Mobile IP Working Group                                     B. Sarikaya
Internet Draft                                              Xiaofeng Xu
Document: draft-sarikaya-seamoby-mipv6hp-00.txt       Vinod Kumar Choyi
Category: Standards track                              Andrew Krywaniuk
                                                                Alcatel
                                                    Claude Castelluccia
                                                      Inria Rhone-Alpes
                                                         September 2001


                     Mobile IPv6 Hierarchical Paging
                   draft-sarikaya-seamoby-mipv6hp-00.txt


Status of this Memo

   This document is an Internet-Draft and is in full conformance with
   all provisions of Section 10 of RFC2026.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups. Note that other
   groups may also distribute working documents as Internet-Drafts.
   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time. It is inappropriate to use Internet- Drafts as reference
   material or to cite them other than as "work in progress."
   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt
   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This document is an individual submission for the mobile-ip Working
   Group of the Internet Engineering Task Force (IETF).  Comments should
   be submitted to the MOBILE-IP@STANDARDS.NORTELNETWORKS.COM mailing
   list.

   Distribution of this memo is unlimited.

Abstract

   This document specifies Hierarchical Mobile IPv6 Hierarchical Paging
   (HMIPv6HP), an IP host alerting protocol which is an extension to
   Hierarchical Mobile IPv6. The extension allows a mobile node to enter
   a power saving dormant mode during which its location is known with
   coarse accuracy defined by a paging area. In the visited domain only
   the paging mobility anchor point (PMAP) is responsible for keeping
   the binding cache entries for dormant mobile nodes and, it re-
   establishes the downlink routes on demand by means of paging. Paging
   is initiated by the paging agent (PA) and the access routers in
   paging areas and does not involve periodic layer 3 messages to be
   sent except for time-slot based paging which is optional and is to be
   used on links with no support for layer 2 paging. The protocol works
   with layer 2 paging areas if they are supported.

Sarikaya, Xu, Choyi, Krywaniuk, Castelluccia                          1

    Mobile IPv6 Hierarchical Paging     September 2001




Table of Contents

Status of this Memo............................................1
Abstract.......................................................1
Table of Contents..............................................2
1. Introduction................................................3
2. Terms.......................................................3
3. Protocol Operation..........................................5
   3.1. Paging Area Discovery..................................5
   3.1.1 Moving in Paging Areas ...............................6
   3.2. Entering Dormant Mode..................................7
   3.3. Paging.................................................8
   3.3.1 Time-slot Based Paging ..............................10
   3.4. Entering Active Mode..................................10
   3.5. Dynamic PMAP Discovery................................11
4. Protocol Extensions........................................11
   4.1. Paging Area ID Extension.................. ...........11
   4.2. Advertisement Interval Extension......................12
   4.3. Dormant Mode Request Extension........................13
   4.4. Dormant Mode Reply Extension..........................14
   4.5. Paging Request Message................................15
   4.6  Paging Reply Message .................................17
   4.7. Paged Mobile Node Address Extension...................18
5. IANA Considerations........................................19
6. Security Considerations....................................19
7  Future revisions ..........................................21
8. References.................................................21
Authors' Addresses............................................22



















Sarikaya, Xu, Choyi, Krywaniuk, Castelluccia        Expires March 2002   2

    Mobile IPv6 Hierarchical Paging     September 2001


1. Introduction

   This document specifies an extension to Mobile IPv6 [1] with
   hierarchical mobility management [2] in order to support power-
   constrained operation and to reduce routing state information in the
   visited domain. The protocol assumes a Hierarchical Mobile
   IPv6 network utilizing a Mobility Anchor Point extended with paging
   support called Paging Mobility Anchor Point (PMAP). The Paging
   Mobility Anchor Point is a MAP which is at highest distance from the
   mobile nodes (MN) in the visited domain. The protocol assumes a new
   entity called Paging Agent (PA) as in [3], which is in charge of
   paging dormant mobile nodes. The access points below PA may
   optionally be organized into several layer 3 paging areas. Optionally
   layer 2 paging areas sharing the same access router are also
   supported. In the protocol HMIPv6HP, MN uses either the basic or the
   extended mode of operation of HMIPv6 while roaming within a MAP's
   domain.

   Access routers advertise paging support by including a Paging Area ID
   extension in their Router Advertisements. A mobile node that wishes
   to enter into dormant mode sends a Regional Binding
   Update with a Dormant Mode Request extension to the PMAP. The PMAP
   sends a binding acknowledgement with Dormant Mode Reply extension to
   the mobile node. After this, the binding cache entry at the
   intermediate MAP router hierarchy is removed except at the PMAP.

   The mobile node enters the active mode by performing a normal
   regional registration, i.e. binding the RCOA to its on-link COA
   (LCOA). The network may trigger this by paging the mobile node. The
   network pages the mobile node by sending a Router Advertisement to
   all dormant nodes multicast address with a Paged Mobile Node Address
   extension called Paging Router Advertisement (Paging RA). The paging
   router advertisement starts layer 2 paging process which eventually
   alerts the mobile node.

