[Search] [txt|pdf|bibtex] [Tracker] [Email] [Diff1] [Diff2] [Nits]

Versions: 00 01                                                         
Internet Draft                                     Alper Yegin (Editor)
Document: draft-yegin-dna-l2-hints-01.txt               DoCoMo USA Labs
Expires: August 2004                                       Eric Njedjou
                                                     France Telecom R&D
                                                        Siva Veerepalli
                                                          Qualcomm, Inc
                                                      Nicolas Montavont
                                                            Thomas Noel
                                        LSIIT -University Louis Pasteur

    Link-layer Triggers and Hints for Detecting Network Attachments

                          Status of this Memo

This document is an Internet-Draft and is in full conformance with all
provisions of Section 10 of RFC2026.

Internet-Drafts are working documents of the Internet Engineering Task
Force (IETF), its areas, and its working groups.  Note that      other
groups may also distribute working documents as Internet-Drafts.

Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time.  It is inappropriate to use Internet-Drafts as reference material
or to cite them other than as "work in progress."

The list of current Internet-Drafts can be accessed at
The list of Internet-Draft Shadow Directories can be accessed at


Certain link-layer technologies are capable of providing various link
status information to the IP module. Link-layer event notifications
(triggers) along with optional auxiliary data (hints) can help the IP
module make expedited decisions regarding configuration changes. This
draft provides a non-exhaustive catalogue of triggers and hints from
well-known link-layer technologies.

Yegin et al.          Expires April August 2004
[Page 2]                L2 Triggers and Hints            February 2004

Table of Contents

   1.0  Introduction.................................................2
   2.0  Terminology..................................................3
   3.0  Link-layer Triggers and Hints in Various Systems.............6
   3.1.  GPRS........................................................6
   3.1.1.  Network Reference Model...................................7
   3.1.2.  Link-layer Events and Information.........................7
   3.2.  3GPP2......................................................11
   3.2.1.  Network Reference Model..................................11
   3.2.2.  Link-layer Events and Information........................13
   3.3.  WLAN.......................................................14
   3.3.1.  Network Reference Model..................................15
   3.3.2.  Link-layer Events and Information........................17
   4.0  Triggers and Hints..........................................17
   4.1.  Link-up Trigger and Associated Hints.......................18
   4.2.  Link-down Trigger..........................................18
   5.0  Security Considerations.....................................19
   6.0  References..................................................19
   7.0  Acknowledgements............................................20
   Appendix A.......................................................20
   A.1. Routing Area and Cell Change................................20
   A.1.1. Link-layer Information....................................21
   A.2. Sub-link-layer Information..................................21
   Authors' Addresses...............................................22
   Full Copyright Statement.........................................22

1.0  Introduction

   It is not an uncommon occurrence for a host to change its point-of
   attachment to the network. This can happen due to mobile usage
   (e.g., a mobile phone moving among base stations) or nomadic usage
   (e.g., road-warrior case).

   Each time a host changes its point-of attachment, it is possible
   that it will also have to change its IP-layer configurations, such
   as its IP address and default gateway information. In order to make
   these changes, the IP module has to detect the new network
   attachment, realize that the old configuration is no longer valid
   and obtain the new configuration parameters. The network detection
   phase can usually use network-layer indications such as a change in
   the advertised prefixes. But generally reliance on such indications
   does not yield rapid detection, since these indications are not
   readily available upon a link change.

   Link-layer event notifications to the IP are considered link-layer
   triggers. From detecting network attachment perspective, an

Yegin et. al.         Expires April August 2004
[Page 3]                L2 Triggers and Hints           February 2004

   auxiliary data delivered in association with a trigger is considered
   a hint. It has been identified that receiving explicit triggers and
   hints from the link-layer would expedite the detection process. The
   link-layer indicating that the host has established a new connection
   can be used as a trigger to further probe the network for a possible
   configuration change. Additional hints when present can be used as
   input to this process.

   A link-layer trigger cannot be used to positively determine the need
   for a configuration change as it might very well be the case that
   the host is still connected to the same IP subnet despite the link
   change. For example, there might be several IEEE 802.11b access
   points connected to the same access router. Moving among these
   access points does not warrant any IP-layer configuration change.
   This is why the link-layer triggers should be used as "advisory-
   only" unless stated otherwise.

   In order to enable an enhanced network attachment detection scheme,
   we need to identify types of link-layer triggers and hints that can
   be realistically expected from various access technologies. The
   objective of this draft is to provide a catalogue of existing link-
   layer triggers and hints in various architectures.

   The document limits itself to the minimum set of link-layer triggers
   that are necessary for detecting network attachment. These triggers
   are considered with hosts in mind, although they may also be
   available on the network side (e.g., on the access router).

2.0  Terminology

   Some of the terminology differs among the discussed architectures.
   An architecture name is provided in parenthesis when a term has
   limited applicability.

   3GPP   Third Generation Partnership Project

   3GPP2  Third Generation Partnership Project 2

   ANID   Access Network Identifier. Identifies the packet switched
          area served by a unique combination of RAN and MSC area.

   AP     Access Point. An access point is an entity that provides
          bridging between the radio link and the wired network. (WLAN)

   APN    Access Point Name. A parameter of the PDP context, in the
          form of a logical name that is used to select the GGSN or the
          external IP network. (3GPP)

   AT     Access Terminal. Another term used for Mobile Terminal in
          3GPP2 networks. (3GPP2)

Yegin et. al.         Expires April August 2004
[Page 4]                L2 Triggers and Hints           February 2004

   BSC    Base Station Controller. A BSC controls a set of BTS. (3GPP,

   BSS    Base Station System. The system that is made up of BTSs and
          BSCs. (3GPP)

   BSS    Basic Service Set. A BSS is composed of one AP and its
          attached MNs. (WLAN)

   BSSID  Basic Service Set Identification. A unique identifier of a
          BSS. In infrastructure mode, it is the MAC address of the AP.

