One document matched: draft-ernst-mobileip-v6-network-01.txt
Differences from draft-ernst-mobileip-v6-network-00.txt
INTERNET-DRAFT Ludovic Bellier
Castelluccia Claude
Hong-Yon Lach
Motorola Labs and INRIA, France
24 November 2000
Mobile Networks Support in Mobile IPv6
draft-ernst-mobileip-v6-network-01.txt
Status of This Memo
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that other
groups may also distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
Abstract
This draft addresses the problems of routing datagrams to nodes
located in an IPv6 mobile network. A mobile network is an entire
network that is changing its point of attachment dynamically such as
a network deployed in an aircraft, a boat, or a car. Mobile IPv6 [4]
has been developed to support mobile nodes and is unable to support
mobile networks efficiently. This draft discusses the Mobile IPv6
ability to support mobile networks and proposes to extend Mobile IPv6
with prefix scope Binding Updates to support mobile networks in the
Internet. All datagrams bearing a destination address which prefix
matches the mobile network prefix recorded in the binding cache are
routed to the corresponding care-of address.
The Mobile IP Working Group needs first to agree on the Mobile IPv6
policy in order to authorize a Mobile Router to register a care-of
Ernst & Bellier Expires 24 May 2001 [Page 1]
INTERNET-DRAFT Mobile Networks Support in Mobile-IPv6 24 November 2000
address that is going to be used for a set of nodes that share the
same network prefix. Then, the mobile IP Working Group needs to
agree on the means to register the care-of address.
Contents
Status of This Memo
Abstract
1. Introduction
2. Terminology
2.1. General Terms and Mobile IPv6 terms
2.2. Mobile Network specific terms
2.3. Assumptions
3. Why can't Mobile IPv6 support mobile networks ?
3.1. Review of Mobile IP and Mobile Networks
3.2. Experimentation
3.2.1. Test Bed
3.2.1. Registration with the Home Agent
3.2.2. First experiment: Communication between CN and MR
3.2.3. Second experiment: Communication between CN and SN1
3.3. Conclusion
4. Mobile IPv6 extensions to support mobile networks
4.1. Packet format of the Binding Update
4.1.1. New Binding Update Option format
4.1.2. Mobile Network Prefix Sub-Option
4.2. Cache Management
4.2.1. Binding Cache entries
4.2.2. Searching the Binding Cache entries
4.3. Extended Mobile IPv6 protocol operation
4.3.1. Correspondent Node Operation
4.3.2. Home Agent Operation
4.3.3. Mobile Router Operation
5. Security Issues
5.1. Prefix scope registration
6. Main changes since last draft
7. Acknowledgments
8. References
Introduction
Ernst & Bellier Expires 24 May 2001 [Page 2]
INTERNET-DRAFT Mobile Networks Support in Mobile-IPv6 24 November 2000
Mobile IPv4 [8] and Mobile IPv6 [4] have introduced mobility support
for IPv4 and IPv6 [3] nodes respectively. The purpose of mobility
support is to provide continuous Internet connectivity to mobile
nodes. Mobile IP is a solution to support mobile nodes but does not
handle mobile networks.
There are situations where an entire network might move and attach to
different places in the Internet topology. In this draft, we refer to
a network as a set of nodes that share the same IP prefix and that
are attached to the Internet through a single border router. We refer
to a mobile network as a network whose border router is dynamically
changing its point of attachment to the Internet and thus its
reachability in the IP topology. The internal architecture of a
mobile network is preserved while it is roaming. As such, nodes in
the mobile network do not move with respect to the others and
shouldn't take part in mobility management.
Applications of mobile networks include networks attached to people
(Personal Area Network or PANs) and networks of sensors deployed in
aircrafts, boats, cars, trains, etc. (see [8] section 4.5). As an
example of a mobile network, we could imagine that an airways company
provides permanent on-board Internet connectivity. This allows all
passengers to use their laptops to connect to remote hosts, download
music or video from any provider, or browse the web. The Internet
could also be used to exchange information between the aircraft and
air traffic control stations. During the flight, the aircraft changes
its point of attachment to the Internet and is reachable by distinct
IP addresses owned by distinct Internet service providers. This
scenario justifies that mobile networks may be of a big size,
containing hundreds of hosts and several routers and may attach to
very distant parts of the Internet topology.