   Time slot based paging can optionally be used when there is no link
   layer support for paging. Solicited-Node Multicast Address obtained
   from the home address of the mobile node is used as the destination
   of the paging router advertisement if only a single MN is to be
   paged. Paging router advertisements are sent periodically until the
   mobile node is waken up.


2. Terms

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED",  "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC-2119 [4].

   Please see [5] for definition of terms used in describing paging. In
   addition, this document defines the following terms:


Sarikaya, Xu, Choyi, Krywaniuk, Castelluccia        Expires March 2002   3

    Mobile IPv6 Hierarchical Paging     September 2001


   Dormant Mode Registration

   The mobile node is required to perform an dormant mode registration
   by sending a Mobile IPv6 Binding Update destination option with
   extensions before entering the dormant mode.

   Paging Router Advertisement

   Access routers send in addition to the Mobile IPv6 router
   advertisements, messages called paging router advertisements to the
   paging multicast address to page the mobile nodes in dormant mode.
   The paging multicast address is all dormant nodes multicast address
   except when time-slot based paging is used.

   Time-Slot Based Paging

   If time-slot based paging is used the mobile node is paged in exact
   time slots based on the paging slot index, paging slot offset and
   paging slot interval values. All these values are made known to the
   mobile node before it enters the dormant mode. Paging RAs are
   periodic and are sent to the solicited-node multicast address of the
   home address or to a joint multicast address if several MNs are paged
   simultaneously.

   Paging Mobility Anchor Point

   In a hierarchical Mobile IPv6 network, the Paging Mobility Anchor
   Point (PMAP) is the Mobility Anchor Point (MAP) which is of highest
   distance from the MN. In single hierarchy MAP domains, MAP assumes
   the functionality of PMAP.

   Paging Agent

   In a hierarchical Mobile IPv6 network, the Paging Agent (PA) is the
   entity which is in charge of paging the mobile nodes. PA initiates
   the paging after receiving a request from PMAP and the real paging is
   performed at the link layer.

   Paging Multicast Address

   An IPv6 multicast address used for paging a mobile node by an access
   router. All dormant nodes multicast address is used normally. All
   dormant nodes multicast address is permanently assigned and is of
   link-local scope. In the optional time-slot based paging, solicited-
   node multicast address obtained from the home address is the paging
   multicast address if the mobile node is paged individually. For
   efficiency purposes a single paging multicast address may be used to
   page more than one mobile node. In this case the paging multicast
   address is an IPv6 multicast address which is transient and is of
   global scope.

   Paging Area Multicast Address

Sarikaya, Xu, Choyi, Krywaniuk, Castelluccia        Expires March 2002    4

    Mobile IPv6 Hierarchical Paging     September 2001



   The access routers below PA in hierarchy are organized in the form of
   paging areas. Each region may have one or more paging areas indicated
   by PA1, PA2, ..., PAn. The access routers in paging area i are members
   of the paging area multicast address (PAMAi). A paging area multicast
   address is an IPv6 multicast address which is permanently assigned
   and is of global scope.

   Access Point

   An access point (AP) is a layer 2 device as defined in [6].

3. Protocol Operation
    The architecture of the protocol is depicted in Fig. 1. PA1, PA2,
   etc. indicate Layer 3 paging areas and pa1, pa2, etc. indicate layer
   2 paging areas.
3.1. Paging Area Discovery
   An access router advertises paging support with the Paging Area ID
   extension in the Router Advertisement. The mobile node (MN) detects
   its current paging area based on the paging area ID. Access routers
   of neighboring cells may advertise the same paging area ID if they
   belong to the same paging area.

   The paging agent is in charge of paging areas in the domain. The
   access routers in each paging area are members of an IPv6 multicast
   address that uniquely identifies the paging area. The paging area
   multicast address is a permanent address with global scope. The
   paging area multicast address has the form:
   FF0E::Group-id
   where Group-id is a 32-bit unique group id which MUST be equal to the
   Paging Area ID. Each access router MAY advertise a unique paging area
   ID or a collection of adjacent access routers may advertise a unique
   paging area ID.

   If time slot based paging is supported (Section 3.3.1), the router
   advertisement MUST also contain an Advertisement Interval extension
   which specifies the time interval between subsequent router
   advertisements. An Advertisement Interval extension with non-zero
   slot length field indicates support for time slot based paging within
   the paging area. All access routers in the same paging area send
   router advertisements simultaneously with the same advertisement
   interval. A new field in the Advertisement Interval extension
   indicates the length of the advertisement slot in milliseconds. The
   advertisement slot is the time during which MN powers on its receiver
   in order to receive unsolicited Router Advertisements. Slot sequence
   number is another new field in the Advertisement Interval extension
   that is used for determining MN's paging slot.

   If layer 2 paging areas are supported AR can not advertise the paging
   area ID because there may be several paging areas in a subnet. In
   this case MN knows the paging area ID using layer 2 means, e.g.
   broadcast channel.