   BTS    Base Transceiver Station. Mobile terminalÆs radio attachment
          point to the network. A BTS is responsible for MTs within a
          given radio cell.(3GPP, 3GPP2)

   ESS    Extended Service Set. The set composed of APs and associated
          MNs(BSSs) that share a common distribution system. (WLAN)

   FA     Foreign Agent. A router on a mobile node's visited network
          which provides routing services to the mobile node while

   GGSN   Gateway GPRS Support Node. A router between the GPRS core
          network and an external IP network. (3GPP)

   GMM    GPRS Mobility Management. Sub-link-layer protocol between the
          MT and the SGSN for handling MT movement. (3GPP)

   GPRS   General Packet Radio Service. Packet-switched data
          transmission service on top of the GSM network. (3GPP)

   GTP    GPRS Tunneling Protocol. A protocol for encapsulating user
          data traffic between the SGSN and the GGSN. (3GPP)

   HA     A router on a mobile node's home network which tunnels
          datagrams for delivery to the mobile node when it is away
          from home, and maintains current location information for the
          mobile node.

   IMSI   International Mobile Subscriber Identity. A 12-digit number
          that uniquely identifies a GPRS subscriber smart card. (3GPP)

   LLC    Logical Link Control. Data link protocol between the MT and
          SGSN. (3GPP)

   MN     Mobile Node. A host or router that changes its point of
          attachment from one network or subnet to another.

Yegin et. al.         Expires April August 2004
[Page 5]                L2 Triggers and Hints           February 2004

   MN     Mobile Node. The conjunction of a Mobile Terminal, a SIM card
          and Terminal Equipment. (3GPP)

   MT     Mobile Terminal. For example, a mobile phone handset or a
          PCMCIA card. (3GPP)

   MS     Mobile Station. For example, a mobile phone or a combination
          of mobile terminal (e.g., a phone) and terminal equipment
          (e.g., a laptop). (3GPP2)

   MUX    Multiplex Layer. A link layer protocol used to multiplex
          signaling and RLP protocols. (3GPP2)

   NSAPI  Network Layer Service Access Point Identifier. It is used to
          identify a PDP context between MT and SGSN on top of the
          Logical Link Control layer. It is set by the MT. (3GPP)

          Packet TMSI. A temporary IMSI allocated by the GPRS network
          to the MT upon IMSI attach procedure.(3GPP)

   PCF    Packet Control Function (3GPP2)

   PDP Address
          Address of a MN for a given PDP context. (3GPP)

   PDP Context
          Soft state maintained between the Mobile Terminal, the SGSN
          and the GGSN for guaranteeing a negotiated quality of service
          for the IP flows exchanged between the GPRS Mobile Terminal
          and an external Packet Data Network such as Internet. (3GPP)

   PDSN   Packet Data Serving Node. The default gateway router for MNs
          in 3GPP2 networks. (3GPP2)

   PLMN   Public Land Mobile Network. A GPRS Network operated on a
          national territory. (3GPP)

   PPP    Point-to-Point Protocol

   RA     Routing Area. Set of adjacent cells. A given number of RAs
          are under the control of one SGSN. (3GPP)

   RAN    Radio Access Network. (3GPP, 3GPP2)

   RLP    Radio Link Protocol. A link-layer protocol used to improve
          the physical-layer frame error rate over the air. (3GPP2)

   R-P    RAN-to-PDSN interface. Also known as the A10/A11 interface.

   SGSN   Serving GPRS Support Node. A router directly connected to the

Yegin et. al.         Expires April August 2004
[Page 6]                L2 Triggers and Hints           February 2004

          GPRS Radio Sub-System that handles the mobility of terminals
          attached to the RAs under its authority. The SGSN is also the
          Radio Sub-System interface to the GPRS IP core network. It
          could be considered as an equivalent to the IEEE 802.11
          access point. (3GPP)

   SM     Session Management. Sub-link-layer protocol between the MT
          and the GGSN that handles the activation/deactivation of a
          PDP Context. (3GPP)

   SSID   Service Set Identifier. Identifier of an ESS. (WLAN)

   TE     Terminal Equipment. A user's laptop for example. TE can
          connect to the network via MT. (3GPP)

   TI     Transaction Identifier. This is the association between an
          NSAPI and an identifier corresponding to an operation
          performed on the associated PDP context. For example a
          "Modify PDP Context Request" will be identified by a
          Transaction Identifier. (3GPP)

   TLLI   Temporary Logical Link Identity. It is used by the SGSN to
          identify a particular Mobile Terminal at the logical link
          control layer. (3GPP)

3.0  Link-layer Triggers and Hints in Various Systems

   This section provides an overview of various architectures and
   discusses associated link-layer triggers and hints.

3.1. GPRS

   Multi-interface terminals are changing the face of wireless IP
   connectivity and GPRS [GPRS] is being one of the most pervasive
   types of radio link for enabling multi-technology access to the

   GPRS is an enhancement to the GSM data transmission architecture and
   capabilities, designed to allow for packet switching in user data
   transmission within the GPRS network as well as for higher quality
   of service for the IP traffic of Mobile Terminals with external
   Packets Data Networks (PDN) such as the Internet or corporate LANs.
   The GPRS architecture consists of a Radio Access Network and a
   packet domain Core Network.

   - The GPRS Radio Access Network is composed of Mobile Terminals, a
   Base Station Subsystem (BSS) and Serving GPRS Support Nodes (SGSN).
   The BSS is made up of radio cells called Base Transceiver Stations
   (BTS) served under the control of Base Station Controllers (BSC).

Yegin et. al.         Expires April August 2004
[Page 7]                L2 Triggers and Hints           February 2004

   So-called Routing Areas are formed by the subdivision of BSCs. Each
   SGSN in the GPRS architecture controls a set of RAs;

   - An IP Core Network that acts as the transport backbone of user
   datagrams between SGSNs and Gateway GPRS Support Nodes (GGSN). The
   GGSN ensures the GPRS IP core network connectivity with external
   networks, such as Internet or Local Area Networks.

