MIP6 WG S. Gundavelli
Internet-Draft K. Leung
Expires: April 19, 2007 Cisco Systems
V. Devarapalli
Azaire Networks
October 16, 2006
Proxy Mobile IPv6
draft-sgundave-mip6-proxymip6-00
Status of this Memo
By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on April 19, 2007.
Copyright Notice
Copyright (C) The Internet Society (2006).
Abstract
This specification describes a network-based mobility management
protocol. It is called Proxy Mobile IPv6 (PMIPv6) and is based on
Mobile IPv6. This protocol is for enabling any IPv6 host to achieve
protocol mobility with out requiring the host to participate in any
mobility related signaling.
Gundavelli, et al. Expires April 19, 2007 [Page 1]
Internet-Draft Proxy Mobile IPv6 October 2006
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Conventions used in this document . . . . . . . . . . . . . . 3
3. Proxy Mobile IPv6 Protocol Overview . . . . . . . . . . . . . 4
4. Message Formats . . . . . . . . . . . . . . . . . . . . . . . 8
4.1. Proxy Binding Update . . . . . . . . . . . . . . . . . . . 9
4.2. Proxy Binding Acknowledgment . . . . . . . . . . . . . . . 9
4.3. Home Network Prefix Option . . . . . . . . . . . . . . . . 10
4.4. Error Codes . . . . . . . . . . . . . . . . . . . . . . . 11
5. Home Agent Operation . . . . . . . . . . . . . . . . . . . . . 11
5.1. Extensions to conceptual data structures . . . . . . . . . 11
5.2. Processing a Proxy Binding Update Request . . . . . . . . 12
5.3. Packet Routing . . . . . . . . . . . . . . . . . . . . . . 12
6. Proxy Mobile Agent Operation . . . . . . . . . . . . . . . . . 13
6.1. Conceptual Data Structures . . . . . . . . . . . . . . . . 13
6.2. Access Authentication and obtaining the profile . . . . . 14
6.3. Sending Proxy Binding Update request to the home agent . . 14
6.4. Processing Proxy Binding Acknowledgment message . . . . . 14
6.5. Emulating the Mobile Station's home link . . . . . . . . . 15
6.6. Tunnel Lifetime Management . . . . . . . . . . . . . . . . 15
6.7. Packet Routing . . . . . . . . . . . . . . . . . . . . . . 15
7. Mobile Station Operation . . . . . . . . . . . . . . . . . . . 16
7.1. Booting for the first time . . . . . . . . . . . . . . . . 16
7.2. Roaming in the Network . . . . . . . . . . . . . . . . . . 17
7.3. IPv6 Host Protocol Parameters . . . . . . . . . . . . . . 17
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 19
9. Security Considerations . . . . . . . . . . . . . . . . . . . 19
10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 20
11. Normative References . . . . . . . . . . . . . . . . . . . . . 20
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 21
Intellectual Property and Copyright Statements . . . . . . . . . . 22
Gundavelli, et al. Expires April 19, 2007 [Page 2]
Internet-Draft Proxy Mobile IPv6 October 2006
1. Introduction
The IP Mobility protocols designed in the IETF so far involve the
host in mobility management. There are some deployment scenarios
where a network-based mobility management protocol is considered
appropriate. The advantages to using a network-based mobility
protocol include avoiding tunneling overhead over the air and support
for hosts that do not implement any mobility management protocol.
The document describes a network-based mobility management protocol
based on Mobile IPv6. it is called Proxy Mobile IPv6 (PMIPv6). One
of the most important design considerations behind PMIPv6 has been to
re-use as much as possible from the existing mobility protocols.
There are many advantages to develop a protocol based on Mobile IPv6.
Mobile IPv6 is a very mature mobility protocol for IPv6. There have
been many implementations and inter-operability events where Mobile
IPv6 has been tested. There also numerous specifications enhancing
Mobile IPv6 that can be re-used. Further, the Proxy MIPv6 solution
described in this document allows the same Home Agent to provide
mobility to hosts that use Mobile IPv6 and hosts that do not use any
mobility management protocol. Proxy Mobile IPv6 provides solution to
a real deployment problem.