Sarikaya, Xu, Choyi, Krywaniuk, Castelluccia        Expires March 2002    5

    Mobile IPv6 Hierarchical Paging     September 2001




                      +-------+
                      |  HA   |
                      +-------+
                              \
                               \~~~~~)
                              ( +      )
                             (          )          +-------+
                            (            +---------+  CN   |
                           (   Internet   )        +----+--+
                           (              )
                            (            )
                              (         +
                                ( ~~~~ ) \
                                        +---+---+       +-------+
                                        |       |       | Paging|
                                        |  MAP  +-------+ Agent |
                                        +-------+       +-------+
                                         /   |  \
                                       /     |    \
                                     /       |      \
                                   /         |        \
                                 /           |          \
                               /             |            \
                             /               |              \
                           /                 |                \
                    +-----+---+         +----+----+        +---+-----+
                    |         |         |         |        |         |
                    |   AR1   |         |   AR2   |        |    AR3  |
                    +-+--+--+-+         +-+--+--+-+        +-+--+--+-+
                     /   |   \           /   |   \          /   |   \
                    /    |    \         /    |    \        /    |    \
                 +--+ +--+  +--+     +--+ +--+  +--+    +--+ +--+  +--+
                 |AP| |AP|  |AP|     |AP| |AP|  |AP|    |AP| |AP|  |AP|
                 +--+ +--+| +--+     +--+ +--+  +--+    +--+ +--+  +--+
                 +-----PA1-|----+    +--------------PA2---------------+
                 |  pa1    |pa2 |
                       |              |
                       V              V
                    +--------+
                    |   MN   |
                    +--------+
                             ------------->
                                 Movement
   Figure 1. Architecture of MIPv6HP Protocol Entities

3.1.1 Moving in Paging Areas

   When a dormant MN detects that it has moved into a new paging area,
   it MUST perform a normal regional registration and a dormant mode
   registration if the new paging area is still in the same domain. If

Sarikaya, Xu, Choyi, Krywaniuk, Castelluccia        Expires March 2002    6

    Mobile IPv6 Hierarchical Paging     September 2001


   dormant MN has moved into a new paging area of a new domain then it
   MUST perform a normal home registration, a normal regional
   registration and a dormant mode registration. After the dormant mode
   MN sends a dormant mode registration, PMAP modifies the paging area
   ID in its binding cache.

   If layer 2 paging areas are used, MN detects the change of paging
   area using layer 2 means, e.g. paging channel. MN needs to do only
   dormant mode registration if the access router is still the same,
   letting PMAP know the new paging area ID.

   Paging area detection in dormant mode may not be possible in some
   links without periodically establishing layer 3 communication as in
   time-slot based paging.

3.2. Entering Dormant Mode

   When MN is sending or receiving packets it is in the active mode.
   When MN is in active mode, the operation is exactly the same as in
   Hierarchical Mobile IPv6 using the basic or extended modes on a MAP's
   subnet.

   When MN is not actively communicating, it can enter the dormant mode.
   When in dormant mode, the visited domain does not know the exact
   location of MN. The visited domain knows the paging area of the
   dormant MN.

   When MN wishes to enter the dormant mode, it performs a dormant mode
   registration by sending a Regional Binding Update with a Dormant Mode
   Request extension. The destination address of the Regional Binding
   Update with a Dormant Mode extension is the PMAP. MN may also enter
   the dormant mode or extend the life time of its dormant mode by way
   of a home registration, i.e. by sending a BU with Dormant Mode
   Request to its Home Agent. If time-slot based paging is used, the
   Dormant Mode Request extension contains the paging slot interval
   expressed as a multiple of advertisement intervals.

   MN sends the Paging Area ID in the Dormant Mode Request extension.
   The Paging Area ID value MUST be equal to the Paging Area ID
   advertised by the access router of the current cell of MN for layer 3
   paging areas and to the Paging Area ID obtained through layer 2 means
   for layer 2 paging areas. The Dormant Mode Request extension contains
   3 optional bits that are used to indicate dormant mode options such
   as broadcast/multicast/anycast to trigger a page.

   When a MAP receives the Regional Binding Update with a Dormant Mode
   request extension, it establishes or updates its
   regional binding cache entry for the mobile node as in Hierarchical
   Mobile IPv6. When a MAP receives a Binding acknowledgement with a
   Dormant Mode reply extension, it deletes the binding cache associated
   with this MN if MAP is not a PMAP. MAPs do not maintain any tunnels


Sarikaya, Xu, Choyi, Krywaniuk, Castelluccia        Expires March 2002    7

    Mobile IPv6 Hierarchical Paging     September 2001


   or other routing information for dormant mode MNs in their routing
   tables.

   The Binding Update or Regional Binding Update with a Dormant Mode
   request extension has a lifetime. MN that wishes to stay in the
   dormant mode longer than this lifetime MUST extend the lifetime by
   performing another dormant mode registration. MN may also extend the
   lifetime of its home registration and yet stay in the dormant mode by
   performing a home registration with the Dormant Mode Request
   extension. Dormant mode extensions are transparent to HA, i.e. HA
   responds only to the life time extension of MN's home registration.

   PMAP includes a Dormant Mode Reply extension to the Regional Binding
   Acknowledgement. PMAP keeps the binding cache for MN and adds the
   Paging Area ID to the cache entry. The binding cache for the MN MUST
   contain the Paging Multicast Address as equal to the solicited node
   multicast address obtained from the home address of MN.