Although the designers of Mobile IPv4 claim that it could support
mobile networks equally as mobile nodes ([8] section 4.5, [9] section
5.12, [7] section 11.2), we argue that this is not true for Mobile
IPv6, which therefore requires some changes in the specification.
Indeed, we have carefully studied the adequacy of Mobile IPv6 for
supporting mobile networks and we came to the conclusion that some
modifications are needed to support them.
2. Terminology
2.1. General terms and Mobile IPv6 terms
General terms and Mobile IPv6 terms are as defined in the Mobile
IPv6 specification [4].
2.2. Mobile Network specific terms
Ernst & Bellier Expires 24 May 2001 [Page 3]
INTERNET-DRAFT Mobile Networks Support in Mobile-IPv6 24 November 2000
Mobile Network
A set of nodes which are mobile, as a unit, with respect to the
rest of the Internet, i.e. a Mobile Router and all its attached
nodes. The Mobile Router is dynamically changing its point of
attachment to the Internet and thus its reachability in the IP
topology. All nodes in the mobile network share the same IP
prefix: the Mobile Network Prefix.
Mobile Router (MR)
The border router of the mobile network which attaches the
mobile network to the rest of the Internet. The MR has (at
least) two interfaces, one attached to the home link or the
foreign link, and one on each mobile link internal to the
mobile network. It maintains the Internet connectivity for the
mobile network. The first interface is attached to the home
link if the mobile network is at home, or it is attached to a
foreign link if the mobile network is roaming. It is used to
route packets between the mobile network and the fixed
Internet.
____
| |
| CN |
|____|
___|____________________
| |
| |
| Internet |
| |
|________________________|
__|_ __|_ ____
| | Border | | | |
| FG | Router | BR | | HA |
|____| |____| |____|
_____|________|____ home
Foreign __|_ link
Gateway | |
| MR | Mobile Router
|____|
_________|_______ internal
__|__ __|__ link
| | | |
| SN1 | | SN2 | Stationary Nodes
|_____| |_____|
Figure 1: Mobile Network attached to its home link
Stationary Node (SN)
Ernst & Bellier Expires 24 May 2001 [Page 4]
INTERNET-DRAFT Mobile Networks Support in Mobile-IPv6 24 November 2000
Any host or router permanently located within the mobile
network and that is fixed with respect to the MR.
Visiting Mobile Node (VN)
A Mobile Node mobile with respect to the mobile network that is
temporarily visiting the mobile network and whose home network
is not the mobile network itself. A VN may visit the mobile
network and obtain a care-of address from a router within the
mobile network.
____
| |
| CN |
|____|
___|____________________
| |
| |
| Internet |
| |
|________________________|
__|_ __|_ ____
| | | | | | Home
| FG | | BR | | HA | Agent
|____| |____| |____|
_______|__ foreign __|________|____ home
__|_ link | link
| |
| MR | Mobile Router
|____|
_____|_________ internal
__|__ __|__ link
| | | |
| SN1 | | SN2 |
|_____| |_____|
Figure 2: Mobile Network attached to a foreign link
Local Mobile Node
A Mobile Node mobile with respect to the mobile network whose
home network is the mobile network itself.
Mobile Network Node (MNN)
Any host or router located within the mobile network, either
permanently or temporarily. (Mobile Router, Stationary Node,
Visiting mobile Node or a Local mobile Node).
Correspondent Node (CN)
Ernst & Bellier Expires 24 May 2001 [Page 5]
INTERNET-DRAFT Mobile Networks Support in Mobile-IPv6 24 November 2000
External nodes corresponding with one or more MNNs of the
mobile network.
Foreign Gateways (FGs)
Subsequent points of attachment of the mobile network
Mobile Network Prefix
The network prefix that is common to all IP addresses in the
Mobile Network when the Mobile Router is attached to the home
link. For a mobile network containing only one subnet, the
mobile network prefix corresponds to this subnet's prefix. An
organization wishing to support larger mobile networks may
decide to split the SLA field of the IPv6 address in several
sub-fields (SLA1, SLA2). In this case, the mobile network may
me identified by a unique SLA1 field. If the length of the
SLA1 field is 8 bits, the length of the mobile network prefix
is 60 bits and the mobile network could contain up to 2^4
subnets.