From the point of view prevailing in detecting network attachment, the
GPRS access network will be only seen as providing layer 1-2
reachability even if it is able to provide IP connectivity alone.

3.1.1.    Network Reference Model

   Most of the triggers described in this document come from messages
   exchanged on top of the Logical Link Control protocol (LLC) running
   between the Mobile Terminal and the SGSN. The messages are part of
   the GPRS Mobility Management (GMM) and Session Management (SM)
   protocols and ensure functionalities such as GPRS attach, detach,
   PDP Context activation and deactivation, Routing Area update.

           +----|    <-------------GMM/SM-------------->    +-----+
           |    |    <--------------LLC---------------->    |     |
           |    |                                           |     |
           |    |                    \ /                    |     |
           | MT |                  +-----+                  |SGSN |
           |    |  Radio interface |     |<---------------->|     |
           |    |<----Protocols--->| BSS |                  |     |
           +----+  (RLC, MAC, L1)  +-----+                  +-----+

        Figure 1. Signaling protocol stack between MT and SGSN

3.1.2.    Link-layer Events and Information

   In GPRS networks, only network attachment/detachment and subsequent
   PDP context changing events will directly impact the IP
   configurations, hence should be used as link-layer triggers by IP.
   Other events such as routing area and cell change do not directly
   imply potential configuration change. More details on those
   secondary types of events can be found in Appendix A.

   When connecting, first a GPRS attach needs to be made to the SGSN.
   The procedure is attempted whenever a GPRS-enabled Mobile Terminal
   is being switched on. The attachment can also take place at any time
   while the MT is switched on, for example following a detach forced
   by the network. The MT provides its identity during the attach
   request to the network in the form of a so-called Packet Temporary
   Mobile Subscriber Identity (P-TMSI). If the MT has no valid P-TMSI,
   it provides its IMSI.

Yegin et. al.         Expires April August 2004
[Page 8]                L2 Triggers and Hints           February 2004

   Before the MT becomes GPRS attached, it scans for available GPRS
   networks, as well as acquires the identities of their cells in the
   covered area. It is also possible for the MT to obtain the radio
   capabilities of these cells.

   When a MT has performed the GPRS attach, it becomes in READY state.
   In this state, the MT is reachable (using the logical link layer -
   LLC) by the GPRS Radio Access Point called the SGSN. Otherwise, its
   state is said to be IDLE. During the IDLE state, no IP level
   communication is possible with an external network, such as
   Internet. The SGSN identifies the logical link with the MT by the
   Temporary Logical Link Identifier (TLLI) it derives from the P-TMSI
   that was assigned to the MT. It has to be noted that the MT or SGSN
   may initiate a detach procedure (Mobile or Network Initiated
   Detach). The MT returns from READY to IDLE STATE upon detachment.

   The MT is actually considered GPRS attached when it has received an
   "Attach Accept" message from the SGSN. The MT is considered detached
   from the GPRS Network when it has sent or received a "Detach Accept
   message" from/to the SGSN. This is an indication that the link-layer
   connectivity is being lost.

   The "Detach Accept" message is also preceded by a "Detach Request"
   message from the side initiating the detachment procedure. This
   message is an indication that a detachment from the GPRS network is
   about to take place. The network-layer could then anticipate the
   loss of connectivity.

   The "Attach Accept" message comes along with an update of the Mobile
   Terminal Mobility Management context held at the GMM/MM level. This
   message contains:

   - The Packet Temporary Mobile Station Identifier (P-TMSI). The P-
   TMSI is a temporary IMSI allocated by the GPRS network upon attach
   (if no P-TMSI was already present). It is used for subscriber
   location hiding purpose in substitution to the IMSI.
   - The current Cell Identity (CI)
   - The current Routing Area Identity (RAI) which identifies the
   serving SGSN
   - The ciphering algorithm, key (Kc) and sequence number (CKSN)

   Once the GPRS MT is attached, the attached network information can
   be sent to it via the "MM information" message that contains:

   - The network name known as Public Land Mobile Network ID in 3GPP
   - Network registration type (Home or Roaming)

   A MN that wants to establish IP-level connections through the GPRS
   MT should first request the GPRS network to settle the necessary
   soft state mechanism (GPRS tunneling protocol) between its serving

Yegin et. al.         Expires April August 2004
[Page 9]                L2 Triggers and Hints           February 2004

   SGSN and the GGSN corresponding to the APN specified in the PDP
   Context parameters. Only after this tunneling mechanism takes place
   can the MN's IP packets be forwarded to and from its remote IP
   peers. The process by which this is made possible is designated as a
   PDP Context Request.

   The aim of this function is also to provide IP-level configuration
   on top of the GPRS link-layer attachment, in order for the MN to get
   IP reachability with external networks, such as Internet. The
   establishment of a PDP context is partially based on link-layer
   characteristics negotiated between the MT and the GPRS network (SGSN
   and GGSN). These characteristics include the QoS profile that will
   be guaranteed by the SGSN and GGSN (e.g., maximum delay, link
   reliability, peak and mean throughputs). When the MT requests a PDP
   context, it selects a Network Service Access Point Identifier
   (NSAPI) that it sends to the SGSN with the request. The NSAPI is
   sent (as part of the PDP Context request message) on top the Logical
   Link Control layer identified for that MT by the TLLI. In this way,
   the SGSN is able to uniquely identify the PDP context.

   A PDP context Activation procedure can also be initiated by the GGSN
   (Network-requested PDP Context Activation) but this alternative is
   not likely to happen so often.