3.3. Paging
   When PMAP receives a packet from a correspondent node destined to a
   mobile node that has the dormant mode flag set in the binding cache,
   PMAP does not forward the packet to any lower MAP. Instead it sends a
   Paging Request IPv6 unicast message to the Paging Agent. PMAP sets
   the fields of paging request message as follows:
   In normal mode, the fields of paging slot index, interval and offset
   are not set. Paging multicast address is not set in all cases. Paged
   mobile node address field is filled from the binding cache as the
   home address of the destination mobile node of the packet received
   from correspondent node. If time-slot based paging is used in the
   paging area then the values required for determining the paging slot
   are copied from the binding cache.

   PA, after receiving Paging Request message from PMAP sends a Paging
   Request message to the access routers in the paging area the mobile
   node was last in. The access router which finds the dormant node MN
   sends a Paging Reply message to the Paging Agent. If no reply is
   received after a timeout period, PA starts paging in other paging
   areas until MN is found or else the paging fails.

   PA uses paging area multicast address as the destination address of
   the Paging Request message. PA determines which mode of paging to use.
   In normal paging mode, PA determines paging area ID of MN(s) (PAi)
   and then forwards the Paging Request message to the destination
   address PAMAi.

   PA receives a Paging Reply message from all access routers in the
   paging area. If Paged Mobile Node Address field is empty in any of
   the replies then the paging has successfullly located the dormant
   node MN. Otherwise PA should continue to page the MN in other paging
   areas.



Sarikaya, Xu, Choyi, Krywaniuk, Castelluccia        Expires March 2002    8

    Mobile IPv6 Hierarchical Paging     September 2001


   PA initiates paging in other paging areas by sending multicast paging
   request messages to the access routers. The order of paging areas in
   which the MN is to be paged is implementation specific.  PA receives
   the replies as described. After the paging process is complete, PA
   reports the result of paging in a Paging Reply message to PMAP to
   acknowledge the Paging Request Message and to report on the results.
   Paged mobile node address field of the Paging Reply message is empty
   if MN has been located. PMAP silently ignores any Paging Reply
   messages that report successful paging.

   If paged mobile node address field of the Paging Reply message is not
   empty, PMAP receives the address of MN for which paging failed in
   Paging Reply message. PMAP SHOULD send a Destination Unreachable
   ICMPv6 error message to the correspondent node(s).

   The access routers in the Paging Area send a Paging Router
   Advertisement to all dormant nodes multicast address. All dormant
   nodes multicast address is permanently assigned and is of link-local
   scope and is of the form:
   FF02::gid
   where gid is TBD. Paged mobile node address field of the paging
   router advertisement is assigned from the paging request message sent
   by PA. The address is the home addresses of dormant mode MN.

   Paging router advertisement triggers the paging of dormant node MN(s)
   using link layer paging. From the addresses in paged mobile node
   address field, it is possible to obtain the EUI-64 identifier for
   each MN and hence the link layer address of each MN is made known.

   After sending paging router advertisement, the access router starts a
   timer and at the end of the timer period a Paging Reply message is
   sent to Paging Agent. Paging Reply message contains in its Paged
   Mobile Node Address field the address of  MN that has not performed a
   registration, if any.

   If layer 2 paging areas are supported the paging agent acts as a
   layer 2 entity and uses layer 2 means to page MN by possibly
   communicating each access point in the paging area and providing the
   layer 2 address, e.g. IMSI of MN to APs. APs then use this
   information to page all the dormant mode mobiles in their cell
   possibly using paging channels.

   The MN is expected to perform an ordinary binding update or an
   ordinary regional binding update in response to a Paging Router
   Advertisement. PMAP MAY transmit the Paging Request after a timeout
   to Paging Agent.

   While waiting for the response of MN, PMAP MAY buffer the data
   destined to MN. When MN has entered the active mode, PMAP can stop
   buffering and forward the buffered packets to MN. PMAP discards
   buffered packets after a timeout.


Sarikaya, Xu, Choyi, Krywaniuk, Castelluccia        Expires March 2002    9

    Mobile IPv6 Hierarchical Paging     September 2001


3.3.1 Time-slot Based Paging

   Paging agent decides which paging areas will support time-slot based
   paging and configures the access routers in those paging areas and
   informs PMAP. If the optional time slot based paging mechanism is
   used, the Dormant Mode Reply extension contains a paging slot index
   (an integer) and a paging slot offset (in milliseconds) which are
   used in determining the exact timing of paging. The paging slot
   instant is determined as follows: Paging slot occurs N milliseconds
   later than every paging slot interval number of unsolicited periodic
   router advertisements. The delay N equals paging slot index times
   advertisement interval plus paging slot offset. The paging slot
   interval times the Advertisement Interval is the period of Paging
   Router Advertisements and the paging slot index and paging slot
   offset specify the exact timing of the paging. For example, if paging
   slot interval is 4, paging slot index is 2 and paging slot offset is
   100 ms, then there will be a paging slot during every 0th, 4th, 8th,
   etc. unsolicited router advertisement and it will exactly occur 100
   ms after every 2nd, 6th, 10th, etc. router advertisement.

