MOBOPTS Research Group                                    A. Dutta (Ed.)
Internet-Draft                                                 Telcordia
Expires: January 18, 2006                                     V. Fajardo
                                                                 Y. Ohba
                                                             K. Taniuchi
                                                                    TARI
                                                          H. Schulzrinne
                                                          Columbia Univ.
                                                           July 17, 2005


       A Framework of Media-Independent Pre-Authentication (MPA)
                  draft-ohba-mobopts-mpa-framework-01

Status of this Memo

   By submitting this Internet-Draft, each author represents that any
   applicable patent or other IPR claims of which he or she is aware
   have been or will be disclosed, and any of which he or she becomes
   aware will be disclosed, in accordance with Section 6 of BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on January 18, 2006.

Copyright Notice

   Copyright (C) The Internet Society (2005).

Abstract

   This document describes a framework of Media-independent Pre-
   Authentication (MPA), a new handover optimization mechanism that has
   a potential to address issues on existing mobility management



Dutta (Ed.), et al.     Expires January 18, 2006                [Page 1]


Internet-Draft                MPA Framework                    July 2005


   protocols and mobility optimization mechanisms.  MPA is a mobile-
   assisted, secure handover optimization scheme that works over any
   link-layer and with any mobility management protocol.  [I-D.ohba-
   mobopts-mpa-implementation] is an accompanying document which shows
   two sets of implementation of MPA including performance results to
   show how existing protocols could be leveraged to realize the
   functionalities of MPA.

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
     1.1   Performance Requirements . . . . . . . . . . . . . . . . .  5
   2.  Existing Work on Fast-handover . . . . . . . . . . . . . . . .  7
   3.  Terminology  . . . . . . . . . . . . . . . . . . . . . . . . .  8
   4.  MPA Framework  . . . . . . . . . . . . . . . . . . . . . . . . 10
     4.1   Overview . . . . . . . . . . . . . . . . . . . . . . . . . 10
     4.2   Functional Elements  . . . . . . . . . . . . . . . . . . . 11
     4.3   Basic Communication Flow . . . . . . . . . . . . . . . . . 11
   5.  Detailed Issues  . . . . . . . . . . . . . . . . . . . . . . . 16
     5.1   Discovery  . . . . . . . . . . . . . . . . . . . . . . . . 16
     5.2   Pre-authentciation in multiple CTN environement  . . . . . 17
     5.3   Proactive IP address acquisition . . . . . . . . . . . . . 18
       5.3.1   PANA-assisted proactive IP address acquisition . . . . 18
       5.3.2   IKEv2-assisted proactive IP address acquisition  . . . 19
       5.3.3   Proactive IP address acquisition using DHCP only . . . 19
       5.3.4   Proactive IP address acquisition using stateless
               autoconfiguration  . . . . . . . . . . . . . . . . . . 20
     5.4   Address resolution issues  . . . . . . . . . . . . . . . . 21
       5.4.1   Proactive duplicate address detection  . . . . . . . . 21
       5.4.2   Proactive address resolution update  . . . . . . . . . 21
     5.5   Tunnel management  . . . . . . . . . . . . . . . . . . . . 22
     5.6   Binding Update . . . . . . . . . . . . . . . . . . . . . . 23
     5.7   Preventing packet loss . . . . . . . . . . . . . . . . . . 24
     5.8   Considerations for failed switching and switch-back  . . . 24
     5.9   Link-layer security and mobility . . . . . . . . . . . . . 26
     5.10  Authentication in initial network attachment . . . . . . . 27
   6.  Security Considerations  . . . . . . . . . . . . . . . . . . . 28
   7.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 29
   8.  Acknowledgments  . . . . . . . . . . . . . . . . . . . . . . . 30
   9.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 31
     9.1   Normative References . . . . . . . . . . . . . . . . . . . 31
     9.2   Informative References . . . . . . . . . . . . . . . . . . 32
       Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 34
       Intellectual Property and Copyright Statements . . . . . . . . 36







Dutta (Ed.), et al.     Expires January 18, 2006                [Page 2]


Internet-Draft                MPA Framework                    July 2005


1.  Introduction

   As wireless technologies including cellular and wireless LAN are
   popularly used, supporting terminal handovers across different types
   of access networks, such as from a wireless LAN to CDMA or to GPRS is
   considered as a clear challenge.  On the other hand, supporting
   terminal handovers between access networks of the same type is still
   more challenging, especially when the handovers are across IP subnets
   or administrative domains.  To address those challenges, it is
   important to provide terminal mobility that is agnostic to link-layer
   technologies in an optimized and secure fashion without incurring
   unreasonable complexity.  In this document we discuss terminal
   mobility that provides seamless handovers with low-latency and low-
   loss.  Seamless handovers are characterized in terms of performance
   requirements as described in Section 1.1.

   The basic part of terminal mobility is accomplished by a mobility
   management protocol that maintains a binding between a locator and an
   identifier of a mobile terminal, where the binding is referred to as
   the mobility binding.  The locator of the mobile node may dynamically
   change when there is a movement of the mobile terminal.  The movement
   that causes a change of the locator may occur not only physically but
   also logically.  A mobility management protocol may be defined at any
   layer.  In the rest of this document, the term "mobility management
   protocol" refers to a mobility management protocol which operates at
   network layer or higher.

   There are several mobility management protocols at different layers.
   Mobile IP [RFC3344] and Mobile IPv6 [RFC3775] are mobility management
   protocols that operate at network-layer.  There are several ongoing
   activities in the IETF to define mobility management protocols at
   layers higher than network layer.  For example, MOBIKE (IKEv2
   Mobility and Multihoming) [I-D.ietf-mobike-design] is an extension to
   IKEv2 that provides the ability to deal with a change of an IP
   address of an IKEv2 end-point.  HIP (the Host Identity Protocol)
   [I-D.ietf-hip-base] defines a new protocol layer between network
   layer and transport layer to provide terminal mobility in a way that
   is transparent to both network layer and transport layer.  Also, SIP-
   Mobility is an extension to SIP to maintain the mobility binding of a
   SIP user agent [SIPMM].

   While mobility management protocols maintain mobility bindings, using
   them solely in their current form is not sufficient to provide
   seamless handovers.  An additional optimization mechanism that works
   in the visited network of the mobile terminal to prevent loss of
   outstanding packets transmitted while updating the mobility binding
   is needed to achieve seamless handovers.  Such a mechanism is
   referred to as a mobility optimization mechanism.  For example,



Dutta (Ed.), et al.     Expires January 18, 2006                [Page 3]


Internet-Draft                MPA Framework                    July 2005


   mobility optimization mechanisms [I-D.ietf-mobileip-lowlatency-
   handoffs-v4] and [I-D.ietf-mipshop-fast-mipv6] are defined for Mobile
   IPv4 and Mobile IPv6, respectively, by allowing neighboring access
   routers to communicate and carry information about mobile terminals.
   There are protocols that are considered as "helpers" of mobility
   optimization mechanisms.  The CARD (Candidate Access Router Discovery
   Mechanism) protocol [I-D.ietf-seamoby-card-protocol] is designed to
   discover neighboring access routers.  The CTP (Context Transfer
   Protocol) [I-D.ietf-seamoby-ctp] is designed to carry state that is
   associated with the services provided for the mobile terminal, or
   context, among access routers.

   There are several issues in existing mobility optimization
   mechanisms.  First, existing mobility optimization mechanisms are
   tightly coupled with specific mobility management protocols.  For
   example, it is not possible to use mobility optimization mechanisms
   designed for Mobile IPv4 or Mobile IPv6 for MOBIKE.  What is strongly
   desired is a single, unified mobility optimization mechanism that
   works with any mobility management protocol.  Second, there is no
   existing mobility optimization mechanism that easily supports
   handovers across administrative domains without assuming a pre-
   established security association between administrative domains.  A
   mobility optimization mechanism should work across administrative
   domains in a secure manner only based on a trust relationship between
   a mobile node and each administrative domain.  Third, a mobility
   optimization mechanism needs to support not only multi-interface
   terminals where multiple simultaneous connectivity through multiple
   interfaces can be expected, but also single-interface terminals.