   The network may also decide to modify an existing PDP Context with a
   given MN at any time. Such a modification might be prompted by the
   MN's serving SGSN when it estimates that the negotiated QoS profile
   can no longer be respected. For instance, the GPRS Network might
   temporarily not be able to guarantee the contracted delay, in which
   case it would force the related PDP context parameter to be
   renegotiated. Note that, a MT can decide not to accept such an
   update of its PDP context, in which case it should start a PDP
   context deactivation procedure. Furthermore, a PDP context may be
   deleted at any time at the request of the MT or the network. After a
   PDP context is deleted, the MT returns to simply attached state
   (READY STATE). Finally, a Mobile Terminal can hold several PDP
   contexts, each corresponding to a different NSAPI.

               | PDP Context1 |                        +-------+
               |   NSAPI 1    |                        |       |
               | ------------ |       +------+         |       |
               |   GPRS MT    +-------+ TLLI +---------| SGSN  |
               | ------------ |       +------+         |       |
               | PDP Context2 |                        |       |
               |   NSAPI 2    |                        +-------+

            Figure 2. NSAPI and TLLI (link identifier).

Yegin et. al.         Expires April August 2004
[Page 10]               L2 Triggers and Hints            February 2004

   A PDP context is considered activated on the MT side as soon as an
   "Activate PDP Context Accept" message has been received from the
   GGSN. The reception of this message can be considered as a trigger
   that the GPRS network will be providing a certain link-layer
   quality-of service for which parameters (e.g., delay, reliability,
   throughput) are included with the messages described below.

   When the network is about to modify a PDP Context, it informs the MT
   by sending a "Modify PDP Context Request" message. This can also be
   an indication at the MN's network-layer that the link-layer
   characteristics on the GPRS attachment are about to change. The MN
   could then be able to anticipate such a change, which would likely
   be a drop or an increase of service quality. The "Modify PDP Context
   Accept" message confirms the modification and is an indication that
   the initially negotiated PDP context characteristics are no longer

   A "Deactivate PDP Context Request" message is sent by the MN or
   received from the SGSN depending on which side has initiated the
   deactivation procedure. The transmission or reception of this
   message can serve as a trigger that the IP configuration of the MN's
   GPRS interface or one of its IP configuration (in case multiple PDP
   Contexts are present on the MT), is about to be deleted. This could
   help the MN anticipate the coming loss of IP attachment. A
   "Deactivate PDP Context Accept" sent or received by the MT is a
   confirmation that the PDP context is being deleted.

   The "Activate PDP Context Accept" message comes along with a
   modification of the GMM context that contains the following

   - The TI (transaction identifier) associated to the procedure of
   activating a PDP context. It consists of the NSAPI generated by the
   MT for that PDP context and an operation identifier,
   - The IP address for that PDP context,
   - The QoS Profile negotiated with the network,
   - The Radio Priority level for data transmission.

   The "Modify PDP Context Accept" comes along with the following
   -The TI associated to the procedure,
   -The new QoS profile negotiated with the network,
   -The radio priority level for data transmission.

   The "Deactivate PDP Context Accept" message comes along with the TI
   associated to the procedure.

Yegin et. al.         Expires April August 2004
[Page 11]               L2 Triggers and Hints            February 2004

3.2. 3GPP2

   3GPP2 (cdma2000) packet data services provide mobile users wide area
   high-speed access to packet switched networks. 3GPP2 consists of
   multiple radio access technologies, namely 1x EV, 1x EV-DO and 1x
   EV-DV, where the order shows the evolution of technology in the
   industry. 1x Evolution Data Only (1x EV-DO) and 1x Evolution Data-
   Voice (1x EV-DV) are enhanced air interface technologies that are
   optimized for higher data rates.

   The aforementioned 3GPP2 technologies share a common core network
   infrastructure which enables easy transition to enhanced air
   interface technologies. 3GPP2 networks use the Point-to-Point
   Protocol (PPP) as the link-layer protocol between the mobile node
   and the network access server. Hence, link-layer mechanisms are
   pretty consistent across all air interface technologies. Unless
   specifically called out, all link-layer mechanisms specified in this
   document apply to all 3GPP2 air interface technologies.

3.2.1.    Network Reference Model

   Some of the major components of the 3GPP2 packet network
   architecture (see Figure 3) consist of:

   - Mobile Node (also known as Mobile Station or Access Terminal in
   3GPP2), which allows mobile access to packet-switched networks over
   a wireless connection,
   - Radio Access Network, which consists of the Base Station
   Transceivers (BTS), Base Station Controllers (BSC), and the Packet
   Control Function (PCF),
   - Network Access Server known as the Packet Data Switching Node
   (PDSN). The PDSN also serves as the Foreign Agent (FA), in the case
   of Mobile IP service.

                      |           RAN           |
     +====+           |  +=====+       +=====+  |       +======+
     |    |           |  | BSC/|       |     |  |       |      |
     | MN |-----------|  | BTS |-------| PCF |--|-------| PDSN |
     |    |           |  |     | A8/A9 |     |  |A10/A11|      |
     +====+           |  +=====+       +=====+  |       +======+
                      |                         |

                Figure 3. Packet Network Reference Model

   Figure 4 shows the hierarchical relationship between the RAN,
   PDSN/FA and HA. The control and bearer interfaces between the BSC

Yegin et. al.         Expires April August 2004
[Page 12]               L2 Triggers and Hints            February 2004

   and PCF are known as the A9 and A8 interface respectively, while the
   control and bearer interfaces between PCF and PDSN are known as the
   A11 and A10 interfaces respectively. Note that, the A11/A10
   interface is also known as the R-P interface (for RAN-PDSN
   interface). The A9 and A11 interfaces are used to establish A8 and
   A10 connections. The A8 and A10 connections are used to tunnel link
   layer data (PPP frames) between the BSC and PDSN.