   The length (duration) of the paging slot is equal to the length of
   the advertisement slot. Since mobile nodes can not determine the
   exact instant of the paging slot, access routers do not send Paging
   Router Advertisements during the first and the last quarter of the
   paging slot.

   The sequence number field is needed in determining the paging slot.
   Thus the slot sequence number field is defined for this purpose.

   In time-slot based paging, if a single MN is to be paged then the
   solicited-node multicast address obtained from the home address of MN
   is used as the destination address.

   When time slot based paging is supported, the Paging Request contains
   the paging slot interval, the paging slot index, and the paging slot
   offset. Using these values the access routers in the paging area can
   generate periodic Paging Router Advertisements until MN enters the
   active mode.

   If time slot based paging is used, the access routers send the Paging
   Router Advertisements during the second and the third quarter of the
   MN's paging slot.

3.4. Entering Active Mode

   When MN receives a Paging Router Advertisement to its solicited-node
   multicast address that MN received with Binding Acknowledgement with
   Dormant Mode Reply extension, MN enters the active mode. MN can also
   enter active mode if it needs to send a packet.

   When entering the active mode, MN sends a home registration or a
   regional registration by sending a Binding Update MIPv6 destination

Sarikaya, Xu, Choyi, Krywaniuk, Castelluccia        Expires March 2002   10

    Mobile IPv6 Hierarchical Paging     September 2001


   option. This sets up the routing state in the MAPs of
   Hierarchical Mobile IPv6 [2]. This registration clears the dormant
   mode in PMAPÆs binding cache and allows all subsequent data to reach
   MN.

3.5. Dynamic PMAP Discovery

   Dynamic PMAP discovery is an extension to the Dynamic MAP discovery
   of Hierarchical MIPv6 [2]. As in [2], the access routers are required
   to send the MAP option in all router advertisements. MN selects the
   MAP whose distance is the highest as its current PMAP and stores the
   global IPv6 address of this MAP. When, in the subsequent router
   advertisements, another MAP with a distance greater than the current
   PMAP is advertised, MN replaces the current PMAP with the new highest
   distance PMAP. When going to the dormant mode, MN sends its Regional
   Registration message (Binding Update with Dormant Mode Request
   extension) to the current PMAP.

4. Protocol Extensions

4.1 Paging Area ID Extension

   Mobile IPv6 Router Advertisement messages may contain a Paging Area
   ID Extension.
   The Paging Area ID extension is defined as follows:




   0    1    2    3
   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |     Length    |           Reserved            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                     Paging Area ID                            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   Type

        TBD

   Length

        The length (in octets) of the Paging Area ID field. The length
        of the option (including the type and length fields) in units of
        8 octets. The value of this field must be 1.

   Paging Area ID

        A 32-bit identifier. The access router that supports regional
        paging indicates the support by including the Paging Area ID

Sarikaya, Xu, Choyi, Krywaniuk, Castelluccia        Expires March 2002    11

    Mobile IPv6 Hierarchical Paging     September 2001


        extension in the Router Advertisement message. If present, the
        Paging Area ID extension MUST appear in the Router Advertisement
        message after any of the advertisement extensions defined in
        [3].

4.2. Advertisement Interval Extension

   The base Mobile IPv6 protocol's Advertisement Interval option for
   Router Advertisement messages is extended to optionally include slot
   length and slot sequence number.

       0    1    2    3
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |     Type      |    Length     |        Slot Length            |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                     Advertisement Interval                    |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |     Slot Sequence Number      |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

        TBD.

   Length

        8-bit unsigned integer.  The length of the option (including
        the type and length fields) in units of 8 octets.  The value of
        this field MUST be 2.


   Slot Length

        16-bit unsigned integer. Indicates the length in milliseconds of
        the advertisement slot during which the mobile nodes activate
        their receivers in order to receive Paging Router
        Advertisements, if time slot based paging is supported. The
        router advertisement MUST also include a Paging Area ID
        extension if the Slot Length is non-zero. If this field is zero,
        it indicates that the Paging Area does not support time slot
        based paging.

   Advertisement Interval

        32-bit unsigned integer. The time in milliseconds (not the
        maximum time as in the base Mobile IPv6) between two successive
        unsolicited router advertisement messages sent by this access
        router on this network interface.

   Slot Sequence Number


Sarikaya, Xu, Choyi, Krywaniuk, Castelluccia        Expires March 2002    12

    Mobile IPv6 Hierarchical Paging     September 2001


        16-bit unsigned integer. This field is included if time slot
        based paging is supported. The slot sequence number in each
        unsolicited Router Advertisement is one greater than in the
        previous unsolicited Router Advertisement. The slot sequence
        number is used to determine mobile node's paging slot, as
        specified in Section 3.3.1.

4.3 Dormant Mode Request Sub-Option (alignment requirement: 2n)

   The Dormant Mode Request sub-option is valid only in Binding Update
   destination option.



   0    1    2    3
   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |    Type       |    Length     |     Paging Slot Interval      |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                     Paging Area ID                            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |B|M|A|                        Reserved                         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+




   Type

        TBD

   Length

        The length (in octets) of the Paging Slot Interval field if the
        mobile node requests time slot based paging otherwise the length
        equals zero. The value of this field must be 2 if time slot
        based paging is requested.