2. Conventions used in this document
The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [4].
The following new terminology and abbreviations are introduced in
this document and all other general mobility related terms as
defined in Mobile IPv6 specification [2].
Proxy Mobile Agent (PMA)
The proxy mobile agent is a functional element on the access
router. This is the entity that makes the mobile station
believe it is at its home link, by emulating the home link
properties. It registers the location of the mobile station to
the home agent and establishes a tunnel for receiving packets
sent to the mobile station's home address.
Mobility Station (MS)
Gundavelli, et al. Expires April 19, 2007 [Page 3]
Internet-Draft Proxy Mobile IPv6 October 2006
Any IPv6 host that has the ability to physically roam across
different networks. A Mobile Station is not required to have
the Mobile IPv6 protocol stack.
3. Proxy Mobile IPv6 Protocol Overview
Every mobile station that roams in a PMIPv6 network, would typically
be identified by an identifier, such as NAI and that identifier will
have an associated policy profile that identifies the mobile's home
network prefix, permitted address configuration modes, roaming policy
and other parameters that are essential for providing mobility
services. This information is typically configured in a policy
store, such as AAA. It is possible the home network prefix is
dynamically allocated for the mobile station when it boots up for the
first time in the network, or it could be a statically configured
value on per mobile station basis. However, for all practical
purposes, the PMIP network entities while serving a mobile station
will have access to its profile.
Once a mobile station enters its PMIPv6 network and performs the
access authentication, the network will ensure the mobile station is
always on its home network and further ensures it always gets its
home address when using any of the address configuration procedures.
In other words, there is home address/prefix that is specifically
assigned for a mobile station and that prefix always follows the
node, where ever it goes with in that PMIP domain. From the
perspective of the mobile station, the entire PMIP domain appears as
a home link.
When the mobile station attaches to a link on the access router
running proxy mobile agent, the mobile station will present its
identity to the network in the form of NAI as part of the access
authentication procedure. After a successful authentication, the
proxy mobile agent will have the mobile station's profile. The proxy
mobile agent will have enough information to ensure the mobile
station is at its home link. It sends Router Advertisements with
parameters that are specified for the mobile station's home link. It
is possible, this Router Advertisement may be in result to Router
Solicitation message that the mobile proxy agent received from that
mobile station. The parameters in the Router Advertisement,
including Link Prefix, MTU, Hop Limit, .etc., will be consistent with
what the mobile station saw, when it previously attached to the
network. However, the link local address in the received Router
Advertisement will be different from the link local address in the
previously received Router Advertisement, making the mobile station
believe that there is a new default router on the home link. The
Gundavelli, et al. Expires April 19, 2007 [Page 4]
Internet-Draft Proxy Mobile IPv6 October 2006
Neighbor unreachability detection procedures will kick-in and the
previous default Router entry will be removed from the mobile
station's cache. As explained in the later sections of the document,
the mobile proxy agent can apply certain techniques to remove the
previous default router entry from the mobile station's cache.
The proxy mobile agent tries to register the mobile station's new
point of attachment with its home agent. In the PMIPv6 model, the
home interface is a virtual interface and thus there is only one home
agent that is anchoring the home prefix and so the mobile proxy agent
can predictably locate the home agent that is anchoring the mobile
station's home prefix, typically this would be the configured
information in the mobile's policy profile.
The proxy mobile agent sends a Proxy Binding Update message to the
mobile station's home agent. The message will have the mobile node's
NAI identifier option. The source address of that message will be
the IPv6 address of the proxy mobile agent on the out going
interface. The contents of the message include the Mobile Node NAI
option, Alternate Care-of Address option (optionally) and a NAI
identifier of the proxy mobile node that is sending this request.
After validating the request and upon accepting this binding update
request, the home agent sets up a tunnel with encapsulation of Ipv6/
IPv6 and with the source address of the tunnel fixed to its own
address and the destination address of the proxy mobile agent,
obtained from the Binding Update message. This step of tunnel
creation is not required, if there is an existing tunnel to the same
mobile proxy agent.