                                   |      |
                                   |  HA  |
                                   |      |
                        |              |               |
                    +======+        +======+       +======+
                    |      |        |      |       |      |
                    | PDSN |        | PDSN |       | PDSN |
                    |      |        |      |       |      |
                    +======+        +======+       +======+
                      / \              / \            / \
                    /     \          /     \        /     \
                   /       \        /       \      /       \
             +======+  +======+ +======+     \    /         \
             |      |  |      | |      |    +======+      +======+
             |  PCF |  |  PCF | |  PCF |    |      |      |      |
             |      |  |      | |      |    |  PCF |      |  PCF |
             +======+  +======+ +======+    |      |      |      |
                |         / \       |       +======+      +======+
      A8/A9 ----|--------/---\------|----------|-------------|-----
                |       /     \     |          |             |
             +====+ +====+ +====+ +====+     +====+        +====+
             |    | |    | |    | |    |     |    |        |    |
             |BSC | |BSC | |BSC | |BSC |     |BSC |        |BSC |
             |    | |    | |    | |    |     |    |        |    |
             +====+ +====+ +====+ +====+     +====+        +====+

            |    |
            | MS |  ------->
            |    |

       Figure 4. Hierarchical relationship between RAN, PDSN and HA

Yegin et. al.         Expires April August 2004
[Page 13]               L2 Triggers and Hints            February 2004

   A PCF controls one or more BSCs. The area served by each PCF is
   identified by the Access Network Identifier (ANID). This is referred
   to as the SUBNET ID in the 1x EV-DO system. Any given BSC is
   associated with one and only one PCF. The combination of BSC and PCF
   is also known as the RAN. Each PCF can communicate with one or more
   PDSNs. However, for a given mobile user, the PCF typically
   establishes a connection with a specific PDSN.

   Link-layer-related (e.g., handover) information is provided by the
   RAN to the MS via 3GPP2 overhead signaling messages broadcast over
   the air interface.

   A number of other important components of the architecture that
   enable call setup (such as the MSC, HLR, AC and/or AAA servers) are
   left out for the sake of simplicity. None of these components have a
   direct impact on the discussion of link-layer hints.

3.2.2.    Link-layer Events and Information

   While a PPP connection is in ESTABLISHED state at the MN and PDSN,
   the packet data service state at the MN can be in ACTIVE or DORMANT
   state. In the ACTIVE state, all the bearers between the MN and the
   PDSN are in the established state. In the DORMANT state, the radio
   link bearer and the A8 connection are torn down to conserve radio
   resources. However, the A10 bearer still remains connected, and the
   PPP state is maintained both at the MN and PDSN.

   MN transitions from DORMANT to ACTIVE state when the MN has some
   data to send or the network (PDSN) has data to send to the MN. When
   a MN in ACTIVE packet data service state hands off from one RAN to
   another, it results in an ANID change. An ANID change may or may not
   result in a change in the MN point of attachment to the network
   (i.e., PDSN).

   If the ANID changes, but no change in the network attachment point,
   a new A10 connection between the new PCF and serving PDSN is
   established. If the ANID change results in a change in network
   attachment point (i.e., PDSN), the new PDSN initiates a new PPP
   connection setup with the MN, resulting in an update of the network
   configuration information such as IP address and DNS server address
   on the mobile node. In the case of Mobile IP, PPP resynchronization
   is followed by Mobile IP registration to update the FA (PDSN)
   address in the Mobile IP binding at the HA.

   Hence, a PPP resynchronization from the PDSN could be viewed as a
   link-layer event that updates network configuration information in
   the MN and further provides an indication to the MN that Mobile IP
   registration is required to update the binding in the HA with the
   new FA address.

Yegin et. al.         Expires April August 2004
[Page 14]               L2 Triggers and Hints            February 2004

   On the other hand, when a DORMANT mobile moves, the RAN is not aware
   of the presence of the mobile in its area (as the radio link is not
   in established state). The RAN relies on the MN to inform it of the
   MN's presence. The ANID for the RAN, which is broadcast on the
   overhead channel, is used for determining RAN changes by the MN.
   When a dormant MN moves and the ANID changes, the MN registers with
   the RAN to initiate a new A10 connection between the new RAN and
   PDSN. If the ANID change also results in a change in the network
   attachment point, not only is a new A10 connection established, but
   also a new PPP connection is established between the new PDSN and
   MN. The RAN transitions the MN from DORMANT to ACTIVE state in order
   to resynchronize the PPP connection. This results in an update in
   the network layer configuration information such as IP address and
   DNS server address in the MN. In the case of Mobile IP, PPP
   resynchronization is followed by Mobile IP registration to update
   the FA (PDSN) address in the Mobile IP binding at the HA.

   As described above, a lower-layer indication (ANID change) allows a
   MN to discover a potential change in the network point of
   attachment. From IP's perspective, changes in the PPP link status
   provide a trigger and hints about the network attachment change.

3.3. WLAN

   WLANs are the wireless extension of the Local Area Networks. A WLAN
   offers MNs short range network access at high rate. The maximum
   coverage area of a node is usually from few meters indoors to more
   than one hundred meter outdoor. The raw bandwidth varies between
   1Mbps to 54Mbps depending on the norm used and the configuration of
   the equipment.

   The IEEE 802.11 series are specified by IEEE since 1997 and the
   currently available standards are IEEE 802.11b [802.11b] and IEEE
   802.11g [802.11g] operating in the 2.4GHz band, and IEEE 802.11a
   [802.11a] operating in the 5GHz band. The specification defines both
   the MAC-layer and the physical-layer (e.g., modulation techniques
   and propagation). The MAC level is the same for all these

   Two operating modes are available in the IEEE 802.11 series. In ad-
   hoc mode, each equipment in range may directly communicate with
   other, i.e. without any infrastructure or intermediate hop. In
   infrastructure mode, all link-layer frames are transmitted to an
   access point (AP) which then forwards them to the final receiver.