   This document describes a framework of Media-independent Pre-
   Authentication (MPA), a new handover optimization mechanism that has
   a potential to address all those issues.  MPA is a mobile-assisted,
   secure handover optimization scheme that works over any link-layer
   and with any mobility management protocol including Mobile IPv4,
   Mobile IPv6, MOBIKE, HIP, SIP mobility, etc.  In MPA, the notion of
   IEEE 802.11i pre-authentication is extended to work at higher layer,
   with additional mechanisms to perform early acquisition of IP address
   from a network where the mobile terminal may move as well as
   proactive handover to the network while the mobile terminal is still
   attached to the current network.  Since this document focuses on the
   MPA framework, it is left to the future work to choose actual set of
   protocols for MPA and define detailed operations.  The accompanying
   document [I-D.ohba-mobopts-mpa-implementation] provides one method
   that describes usage and interactions between existing protocols to
   accomplish MPA functionality.






Dutta (Ed.), et al.     Expires January 18, 2006                [Page 4]


Internet-Draft                MPA Framework                    July 2005


1.1  Performance Requirements

   In order to provide desirable quality of service for interactive VoIP
   and streaming traffic, one needs to limit the value of end-to-end
   delay, jitter and packet loss to a certain threshold level.  ITU-T
   and ITU-E standards define the acceptable values for these
   parameters.  For example for one-way delay, ITU-T G.114 recommends
   150 ms as the upper limit for most of the applications, and 400 ms as
   generally unacceptable delay.  One way delay tolerance for video
   conferencing is in the range of 200 to 300 ms.  Also if an out-of-
   order packet is received after a certain threshold it is considered
   lost.  References [RFC2679], [RFC2680] and 2681 [RFC2681] describe
   some of the measurement techniques for delay and jitter.

   An end-to-end delay consists of several components, such as network
   delay, operating system (OS) delay, CODEC delay and application
   delay.  Network delay consists of transmission delay, propagation
   delay, queueing delay in the intermediate routers.  Operating System
   related delay consists of scheduling behavior of the operating system
   in the sender and receiver.  CODEC delay is generally caused due to
   packetization and depacketization at the sender and receiver end.
   Application delay is mainly attributed to playout delay that helps
   compensate the delay variation within a network.  End-to-end delay
   and jitter values can be adjusted using proper value of the playout
   buffer at the receiver end.  In case of interactive VoIP traffic,
   end-to-end delay affects the jitter value and is an important issue
   to consider.  During a mobile's frequent handover, transient traffic
   cannot reach the mobile and this contributes to the jitter as well.
   If the end system has a playout buffer, then this jitter is subsumed
   by the playout buffer delay, but otherwise this adds to the delay for
   interactive traffic.  Packet loss is typically caused by congestion,
   routing instability, link failure, lossy links such as wireless
   links.  During a mobile's handover a mobile is subjected to packet
   loss because of its change in attachment to the network.  Thus for
   both streaming traffic and VoIP interactive traffic packet loss will
   contribute to the service quality of the real-time application.
   Number of packets lost is proportional to the delay during handover
   and rate of traffic the mobile is receiving.  Lost packets contribute
   to congestion in case of TCP traffic because of re-transmission, but
   it does not add to any congestion in case of streaming traffic that
   is RTP/UDP based.  Thus it is essential to reduce the packet loss and
   effect of handover delay in any mobility management scheme.  In
   Section 2, we describe some of the fast-handover scheme that have
   tried to reduce the handover delay.

   According to ETSI TR 101 [ETSI] a normal voice conversation can
   tolerate up to 2% packet loss.  If a mobile is subjected to frequent
   handoff during a conversation, each handoff will contribute to packet



Dutta (Ed.), et al.     Expires January 18, 2006                [Page 5]


Internet-Draft                MPA Framework                    July 2005


   loss for the period of handoff.  Thus maximum loss during a
   conversation needs to be reduced to an acceptable level.  There is no
   clear threshold value for packet loss for streaming application, but
   it needs to be reduced as much as possible to provide better quality
   of service to a specific application.














































Dutta (Ed.), et al.     Expires January 18, 2006                [Page 6]


Internet-Draft                MPA Framework                    July 2005


2.  Existing Work on Fast-handover

   While basic mobility management protocols such as Mobile IP
   [RFC3344], Mobile IPv6 [RFC3775], SIP-Mobility [SIPMM] offer
   solutions to provide continuity to TCP and RTP traffic, these are not
   optimized to reduce the handover latency during mobile's frequent
   movement between subnets and domains.  In general these mobility
   management protocols suffer from handover delays incurred at several
   layers such as layer 2, layer 3 and application layer for updating
   the mobile's mobility binding.

   There have been several optimization techniques that apply to
   currently mobility management schemes that try to reduce handover
   delay and packet loss during a mobile's movement between cells,
   subnet and domain.  There are few micro-mobility management schemes
   [CELLIP], [HAWAII], and intra-domain mobility management schemes such
   as [IDMP], [I-D.ietf-mobileip-reg-tunnel] that provide fast-handover
   by limiting the signaling updates within a domain.  Fast Mobile IP
   protocols for IPv4 and IPv6 networks [I-D.ietf-mobileip-lowlatency-
   handoffs-v4], [I-D.ietf-mipshop-fast-mipv6] provide fast-handover
   techniques that utilize mobility information made available by the
   link layer triggers.  Yokota et al.  [YOKOTA] propose joint use of
   access point and dedicated MAC bridge to provide fast-handover
   without altering MIPv4 specification.  [MACD] scheme reduces the
   delay due to MAC layer handoff by providing a cache-based algorithm.

   Some of the mobility management schemes use dual interfaces thus
   providing make-before-break scenario [SUM].  In a make-before-break
   situation communication usually continues with one interface, when
   the secondary interface is in the process of getting connected.  The
   IEEE 802.21 working group is discussing these scenarios in details
   [802.21].  Providing fast-handover using a single interface needs
   more careful design techniques than for a client with multiple
   interfaces.  [SIPFAST] provides an optimized handover scheme for SIP-
   based mobility management, where the transient traffic is forwarded
   from the old subnet to the new one by using an application layer
   forwarding scheme.  [MITH] provides a fast handover scheme for a
   single interface case that uses mobile initiated tunneling between
   the old foreign agent and new foreign agent.  [MITH] defines two
   types of handover schemes such as Pre-MIT and Post-MIT.  Proposed MPA
   scheme is very similar in nature to MITH's predictive scheme where
   the mobile communicates with the foreign agent before actually moving
   to the new network.  However the proposed MPA scheme described in
   this document is not limited to MIP type mobility protocol only and
   in addition this scheme takes care of movement between domains and
   performs pre-authentication in addition to proactive handover.  Thus
   the proposed scheme reduces the overall delay to close to link-layer
   handover delay.



Dutta (Ed.), et al.     Expires January 18, 2006                [Page 7]


Internet-Draft                MPA Framework                    July 2005


3.  Terminology


   Mobility Binding:


      A binding between a locator and an identifier of a mobile
      terminal.


   Mobility Management Protocol (MMP):


      A protocol that operates at network layer or higher to maintain a
      binding between a locator and an identifier of a mobile terminal.


   Binding Update:


      A procedure to update a mobility binding.


   Media-independent Pre-Authentication Mobile Node (MN):


      A mobile terminal of media-independent pre-authentication (MPA)
      which is a mobile-assisted, secure handover optimization scheme
      that works over any link-layer and with any mobility management
      protocol.  An MPA mobile node is an IP node.  In this document,
      the term "mobile node" or "MN" without a modifier refers to "MPA
      mobile node".  An MPA mobile node usually has a functionality of a
      mobile node of a mobility management protocol as well.


   Candidate Target Network (CTN):


      A network to which the mobile may move in the near future.


   Target Network (TN):


      The network to which the mobile has decided to move.  The target
      network is selected from one or more candidate target network.





Dutta (Ed.), et al.     Expires January 18, 2006                [Page 8]


Internet-Draft                MPA Framework                    July 2005


   Proactive Handover Tunnel (PHT):


      A bidirectional IP tunnel that is established between the MPA
      mobile node and an access router of a candidate target network.
      In this document, the term "tunnel" without a modifier refers to
      "proactive handover tunnel".


   Point of Attachment (PoA):


      A link-layer device (e.g., a switch, an access point or a base
      station, etc.) that functions as a link-layer attachment point for
      the MPA mobile node to a network.


   Care-of Address (CoA):


      An IP address used by a mobility management protocol as a locator
      of the MPA mobile node.





