   Paging Slot Interval

        16-bit unsigned integer value indicating the paging slot
        interval. This field is optional. The value if exists is used to
        determine the mobile node's paging slot.

   Paging Area ID

        32-bit unsigned integer value. The same value as advertised by
        the access router that supports regional paging.
   B


Sarikaya, Xu, Choyi, Krywaniuk, Castelluccia        Expires March 2002    13

    Mobile IPv6 Hierarchical Paging     September 2001


         B bit is optionally used to indicate willingness to be alerted
        by broadcast packets.
   M
         M bit is optionally used to indicate willingness to be alerted
        by multicast packets.
   A
        A bit is optionally used to indicate willingness to be alerted
        by anycast packets.
   Reserved
        Reserved for future use to indicate more dormant mode options.

4.4. Dormant Mode Reply Sub-Option (alignment requirement: 8n+2)

   The Dormant Mode Reply sub-option is valid only in Binding
   Acknowledgement destination option.




   0    1    2    3
   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
                                  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                                  |     Type         |    Length  |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |     Paging Slot Index         |   Paging Slot Offset          |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |                                                               |
  +                                                               +
  |                                                               |
  +                  Paging Multicast Address                     +
  |                                                               |
  +                                                               +
  |                                                               |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   Type
        TBD.

   Length
        8-bit unsigned integer. Length of the Dormant Mode Reply sub
        option data fields not including the type and length fields.

   Paging Slot Index
        16-bit unsigned integer. This field is optional. The value is
        assigned by the gateway mobility agent if time slot based paging
        is used. Paging slot index value is used in determining the
        mobile node's paging slot.

   Paging Slot Offset


Sarikaya, Xu, Choyi, Krywaniuk, Castelluccia        Expires March 2002   14

    Mobile IPv6 Hierarchical Paging     September 2001


        16-bit unsigned integer. This field is optional. The value is
        assigned by the gateway mobility agent if time slot based paging
        is used. Paging slot offset value is used in determining the
        mobile node's paging slot.


   Paging Multicast Address

        This field is absent in normal mode. It may contain a value if
        time-slot based paging is used. The value is IPv6 multicast
        address used for paging the mobile node.

4.5 Paging Request Message

   When paging a mobile node, the Paging Mobility Anchor Point sends a
   Paging Request Message which is a destination option to paging agent.
   The Paging Agent in turn sends paging request message to the access
   routers in a given paging area.
   Overall Message Structure for Paging Request Message is as follows:



     0    1    2    3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |    IPv6 Header (NH = DestOpts)                                |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |  NH = NONE    |                          Paging Request       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   The Paging Request destination option is encoded in type-length-value
   (TLV) format as follows:

















Sarikaya, Xu, Choyi, Krywaniuk, Castelluccia        Expires March 2002   15

    Mobile IPv6 Hierarchical Paging     September 2001


    0    1    2    3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
                                   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                                   |  Option Type  | Option Length |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |        Paging Slot Interval   |        Paging Slot Index      |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |        Paging Slot Offset     |                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                               +
   |                                                               |
   +                            Reserved                           +
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   +                                                               +
   |                                                               |
   +                   Paging Multicast Address                    +
   |                                                               |
   +                                                               +
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   |                                                               |
   +                                                               +
   .                                                               .
   .                   Paged Mobile Node Address                   .
   .                                                               .
   +                                                               +
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Option Type

        TBD

   Option Length

        8-bit unsigned integer.  Length of the option, in octets,
        excluding the Option Type and Option Length fields.  This field
        MUST be set to 28 plus 16 times the number of mobile nodes to be
        paged.

   Paging Slot Index

        16-bit unsigned integer. A parameter used to determine the
        mobile node's paging slot, as specified in Section 3.2. If time-
        slot based paging is not used this field must be set to zero.


Sarikaya, Xu, Choyi, Krywaniuk, Castelluccia        Expires March 2002    16

    Mobile IPv6 Hierarchical Paging     September 2001


   Paging Slot Offset

        16-bit unsigned integer. A parameter used to determine the
        mobile node's paging slot, as specified in Section 3.2. If time-
        slot based paging is not used this field must be set to zero.

   Paging Slot Interval

        16-bit unsigned integer. The interval between two successive
        paging slots, in multiples of advertisement intervals. If time-
        slot based paging is not used this field must be set to zero.

   Reserved

        This field is unused. It MUST be initialized to zero by the
        sender and MUST be ignored by the receiver.

   Paging Multicast Address

        Optional IPv6 multicast address to be used as the destination
        address for Paging Router Advertisements. This field is needed
        only when there are more than one Paged Mobile Node Addresses
        that follow in the Paging Request destination option. If there
        is only one mobile node to be paged then this field must be set
        to zero.

   Paged Mobile Node Address

        Home address of the mobile node(s) that is the target of paging.