Further, the home agent will create a route entry pointing the home
prefix of the mobile agent as reachable over the tunnel to the proxy
mobile agent. This route is not redistributed in the IGP. The home
agent will also send a Binding Acknowledgment accepting the binding
update request. The proxy mobile agent on receiving this Binding
Acknowledgment will create a tunnel pointing to the home agent and
will add a default route over the tunnel to the home agent. All
traffic from the mobile station that the proxy mobile agent receives
in the role of a default router will route the traffic to the home
agent over the tunnel.
The mobile station on receiving this Router Advertisement will try to
configure its interface either using stateful or stateless address
configuration modes. Either way, the mobile station will be able to
obtain its home address for configuring on the interface.
When using stateful address configuration, the proxy mobile agent
will function as a DHCP relay agent. It will set the giaddr field in
the DHCP request from the mobile station to a random address in the
Gundavelli, et al. Expires April 19, 2007 [Page 5]
Internet-Draft Proxy Mobile IPv6 October 2006
mobile station's home prefix, forcing the DHCP server to allocate an
address from that prefix and the tunnel route entry at the home agent
will ensure the DHCP reply packet will get routed correctly to the
proxy mobile agent.
At this point, the mobile station has a valid home address at the
point of current attachment, the serving proxy mobile agent and the
home agent have proper routing states for handling the traffic sent
by the mobile node and also for the incoming traffic to the mobile
station.
Call flow detailing the PMIPv6 protocol operation
Mobile Proxy Home Policy
Station Mobile Agent Agent Store (AAA)
+ + + +
| | | |
|Access | | |
|Initiation | | |
1)o---------->| | |
| | | |
| | AAA request |
2)| o---------------------->|
| | | | Mobile Station
3)| | | o Authenticated
| | | |
| | AAA reply |
4)| |<----------------------o
| | | |
| |PMA obtains| |
5)| | mobile's | |
| Access | profile | |
| Auth | | |
| Complete | | |
6)|<----------o | |
| | Proxy | |
| | Binding | |
| | Update | |
7)| o---------->| |
| | | |
| | | AAA Query |
| | |---------->|
| | | |
| | | AAA Reply |
Gundavelli, et al. Expires April 19, 2007 [Page 6]
Internet-Draft Proxy Mobile IPv6 October 2006
| | |<----------|
| | | |
8)| | o HA has the|
| | | MS profile|
| | | |
| | | |
9)| | o Creates |
| | | the HA-PMA|
| | | routing |
| | | context |
| | | for the MS|
| | | home prefx|
| | | |
| | | |
| | Proxy | |
| | Binding | |
| | Ack | |
10)| o<----------| |
| | | |
| | Emulates | |
| | the mobile| |
11)| o station's | |
| | home link,| |
| | if BU | |
| | accepted | |
| | | |
12)o MS does | | |
| address | | |
| config | | |
| | | |
13)o Mobile station can now use its |
| home address for all protocol |
| communication |
| |
+ +
Figure 1: PMIPv6 Protocol Operation
Access Authentication:
The network access authentication and authorization procedure ensures
a valid mobile station is connected to the network. Upon successful
Gundavelli, et al. Expires April 19, 2007 [Page 7]
Internet-Draft Proxy Mobile IPv6 October 2006
authentication by the policy server, the proxy mobile agent retrieves
the mobile station's profile using the presented NAI.
Proxy Binding Update:
The proxy mobile agent sends a binding update request to the home
agent on behalf of the mobile station registering the current anchor
point and for creating a binding cache entry and a tunnel route for
the mobile station's home prefix.
Binding State at the Home Agent:
The home agent creates a binding cache entry, tunnel towards the
proxy mobile agent, a route for the mobile station's home prefix as
reachable over the tunnel.
Home Link Emulation:
The proxy mobile agent emulates the mobile station's home interface
on the access interface, making the mobile believe that it is
connected to its home link. The proxy mobile agent sends Router
Advertisements with the mobile's home prefix and other attributes
that are defined for the mobile station's home link.
Address Configuration:
Based on the flags specified in the Router Advertisements, the mobile
station will use stateful or stateless address configuration methods
for configuring its interface. If stateful mode is chosen for
address configuration, the proxy mobile agent on the access link will
function as a relay agent and will set the giaddr field to the mobile
station's home prefix. Further, the proxy mobile agent will act as a
default router for the mobile station.