   In this section MN refers to a IEEE 802.11 station without the AP

Yegin et. al.         Expires April August 2004
[Page 15]               L2 Triggers and Hints            February 2004

3.3.1.    Network Reference Model

   In the infrastructure mode, the network connectivity is offered to
   MN (IEEE 802.11 station) through an AP. An AP is a bridge between
   the wireless domain and the wired domain. The coverage area of an AP
   defines a cell. A BSS (Basic Service Set) is composed of one AP and
   at least one attached MN. A common IEEE 802.11 infrastructure is
   shown in Figure 5.

    Access Router-----Internet-----Access Router
       |                               |
       |    LAN                   LAN  |
      -+----+----            -+--------+------+-
            |                 |               |
            |      ~~~~~~~~~~~AP2~~~~~~~~~    |
     ~~~~~~~AP1~~~~~~~~                ~~~~~~~AP3~~~~~~~~
    ~             ~    ~              ~   ~              ~
    ~             ~    ~              ~   ~              ~
    ~       MN    ~    ~              ~   ~              ~
    ~             ~    ~              ~   ~    MN        ~
    ~             ~ MN ~              ~   ~              ~
     ~~~~~~~~~~~~~~~~~~                ~~~~~~~~~~~~~~~~~~
     BSS of AP1   ~                       ~    BSS of AP3
                  ~          MN           ~
                  ~                       ~
                         BSS of AP2

        Figure 5: Architecture of IEEE 802.11 access.

   When several APs are connected together through a DS (Distribution
   System), the set of all cells is called ESS for Extended Service
   Set. The structure of the DS is not defined in the IEEE 802.11
   standard and any technology can be used as DS medium. The document
   IEEE 802.11f [IAPP] proposes the Inter-AP protocol (IAPP) to be used
   between APs of the same ESS. Some information on attached MNs may be
   exchanged in an ESS in order to enable context transfers and enhance
   MN's roaming.

   When a MN moves out of the coverage area of its current AP, it may
   attach to a new AP. The new AP can be connected to the same access
   network as well as it can be connected to a different access
   network, this makes no difference at the link layer. However, if the
   new AP is connected to the same subnet as the old AP, the MN can
   continue its IP communication through the new AP without any
   configuration change at the network-layer. But if the new AP is
   connected to a different subnet, the MN needs to configure a new IP
   address valid for the new subnet and use some additional mechanism
   to maintain its ongoing communication sessions, such as Mobile IP
   [MIPv4, MIPv6].

Yegin et. al.         Expires April August 2004
[Page 16]               L2 Triggers and Hints            February 2004

   A MN must be associated and authenticated with an AP in order to
   send and receive data frames. At any given time, a MN can be
   associated with only one AP on each IEEE 802.11 radio interface.
   When a MN moves between two APs, it has to switch into promiscuous
   mode to discover and initiate a connection with a new AP. A MN
   cannot send IP packets during the establishment of a connection with
   an AP. In an RSN (Robust Secure Network [802.11i]) the data packets
   are still blocked until the IEEE 802.1X authentication and key
   management is successfully completed.

   Being associated implies that the MN has established a relationship
   with the AP.

   In a WLAN that does not support RSNA (RSN Association), three
   different steps are required for the MN to be associated with an AP.
   First the MN evaluates the potential APs in its range. In active
   mode, the MN scans its default channel to identify the available APs
   (exchange of Probe Request and Probe Response). If the MN does not
   receive any response from AP (e.g., no APs are operating in this
   channel), the MN switches to the next channel and continues the
   scanning. In passive mode, the MN only listens to beacons sent by AP
   to discover the potential APs.

   Once the MN discovers its target AP and its parameters, an
   authentication phase begins (exchange of Authentication

   When a MN succeeds the authentication process, it can associate with
   the AP (exchange of Association Request/Response). The MN sends its
   different link-layer parameters and the AP may accept to include the
   MN in the BSS. A MN may also issue a Re-association Request when the
   new AP belongs to the same ESS as the old AP of the MN. The
   Re-association message contains the MAC address of the old AP of the
   MN, allowing the new AP to inform old AP that the MN will now be
   associated with it. Note that even if the two APs belong to the same
   ESS, they can be on different IP subnets. No assumption is made on
   the location of APs in IEEE 802.11 series.

   In a IEEE 802.11 RSN, IEEE 802.1X might be used as the
   authentication and key management mechanism. In this framework, the
   authentication is performed after the MN is connected to the AP by
   utilizing protocols above the MAC layer. The process to be
   associated with an AP is the same as in the model described above,
   except that authentication at the MAC layer must not take place. The
   (re-)association of a MN is mapped to an IEEE 802.1X port on the AP,
   and the controlled IEEE 802.1X port blocks every data packets. Only
   the EAPOL packets are authorized to be sent through the uncontrolled
   IEEE 802.1X port. Once the authentication successfully completes,
   the 4-way handshake protocol takes place. The 4-way handshake
   consists of four EAPOL messages sent between the MN and the AP which
   guarantee the liveness of both the AP and the MN, the freshness and

Yegin et. al.         Expires April August 2004
[Page 17]               L2 Triggers and Hints            February 2004

   the synchronization of the session key. This triggers the change of
   the state of the IEEE 802.1X port from blocked to unblocked.
   Subsequently, data packets can be exchanged on the link.

3.3.2.    Link-layer Events and Information

   The roaming of MNs between APs is managed by the link-layer protocol
   and is known as link-layer handover. As long as the MN moves between
   APs in the same access network, the IP layer is not involved in the
   movement management. However, when the MN handovers to a new AP in
   another IP subnet, the MN needs to perform operations to maintain
   its existing communications [MIPv4, MIPv6]. Therefore, even if a
   link-layer handover occurs at the link layer, it doesn't necessarily
   imply a network-layer handover.

   In a WLAN that does not support RSN, upon reception of the
   Association (or Re-association) response message from the AP
   indicating that the association is accepted, the MN is associated to
   the AP. It can then transmit and receive data packets through this
   AP. This association is valid as long as the MN does not receive a
   De-authentication message or a De-association message from its AP,
   or the MN moves to a new AP.