4.6 Paging Reply Message

   Paging reply message is used to report the result of paging. It is
   sent from the access router to the paging agent and from the paging
   agent to PMAP. The Paging Reply destination option is encoded in
   type-length-value (TLV) format as follows:

    0    1    2    3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
                                   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                                   |  Option Type  | Option Length |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   +                                                               +
   .                                                               .
   .                   Paged Mobile Node Address                   .
   .                                                               .
   +                                                               +
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Sarikaya, Xu, Choyi, Krywaniuk, Castelluccia        Expires March 2002    17

    Mobile IPv6 Hierarchical Paging     September 2001



   Option Type

        TBD

   Option Length
        8-bit unsigned integer.  Length of the option, in octets,
        excluding the Option Type and Option Length fields.  This field
        MUST be set to 16 times the number of mobile nodes that could
        not be located by paging.

   Paged Mobile Node Address

   Home address of the mobile node that was paged unsuccessfully.

4.7 Paged Mobile Node Address Extension

   The Paged Mobile Node Address extension is used for identifying the
   mobile node that is paged. When this extension is used as an option
   in a router advertisement the router advertisement is called a Paging
   Router Advertisement.

   The Paged Mobile Node address extension is defined as follows:

    0    1    2    3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |           Reserved            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   +                                                               +
   .                                                               .
   .               Paged Mobile Node Address                       .
   .                                                               .
   +                                                               +
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

        TBD

   Length

        8-bit unsigned integer.  The length of the option (including the
        type and length fields) in units of 8 octets.

   Reserved



Sarikaya, Xu, Choyi, Krywaniuk, Castelluccia        Expires March 2002   18

    Mobile IPv6 Hierarchical Paging     September 2001


        This field is unused.  It MUST be initialized to zero by the
        sender and MUST be ignored by the receiver.

   Paged Mobile Node Address

        Home address of the MN that is the target of paging. There MAY
        not be more than one MN address in this field.


5. IANA Considerations

   MIPv6HP requires two new IPv6 destination options to be used for
   sending the Paging Request and paging reply messages (Section 4.5 and
   4.6).
   MIPv6HP requires 3 new extension types to be used in combination with
   router advertisements: a type for Advertisement Interval extension
   (Section 4.1), a type for Paging Area ID extension (Section 4.2), a
   type for Paged Mobile Node Address extension (Section 4.7).

   MIPv6HP requires two new types to be used in combination with the
   Binding Update or Binding Acknowledgement destination options: a type
   for the Dormant Mode Request extension (Section 4.3) and a type for
   the Dormant Mode Reply extension (Section 4.4).

   MIPV6HP requires a new multicast address called all dormant nodes
   multicast address as an extension to [7] (Section 3.3).

6. Security

   [3] outlines a number of possible security vulnerabilities of an IP
   paging protocol. The vast majority of these attacks are prevented if
   all paging traffic is protected by an IPsec security association (SA).

   One category of attacks is DoS Amplification attack of section 3.1 in
   [3], in which bogus paging requests are wide casted across the
   network. This attack is prevented by taking advantage of the source
   authentication which IPsec provides. With IPsec, only authorized and
   authenticated nodes can initiate paging. If an authenticated node
   misbehaves then it can be removed from the list of authorized users.
   IPsec source authentication also solves the Queue Overflow attack of
   section 3.2 in [3].

   The remaining problems are the Bogus Paging Area and Forced Battery
   Consumption attacks described in section 3.3 of [3]. This protocol
   does not fully solve the Bogus Paging Area problem because we believe
   that the problem is not solvable without a large-scale PKI and
   extremely precise clock synchronization. An attacker could simply
   take the paging messages from one area and rebroadcast them in
   another area.

   As for the Forced Battery Consumption attack, there are several
   reasonable solutions to this problem:

Sarikaya, Xu, Choyi, Krywaniuk, Castelluccia        Expires March 2002    19

    Mobile IPv6 Hierarchical Paging     September 2001



   1) On Demand Negotiation: SAs are negotiated on demand (whenever the
   host is paged or when it crosses a paging area boundary).

   2) Perpetual Connectivity: Before a host enters dormant mode, it
   ensures that it has an SA with the PMAP and/or the access router.

   3) Signed Paging Messages: SAs are negotiated on demand, but only
   upon reception of a cryptographically signed paging request (signed
   with the PMAP's public key).

   4) A hybrid of the above methods.

   In order to leverage the existing framework for negotiating IPsec SAs,
   we use a hybrid of solutions 1 and 2. Since it is difficult to
   prevent an attacker from spoofing bogus paging requests or paging
   router advertisement messages, we allow the attack to proceed, but we
   limit its effectiveness. Under normal condition, the operation of the
   protocol is closer to method 1; under conditions of DoS, the
   operation is closer to method 2.

   In general, a host can be paged with an unauthenticated layer 2 or
   layer 3 paging message. Upon reception of a page, the mobile node
   sets up an SA with the PMAP. If the wakeup message turns out to have
   been spoofed (e.g. there are no packets waiting at the PMAP) then the
   mobile node goes into DoS protection mode.

   In DoS protection mode, the mobile node sets up an SA with the access
   router. Subsequent layer 3 paging requests, i.e. paging RAs from that
   access router will be ignored unless they are authenticated by the SA.
   Layer 2 paging cannot be used unless there is an available layer 2
   security mechanism with equivalent strength to IPsec (and the key
   management protocol  (KMP) for layer 2 has access to the same
   authentication infrastructure that is used to create IPsec SAs).