Dutta (Ed.), et al.     Expires January 18, 2006                [Page 9]


Internet-Draft                MPA Framework                    July 2005


4.  MPA Framework

4.1  Overview

   Media-independent Pre-Authentication (MPA) is a mobile-assisted,
   secure handover optimization scheme that works over any link-layer
   and with any mobility management protocol.  With MPA, a mobile node
   is not only able to securely obtain an IP address and other
   configuration parameters for a CTN, but also able to send and receive
   IP packets using the obtained IP address before it actually attaches
   to the CTN.  This makes it possible for the mobile node to complete
   the binding update of any mobility management protocol and use the
   new CoA before performing a handover at link-layer.

   This functionality is provided by allowing a mobile node, which has a
   connectivity to the current network but is not yet attached to a CTN,
   to (i) establish a security association with the CTN to secure the
   subsequent protocol signaling, then (ii) securely execute a
   configuration protocol to obtain an IP  address and other parameters
   from the CTN as well as a execute tunnel management protocol to
   establish a PHT between the mobile node and an access router of the
   CTN, then (iii) send and receive IP packets, including signaling
   messages for binding update of an MMP and data packets transmitted
   after completion of binding update, over the PHT using the obtained
   IP address as the tunnel inner address, and finally (iv) deleting or
   disabling the PHT immediately before attaching to the CTN when it
   becomes the target network and then re-assigning the inner address of
   the deleted or disabled tunnel to its physical interface immediately
   after the mobile node is attached to the target network through the
   interface.  Instead of deleting or disabling the tunnel before
   attaching to the the target network, the tunnel may be deleted or
   disabled immediately after being attached to the target network.

   Especially, the third procedure makes it possible for the mobile to
   complete higher-layer handover before starting link-layer handover.
   This means that the mobile is able to send and receive data packets
   transmitted after completion of binding update over the tunnel, while
   it is still able to send and receive data packets transmitted before
   completion of binding update outside the tunnel.

   In the above four basic procedures of MPA, the first procedure is
   referred to as "pre-authentication", the second procedure is referred
   to as "pre-configuration", the combination of the third and fourth
   procedures are referred to as "secure proactive handover".  The
   security association established through pre-authentication is
   referred to as an "MPA-SA".





Dutta (Ed.), et al.     Expires January 18, 2006               [Page 10]


Internet-Draft                MPA Framework                    July 2005


4.2  Functional Elements

   In the MPA framework, the following functional elements are expected
   to reside in each CTN to communicate with a mobile node:
   Authentication Agent (AA), Configuration Agent (CA) and Access Router
   (AR).  Some or all of those elements can be placed in a single
   network device or in separate network devices.

   An authentication agent is responsible for pre-authentication.  An
   authentication protocol is executed between the mobile node and the
   authentication agent to establish an MPA-SA.  The authentication
   protocol MUST be able to derive a key between the mobile node and the
   authentication agent and SHOULD be able to provide mutual
   authentication.  The authentication protocol SHOULD be able to
   interact with a AAA protocol such as RADIUS and Diameter to carry
   authentication credentials to an appropriate authentication server in
   the AAA infrastructure.  The derived key is used for further deriving
   keys used for protecting message exchanges used for pre-configuration
   and secure proactive handover.  Other keys that are used for
   bootstrapping link-layer and/or network-layer ciphers MAY also be
   derived from the MPA-SA.  A protocol that can carry EAP [RFC3748]
   would be suitable as an authentication protocol for MPA.

   A configuration agent is responsible for one part of pre-
   configuration, namely securely executing a configuration protocol to
   securely deliver an IP address and other configuration parameters to
   the mobile node.  The signaling messages of the configuration
   protocol MUST be protected using a key derived from the key
   corresponding to the MPA-SA.

   An access router is a router that is responsible for the other part
   of pre-configuration, i.e., securely executing a tunnel management
   protocol to establish a proactive handover tunnel to the mobile node.
   The signaling messages of the configuration protocol MUST be
   protected using a key derived from the key corresponding to the
   MPA-SA.  IP packets transmitted over the proactive handover tunnel
   SHOULD be protected using a key derived from the key corresponding to
   the MPA-SA.

4.3  Basic Communication Flow

   Assume that the mobile node is already connected to a point of
   attachment, say oPoA (old point of attachment), and assigned a
   care-of address, say oCoA (old care-of address).  The communication
   flow of MPA is described as follows.  Throughout the communication
   flow, data packet loss should not occur except for the period during
   the switching procedure in Step 5, and it is the responsibility of
   link-layer handover to minimize packet loss during this period.



Dutta (Ed.), et al.     Expires January 18, 2006               [Page 11]


Internet-Draft                MPA Framework                    July 2005


   Step 1 (pre-authentication phase): The mobile node finds a CTN
   through some discovery process and obtains the IP addresses, an
   authentication agent, a configuration agent and an access router in
   the CTN by some means.  The mobile node performs pre-authentication
   with the authentication agent.  If the pre-authentication is
   successful, an MPA-SA is created between the mobile node and the
   authentication agent.  Two keys are derived from the MPA-SA, namely
   an MN-CA key and an MN-AR key, which are used to protect subsequent
   signaling messages of a configuration protocol and a tunnel
   management protocol, respectively.  The MN-CA key and the MN-AR key
   are then securely delivered to the configuration agent and the access
   router, respectively.

   Step 2 (pre-configuration phase): The mobile node realizes that its
   point of attachment is likely to change from oPoA to a new one, say
   nPoA (new point of attachment).  It then performs pre-configuration,
   with the configuration agent using the configuration protocol to
   obtain an IP address, say nCoA (new care-of address), and other
   configuration parameters from the CTN, and with the access router
   using the tunnel management protocol to establish a proactive
   handover tunnel.  In the tunnel management protocol, the mobile node
   registers oCoA and nCoA as the tunnel outer address and the tunnel
   inner address, respectively.  The signaling messages of the pre-
   configuration protocol are protected using the MN-CA key and the
   MN-AR key.  When the configuration and the access router are co-
   located in the same device, the two protocols may be integrated into
   a single protocol like IKEv2.  After completion of the tunnel
   establishment, the mobile node is able to communicate using both oCoA
   and nCoA by the end of Step 4.

   Step 3 (secure proactive handover main phase): The mobile node
   decides to switch to the new point of attachment by some means.
   Before the mobile node switches to the new point of attachment, it
   starts secure proactive handover by executing binding update of a
   mobility management protocol and transmitting subsequent data traffic
   over the tunnel (main phase).  In some cases, it may like to cache
   multiple nCOA addresses and perform simultaneous binding with the CH
   or HA.

   Step 4 (secure proactive handover pre-switching phase): The mobile
   node completes binding update and becomes ready to switch to the new
   point of attachment point.  The mobile may execute the tunnel
   management protocol to delete or disable the proactive handover
   tunnel and cache nCoA after deletion or disabling of the tunnel.  The
   decision as to when the mobile node is ready to switch to the new
   point of attachment depends on handover policy.

   Step 5 (switching): It is expected that a link-layer handover occurs



Dutta (Ed.), et al.     Expires January 18, 2006               [Page 12]


Internet-Draft                MPA Framework                    July 2005


   in this step.

   Step 6 (secure proactive handover post-switching phase): The mobile
   node executes the switching procedure.  Upon successful completion of
   the switching procedure, the mobile node immediately restores the
   cached nCoA and assigns it to the physical interface attached to the
   new point of attachment.  If the proactive handover tunnel was not
   deleted or disabled in Step 4, the tunnel is deleted or disabled as
   well.  After this, direct transmission of data packets using nCoA is
   possible without using a proactive handover tunnel.

