferred before the MN
attaches to the new AR, there is a predictive transfer and
acknowledge message sequence. When context transfer takes
place after the MN attaches to the new AR, there is context
request and context reply message pair.
2. ``The context transfer protocol design MUST minimize the amount
of processing required at the sending and receiving Access
Routers.''
The amount of processing needed at the sending router
is limited to collecting all the relevant contexts for
transfer and labeling each context with an appropriate
Profile Type, and computing authentication data. The
amount of processing at the receiving router is limited
to parsing the received contexts using the Profile Types,
verifying authentication data and installing the contexts
in local memory.
3. ``The Context Transfer protocol MUST meet the timing constraints
required by all the feature contexts.''
It is important to recognize that the context state
refers to a MN's packet flows. When the packet flows
Koodli, Perkins Expires 1 March 2003 [Page 31]
Internet Draft Context Transfers 30 August 2002
change network path due to handover, it is important to
synchronize context transfer with handover epoch. This
would ensure not only that the contexts would be present
when needed, but also guarantee that the transferred state
is not stale. Our context transfer protocol is designed to
operate together with handover signaling. This allows for
contexts to be present ``in-time''.
4. ``The context transfer solution MUST provide for the aggregation
of multiple contexts.''
The proposed sub option structure is meant for collecting
all the possible feature contexts to be transferred in a
single message. The sending AR scans and collects all the
feature contexts associated with the MN while constructing
the CT-Rep or PCT option. This ensures the most feature
context aggregation prior to transferring the message.
11.6. Context Update and Synchronization
1. ``The context transfer protocol MUST be capable of updating
context information when it changes.''
The PCT message can be used at any appropriate time to
accomplish context updates.
2. ``A context update MUST preserve the integrity, and thus the
meaning, of the context at each receiving AR.''
We do not propose replicating the contexts at multiple ARs
when the MN is connected to a single AR. Thus, we do not
have to address this requirement.
11.7. Interworking with handover mechanisms
1. ``The context transfer protocol MAY provide input to the handover
process.''
We do not provide such an input in our current proposal.
2. ``The context transfer protocol MUST include methods for
exchanging information with the handover process.''
We expect a separate Candidate Access Router discovery
protocol to assist the context transfer protocol in
determining the target AR. We expect such a discovery
protocol to also assist the handover process.
Koodli, Perkins Expires 1 March 2003 [Page 32]
Internet Draft Context Transfers 30 August 2002
11.8. Partial Handover
1. ``The context transfer protocol MAY provide a mechanism for
supporting partial handovers.''
We do not propose distributing the subsets of contexts
to multiple ARs. However, if a Candidate Access Router
discovery protocol provides more than one target and the
required contexts for each target AR, our protocol does not
inhibit such a transfer.
References
[1] S. Bradner. Key words for use in RFCs to Indicate Requirement
Levels. Request for Comments (Best Current Practice) 2119,
Internet Engineering Task Force, March 1997.
[2] A. Conta and S. Deering. Internet Control Message Protocol
(ICMPv6) for the Internet Protocol Version 6 (IPv6)
Specification. Request for Comments (Draft Standard) 2463,
Internet Engineering Task Force, December 1998.
[3] D. Johnson, C. Perkins, and J. Arkko. Mobility Support in IPv6
(work in progress). Internet Draft, Internet Engineering Task
Force, 2002.
[4] S. Kent and R. Atkinson. IP Authentication Header. Request for
Comments (Proposed Standard) 2402, Internet Engineering Task
Force, November 1998.
[5] R. Koodli and (Editor). Fast Handovers for Mobile IPv6(work in
progress). Internet Draft, Internet Engineering Task Force.
draft-designteam-fast-mipv6-01.txt, February 2001.
[6] H. Krawczyk, M. Bellare, and R. Canetti. HMAC: Keyed-Hashing
for Message Authentication. Request for Comments
(Informational) 2104, Internet Engineering Task Force,
February 1997.
[7] O. Levkowetz and et al. Problem Description: Reasons For Doing
Context Transfers Between Nodes in an IP Access Network (work in
progress). Internet Draft, Internet Engineering Task Force.
draft-ietf-seamoby-context-transfer-problem-stat-00.txt,
February 2001.
[8] J. Postel. Internet Control Message Protocol. Request for
Comments (Standard) 792, Internet Engineering Task Force,
September 1981.
Koodli, Perkins Expires 1 March 2003 [Page 33]
Internet Draft Context Transfers 30 August 2002
[9] R. Rivest. The MD5 Message-Digest Algorithm. Request for
Comments (Informational) 1321, Internet Engineering Task Force,
April 1992.
[10] R. Stewart and et al. Stream Control Transmission Protocol.
Request for Comments (Proposed Standard) 2960, Internet
Engineering Task Force, October 2000.
[11] H. Syed and et al. General Requirements for Context
Transfer(work in progress). Internet Draft, Internet
Engineering Task Force, March 2001.
[12] D. Trossen and et al. Issues in candidate access router
discovery for seamless IP-level handoffs (work in progress).
Internet Draft, Internet Engineering Task Force, January 2002.
Koodli, Perkins Expires 1 March 2003 [Page 34]
Internet Draft Context Transfers 30 August 2002
Addresses
Questions about this memo can be directed to the authors:
Rajeev Koodli Charles E. Perkins
Communications Systems Lab Communications Systems Lab
Nokia Research Center Nokia Research Center
313 Fairchild Drive 313 Fairchild Drive
Mountain View, California 94043 Mountain View, California 94043
USA USA
Phone: +1-650 625-2359 Phone: +1-650 625-2986
EMail: rajeev.koodli@nokia.com EMail: charliep@iprg.nokia.com
Fax: +1 650 625-2502 Fax: +1 650 625-2502
Koodli, Perkins Expires 1 March 2003 [Page 35]