Packet Routing:
The home agent is the anchor point for the mobile station's home
prefix and thus it will receive all packets sent to the mobile
station's home address/prefix. The home agent will route all the
received packets over the tunnel to the mobile proxy agent and in
turn will route it on the access link. For the packets originating
from the mobile station, the proxy mobile agent will act as a default
router and will route all the received packets over the tunnel to the
home agent and in turn will route it to the destination.
4. Message Formats
Gundavelli, et al. Expires April 19, 2007 [Page 8]
Internet-Draft Proxy Mobile IPv6 October 2006
This section defines extensions to the MIPv6 Binding Update message.
4.1. Proxy Binding Update
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence # |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|A|H|L|K|M|R|P| Reserved | Lifetime |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2: Proxy Binding Update Message
A new flag, the 'P' flag, is added to the Binding Update message.
The P flag indicates that the registration is a Proxy registration.
When a proxy mobile agent sends a registration to the home agent, the
P flag MUST be set to 1 indicate to the home agent that this
registration is a proxy registration sent by a proxy mobile agent on
behalf of a mobile station.
4.2. Proxy Binding Acknowledgment
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Status |K|R|P|Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence # | Lifetime |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Gundavelli, et al. Expires April 19, 2007 [Page 9]
Internet-Draft Proxy Mobile IPv6 October 2006
Figure 3: Proxy Binding Acknowledgment Message
Proxy Registration Flag (P)
The Proxy Registration Flag is set to indicate that the home agent
that processed the Proxy Binding Update supports Proxy Registration.
It is set to 1 only if the corresponding Proxy Binding Update had the
Proxy Registration Flag set to 1.
4.3. Home Network Prefix Option
A new option, Home Network Prefix Option is defined for using it in
the Binding Acknowledgment sent from the home agent to the proxy
mobile agent. This option can be used for notifying the assigned
Home network prefix for the mobile station. The proxy mobile agent
can use this prefix information in Router Advertisements sent to the
mobile station and also in the Address Pool Identifier option in the
DHCP messages sent to the DHCP Server.
The Home Network Prefix Option is only valid in the Proxy Binding
Acknowledgments that are sent from the proxy mobile agent to the home
agent in reply to a Proxy Binding Update request. The home network
prefix Option has an alignment requirement of 8n+4. Its format is as
follows:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Reserved | Prefix Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ +
| |
+ Local Network Prefix +
| |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 4: Home Network Prefix Option
Gundavelli, et al. Expires April 19, 2007 [Page 10]
Internet-Draft Proxy Mobile IPv6 October 2006
4.4. Error Codes
Binding Acknowledgment Status Values
The following status code values are defined for using them in the
Binding Acknowledgment message when using PMIPv6 protocol.
140: Proxy Registration not supported
141: Proxy Registration from this proxy mobile agent not allowed
The value allocation for this usage needs to be approved by the IANA
and must be updated in the IANA registry.
5. Home Agent Operation
For supporting this scheme, the home agent MUST satisfy all the
requirements listed in Section 8.4 of [1]. The key differences of
this scheme when compared to the base protocol is as follows:
o The mobile station is not anchored on any physical interface on
the home agent. Thus the home agent is not required to perform
any proxy ND operations for defending the home address on the home
link. The home agent is required to manage a binding cache entry
for managing the session state and a routing state for properly
routing the packets destined to the mobile station.
o Each mobile station has a home address in a prefix that is created
exclusively for that mobile station and no other mobile station
will share its home address from this prefix.
o The route entry specifying that the mobile station's home prefix
is reachable via the tunnel is created as supposed to creating an
route entry just for the mobile node's home address.
o If multiple mobile stations are currently visiting the same proxy
mobile agent, all the binding updates will share the same care-of
address and possibly the same tunnel.
5.1. Extensions to conceptual data structures
The home agent maintains a binding cache entry for each currently
registered mobile node. The Binding Cache is a conceptual data
structure described in detail in [1]. For supporting this
Gundavelli, et al. Expires April 19, 2007 [Page 11]
Internet-Draft Proxy Mobile IPv6 October 2006
specification, the home agent will continue to create binding cache
entries for each mobile station that gets proxy registered by a proxy
mobile agent. In addition, the home agent may have to add an
additional flag to this conceptual data structure indicating that the
entry is a proxy registration. This proxy registration flag may be
turned off for all the usual direct registrations.