   An example call flow of MPA is shown in Figure 1 and Figure 2.







































Dutta (Ed.), et al.     Expires January 18, 2006               [Page 13]


Internet-Draft                MPA Framework                    July 2005


                                                         IP address(es)
                                                          Available for
                                                             Use by MN
                                                                   |
                           +-----------------------------------+   |
                           |     Candidate Target Network      |   |
                           |     (Future Target Network)       |   |
             MN       oPoA | nPoA     AA        CA        AR   |   |
             |         |   |  |       |         |         |    |   |
             |         |   +-----------------------------------+   |
             |         |      |       |         |         |        .
    +---------------+  |      |       |         |         |        .
    |(1) Found a CTN|  |      |       |         |         |        .
    +---------------+  |      |       |         |         |        |
             |   Pre-authentication   |         |         |        |
             |   [authentication protocol]      |         |        |
             |<--------+------------->|MN-CA key|         |        |
             |         |      |       |-------->|MN-AR key|        |
   +-----------------+ |      |       |------------------>|        |
   |(2) Increased    | |      |       |         |         |     [oCoA]
   |chance to switch | |      |       |         |         |        |
   |     to CTN      | |      |       |         |         |        |
   +-----------------+ |      |       |         |         |        |
             |         |      |       |         |         |        |
             |   Pre-configuration    |         |         |        |
             |   [configuration protocol to get nCoA]     |        |
             |<--------+----------------------->|         |        |
             |   Pre-configuration    |         |         |        |
             |   [tunnel management protocol to establish PHT]     V
             |<--------+--------------------------------->|
             |         |      |       |         |         |        ^
   +-----------------+ |      |       |         |         |        |
   |(3) Determined   | |      |       |         |         |        |
   |to switch to CTN | |      |       |         |         |        |
   +-----------------+ |      |       |         |         |        |
             |         |      |       |         |         |        |
             |   Secure proactive handover main phase     |        |
             |   [execution of binding update of MMP and  |        |
             |    transmission of data packets through AR | [oCoA, nCoA]
             |    based on nCoA over the PHT]   |         |        |
             |<<=======+================================>+--->...  |
             .         .      .       .         .         .        .
             .         .      .       .         .         .        .
             .         .      .       .         .         .        .

                 Figure 1: Basic Communication Flow (1/2)





Dutta (Ed.), et al.     Expires January 18, 2006               [Page 14]


Internet-Draft                MPA Framework                    July 2005


             |         |      |       |         |         |        |
   +----------------+  |      |       |         |         |        |
   |(4) Completion  |  |      |       |         |         |        |
   |of MMP BU and   |  |      |       |         |         |        |
   |ready to switch |  |      |       |         |         |        |
   +----------------+  |      |       |         |         |        |
             |   Secure proactive handover pre-switching phase     |
             |   [tunnel management protocol to delete PHT]        V
             |<--------+--------------------------------->|
    +---------------+         |       |         |         |
    |(5)Switching   |         |       |         |         |
    +---------------+         |       |         |         |
             |                |       |         |         |
    +---------------+         |       |         |         |
    |(6) Completion |         |       |         |         |
    |of switching   |         |       |         |         |
    +---------------+         |       |         |         |
             o<- Secure proactive handover post-switching phase ^
             |   [Re-assignment of TIA to the physical I/F]        |
             |                |       |         |         |        |
             |   Transmission of data packets through AR  |     [nCoA]
             |   based on nCoA|       |         |         |        |
             |<---------------+---------------------------+-->...  |
             |                |       |         |         |        .

                 Figure 2: Basic Communication Flow (2/2)

























Dutta (Ed.), et al.     Expires January 18, 2006               [Page 15]


Internet-Draft                MPA Framework                    July 2005


5.  Detailed Issues

   In order to provide an optimized handover for a mobile experiencing
   rapid subnet and domain handover, one needs to look into several
   issues.  These issues include discovery of neighboring networking
   elements, choosing the right network to connect to based on certain
   policy, changing the layer 2 point of attachment, obtaining an IP
   address from a DHCP or PPP server, confirming the uniqueness of the
   IP address, pre-authenticating with the authentication agent, sending
   the binding update to the correspondent host and obtaining the
   redirected streaming traffic to the new point of attachment, ping-
   pong effect, probability of moving to more than one network and
   associating with multiple target networks.  We describe these issues
   in details in the following paragraphs and describe how we have
   optimized these in case of MPA-based secure proactive handover.

5.1  Discovery

   Discovery of neighboring networking elements such as access points,
   access routers, authentication servers help expedite the handover
   process during a mobile's rapid movement between networks.  By
   discovering the network neighborhood with a desired set of
   coordinates, capabilities and parameters the mobile can perform many
   of the operation such as pre-authentication, proactive IP address
   acquisition, proactive address resolution, and binding update while
   in the previous network.

   There are several ways a mobile can discover the neighboring
   networks.  The Candidate Access Router Discovery protocol [I-D.ietf-
   seamoby-card-protocol] helps discover the candidate access routers in
   the neighboring networks.  Given a certain network domain SLP and DNS
   help provide addresses of the networking components for a given set
   of services in the specific domain.  In some cases many of the
   network layer and upper layer parameters may be sent over link-layer
   management frames such as beacons when the mobile approaches the
   vicinity of the neighboring networks.  IEEE 802.11u is considering
   issues such as discovering neighborhood using information contained
   in link-layer.  However, if the link-layer management frames are
   encrypted by some link-layer security mechanism, then the mobile node
   may not be able to obtain the requisite information before
   establishing link-layer connectivity to the access point.  In
   addition this may add burden to the bandwidth constrained wireless
   medium.  In such cases a higher layer protocol is preferred to obtain
   the information regarding the neighboring elements.  There is some
   proposal such as [802.21] that helps obtain these information about
   the neighboring networks from a mobility server.  When the mobile's
   movement is imminent, it starts the discovery process by querying a
   specific server and obtains the required parameters such as the IP



Dutta (Ed.), et al.     Expires January 18, 2006               [Page 16]


Internet-Draft                MPA Framework                    July 2005


   address of the access point, its characteristics, routers, SIP
   servers or authentication servers of the neighboring networks.  In
   the event of multiple networks, it may obtain the required parameters
   from more than one neighboring networks and keep these in cache.  At
   some point the mobile finds out several CTN's out of many probable
   networks and starts the pre-authentication process by communicating
   with the required entities in the CTN's.  Futher details of this
   scenario is in Section 5.2.

5.2  Pre-authentciation in multiple CTN environement

   In some cases, although a mobile decides a specific network to be the
   target network, it may actually end up with moving into a neighboring
   network other than the target network due to factors that are beyond
   the mobile's control.  Thus it may be useful to perform the pre-
   authentication with a few probable candidate target networks and
   establish time-bound tunnels with the respective access routers in
   those networks.  Thus in the event of a mobile moving to a candidate
   target network other than that was chosen as the target network, it
   will not be subjected to packet loss due to authentication and IP
   address acquisition delay that could incur if the mobile did not pre-
   authenticate with that candidate target network.  It may appear that
   by pre-authenticating with a number of candidate target networks and
   reserving the IP addresses, the mobile is provisioning the resources
   that could be used otherwise.  But since this happens for a time-
   limited period it should not be a big problem.  Mobile uses pre-
   authentication procedure to obtain IP address proactively and set up
   the time bound tunnels with the access routers of the candidate
   target networks.

   Mobile may choose one of these addresses as the binding update
   address and send it to the CN (Correspondent Node) or HA (Home
   Agent), and will thus receive the tunneled traffic via the target
   network while in the previous network.  But in some instances, the
   mobile may eventually end up moving to a network that is other than
   the target network.  Thus there will be a disruption in traffic as
   the mobile moves to the new network since the mobile has to go
   through the process of assigning the new IP address and sending the
   binding update again.  Two solutions can be proposd to take care of
   this problem.  Mobile can take advantage of the simultaneous mobility
   binding and send multiple binding updates to the corresponsing host
   or HA.  Thus the corresponsing host or HA forwards the traffic to
   multiple IP addresses assigned to the virtual interfaces for a
   specific period of time.  This binding update gets refreshed at the
   CH after the mobile moves to the new network, thus stopping the flow
   to the other candidate networks.  Reference [I-D.wakikawa-mobileip-
   multiplecoa] discusses different scenarios of mobility binding with
   multiple care-of-addresses.  In case simultaneous binding is not



Dutta (Ed.), et al.     Expires January 18, 2006               [Page 17]


Internet-Draft                MPA Framework                    July 2005


   supported in a specific mobility scheme, forwarding of traffic from
   the previous target network will help take care of the transient
   traffic until the new binding update goes from the new network.

5.3  Proactive IP address acquisition

   In general a mobility management protocol works in conjunction with
   Foreign Agent or in co-located address mode.  MPA approach can use
   both co-located address mode and foreign agent address mode.  We
   discuss here the address assignment component that is used in co-
   located address mode.  There are several ways a mobile node can
   obtain an IP address and configure itself.  Most commonly a mobile
   can configure itself statically in the absence of any configuring
   element such as a server or router in the network.  The IETF Zeroconf
   working group defines auto-IP mechanism where a mobile is configured
   in an ad-hoc manner and picks a unique address from a specified range
   such as 169.254.x.x.  In a LAN environment the mobile can obtain IP
   address from DHCP servers.  In case of IPv6 networks, a mobile has
   the option of obtaining the IP address using stateless auto-
   configuration or DHCPv6.  In a wide area networking environment,
   mobile uses PPP to obtain the IP address by communicating with a NAS.