____
| |
| CN |
|____|
___|____________________
| |
| |
| Internet |
| |
|________________________|
__|_ __|_ ____
| | Border | | | |
| FG | Router | BR | | HA |
|____| |____| |____|
_____|________|____ home
Foreign _|__ link
Gateway | | |
_____ |__| MR | Mobile Router
| |__| |____|
Stationary | SN3 | | __|_____________ internal
Node |_____| | __|__ __|__ link 1
_____ | | | | |
| |__| | SN1 | | SN2 | Local Nodes
Stationary | SN4 | | |_____| |_____|
Node |_____| |
| internal
link 2
Figure 3: Larger Mobile Network with 2 subnets
Ernst & Bellier Expires 24 May 2001 [Page 6]
INTERNET-DRAFT Mobile Networks Support in Mobile-IPv6 24 November 2000
Figure 1 illustrates a mobile network attached to its home link.
In figure 2, the mobile network has moved and attaches to a
foreign link. Figure 3 illustrates a larger mobile network.
2.3. Assumptions
We make the following assumptions:
o the mobile network attaches to the Internet through only one
mobile router
o the mobile router is not multihomed.
o all nodes and interfaces in the mobile network are configured
with a common and unique prefix: the mobile network prefix.
o in order to keep things as simple as possible, this draft only
considers Stationary Nodes (SNs) within the mobile network. We
therefore do not consider nodes mobile with respect to the mobile
network, i.e. neither local nor visiting mobile nodes (see section
2.2 for the terminology) as this is illustrated on figure 4.
____
| |
| CN |
|____|
___|____________________
| |
| |
| Internet |
| |
|________________________|
__|_ __|_ ____
| | Border | | | |
| FG | Router | BR | | HA |
|____| |____| |____|
_____|________|____ home
Foreign __|_ link
Gateway | |
| MR | Mobile Router
|____|
_________|_______ internal
__|___ __|___ link
| | | |
| VMN1 | | VMN2 | VISITING MOBILE NODES
|______| |______|
Figure 4: Visiting Mobile Nodes - not covered by this internet draft
Ernst & Bellier Expires 24 May 2001 [Page 7]
INTERNET-DRAFT Mobile Networks Support in Mobile-IPv6 24 November 2000
3. Why can't Mobile IPv6 support mobile networks ?
In this section, we first review how the Mobile IP specifications
deal with mobile networks. We then show the results of an
experimentation we have conducted to outline Mobile IPv6's inability
to support mobile networks. Then we discuss why the existing Mobile
IPv6 specification is unable to support mobile networks if the mobile
router MR performs Mobile IPv6.
3.1. Review of Mobile IP and Mobile Networks
The Mobile IPv4 specification proposes to support mobile networks
as standard mobile nodes (see [8] section 4.5, [9] section 5.12,
[7] section 11.2). In this situation, the mobile node is the
border router MR of the mobile network. It has a permanent home
address on its home link and gets a new care-of address at each
subsequent point of attachment. As any mobile node, MR sends a
Binding Update to its home agent HA to instruct it to intercept
and tunnels packets to its care-of address. The HA is therefore
able to intercept packets destined to the home address of MR.
In order to intercept packets intended to Stationary Nodes on the
mobile network:
o either the Home Agent may be configured to have a permanent
registration for each Stationary Node that indicates the Mobile
Router's address as the Stationary Node's care-of address.
o either the mobile router may advertise connectivity to the
entire mobile network using normal IP routing protocols.
Mobile IPv6 and Mobile IPv4 with Routing Optimization [11] could
actually support mobile networks similarly as in Mobile IPv4.
However, although mentioned in the Mobile IPv4 specification, the
current specifications of Mobile IPv4 with Routing Optimization
and Mobile IPv6 don't mention them anymore.
3.2. Experimentation
The following sections describe an experimentation that shows that
the existing Mobile IPv6 specification does not allow to route a
packet from the fixed Internet to a Stationary Node on the mobile
network. This experimentation has been conducted on our IPv6 test
bed using Francis Dupont "INRIA" IPv6 implementation under
FreeBSD.
3.2.1. Test Bed
Ernst & Bellier Expires 24 May 2001 [Page 8]
INTERNET-DRAFT Mobile Networks Support in Mobile-IPv6 24 November 2000
As this is illustrated on figure 5, the Mobile Router MR has two
interfaces. The first is attached to the home link
(3ffe:306:1130:100::/64) and is configured with the home address
(3ffe:306:1130:100::eui64). The second interface is on the Mobile
Network (3ffe:306:1130:200::/64).