5.2. Processing a Proxy Binding Update Request
After receiving a Proxy Binding Update request from a proxy mobile
agent on behalf of a mobile station, the home agent must process the
request as defined Section 10, of the base Mobile IPv6 specification
[1], with one exception that this request is a proxy request and
proper authorization checks have to be enforced.
The home agent has to verify the policy to ensure the proxy mobile
agent that is sending this request has the right to do so, else it
MUST reject the request and send a Proxy Binding Acknowledgment with
the proper status code.
Upon accepting this request, the home agent must create a Binding
Cache entry, a tunnel to the proxy mobile agent adding the mobile
station's home prefix route over the tunnel and should send a Binding
Acknowledgment with the successful status code.
5.3. Packet Routing
After sending a successful Proxy Binding Acknowledgment for the Proxy
Binding Acknowledgment reply, the home agent must set up a tunnel to
the proxy mobile agent serving the mobile station.
The bi-directional tunnel between the home agent and the proxy mobile
agent is used for routing the packets sent by the mobile station and
also for routing the packets that are sent to the mobile station.
The following are the details of the tunnel.
o Tunnel Source Address is the home agent's address
o Tunnel Destination Address is the proxy mobile agent's address
o Tunnel Encapsulation Mode is IPv6/IPv6
Gundavelli, et al. Expires April 19, 2007 [Page 12]
Internet-Draft Proxy Mobile IPv6 October 2006
The home agent functions as an anchor point for the mobile station's
home prefix. When the home agent receives a data packet destined for
the mobile station's home prefix, it MUST forward the packet to the
mobile station through the bi-directional tunnel established between
itself and the serving proxy mobile agent. The home agent typically
can use the routing table for routing the packet to the mobile
station through the established tunnel.
All the reverse tunneled packets that the home agent receives from
the tunnel, after removing the tunnel encapsulation should route them
the destination specified in the inner packet header. These routed
packets will have the source address field set to the mobile
station's home address.
6. Proxy Mobile Agent Operation
The Proxy Mobile Agent has the following functional roles. It will
emulate the mobile station's home network on the access link, will
update the home agent about the current location of the mobile
station, will setup data path for enabling the mobile station to use
its home address for communication and to some extent the role of the
proxy mobile agent is comparable to that of the foreign agent in
Mobile IPv4.
The link connecting the proxy mobile agent and the mobile station
should be considered as a multicast enabled point to point link. It
is not a shared link and hence any neighbor discovery messages with
link scope are seen only by the specific mobile station and the proxy
mobile agent.
6.1. Conceptual Data Structures
Every proxy mobile agent must maintain a Visitor List. It is a list
of mobile stations that the proxy mobile agent is currently serving.
This MAY be implemented in any manner keeping the consistency with
the external behaviour described in this section.
The Visitor List entry has the following fields:
o The NAI of the mobile station. This is obtained as part of the
network access authentication procedure. This identifier is
required for downloading the mobile station's profile from the
policy store.
Gundavelli, et al. Expires April 19, 2007 [Page 13]
Internet-Draft Proxy Mobile IPv6 October 2006
o The home address of the mobile station. This MAY be a configured
parameter in the mobile station's profile. This MAY also be an
address assigned by the DHCP server when the mobile station uses
stateful address configuration mode for configuring the interface.
The proxy mobile agent must implement DHCP relay agent function
and should have the ability to learn the address leased to the
mobile node for supporting the address allocation modes using DHCP
server.
o The home prefix of the mobile station. This MUST be a configured
parameter in the mobile station's profile.
o The last sequence number that was sent in the Proxy Binding Update
request.
6.2. Access Authentication and obtaining the profile
When the mobile station attaches to a link on the access router
running proxy mobile agent, it will present its identity to the
network in the form of NAI as part of the access authentication
procedure. The proxy mobile agent should be able fetch the mobile
station's profile using the presented NAI.