   Each of these processes takes of the order of few hundred
   milliseconds to few seconds depending upon the type of IP address
   acquisition process and operating system of the clients and servers.
   Since IP address acquisition is part of the handover process, it adds
   to the handover delay and thus it is desirable to reduce this timing
   as much as possible.  There are few optimized techniques such as DHCP
   Rapid Commit [I-D.ietf-dhc-rapid-commit-opt], GPS-coordinate based IP
   address [GPSIP] available that attempt to reduce the handover time
   due to IP address acquisition time.  However in all these cases the
   mobile also obtains the IP address after it moves to the new subnet
   and incurs some delay because of the signaling handshake between the
   mobile node and the DHCP server.

   In the following paragraph we describe few ways a mobile node can
   obtain the IP address proactively from the CTN and the associated
   tunnel setup procedure.  These can broadly be defined into four
   categories such as PANA-assisted proactive IP address acquisition,
   IKE-assisted proactive IP address acquisition, proactive IP address
   acquisition using DHCP only and stateless autoconfiguration.

5.3.1  PANA-assisted proactive IP address acquisition

   In case of PANA-assisted proactive IP address acquisition, the mobile
   node obtains an IP address proactively from a CTN.  The mobile node
   makes use of PANA [I-D.ietf-pana-pana] messages to trigger the
   address acquisition process on the DHCP relay agent that co-locates



Dutta (Ed.), et al.     Expires January 18, 2006               [Page 18]


Internet-Draft                MPA Framework                    July 2005


   with PANA authentication agent in the access router in the CTN.  Upon
   receiving a PANA message from the mobile node, the DHCP relay agent
   performs normal DHCP message exchanges to obtain the IP address from
   the DHCP server in the CTN.  This address is piggy-backed in a PANA
   message and is delivered to the client.  In case of MIPv6 with
   stateless autoconfiguration, the router advertisement from the new
   target network is passed to the client as part of PANA message.
   Mobile uses this prefix and its MAC address to construct the unique
   IPv6 address as it would have done in the new network.  Mobile IPv6
   in stateful mode works very similar to DHCPv4.

5.3.2  IKEv2-assisted proactive IP address acquisition

   IKEv2-assisted proactive IP address acquisition works when an IPsec
   gateway and a DHCP relay agent are resident within each access router
   in the CTN.  In this case, the IPsec gateway and DHCP relay agent in
   a CTN help the mobile node acquire the IP address from the DHCP
   server in the CTN.  The MN-AR key established during the pre-
   authentication phase is used as the IKEv2 pre-shared secret needed to
   run IKEv2 between the mobile node and the access router.  The IP
   address from the CTN is obtained as part of standard IKEv2 procedure,
   with using the co-located DHCP relay agent for obtaining the IP
   address from the DHCP server in the target network using standard
   DHCP.  The obtained IP address is sent back to the client in the
   IKEv2 Configuration Payload exchange.  In this case, IKEv2 is also
   used as the tunnel management protocol for a proactive handover
   tunnel (see Section 5.5).

5.3.3  Proactive IP address acquisition using DHCP only

   As another alternative, DHCP may be used for proactively obtaining an
   IP address from a CTN without relying on PANA or IKEv2-based
   approaches by allowing direct DHCP communication between the mobile
   node and the DHCP relay or DHCP server in the CTN.  In this case, the
   mobile node sends a unicast DHCP message to the DHCP relay agent or
   DHCP server in the CTN requesting an address, while using the address
   associated with the current physical interface as the source address
   of the request.

   When the message is sent to the DHCP relay agent, the DHCP relay
   agent relays the DHCP messages back and forth between the mobile node
   and the DHCP server.  In the absence of a DHCP relay agent the mobile
   can also directly communicate with the DHCP server in the target
   network.  The broadcast option in client's unicast DISCOVER message
   should be set to 0 so that the relay agent or the DHCP server can
   send back the reply directly to the mobile using the mobile node's
   source address.  This mechanism works as well for an IPv6 node using
   stateful configuration.



Dutta (Ed.), et al.     Expires January 18, 2006               [Page 19]


Internet-Draft                MPA Framework                    July 2005


   In order to prevent malicious nodes from obtaining an IP address from
   the DHCP server, DHCP authentication should be used or the access
   router should install a filter to block unicast DHCP message sent to
   the remote DHCP server from mobile nodes that are not pre-
   authenticated.  When DHCP authentication is used, the DHCP
   authentication key may be derived from the MPA-SA established between
   the mobile node and the authentication agent in the candidate target
   network.

   The proactively obtained IP address is not assigned to the mobile
   node's physical interface until the mobile has moved to the new
   network.  The IP address thus obtained proactively from the target
   network should not be assigned to the physical interface but rather
   to a virtual interface of the client.  Thus such a proactively
   acquired IP address via direct DHCP communication between the mobile
   node and the DHCP relay or the DHCP server in the CTN may be carried
   with additional information that is used to distinguish it from other
   address assigned to the physical interface.

   Upon the mobile's entry to the new network, the mobile node can
   perform DHCP over the physical interface to the new network to get
   other configuration parameters such as SIP server, DNS server, etc.,
   by using e.g., DHCP INFORM.  This should not affect the ongoing
   communication between the mobile and correspondent host.  Also, the
   mobile node can perform DHCP over the physical interface to the new
   network to extend the lease of the address that was proactively
   obtained before entering the new network.

5.3.4  Proactive IP address acquisition using stateless
       autoconfiguration

   In case of IPv6, network address configuration is done either using
   DHCPv6 or stateless autoconfiguration.  In order to obtain the new IP
   address proactively, the router advertisement of the next hop router
   can be sent over the established tunnel, and a new IPv6 address is
   generated based on the prefix and MAC address of the mobile.
   Generating a COA from the new network will avoid the time needed to
   obtain an IP address and perform the Duplicate Address Detection.

   In order to maintain the DHCP binding for the mobile node and keep
   track of the dispensed IP address before and after the secure
   proactive handover, the same DHCP client identifier needs to be used
   for the mobile node for both DHCP for proactive IP address
   acquisition and DHCP performed after the mobile node enters the
   target network.  The DHCP client identifier may be the MAC address of
   the mobile node or some other identifier.  In case of stateless
   autoconfiguration, the mobile checks to see the prefix of the router
   advertisement in the new network and matches it with the prefix of



Dutta (Ed.), et al.     Expires January 18, 2006               [Page 20]


Internet-Draft                MPA Framework                    July 2005


   newly assigned IP address.  If these turn out to be the same then the
   mobile does not go through the IP address acquisition phase again.

5.4  Address resolution issues

5.4.1  Proactive duplicate address detection

   When the DHCP server dispenses an IP address, it updates its lease
   table, so that this same address is not given to another client for
   that specific period of time.  At the same time the client also keeps
   a lease table locally so that it can renew when needed.  In some
   cases where a network consists of both DHCP and non-DHCP enabled
   clients, there is a probability that another client with the LAN may
   have been configured with an IP address from the DHCP address pool.
   In such scenario the server does a duplicate address detection based
   on ARP (Address Resolution Protocol) or IPv6 Neighbor Discovery
   before assigning the IP address.  This detection procedure may take
   up to 4 sec to 15 sec [MAGUIRE] and will thus contribute to a larger
   handover delay.  In case of proactive IP address acquisition process,
   this detection is performed ahead of time and thus does not affect
   the handover delay at all.  By performing the duplicate address
   detection ahead of time, we reduce the handover delay factor.

5.4.2  Proactive address resolution update

   During the process of pre-configuration, the address resolution
   mappings needed by the mobile node to communicate with nodes in the
   target network after attaching to the target network can also be
   known, where the nodes may be the access router, authentication
   agent, configuration agent and correspondent node.  There are several
   possible ways of performing such proactive address resolution.


   o  Use an information service mechanism [802.21] to resolve the MAC
      addresses of the nodes.  This might require each node in the
      target network to involve in the information service so that the
      server of the information service can construct the database of
      proactive address resolution.


   o  Extend the authentication protocol used for pre-authentication or
      the configuration protocol used for pre-configuration to support
      proactive address resolution.  For example, if PANA is used as the
      authentication protocol for pre-authentication, PANA messages may
      carry AVPs used for proactive address resolution.  In this case,
      the PANA authentication agent in the target network may perform
      address resolution for on behalf of the mobile node.




