Network Working Group B. Sarikaya
Internet-Draft F. Xia
Expires: May 12, 2008 Huawei USA
November 9, 2007
DHCPv6 Based Home Network Prefix Delegation for PMIPv6
draft-sarikaya-netlmm-prefix-delegation-01.txt
Status of this Memo
By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on May 12, 2008.
Copyright Notice
Copyright (C) The IETF Trust (2007).
Sarikaya & Xia Expires May 12, 2008 [Page 1]
Internet-Draft Prefix Delegation November 2007
Abstract
In Proxy Mobile IPv6, one prefix can only be assigned to one
interface of a mobile node by the local mobility anchor (LMA) and
different mobile nodes can not share this home network prefix.
Managing per-MN's interface home network prefixes is likely to
increase the processing load at the LMA. Based on the idea that
Dynamic Host Configuration Protocol for IPv6 (DHCPv6) servers can
manage prefixes, we propose a new technique in which LMA offloads
delegation and release tasks of the prefixes to the DHCPv6 server.
LMA requests a prefix for an incoming mobile node to the DHCPv6
server. Based on this prefix, the mobile node can create a home
address for its interface. When the mobile station leaves the
network, the prefix is returned to the DHCPv6 server.
Authentication, Authorization and Accounting (AAA) servers can also
play a role in prefix delegation.
Sarikaya & Xia Expires May 12, 2008 [Page 2]
Internet-Draft Prefix Delegation November 2007
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4
3. PMIPv6 Home Network Prefix Delegation . . . . . . . . . . . . 5
4. AAA Servers in Home Network Prefix Delegation . . . . . . . . 7
5. Prefix Release Procedure . . . . . . . . . . . . . . . . . . . 9
6. Miscellaneous Considerations . . . . . . . . . . . . . . . . . 9
7. Security Considerations . . . . . . . . . . . . . . . . . . . 10
8. IANA consideration . . . . . . . . . . . . . . . . . . . . . . 10
9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 10
10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 10
10.1. Normative References . . . . . . . . . . . . . . . . . . 10
10.2. Informative References . . . . . . . . . . . . . . . . . 11
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 11
Intellectual Property and Copyright Statements . . . . . . . . . . 13
Sarikaya & Xia Expires May 12, 2008 [Page 3]
Internet-Draft Prefix Delegation November 2007
1. Introduction
Proxy Mobile IPv6 (PMIPv6) provides network-based mobility solution
to the mobile nodes (MN). MN configures its interface with an
address from the home network prefix (HNP) topologically anchored at
MN's local mobility anchor (LMA). PMIPv6 adopted per-MN's interface
prefix model where a prefix is only assigned to one interface of MN.
Different interfaces of the same MN and other MNs can not share a
prefix, and multiple prefixes can be assigned to an interface. The
same applies to Mobile IPv6 where due to multi-link subnet issues
per-MN's interface prefixes must be used in assigning home link
prefixes. However, in per interface prefix model, prefix management
is an issue that is addressed in this document for PMIPv6. MIPv6
prefix management is not addressed in this document.
When an MN enters the network, its LMA requests one or more prefixes
for the MN's interface. The prefixes should be released when MN
leaves the network. When an operator wants to renumber its network
[RFC4192], the prefixes with different lifetime are advertised to the
MN.
Identity Association for Prefix Delegation (IA_PD) Option enables
DHCP messages to carry IPv6 prefixes. The procedure for prefix
delegation with DHCP which is independent of address assignment with
DHCP has been defined in [RFC3633]. Therefore DHCPv6 provides a way
to manage the prefixes. AAA protocols, RADIUS or Diameter, can be
involved in prefix allocation as defined in [RFC4818].
In this document we propose DHCPv6 based home network prefix
allocation to PMIPv6 MNs. Section 3 describes PMIPv6 home network
prefix allocation, Section 4 describes PMIPv6 home network prefix
allocation with the help of AAA servers, Section 5 describes how
prefixes are released and Section 6 presents miscellaneous
considerations that apply.
2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in BCP 14 [RFC2119].
This document uses the terminology defined in [RFC3315], [RFC3633].
All MIPv6 related terms are defined in [RFC3775] and PMIPv6 related
terms are defined in [I-D.ietf-netlmm-proxymip6].
Sarikaya & Xia Expires May 12, 2008 [Page 4]
Internet-Draft Prefix Delegation November 2007
3. PMIPv6 Home Network Prefix Delegation
We first describe HNP allocation without policy profile/ store
(defined in [I-D.ietf-netlmm-proxymip6]) followed by policy store
based HNP allocation using DHCP.