6.3. Sending Proxy Binding Update request to the home agent
After a successful access authentication, the proxy mobile agent
sends a Proxy Binding Update request to the home agent. The rules
around constructing this message will be as defined in the base
Mobile IPv6 specification [1]. The proxy mobile agent sends a Proxy
Binding Update to the home agent. The source address of this message
will be the configured IPv6 address on the egress interface. The
contents of the message include the Mobile Node NAI option, Alternate
Care-of Address option (optionally) and a NAI identifier of the proxy
mobile node that is sending this request. The NAI option for the
proxy mobile node MAY NOT be required, in some deployments, if the
home agent has mechanisms to identify the proxy mobile agent and for
the verification of the mobile station's roaming policy.
6.4. Processing Proxy Binding Acknowledgment message
After receiving a Proxy Binding Acknowledgment with the status code
indicating the acceptance of the Binding Acknowledgment, the proxy
mobile agent can set up the tunnel to the home agent and add a
default route to the home agent.
Gundavelli, et al. Expires April 19, 2007 [Page 14]
Internet-Draft Proxy Mobile IPv6 October 2006
If the home agent denies the Proxy Binding Update request, the proxy
mobile agent MUST NOT advertise the mobile station's home prefix on
the link and there by denying the mobility service to the mobile
station.
6.5. Emulating the Mobile Station's home link
The mobile proxy agent on the access link emulates the mobile
station's home link behaviour. It makes the mobile station believe
it is on its home link. The Router Advertisements that the mobile
proxy agent sends on the access link will contain the mobile
station's home link prefix. The other parameters in the Router
Advertisement with respect to address configuration should be policy
driven and may be present in the mobile station's profile.
6.6. Tunnel Lifetime Management
In the traditional MIPv6 model, there is a separate tunnel from the
home agent to each mobile node that has a binding entry. The tunnel
end-point of each these tunnels is the respective mobile node's
care-of address and that is unique to that mobile node. In the
current context, the care-of address or the tunnel end-point is the
address of the proxy mobile agent and there could be multiple mobile
stations attached to the same proxy mobile agent and hence the tunnel
is a fat tunnel serving multiple mobile stations. This is identical
to the Mobile IPv4 model, where a tunnel between the foreign agent
and the home agent is shared by many visiting mobile nodes.
The life cycle of the tunnels should not be based on a single binding
entry. A tunnel may get created due to a single binding entry and
later may be shared by many other nodes. So, the tearing down logic
of the tunnel has to be based on the number of visitors over that
tunnel. Implementations are free to pre-establish tunnels between
every home agent and every proxy mobile station in the network and
with out creating and destroying the tunnels on a need basis.
6.7. Packet Routing
After receiving a successful Proxy Binding Acknowledgment for the
Proxy Binding Update request, the proxy mobile agent sets up a tunnel
to the mobile station's home agent.
The bi-directional tunnel between the proxy mobile agent and the home
agent is used for routing the packets sent by the mobile station and
also the packets that are sent to the mobile station.
Gundavelli, et al. Expires April 19, 2007 [Page 15]
Internet-Draft Proxy Mobile IPv6 October 2006
The following are the details of the tunnel.
o Tunnel Source Address is the IPv6 Address on the egress interface
o Tunnel Destination Address is the home agent's address
o Tunnel Encapsulation Mode is IPv6/IPv6
The proxy mobile agent functions as a default router to the mobile
station on the access link. Any packets that the mobile station
sends, it will simply route them to the home agent over the tunnel.
Any packets that the proxy mobile agent receives from this tunnel, it
will forward them on the access link.
7. Mobile Station Operation
7.1. Booting for the first time
When the mobile station attaches to a link on the access router
running proxy mobile agent, it will present its identity to the
network in the form of NAI as part of the access authentication
procedure. After performing the required access authentication
procedures, the mobile station would be assigned a Home Network
prefix. Once a prefix is allocated to the mobile station, the prefix
just follows the mobile as it moves within the network. The network
will ensure, the mobile station retains its home prefix and home
address, and the reachability using its home address, and thus
providing the required network mobility with in that portion of that
managed network with deployed proxy mobile agents.