   So the reception of a (Re-)Association Response that completes a
   successful association conveys that the MN's point of attachment to
   the network may have changed. There is no mechanism at the link-
   layer that allows the MN to know if it has also changed the IP

   In a RSN, data packets between the MN and the AP are allowed upon
   successful completion of a 4-way handshake. In this case, the
   reception of a (Re-)Association Response does not imply the link is
   established yet.

   When the MN receives a De-authentication message (in the case of the
   MAC layer authentication) or a Disassociation message, it means that
   the MN is no longer authenticated or associated with the AP that
   sent the message. So this message indicates that IP packets can not
   be sent through this link until the reception of a subsequent
   (Re)Association Response or 4-way handshake.

4.0  Triggers and Hints

   A small set of useful link-layer triggers and hints can be
   identified based on the technologies described in Section 3.0. This
   document limits the scope to those that are relevant to network-
   layer configuration changes.

Yegin et. al.         Expires April August 2004
[Page 18]               L2 Triggers and Hints            February 2004

4.1. Link-up Trigger and Associated Hints

   This trigger is asynchronously provided to IP when a new link
   instance is created. This trigger may be generated even when the
   host does not change its physical point-of attachment but creates a
   new link instance with the current link-layer access device.

   Network-layer may interpret this trigger as a sign of possible
   configuration change. It may react to link-up trigger by
   reconfirming its current configuration (e.g.: sending a router
   solicitation in the case of stateless IPv6 address auto-
   configuration). The detailed use of link-up trigger for detecting
   network attachment is outside the scope of this draft.

   Creation of a new PDP context can be used to generate a link-up
   trigger in GPRS networks. Similarly, a new PPP link establishment
   can lead to a trigger in 3GPP2 networks. Both of these mechanisms
   also provide network-layer configuration on the host. The IP
   addresses configured via these mechanisms can be considered as link-
   layer hints. In fact, this type of strong hint simplifies the task
   of detecting network attachment at the network-layer. This hint
   indicates the already configured parameters, hence further network
   attachment detection is generally not necessary.

   Association and re-association events in non-RSN, and completion of
   4-way handshake in RSN can be used to generate a link-up trigger in
   IEEE 802.11 networks. Unlike the technologies used in 3GPP and
   3GPP2, networkùlayer configuration is not provided as part of link-
   layer establishment in IEEE 802.11 networks. Aside from not
   providing the IP address configuration, this link-layer does not
   present a useful hint to be used with the network attachment
   detection process either. This is due to lack of a one-to-one
   mapping between IP subnets and link-layer parameters. See Appendix A
   of [DNA4] for a detailed discussion.

4.2. Link-down Trigger

   This trigger is asynchronously provided to IP when an existing link
   instance is removed.

   Network-layer may interpret this trigger as a sign of possible
   configuration change. This trigger might be followed by a link-up
   trigger in the case of a handover. The detailed use of link-down
   trigger for detecting network attachment is outside the scope of
   this draft.

   The deactivation of PDP context in GPRS networks can be used to
   generate the link-down trigger. Bringing down a PPP connection in
   3GPP2 would have the same effect. De-authentication and
   disassociation events in IEEE 802.11 non-RSN, and disassociation

Yegin et. al.         Expires April August 2004
[Page 19]               L2 Triggers and Hints            February 2004

   event in IEEE 802.11 RSN can be used to generate a link-down trigger
   being sent to IP.

5.0  Security Considerations

   The link-layer triggers and hints are advisory only. They SHOULD be
   used as indications of possible network-layer configuration change,
   not an absolute change. When used in this context, potential
   security threats from their use is limited but not necessarily
   completely eliminated. A faked link-layer trigger can still be used
   to launch a denial-of service attack on the host and the associated
   network. Secure generation and delivery of these triggers and hints
   MUST be ensured. This is a subject for lower-layer designs and
   therefore it is outside the scope of this document.

6.0  References

   [3GPP2/TIA] "IS-835 - cdma2000 Wireless IP Network Standard"

   [3GPP2/TIA] "IS-2001 û Interoperability Specification (IOS) for
   cdma2000 Access Network Interfaces"

   [GPRS-AT] "Digital cellular telecommunications system (Phase 2+); AT
   command set for GPRS Mobile Equipment (ME), (GSM 07.07 version 7.8.0
   Release 98).

   [GPRS] "Digital cellular telecommunications system (Phase 2+);
   General Packet Radio Service (GPRS) Service description; Stage 2",
   (3GPP TS 03.60 version 7.9.0 Release 98).

   [GPRS-LINK]"Digital cellular telecommunications system (Phase 2+);
   Radio subsystem link control", (GSM 03.05 version 7.0.0 Release 98).

   [IAPP] IEEE Std. 802.11f/D3, Draft supplement to IEEE Std 802.11,
   1999 Edition, "Recommanded Practice for Multi-Vendor Access Point
   Interoperability via an Inter-Access Point Protocol Across
   Distribution Systems Supporting IEEE 802.11 Operation", January

   [802.11b] IEEE Std 802 Part 11, "Information technology -
   Telecomunications anbd information exchange between systems - Local
   and metropolitan area networks - Specific requirements - Part 11:
   Wireless Lan Medium Access Control (MAC) And Physical Layer (PHY)
   Specifications", August 1999.

   [802.11a] IEEE Std 802.11a-1999, supplement to IEEE Std 802.11-1999,
   "Part 11: Wireless MAN Medium Access Control (MAC) and Physical
   Layer (PHY) specifications: High-speed Physical Layer in the 5 GHZ
   band, September 1999.

Yegin et. al.         Expires April August 2004
[Page 20]               L2 Triggers and Hints            February 2004

   [802.11g] IEEE Std 802.11g-2003, Amendment to IEEE Std 802.11, 1999
   edition, "Part 11: Wireless "Part 11: Wireless MAN Medium Access
   Control (MAC) and Physical Layer (PHY) specifications. Amendemnt 4:
   Further Higher Data Rate Extension in the 2.4 GHz Band, June 2003.