MN MAG LMA DHCPS
|------>| | | 1. RtSol
| |------->| | 2. PBU (HNP=0)
| | |------->| 3. DHCP Solicit
| | |<-------| 4. DHCP Advertise
| | |------->| 5. DHCP Request (HNP)
| | |<-------| 6. DHCP Reply (HNP)
| |<-------| | 7. PBA (HNP)
|<------| | | 8. RA(HNP)
|------>| | | 9. DAD NS
Figure 1: Prefix request procedure 1
Figure 1 illustrates the scenario where MN's interface is assigned a
home network prefix without a policy store. In this scenario, LMA
has a DHCP Client and DHCP Server is connected directly. DHCP
messages need to be relayed using DHCP relay function in the LMA if
the LMA and DHCP server are not connected directly.
1. An MN solicits a router advertisement (RtSol) for stateless
address configuration.
2. Mobile Access Gateway (MAG) sends Proxy Binding Update (PBU)
message to LMA and with HNP to zero.
3. LMA as the requesting router initiates DHCP Solicit procedure to
request prefixes for the MN. LMA creates and transmits a Solicit
message as described in sections 17.1.1, "Creation of Solicit
Messages" and 17.1.2, "Transmission of Solicit Messages" of RFC
3315. LMA creates an IA_PD and assigns it an IAID. LMA MUST
include the IA_PD option in the Solicit message.
4. The DHCP server as the delegating router sends an Advertise
message to LMA in the same way as described in section 17.2.2,
"Creation and transmission of Advertise messages" of RFC 3315.
5. LMA uses the same message exchanges as described in section 18,
"DHCP Client-Initiated Configuration Exchange" of RFC 3315 to
obtain or update prefixes from a DHCP server. LMA and the DHCP
server use the IA_PD Prefix option to exchange information about
prefixes in much the same way as IA Address options are used for
assigned addresses.
6. LMA stores the prefix information it received in the Reply
message.
Sarikaya & Xia Expires May 12, 2008 [Page 5]
Internet-Draft Prefix Delegation November 2007
7. LMA replies PBU with Proxy Binding Acknowledgement (PBA) and sets
MN's prefix to HNP field of PBA.
8. MAG advertises prefixes to MN with Router Advertisement (RA) for
stateless address configuration.
9. The MN starts verifying address uniqueness by sending a Duplicate
Address Detection (DAD) Neighbor Solicitation (NS) message.
Policy store based home network prefix allocation using DHCP can be
done as shown in Figure 2. Policy store contains parameters such as
the mobile node's home network prefix, permitted address
configuration modes, roaming policy related and other parameters.
MN MAG LMA AAA
|-------|--------|-----------------| 1. Network entry
| |<-------|---------------->| 2. IKEv2 SA Establishment
| |------->| | 3. IKEv2 CFG_REQUEST
| |--------|-----------------| 4. IKEv2 EAP Authentication
| | DHCPS
| | |------->| | 5. DHCP Solicit
| | |<-------| | 6. DHCP Advertise
| | |------->| | 7. DHCP Request (HNP)
| | |<-------| | 8. DHCP Reply (HNP)
| |<-------|<-------|--------| 9. IKEv2/EAP Success
|<------| | | | 10. RA (HNP)
|------>| | | | 11. DAD NS
| |------->| | | 12. PBU (HNP)
| |<-------| | | 13. PBA
| | | | |
Figure 2: Prefix request procedure 2
1. An MN boots up in the network. DHCP Server in Figure 2 is not
involved in the network entry procedures.
2. The MAG starts IKEv2 procedures to establish a security
association with the LMA [I-D.ietf-dime-mip6-split].
3. MAG requests a prefix for MN's interface using CFG_REQUEST
payload in the message.
4. MAG and LMA authenticate each other using EAP. At this moment
LMA is ready to assign a prefix using DHCP PD.
5. Step 3 in Figure 1.
6. Step 4 in Figure 1.
7. Step 5 in Figure 1.
8. Step 6 in Figure 1.
9. EAP success is indicated by AAA server to LMA and LMA sends
IKEv2 message with MN's profile containing MN's prefix to MAG.
Successful network entry terminates and MAG gets HNP.
Sarikaya & Xia Expires May 12, 2008 [Page 6]
Internet-Draft Prefix Delegation November 2007
10. MAG advertises prefixes to MN with RA for stateless address
configuration.
11. The MN starts verifying address uniqueness by sending a DAD NS.
12. MAG sends PBU with HNP assigned.
13. LMA replies with PBA and establishes MAG-LMA tunnel.
If stateful address configuration is used in PMIPv6 links, prefix
allocation using DHCPv6 can be done as shown in Figure 3. Here it is
assumed that MAG and LMA already established a security association.