Dutta (Ed.), et al.     Expires January 18, 2006               [Page 21]


Internet-Draft                MPA Framework                    July 2005


   o  One can also make use of DNS to map the MAC address of the
      specific interface associated with a specific IP address of the
      network element in the target network.  One may define a new DNS
      resource record (RR) to proactively resolve the MAC addresses of
      the nodes in the target network.  But this approach may have its
      own limitations since a MAC address is a resource that is bound to
      an IP address, not directly to a domain name.

   When the mobile node attaches to the target network, it installs the
   proactively obtained address resolution mappings without necessarily
   performing address resolution query for the nodes in the target
   network.

   On the other hand, the nodes that reside in the target network and
   are communicating with the mobile node should also update their
   address resolution mappings for the mobile node as soon as the mobile
   node attaches to the target network.  The above proactive address
   resolution methods could also be used for those nodes to proactively
   resolve the MAC address of the mobile node before the mobile node
   attaches to the target network.  However, this is not useful since
   the those nodes need to detect the attachment of the mobile node to
   the target network before adopting the proactively resolved address
   resolution mapping.  A better approach would be integration of
   attachment detection and address resolution mapping update.  This is
   based on gratuitously performing address resolution [RFC3344],
   [RFC3775] in which the mobile node sends an ARP Request or an ARP
   Reply in the case of IPv4 or a Neighbor Advertisement in the case of
   IPv6 immediately after the mobile node attaches to the new network so
   that the nodes in the target network can quickly update the address
   resolution mapping for the mobile node.

5.5  Tunnel management

   After an IP address is proactively acquired from the DHCP server in a
   CTN, a proactive handover tunnel is established between the mobile
   node and the access router in the CTN.  The mobile node uses the
   acquired IP address as the tunnel inner address.

   The proactive handover tunnel is established using a tunnel
   management protocol.  When IKEv2 is used for proactive IP address
   acquisition, IKEv2 is also used as the tunnel management protocol.
   Alternatively, when PANA is used for proactive IP address
   acquisition, PANA may be used as the secure tunnel management
   protocol.

   Once the proactive handover tunnel is established between the mobile
   node and the access router in the candidate target network, the
   access router also needs to perform proxy address resolution on



Dutta (Ed.), et al.     Expires January 18, 2006               [Page 22]


Internet-Draft                MPA Framework                    July 2005


   behalf of the mobile node so that it can capture any packets destined
   to the mobile node's new address.

   Since mobile needs to be able to communicate with the correspondent
   node while in the previous network some or all parts of binding
   update and data from the correspondent node to mobile node need to be
   sent back to the mobile node over a proactive handover tunnel.
   Details of these binding update procedure are described in Section
   5.6.

   In order for the traffic to be directed to the mobile node after the
   mobile node attaches to the target network, the proactive handover
   tunnel needs to be deleted or disabled.  The tunnel management
   protocol used for establishing the tunnel is used for this purpose.
   Alternatively, when PANA is used as the authentication protocol the
   tunnel deletion or disabling at the access router can be triggered by
   means of PANA update mechanism as soon as the mobile moves to the
   target network.  A link-layer trigger ensures that the mobile node is
   indeed connected to the target network and can also be used as the
   trigger to delete or disable the tunnel.

5.6  Binding Update

   There are several kinds of binding update mechanisms for different
   mobility management schemes.  In case of Mobile IPv4 and Mobile IPv6,
   the mobile performs binding update with the home agent only, if route
   optimization is not used.  Otherwise, the mobile performs binding
   update with both the home agent (HA) and corresponding node (CN).  In
   case of SIP-based terminal mobility the mobile sends binding update
   using Re-INVITE to the correspondent node and REGISTER message to the
   Registrar.  Based on the distance between the mobile and the
   correspondent node the binding update may contribute to the handover
   delay.  SIP-fast handover [SIPFAST] provides several ways of reducing
   the handover delay due to binding update.  In case of secure
   proactive handover using SIP-based mobility management we rule out
   the delay due to binding update completely, as it takes place in the
   previous network.  Thus this scheme looks more attractive when the
   correspondent node is too far from the communicating mobile node.
   Similarly in case of Mobile IPv6, the mobile sends the newly acquired
   CoA from the target network as the binding update to the HA and CN.
   Also all signaling messages between MN and HA and between MN and CN
   are passed through this proactive tunnel that is set up.  These
   messages include Binding Update (BU), Binding Acknowledgement (BA)
   and the associated return routability messages such as Home Test Init
   (HoTI), Home Test (HoT), Care-of Test Init (CoTI),Care-of Test (COT).
   If the proactive handover tunnel is realized as an IPsec tunnel, it
   will also protect these signaling messages between the tunnel end
   points and will make the return routability test securer.  Any



Dutta (Ed.), et al.     Expires January 18, 2006               [Page 23]


Internet-Draft                MPA Framework                    July 2005


   subsequent data will also be tunneled through as long as the mobile
   is in the previous network.  The accompanying document [I-D.ohba-
   mobopts-mpa-implementation] talks about the details of how binding
   updates and signaling for return routability are sent over the
   secured tunnel.

5.7  Preventing packet loss

   In MPA case we did not observe any packet loss due to IP address
   acquisition, secured authentication and binding update.  However,
   there may be some transient packets during link-layer handover that
   is directed to the mobile node before the mobile node is able to
   attach to the target network.  Those transient packets can be lost.
   Bicasting or buffering the transient packets at the access router can
   be used to minimize or eliminate packet loss.  However, bicasting
   does not eliminate packet loss if link-layer handover is not
   seamlessly performed.  On the other hand, buffering does not reduce
   packet delay.  While packet delay can be compensated by playout
   buffer at the receiver side for streaming application, playout buffer
   does not help much for interactive VoIP application which cannot
   tolerate for large delay jitters.  Thus it is still important to
   optimize the link-layer handover anyway.

   In addtion, the MN may also ensure reachability to the new point of
   attachment before switching from the old one.  This can be done by
   exchanging link-layer management frames with the new point of
   attachment.  This reachability check should be performed as quickly
   as possible.  In order to prevent packet loss during this
   reachability check, transmission of packets over the link between the
   MN and old point of attachment should be suspended by buffering the
   packets at the both ends of the link during the reachability check.
   How to perform this buffering is out of scope of this document.  Some
   of the results using this buffering scheme have been explained in the
   accompanying implementation document.

5.8  Considerations for failed switching and switch-back

   Ping-Pong effect is one of the common problems found during handover
   scenario.  Ping-pong effect arises when a mobile is situated at the
   borderline of the cell or decision point and a handover procedure is
   frequently executed.  This results in higher call drop probability,
   lower connection quality, increased signaling traffic and waste of
   resources.  All of these affect mobility optimization.  Handoff
   algorithms are the deciding factors for performing the handoff
   between the networks.  Traditionally these algorithms employ a
   threshold to compare the values of different metrics to decide on the
   handoff.  These metrics include signal strength, path loss, carrier-
   to-interference ratios (CIR), Signal to Interference Ratios (SIR),



Dutta (Ed.), et al.     Expires January 18, 2006               [Page 24]


Internet-Draft                MPA Framework                    July 2005


   Bit Error Rate (BER), power budget etc.  In order to avoid ping-pong
   effect some additional parameters are employed by the decision
   algorithm such as hystereris margin, dwell timers, and averaging
   window.  For a high moving vehicle, other parameters such as distance
   between the mobile node and the point of attachment, velocity of the
   mobile, location of the mobile, traffic and bandwidth characteristics
   are also taken into account to reduce the ping-pong effect.  Most
   recently there are other handoff algorithms that help reduce the
   ping-pong effect in a heterogeneous network environment that are
   based on techniques such as hypothesis testing, dynamic programming
   and pattern recognition techniques.  While it is important to devise
   smart handoff algorithms to reduce the ping-pong effect, it is also
   important to devise methods to recover from these effect.

   In the case of MPA framework, ping-pong effect will result in the
   back-and-forth movement of the mobile between current network and
   target network and between the candidate target networks.  MPA in its
   current form will be affected because of numerous tunnel setup,
   number of binding updates and associated handoff latency resulting
   out of ping-pong situation.  Since ping-pong effect is related to
   handoff rate, it may also contribute to delay and packet loss.  We
   propose several algorithms that will help reduce the probability of
   ping-pong and propose several methods for the MPA framework so that
   it can recover from the packet loss resulting out of ping-pong
   effect.