After a successful access authentication, the mobile station will
send a Router Solicitation message. The proxy mobile agent on the
link will respond to the Router Solicitation message with a Router
Advertisement. The Router Advertisement will have the mobile
station's home prefix, default router and other address configuration
parameters. The address configuration parameters such as Managed
Address Configuration, Stateful Configuration flag values will be
consistent with the home link policy.
If the Router Advertisement has the Managed Address Configuration
flag set, the mobile station, as it would normally do, will send a
DHCP Request and again the proxy mobile agent on that link will
ensure, the mobile station gets its home address as a lease from the
Gundavelli, et al. Expires April 19, 2007 [Page 16]
Internet-Draft Proxy Mobile IPv6 October 2006
DHCP server.
If the Router Advertisement does not have the Managed Address
Configuration flag set, the mobile station can autoconfigure itself
by appending its link-layer address (EUI-64 format) to the advertised
local home network prefix.
Once the address configuration is complete, the mobile station will
always be able to use that IPv6 address anywhere with in that managed
network where proxy mobile agents are deployed. Further, the mobile
station will always get the same Address even after a reboot.
7.2. Roaming in the Network
As the mobile station roams with in the network, moving from one link
to the other, it always detects its home prefix. The proxy mobile
agent on the attached link emulates the home link behaviour for the
mobile station. It makes the mobile station believe it is on its
home link. The Router Solicitation messages will result in a Router
Advertisement with its home prefix, default router and other
configuration parameters remain consistent with the home link
properties.
7.3. IPv6 Host Protocol Parameters
The specification assumes the mobile station to be a normal IPv6
host, with its protocol operation consistent with the base IPv6
specification [1]. All aspects of Neighbor Discovery Protocol,
including Router Discovery, Neighbor Discovery, Address Configuration
procedures will just remain the same as to the base IPv6 ND
Specification [1]. However, the protocol recommends the mobile
station to adjust the following IPv6 operating parameters to the
below recommended values for protocol efficiency and for achieving
faster hand-offs.
Disabling Duplicate Address Detection:
As per this specification, the mobile station and the proxy mobile
agent share a point to point link. All messages including multicast
messages with link-local scope scope sent by the mobile station or
the proxy mobile agent are seen only by those two entities. Further,
the prefix that is advertised on this shared link is specific to that
mobile station and no other node will be on this link. Thus, the DAD
Gundavelli, et al. Expires April 19, 2007 [Page 17]
Internet-Draft Proxy Mobile IPv6 October 2006
procedures in this operating environment carry very little value and
MAY NOT be required at all. The mobile station MAY disable Duplicate
Address Detection (DAD) procedure on the access link, if it does not
violate any other specification.
Lower Default Router List Cache Time-out:
As per the base IPv6 specification [1], each IPv6 host will maintain
certain host data structures including a Default Router list. This
is the list of on-link routers that have sent Router Advertisement
messages and are eligible to be a default routers on that link. The
Router Lifetime field in the received Router Advertisement defines
the life of this entry.
In the current operational scenario, when the mobile station moves
from one link to another, a new proxy mobile agent will advertise the
prefix that is assigned for that visiting mobile station. The mobile
station thus believes its still on the same link and with the same
on-link prefix as before. However, the received Router Advertisement
messages are from a different link-local address and thus making it
believe there is a new default router on the link. It is important
that the mobile station uses the newly learnt default router as
supposed to the previous default router. The mobile station must
update its default-router list with the new default router entry and
must age out the previosly default router entry from its cache, just
as specified in Section 6.3.5 of the base IPv6 ND specification [1].
This action is critical for minimizing packet losses during a hand
off period.
On detecting a reachability problem, the mobile station will
certainly detect the neighbor or the default router unreachability by
performing a Neighbor Unreachability Detection procedure, but it is
important that the mobile station times out the previous default
router entry at the earliest. If a given IPv6 host implementation
has the provision to adjust these flush timers, still conforming to
the base IPv6 ND specification, it is desirable to keep the flush-
timers to suit the above consideration.