MN MAG LMA AAA
|-------|--------|-----------------|1. Network entry
|<------|<-------|---------------->|2. EAP Access Authentication
| |<-------|-----------------|3. EAP Success + Profile
| |------->| |4. PBU (HNP=0)
| | DHCPS
| | |------->| |5. DHCP Solicit
| | |<-------| |6. DHCP Advertise
| | |------->| |7. DHCP Request (HNP)
| | |<-------| |8. DHCP Reply (HNP)
| |<-------| | |9. PBA (HNP)
|<------|<-------|<-------|--------|10. Profile Complete
|------>| | | |11. DHCP Request
|<------| | | |12. DHCP Reply
Figure 3: Prefix request procedure 3
In Steps 1-3, MN does network entry and MAG receives the
authorization profile from AAA server after successful EAP exchanges.
In Step 4, MAG sends a PBU with HNP field set to zero. In Steps 5-8,
LMA assigns its HNP using DHCPv6. LMA replies with PBA and sets its
HNP parameter in Step 9. IN Step 10, EAP authentication and profile
acquisition is completed. In Step 11, MN requests an address from
the local DHCP proxy/ server colocated in MAG. DHCP Proxy assigns
MN-HoA from this prefix and sends it to MN in DHCP Reply in Step 12.
4-way exchange between LMA as requesting router (RR) and DHCP server
as delegating router (DR) in the scenarios above MAY be reduced into
a two message exchange using the Rapid Commit option [RFC3315]. LMA
includes a Rapid Commit option in the Solicit message. DR then sends
a Reply message containing one or more prefixes.
4. AAA Servers in Home Network Prefix Delegation
Currently, there is no protocol defined for AAA-based prefix
delegation. [RFC4818] defines a RADIUS attribute called Delegated-
IPv6-Prefix that carries IPv6 prefixes to be delegated. This
Sarikaya & Xia Expires May 12, 2008 [Page 7]
Internet-Draft Prefix Delegation November 2007
attribute is usable within either RADIUS or Diameter. [RFC4818]
recommends the delegating router to use AAA server to receive the
prefixes to be delegated using Delegated-IPv6-Prefix attribute/AVP.
Delegating router for PMIPv6 can use AAA server in two ways: Either
it can receive a pool of prefixes from the AAA server initially by
way of Framed-IPv6-Prefix attribute and then delegate each prefix on
demand using the scenarios described in Section 3 or it can get the
prefixes from the AAA server for each MN's interface separately by
way of Delegated-IPv6-Prefix attribute.
Figure 4 shows AAA-involved DHCP PD for Figure 1.
MN MAG LMA DHCPS AAA
|------>| | | | 1. RtSol
| |------->| | | 2. PBU (HNP=0)
| | |========| | DHCP PD Start
| | | |------->| 3. AA-Request
| | | |<-------| 4. AA-Answer (HNP)
| | |========| | DHCP PD End
| |<-------| | | 5. PBA (HNP)
|<------| | | | 6. RA(HNP)
|------>| | | | 7. DAD NS
Figure 4: AAA-involved Prefix request procedure
1. MN solicits a router advertisement.
2. MAG sends PBU to LMA and sets HNP to zero.
3. LMA as Diameter client sends AA-Request message with an MN's
information to Diameter server.
4. If the MN passes the authentication, the Diameter server sends
AA-Answer message with prefix information to the LMA. The
Delegated-IPv6-Prefix attribute MAY appear in an AA-Request
packet as a hint by the LMA to the Diameter server that it would
prefer a prefix, for example, a /48 prefix. The Diameter server
MAY delegate a /64 prefix which is an extension of the /48 prefix
in an AA-Request message containing Delegated-IPv6-Prefix
attribute. The attribute can appear multiple times when RADIUS
server assigns multiple prefixes to MN.
5. Step 7 in Figure 1.
6. Step 8 in Figure 1.
7. Step 9 in Figure 1.
The procedure for AAA-involved DHCP PD corresponding to the scenarios
of Figure 2 and Figure 3 can be similarly obtained.
Sarikaya & Xia Expires May 12, 2008 [Page 8]
Internet-Draft Prefix Delegation November 2007
5. Prefix Release Procedure
MN MAG LMA DHCPS
|------>| | | 1. Network exit/deregistration
| |------->| | 2. PBU (lifetime=0)
| |<-------| | 3. PBA
| | |------->| 4. DHCP Release (HNP)
| | |<------ | 5. DHCP Reply
| | | |
Figure 5: PMIPv6 Prefix Release
Prefixes can be released in two ways, prefix aging or DHCP release
procedure. In the former way, a prefix SHOULD not be used by an MN
when the prefix ages, and the DHCP Server can delegate it to another
MN. A prefix lifetime is delivered from the DHCPv6 server to the
requesting router (LMA) through DHCP IA_PD Prefix option [RFC3633]
and RA Prefix Information option [RFC4861].
We describe PMIPv6 prefix release procedure.
Figure 5 illustrates how LMA releases prefixes to an DHCP Server:
1. An MN detachment signaling, such as switch-off or handover,
triggers prefix release procedure.