   MPA framework can take advantage of the mobile's geo-location with
   respect to APs in the neighboring networks using GPS.  In order to
   avoid the oscillation between the networks, a location-based
   intelligent algorithm can be derived by using a co-relation between
   user's location and cached data from the previous handover attempts.
   In some cases only location may not be the only indicator for a
   handoff decision.  For example in Manhattan type networks, although a
   mobile is close to an AP, it may not have enough SNR (Signal to Noise
   Ration) to make a good connection.  Thus knowledge of mobility
   pattern, dwell time in a call and path identification will help avoid
   the ping-pong problem to a great extent.

   In the absence of a good handoff algorithm that can avoid ping-pong
   effect, it may be required to put in place a good recovery mechanism
   so as to mitigate the effect of Ping-Pong.  It may be necessary to
   keep the established context in the current network for a period of
   time, so that it can be quickly recovered when the mobile comes back
   to the network where the context was last used.  These context may
   include security association, IP address used, tunnels established
   etc.  Bicasting the data to both previous network and new network for
   a predefined period will also the mobile help take care of the lost
   packets in case the mobile moves back and forth between the networks.



Dutta (Ed.), et al.     Expires January 18, 2006               [Page 25]


Internet-Draft                MPA Framework                    July 2005


   The mobile should be able to determine if it is in a stable state
   with respect to ping-pong situation.

5.9  Link-layer security and mobility

   Using the MPA-SA established between the mobile node and the
   authentication agent for a CTN, during the pre-authentication phase,
   it is possible to bootstrap link-layer security in the CTN while the
   mobile node is in the current network in the following way.

   (1) The authentication agent and the mobile node derives a PMK (Pair-
   wise Master Key) [I-D.ietf-eap-keying] using the MPA-SA that is
   established as a result of successful pre-authentication.  Executions
   of EAP and an AAA protocol may be involved during pre-authentication
   to establish the MPA-SA.  From the PMK, distinct TSKs (Transient
   Session Keys) [I-D.ietf-eap-keying] for the mobile node are directly
   or indirectly derived for each point of attachment of the CTN.

   (2) The authentication agent may install the keys derived from the
   PMK and used for secure association to points of attachment.  The
   derived keys may be TSKs or intermediary keys from which TSKs are
   derived.

   (3) After the mobile node chooses a CTN as the target network and
   switches to a point of attachment in the target network (which now
   becomes the new network for the mobile node), it executes a secure
   association protocol such as IEEE 802.11i 4-way handshake [802.11i]
   using the PMK in order to establish PTKs (Pair-wise Transient Keys)
   and GTKs (Group Transient Keys) [I-D.ietf-eap-keying] used for
   protecting link-layer packets between the mobile node and the point
   of attachment.  No additional execution of EAP authentication is
   needed here.

   (4) While the mobile node is roaming in the new network, the mobile
   node only needs to perform a secure association protocol with its
   point of attachment point and no additional execution of EAP
   authentication is needed either.  Integration of MPA with link-layer
   handover optimization mechanisms such as 802.11r can be archived this
   way.

   The mobile node may need to know the link-layer identities of the
   point of attachments in the CTN to derive TSKs.  If PANA is used as
   the authentication protocol for pre-authentication, this is possible
   by carrying Device-Id AVPs in the PANA-Bind-Request message sent from
   the PAA [I-D.ietf-pana-pana], with each AVP containing the BSSID of a
   distinct access point.





Dutta (Ed.), et al.     Expires January 18, 2006               [Page 26]


Internet-Draft                MPA Framework                    July 2005


    _________________        ____________________________
   | Current Network |      |           CTN              |
   |   ____          |      |                 ____       |
   |  |    |      (1) pre-authentication     |    |      |
   |  | MN |<------------------------------->| AA |      |
   |  |____|         |      |                |____|      |
   |    .            |      |                  |         |
   |    .            |      |                  |         |
   |____.____________|      |                  |         |
        .movement           |                  |(2) Keys |
    ____.___________________|                  |         |
   |   _v__                      _____         |         |
   |  |    |(3) secure assoc.   |     |        |         |
   |  | MN |<------------------>| AP1 |<-------+         |
   |  |____|                    |_____|        |         |
   |    .                                      |         |
   |    .movement                              |         |
   |    .                                      |         |
   |    .                                      |         |
   |   _v__                      _____         |         |
   |  |    |(4) secure assoc.   |     |        |         |
   |  | MN |<------------------>| AP2 |<-------+         |
   |  |____|                    |_____|                  |
   |_____________________________________________________|

                Figure 3: Bootstrapping Link-layer Security


5.10  Authentication in initial network attachment

   When the mobile node initially attaches to a network, network access
   authentication would occur regardless of the use of MPA.  The
   protocol used for network access authentication when MPA is used for
   handover optimization can be a link-layer network access
   authentication protocol such as IEEE 802.1X or a higher-layer network
   access authentication protocol such as PANA.















Dutta (Ed.), et al.     Expires January 18, 2006               [Page 27]


Internet-Draft                MPA Framework                    July 2005


6.  Security Considerations

   This document describes a framework of a secure handover optimization
   mechanism based on performing handover-related signaling between a
   mobile node and one or more candidate target networks to which the
   mobile node may move in the future.  This framework involves
   acquisition of the resources from the CTN as well as data packet
   redirection from the CTN to the mobile node in the current network
   before the mobile node physically connects to one of those CTN.

   Acquisition of the resources from the candidate target networks must
   accompany with appropriate authentication and authorization
   procedures in order to prevent unauthorized mobile node from
   obtaining the resources.  For this reason, it is important for the
   MPA framework to perform pre-authentication between the mobile node
   and the candidate target networks.  The MN-CA key and the MN-AR key
   generated as a result of successful pre-authentication can protect
   subsequent handover signaling packets and data packets exchanged
   between the mobile node and the MPA functional elements in the CTN's.

   The MPA framework also addresses security issues when the handover is
   performed across multiple administrative domains.  With MPA, it is
   possible for handover signaling to be performed based on direct
   communication between the mobile node and routers or mobility agents
   in the candidate target networks.  This eliminates the need for a
   context transfer protocol for which known limitations exist in terms
   of security and authorization.  [I-D.ietf-eap-keying].  For this
   reason, the MPA framework does not require trust relationship among
   administrative domains or access routers, which makes the framework
   more deployable in the Internet without compromising the security in
   mobile environments.




















Dutta (Ed.), et al.     Expires January 18, 2006               [Page 28]


Internet-Draft                MPA Framework                    July 2005


7.  IANA Considerations

   This document has no actions for IANA.
















































Dutta (Ed.), et al.     Expires January 18, 2006               [Page 29]


Internet-Draft                MPA Framework                    July 2005


8.  Acknowledgments

   We would like to thank Farooq Anjum and Raziq Yakub for their review
   of this document, and Subir Das for standardization support in the
   IEEE 802.21 WG.














































Dutta (Ed.), et al.     Expires January 18, 2006               [Page 30]


Internet-Draft                MPA Framework                    July 2005


9.  References

9.1  Normative References

   [RFC2026]  Bradner, S., "The Internet Standards Process -- Revision
              3", BCP 9, RFC 2026, October 1996.

   [RFC3978]  Bradner, S., "IETF Rights in Contributions", BCP 78,
              RFC 3978, March 2005.

   [RFC3344]  Perkins, C., "IP Mobility Support for IPv4", RFC 3344,
              August 2002.

   [RFC3748]  Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., and H.
              Levkowetz, "Extensible Authentication Protocol (EAP)",
              RFC 3748, June 2004.

   [RFC3775]  Johnson, D., Perkins, C., and J. Arkko, "Mobility Support
              in IPv6", RFC 3775, June 2004.

   [I-D.ietf-mobileip-lowlatency-handoffs-v4]
              Malki, K., "Low latency Handoffs in Mobile IPv4",
              draft-ietf-mobileip-lowlatency-handoffs-v4-09 (work in
              progress), June 2004.

   [I-D.ietf-mipshop-fast-mipv6]
              Koodli, R., "Fast Handovers for Mobile IPv6",
              draft-ietf-mipshop-fast-mipv6-03 (work in progress),
              October 2004.