However, if the proxy mobile agent has the ability to with draw the
previous router entry, by multicasting a Router Advertisement using
the link-local address that of the previous mobility proxy agent and
with the Router Lifetime field set to zero, then it is possible to
force the flush out of the Previous Default Router entry from the
mobile station's cache. This certainly requires the proxy mobile
agent to notify its link-local address to the home agent as part of
the binding update and the home agent to associate this opaque data
with the binding cache entry so that a new proxy mobile agent can
Gundavelli, et al. Expires April 19, 2007 [Page 18]
Internet-Draft Proxy Mobile IPv6 October 2006
learn the link-local address of the previous router and send a Router
Advertisement with that link-local address.
There are other solutions possible for this problem, including the
usage of a virtual MAC address and a fixed link-local address for all
the deployed proxy mobile agents in the network. In any case, this
is very much implementation dependent and has no bearing on the
protocol specification.
8. IANA Considerations
This document defines a new flag (P) to the Binding Update message
specified in [1].
This document also defines new Binding Acknowledgment status values
as described in Section 4.5. The status values MUST be assigned from
the same space used for Binding Acknowledgment status values in [1].
9. Security Considerations
The Mobile IPv6 base specification [1] requires the signaling
messages between the home agent and the mobile node to be secured by
the use of IPsec extension headers.
This document introduces a new functional entity, proxy mobile agent,
a function that will be implemented in the access routers. This
entity is responsible for performing the Mobile IPv6 signaling on
behalf of the mobile station, also called as Proxy MIPv6 Signaling.
As described in the base Mobile IPv6 specification [3], Section 5.1
both the mobile client (in this case, its the proxy mobile agent) and
the home agent MUST support and SHOULD use the Encapsulating Security
Payload (ESP) header in transport mode and MUST use a non-NULL
payload authentication algorithm to provide data origin
authentication, data integrity and optional anti-replay protection.
This document does not cover the security requirements for
authorizing the mobile station for the use of the access link. It is
assumed that there are proper Layer-2 based authentication
procedures, such as EAP, in place and will ensure the mobile station
is properly identified and authorized before permitting it to access
the network. It is further assumed that the same security mechanism
Gundavelli, et al. Expires April 19, 2007 [Page 19]
Internet-Draft Proxy Mobile IPv6 October 2006
will ensure the mobile session is not hijacked by malicious nodes on
the access link.
The proxy solution allows one device creating a routing state for
some other device at the home agent. It is important that the home
agent has proper authorization services in place to ensure a given
proxy mobile agent is permitted to be a proxy for a specific mobile
station. If proper security checks are not in place, a malicious
node may be able to hijack a session or may do a denial-of-service
attacks.
10. Acknowledgments
11. Normative References
[1] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6)
Specification", RFC 2460, December 1998.
[2] Narten, T., Nordmark, E., Simpson, W., "Neighbor Discovery for IP
Version 6 (IPv6)", RFC 2461, December 1998.
[3] Johnson, D., Perkins, C., and J. Arkko, "Mobility Support in
IPv6", RFC 3775, June 2004.
[4] Arkko, J., Devarapalli, V., and F. Dupont, "Using IPsec to
Protect Mobile IPv6 Signaling Between Mobile Nodes and Home Agents",
RFC 3776, June 2004.
Gundavelli, et al. Expires April 19, 2007 [Page 20]
Internet-Draft Proxy Mobile IPv6 October 2006
Authors' Addresses
Sri Gundavelli
Cisco Systems
170 West Tasman Drive
San Jose, CA 95134
USA
Email: sgundave@cisco.com
Kent Leung
Cisco Systems
170 West Tasman Drive
San Jose, CA 95134
USA
Email: kleung@cisco.com
Vijay Devarapalli
Azaire Networks
4800 Great America Pkwy
Santa Clara, CA 95054
USA
Email: vijay.devarapalli@azairenet.com
Gundavelli, et al. Expires April 19, 2007 [Page 21]
Internet-Draft Proxy Mobile IPv6 October 2006
Intellectual Property Statement
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
Disclaimer of Validity
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Copyright Statement
Copyright (C) The Internet Society (2006). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights.
Acknowledgment
Funding for the RFC Editor function is currently provided by the
Internet Society.
Gundavelli, et al. Expires April 19, 2007 [Page 22]