   When a mobile node goes into the active mode and establishes layer 3
   communication, it doesn't immediately send a binding update to the
   PMAP. First, it attempts to establish an SA with the access router in
   the new paging area. If that fails, the mobile node assumes that the
   paging RA was spoofed and it enters DoS protection mode.

   In DoS protection mode, the mobile node does not immediately respond
   to paging RA messages. Before committing to the new area, MN allows
   sufficient time for the access router in the existing paging area to
   send a competing advertisement. If conflicting areas are detected
   then the existing area is kept in preference. If MN continues to
   receive conflicting paging router advertisements, then it must
   periodically wake up and ping the access router with which it
   currently has an SA. If the existing access router is unreachable,
   then MN should attempt to establish an SA with any of the other
   access routers for which it has received an advertisement. If that
   fails, then MN should give up and simply enter inactive mode.

Sarikaya, Xu, Choyi, Krywaniuk, Castelluccia        Expires March 2002    20

    Mobile IPv6 Hierarchical Paging     September 2001



   Some notes on the use of IPsec: When IPsec is being used to protect
   triggered wakeup messages, the anti-replay feature of ESP/AH MUST be
   enabled. Also, IPsec SAs can be created by a variety of KMPs, and
   these have different properties. An IP paging protocol does not have
   a need for advanced security features such as perfect forward secrecy.
   With some key management protocols, such as KINK, once the initial SA
   has been setup, subsequent SA negotiations with other hosts in the
   domain can be very fast.

7. Future Revisions

   Future versions of this document are expected to contain:
        List of protocol constants with suggested values,
        Simultaneous paging of more than one mobile.

Acknowledgements.
   We would like to thank J. Malinen and H. Haverinen (Nokia) for their
   ideas on time-slot based paging which we have adopted in this
   document.

8. References

   1 D.B. Johnson, C.E. Perkins. "Mobility Support in IPv6", draft-ietf-
    mobileip-ipv6-14.txt, July 2001.
   2 H. Soliman, C. Castelluccia, K. El-Malki, L. Bellier. "Hierarchical
      MIPv6 Mobility Management", draft-ietf-mobileip-hmipv6-04.txt,
      July 2001.
   3 Kempf, J., Castelluccia, C., Mutaf, P., Nakajima, N., Y., Ramjee,
      R., Saifullah, Y., Sarikaya, B., Xu, X., "Requirements and
      Functional Architecture for an IP Host Alerting Protocol", RFC
      3154, August 2001.
   4  Bradner, S., "Key words for use in RFCs to Indicate Requirement
      Levels", BCP 14, RFC 2119, March 1997
   5 Kempf, J., "Dormant Mode Host Alerting ("IP Paging") Problem
      Statement", RFC 3132, June 2001.
   6 Manner, J., et al., "Mobility Related Terminology", draft-manner-
      seamoby-terms-02.txt, work in progress, July 2002.
   7 Hinden, R., Deering, S., "IPv6 Multicast Address Assignments", RFC
      2375, July 1998.




9. Authors' Addresses

   The working group can be contacted via the current chair:


      Pat R. Calhoun
      Black Storm Networks
      250 Cambridge Avenue

Sarikaya, Xu, Choyi, Krywaniuk, Castelluccia        Expires March 2002
    21

    Mobile IPv6 Hierarchical Paging     September 2001


      Suite 200
      Palo Alto, CA 94306
      USA
      Tel. 1-650-617-2932
      Email: pcalhoun@btormnetworks.com


   Questions about this memo can also be directed to:

      Behcet Sarikaya
      Network Strategy Group, Mobile Networking Team
      Alcatel USA M/S CTO2
      1201 E. Campbell Rd.
      Richardson, TX 75081-1936 USA
      Email: behcet.sarikaya@alcatel.com
      Phone: (972) 996-5075 Fax: (972) 996 5174

      Xiaofeng Xu
      Network Strategy Group, Mobile Networking Team
      Alcatel USA M/S CTO2
      1201 E. Campbell Rd.
      Richardson, TX 75081-1936 USA
      Email: xiaofeng.xu@alcatel.com
      Phone: (972) 996-2047 Fax: (972) 996 5174

      Vinod Kumar Choyi
      Network Strategy Group, Mobile Networking Team
      Alcatel USA M/S CTO2
      1201 E. Campbell Rd.
      Richardson, TX 75081-1936 USA
      Email: vinod.choyi@alcatel.com
      Phone: (972) 996-2788 Fax: (972) 996 5174

      Andrew Krywaniuk
      Alcatel Networks Corporation
      600 March Road
      Kanata, ON
      Canada, K2K 2E6
      +1 (613) 784-4237
      E-mail: andrew.krywaniuk@alcatel.com

      Claude Castelluccia
      INRIA Rhone-Alpes
      655 avenue de l'Europe
      38330 Montbonnot Saint-Martin
      FRANCE
      email: claude.castelluccia@inria.fr
      phone: +33 4 76 61 52 15
      fax:   +33 4 76 61 52 52




Sarikaya, Xu, Choyi, Krywaniuk, Castelluccia        Expires March 2002   22