   [I-D.ietf-seamoby-card-protocol]
              Liebsch, M., "Candidate Access Router Discovery",
              draft-ietf-seamoby-card-protocol-08 (work in progress),
              September 2004.

   [I-D.ietf-seamoby-ctp]
              Loughney, J., "Context Transfer Protocol",
              draft-ietf-seamoby-ctp-11 (work in progress), August 2004.

   [I-D.ietf-eap-keying]
              Aboba, B., "Extensible Authentication Protocol (EAP) Key
              Management Framework", draft-ietf-eap-keying-06 (work in
              progress), April 2005.

   [I-D.ietf-pana-pana]
              Forsberg, D., "Protocol for Carrying Authentication for
              Network Access (PANA)", draft-ietf-pana-pana-09 (work in
              progress), July 2005.



Dutta (Ed.), et al.     Expires January 18, 2006               [Page 31]


Internet-Draft                MPA Framework                    July 2005


   [RG98]     ITU-T, "General Characteristics of International Telephone
              Connections and International Telephone Circuits: One-Way
              Transmission Time", ITU-T Recommendation G.114 1998.

   [ITU98]    ITU-T, "The E-Model, a computational model for use in
              transmission planning", ITU-T Recommendation G.107 1998.

   [ETSI]     ETSI, "Telecommunications and Internet Protocol
              Harmonization Over Networks (TIPHON) Release 3: End-to-end
              Quality of Service in TIPHON systems; Part 1: General
              aspects of Quality of Service.", ETSI TR 101 329-6 V2.1.1.

9.2  Informative References

   [I-D.ietf-mobike-design]
              Kivinen, T. and H. Tschofenig, "Design of the MOBIKE
              protocol", draft-ietf-mobike-design-02 (work in progress),
              February 2005.

   [I-D.ietf-hip-base]
              Moskowitz, R., "Host Identity Protocol",
              draft-ietf-hip-base-03 (work in progress), June 2005.

   [RFC2679]  Almes, G., Kalidindi, S., and M. Zekauskas, "A One-way
              Delay Metric for IPPM", RFC 2679, September 1999.

   [RFC2680]  Almes, G., Kalidindi, S., and M. Zekauskas, "A One-way
              Packet Loss Metric for IPPM", RFC 2680, September 1999.

   [RFC2681]  Almes, G., Kalidindi, S., and M. Zekauskas, "A Round-trip
              Delay Metric for IPPM", RFC 2681, September 1999.

   [RFC1853]  Simpson, W., "IP in IP Tunneling", RFC 1853, October 1995.

   [RFC3046]  Patrick, M., "DHCP Relay Agent Information Option",
              RFC 3046, January 2001.

   [I-D.ietf-dhc-rapid-commit-opt]
              Kim, P., Volz, B., and S. Park, "Rapid Commit Option for
              DHCPv4", draft-ietf-dhc-rapid-commit-opt-05 (work in
              progress), June 2004.

   [I-D.ohba-mobopts-mpa-implementation]
              Ohba, Y., "Media-Independent Pre-Authentication (MPA)
              Implementation Results",
              draft-ohba-mobopts-mpa-implementation-00 (work in
              progress), June 2005.




Dutta (Ed.), et al.     Expires January 18, 2006               [Page 32]


Internet-Draft                MPA Framework                    July 2005


   [I-D.wakikawa-mobileip-multiplecoa]
              Wakikawa, R., "Multiple Care-of Addresses Registration",
              draft-wakikawa-mobileip-multiplecoa-04 (work in progress),
              June 2005.

   [SIPMM]    Schulzrinne, H. and E. Wedlund, "Application Layer
              Mobility Using SIP",  ACM MC2R.

   [CELLIP]   Cambell, A., Gomez, J., Kim, S., Valko, A., and C. Wan,
              "Design, Implementation, and Evaluation of Cellular IP",
              IEEE Personal communication Auguest 2000.

   [HAWAII]   Ramjee, R., Porta, T., Thuel, S., Varadhan, K., and S.
              Wang, "HAWAII: A Domain-based Approach for Supporting
              Mobility in Wide-area Wireless networks", International
              Conference on Network Protocols ICNP'99.

   [IDMP]     Das, S., Dutta, A., Misra, A., and S. Das, "IDMP: An
              Intra-Domain Mobility Management Protocol for Next
              Generation Wireless Networks", IEEE Wireless Communication
              Magazine October 2000.

   [I-D.ietf-mobileip-reg-tunnel]
              Calhoun, P., Montenegro, G., Perkins, C., and E.
              Gustafsson, "Mobile IPv4 Regional Registration",
              draft-ietf-mobileip-reg-tunnel-09 (work in progress),
              July 2004.

   [YOKOTA]   Yokota, H., Idoue, A., and T. Hasegawa, "Link Layer
              Assisted Mobile IP Fast Handoff Method over Wireless LAN
              Networks", Proceedings of ACM Mobicom 2002.

   [MACD]     Shin, S., "Reducing MAC Layer Handoff Latency in IEEE
              802.11 Wireless LANs", MOBIWAC Workshop .

   [SUM]      Dutta, A., Zhang, T., Madhani, S., Taniuchi, K., Ohba, Y.,
              and H. Schulzrinne, "Secured Universal Mobility",
              WMASH 2004.

   [SIPFAST]  Dutta, A., Madhani, S., and H. Schulzrinne, "Fast handoff
              Schemes for Application Layer Mobility Management",
              PIMRC 2004.

   [MITH]     Gwon, Y., Fu, G., and R. Jain, "Fast Handoffs in Wireless
              LAN Networks using Mobile initiated Tunneling Handoff
              Protocol for IPv4 (MITHv4)", Wireless Communications and
              Networking 2003, January 2005.




Dutta (Ed.), et al.     Expires January 18, 2006               [Page 33]


Internet-Draft                MPA Framework                    July 2005


   [802.21]   "Draft IEEE Standard for Local and Metropolitan Area
              Networks:  Media Independent Handover Services, IEEE
              P802.21/D00.01,", A contribution to IEEE 802.21 WG ,
              July 2005.

   [802.11]   "IEEE Wireless LAN Edition A compilation based on IEEE Std
              802.11-1999(R2003)", Institute of Electrical and
              Electronics Engineers September 2003.

   [GPSIP]    Dutta, A., "GPS-IP based fast-handoff for Mobiles",
              NYMAN 2003.

   [MAGUIRE]  Vatn, J. and G. Maguire, "The effect of using co-located
              care-of-address on macro handover latency", 14th Nordic
              Teletraffic Seminar 1998.


Authors' Addresses

   Ashutosh Dutta
   Telcordia Technologies
   1 Telcordia Drive
   Piscataway, NJ  08854
   USA

   Phone: +1 732 699 3130
   Email: adutta@research.telcordia.com


   Victor Fajardo
   Toshiba America Research, Inc.
   1 Telcordia Drive
   Piscataway, NJ  08854
   USA

   Phone: +1 732 699 5368
   Email: vfajardo@tari.toshiba.com


   Yoshihiro Ohba
   Toshiba America Research, Inc.
   1 Telcordia Drive
   Piscataway, NJ  08854
   USA

   Phone: +1 732 699 5305
   Email: yohba@tari.toshiba.com




Dutta (Ed.), et al.     Expires January 18, 2006               [Page 34]


Internet-Draft                MPA Framework                    July 2005


   Kenichi Taniuchi
   Toshiba America Research, Inc.
   1 Telcordia Drive
   Piscataway, NJ  08854
   USA

   Phone: +1 732 699 5308
   Email: ktaniuchi@tari.toshiba.com


   Henning Schulzrinne
   Columbia University
   Department of Computer Science
   450 Computer Science Building
   New York, NY  10027
   USA

   Phone: +1 212 939 7004
   Email: hgs@cs.columbia.edu
































Dutta (Ed.), et al.     Expires January 18, 2006               [Page 35]


Internet-Draft                MPA Framework                    July 2005


Intellectual Property Statement

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at
   ietf-ipr@ietf.org.


Disclaimer of Validity

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.


Copyright Statement

   Copyright (C) The Internet Society (2005).  This document is subject
   to the rights, licenses and restrictions contained in BCP 78, and
   except as set forth therein, the authors retain all their rights.


Acknowledgment

   Funding for the RFC Editor function is currently provided by the
   Internet Society.




Dutta (Ed.), et al.     Expires January 18, 2006               [Page 36]