2. MAG sends PBU with lifetime set to zero.
3. LMA replies with PBA.
4. LMA initiates a Release message to give back the prefixes to the
DHCP server.
5. The server responds with a Reply message, and then the prefixes
can be reused by other MNs.
If PMIPv6 and MIPv6 are being used by the same MN and HA also
supports LMA functionality as described in
[I-D.devarapalli-netlmm-pmipv6-mipv6] the same binding cache entry
for the MN is sometimes modified by the MN or by a MAG. Because of
this, at Step 4 in Figure 5, if the HA colocated with LMA receives a
MIPv6 registration BU, LMA MUST not release the prefix(es).
6. Miscellaneous Considerations
The considerations on how to generate IAIDs and to delegate prefixes
described in [I-D.sarikaya-16ng-prefix-delegation] on the access
routers (AR) apply here on the local mobility anchors (LMA).
Sarikaya & Xia Expires May 12, 2008 [Page 9]
Internet-Draft Prefix Delegation November 2007
7. Security Considerations
This draft introduces no additional messages. Comparing to
[RFC3633], [RFC2865] and [RFC3588] there is no additional threats to
be introduced. DHCPv6, RADIUS and Diameter security procedures
apply.
8. IANA consideration
None.
9. Acknowledgements
10. References
10.1. Normative References
[I-D.ietf-netlmm-proxymip6]
Gundavelli, S., Leung, K., Devarapalli, V., Chowdhury, K.,
and B. Patil, "Proxy Mobile IPv6",
draft-ietf-netlmm-proxymip6-07 (work in progress),
November 2007.
[I-D.sarikaya-16ng-prefix-delegation]
Sarikaya, B. and F. Xia, "Using DHCPv6 and AAA Server for
Mobile Station Prefix Delegation",
draft-sarikaya-16ng-prefix-delegation-01 (work in
progress), March 2007.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson,
"Remote Authentication Dial In User Service (RADIUS)",
RFC 2865, June 2000.
[RFC2866] Rigney, C., "RADIUS Accounting", RFC 2866, June 2000.
[RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C.,
and M. Carney, "Dynamic Host Configuration Protocol for
IPv6 (DHCPv6)", RFC 3315, July 2003.
[RFC3576] Chiba, M., Dommety, G., Eklund, M., Mitton, D., and B.
Aboba, "Dynamic Authorization Extensions to Remote
Authentication Dial In User Service (RADIUS)", RFC 3576,
Sarikaya & Xia Expires May 12, 2008 [Page 10]
Internet-Draft Prefix Delegation November 2007
July 2003.
[RFC3588] Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J.
Arkko, "Diameter Base Protocol", RFC 3588, September 2003.
[RFC3633] Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic
Host Configuration Protocol (DHCP) version 6", RFC 3633,
December 2003.
[RFC3775] Johnson, D., Perkins, C., and J. Arkko, "Mobility Support
in IPv6", RFC 3775, June 2004.
[RFC4818] Salowey, J. and R. Droms, "RADIUS Delegated-IPv6-Prefix
Attribute", RFC 4818, April 2007.
[RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman,
"Neighbor Discovery for IP version 6 (IPv6)", RFC 4861,
September 2007.
10.2. Informative References
[I-D.devarapalli-netlmm-pmipv6-mipv6]
Devarapalli, V., "Proxy Mobile IPv6 and Mobile IPv6
interworking", draft-devarapalli-netlmm-pmipv6-mipv6-01
(work in progress), April 2007.
[I-D.ietf-dime-mip6-split]
Korhonen, J., Tschofenig, H., Bournelle, J., Giaretta, G.,
and M. Nakhjiri, "Diameter Mobile IPv6: Support for Home
Agent to Diameter Server Interaction",
draft-ietf-dime-mip6-split-05 (work in progress),
September 2007.
[RFC4192] Baker, F., Lear, E., and R. Droms, "Procedures for
Renumbering an IPv6 Network without a Flag Day", RFC 4192,
September 2005.
Authors' Addresses
Behcet Sarikaya
Huawei USA
1700 Alma Dr. Suite 500
Plano, TX 75075
Email: sarikaya@ieee.org
Sarikaya & Xia Expires May 12, 2008 [Page 11]
Internet-Draft Prefix Delegation November 2007
Frank Xia
Huawei USA
1700 Alma Dr. Suite 500
Plano, TX 75075
Phone: +1 972-509-5599
Email: xiayangsong@huawei.com
Sarikaya & Xia Expires May 12, 2008 [Page 12]
Internet-Draft Prefix Delegation November 2007
Full Copyright Statement
Copyright (C) The IETF Trust (2007).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
Acknowledgment
Funding for the RFC Editor function is provided by the IETF
Administrative Support Activity (IASA).
Sarikaya & Xia Expires May 12, 2008 [Page 13]