   [80211i] IEEE Draft 802.11I/D5.0, "Draft Supplement to STANDARD FOR
   Telecommunications and Information Exchange between Systems û
   LAN/MAN Specific Requirements - Part 11: Wireless Medium Access
   Control (MAC) and physical layer specifications: Specification for
   Enhanced Security", August 2003.

   [MIPv4] Perkins, C., "IP Mobility Support for IPv4", RFC3344, August

   [MIPv6] Perkins, C. and J. Arko, "Mobility Support in IPv6", I-D
   draft-ietf-mobileip-ipv6-24.txt, June 2003.

   [DNA4] Aboba, B., "Detection of Network Attachment (DNA) in IPv4",
   I-D draft-ietf-dhc-dna-ipv4-05.txt, January 2004.

7.0  Acknowledgements

   The authors would like to acknowledge Sanjeev Athalye (Qualcomm) and
   Muhammad Mukarram bin Tariq (DoCoMo USA Labs) for their useful
   comments and suggestions.

Appendix A

   This section describes the additional events and the associated
   information with the GPRS networks. Unlike the PDP context changes,
   the following events do not directly imply potential IP
   configuration change.

A.1. Routing Area and Cell Change

   The GPRS Radio Sub-System is organized in sets of Routing Areas
   (RAs), each set managed by a unique SGSN. The RAs are in turn
   divided into cells.

   A GPRS MT detects that it has entered a new cell by comparing the
   cell's identity just received with the cell identity stored in the
   MT's Mobility Management context. A cell update procedure with the
   network then takes place between the MT and the SGSN.

   If the new cell is inside a new RA, the MT detects it by
   periodically comparing the RA identifier stored in its MM context
   with that just received from the new cell and initiates a RA update
   procedure with the SGSN. If the SGSN receiving the RA update request
   realizes that the old RA is not handled by itself, then it knows

Yegin et. al.         Expires April August 2004
[Page 21]               L2 Triggers and Hints            February 2004

   that an inter-SGSN RA update is required. Necessary updates are
   performed in the GPRS Network Sub-System:

   - The new SGSN starts a handover procedure whereby it requests and
   receives the MM and PDP contexts from the old SGSN of the MT, before
   packet tunneling can start to the GGSN.
   - The MT location is updated in the network.

A.1.1. Link-layer Information

   The MT initiates the RA update procedure by sending a "Routing Area
   Update Request" to the new SGSN. This is potentially an indication
   an imminent SGSN change (GPRS Access Point).

   The network confirms that it has updated the RA (SGSN) by sending a
   "Routing Area Update Accept" to the MT. The MN can utilize this
   message as an indication that the MT's SGSN has changed following
   the handover procedure.

   The accept message comes along with an update of the MM context with
   new information as described below:

   - New P-TMSI
   - New Cell Identity
   - New RA Identity
   - New ciphering algorithm, key and sequence number

A.2. Sub-link-layer Information

   Some of the information, such as the signal quality (e.g., channel's
   Bit Error Rate) and signal level, are not link-layer information but
   rather GPRS Radio Link Control (RLC) parameters. Nonetheless, their
   knowledge at the network-layer might be useful to assess the
   pertinence of deciding to attach in the case where their values are
   below the limits which are deemed necessary or required for the

   The RLC parameters corresponding to the two identified information

   - RXLEV, the received signal strength
   - RXQUAL, the received signal quality

Yegin et. al.         Expires April August 2004
[Page 22]               L2 Triggers and Hints            February 2004

Authors' Addresses

   Alper E. Yegin
   DoCoMo Communications Laboratories USA, Inc.
   181 Metro Drive, Suite 300         Phone: +1 408 451 4743
   San Jose, CA 95110                   Fax: +1 408 451 1090
   USA                                email: alper@docomolabs-usa.com

   Eric Njedjou
   France Telecom R & D
   4, Rue du Clos Courtel BP 91226    Phone: +33 299124202
   35512 Cesson-S‰vign‰         email: eric.njedjou@france-telecom.com

   Siva Veerepalli
   Qualcomm, Incorporated.
   5775 Morehouse Drive              Phone : +1 858 658 4628
   San Diego, CA 92131                 Fax : +1 734 661 1812
   USA                               email : sivav@qualcomm.com

   Nicolas Montavont
   LSIIT - University Louis Pasteur   Phone: (33) 390244587
   Pole API, bureau C430         email: montavont@dpt-info.u-strasbg.fr
   Boulevard Sebastien Brant       URI: www-r2.u-strasbg.fr/~montavont
   Illkirch  67400

   Thomas Noel
   LSIIT - University Louis Pasteur   Phone: (33) 390244592
   Pole API, bureau C428              email: noel@dpt-info.u-strasbg.fr
   Boulevard Sebastien Brant            URI: www-r2.u-strasbg.fr/~noel/
   Illkirch  67400

Full Copyright Statement

   Copyright (C) The Internet Society (2004).   All Rights Reserved.

   This document and translations of it may be copied and furnished
   to others, and derivative works that comment on or otherwise
   explain it or assist in its implementation may be prepared, copied,
   published and distributed, in whole or in part, without
   restriction of any kind, provided that the above copyright notice
   and this paragraph are included on all such copies and derivative
   works.   However, this document itself may not be modified in any
   way, such as by removing the copyright notice or references to the
   Internet Society or other Internet organizations, except as needed
   for the purpose of developing Internet standards in which case the
   procedures for copyrights defined in the Internet Standards
   process must be followed, or as required to translate it into
   languages other than English.

Yegin et. al.         Expires April August 2004
[Page 23]               L2 Triggers and Hints            February 2004

   The limited permissions granted above are perpetual and will not
   be revoked by the Internet Society or its successors or assigns.

   This document and the information contained herein is provided on

Yegin et. al.         Expires April August 2004