The Mobile Router MR performs Mobile IPv6. The mobile network
moves and attaches to the foreign link (3ffe:306:5555:7777::/64).
In a first experiment, a Correspondent Node CN in the fixed
Internet sends a ping packet to MR. In a second experiment, the
CN sends a packet to SN1, a Stationary Node on the mobile network.
3.2.2. Registration with the Home Agent
MR obtains a care-of address on the foreign link and registers its
primary care-of address with its Home Agent HA. Once it receives
a valid Binding Update, HA records in its Binding Cache the
binding between the home address of the sender and its care-of
address. The home address is used as the key for searching the
Binding Cache ([4] section 4.6). In order to intercept packets, HA
claims it is the MR. This is performed by the way of a
"gratuitous" Neighbor Advertisement message on behalf of the
mobile node (i.e. MR), as described in section 9.5 of the Mobile
IPv6 specification.
More precisely, when it receives a home registration from MR, the
HA:
o opens a NDP proxy to intercept packets addressed to the home
address of MR.
o opens a tug (a virtual interface, i.e. IPv6 in IPv6 tunnel)
between the care-of address of MR and itself.
o adds a host-specific route (a route to a host, not to a
prefix) for the home address of MR via its care-of address
through the tug.
3.2.3. First experiment: Communication between CN and MR
CN sends a ping packet to MR's home address
(3ffe:306:1130:100::eui64). When the packet gets to the home
network, BR sends NDP messages to discover the MAC address of MR.
HA answers with its address on behalf of MR. The packet gets
routed to the HA. In the standard IPv6 input function of the HA,
the packet is routed through the tug, i.e. tunneled to MR's care-
of address.
Ernst & Bellier Expires 24 May 2001 [Page 9]
INTERNET-DRAFT Mobile Networks Support in Mobile-IPv6 24 November 2000
3.2.4. Second experiment: Communication between CN and SN1
CN sends a ping packet to node SN1's IP address
(3ffe:306:1130:200::eui64). When the packet gets to the home
network, BR checks its routing table to reach SN1. BR has a route
to the mobile network; MR's home address is the next hop towards
SN1. BR sends NDP messages to discover the MAC address of MR. HA
answers with its address on behalf of the MR. The HA intercepts
the packet, but does not have a route to the mobile network. So it
sends the ping packet to its default route (i.e. the BR) wich
forward it again to the HA. THE PING PACKET ENTERS A ROUTING LOOP
UNTIL THE TTL EXPIRES.
____
| |
| CN |
|____|
___|____________________
| |
| |
| Internet |
| |
|________________________|
__|_ __|_ ____
| | | | | | Home Agent
| FG | | BR | | HA | Binding cache:
|____| |____| |____| 3ffe:306:1130:100::eui64 -> COA
| | |
_______|_ foreign __|________|____ home link
| link | 3ffe:306:1130:100::/64
| 3ffe:306:5555:7777::/64
__|_
| | Mobile Router
| MR | home address 3ffe:306:1130:100::eui64
|____| COA 3ffe:306:5555:7777::eui64
|
_____|_________ internal link
| | 3ffe:306:1130:200::/64
__|__ __|__
| | | |
| SN1 | | SN2 | Stationary Node 1
|_____| |_____| 3ffe:306:1130:200::eui64
Figure 5: Packets sent from CN to SN1 are dropped by Home Agent
3.3. Conclusion
We see that obtaining a care-of address and requesting the HA to
Ernst & Bellier Expires 24 May 2001 [Page 10]
INTERNET-DRAFT Mobile Networks Support in Mobile-IPv6 24 November 2000
redirect incoming packets intended for the MR doesn't require
modifications in the Mobile IPv6 specification as this could be
done independently for a host or for a router. As a result,
packets destined to the MR are correctly intercepted by the HA and
tunneled to the MR.
However, although the HA is able to intercept datagrams intended
to the Stationary Nodes on the mobile network, it is unable to
encapsulate them to the care-of address of the MR because it does
not have a route to the mobile network. Remember that the HA has
only recorded a host-specific route in its routing table following
the home registration of MR. What is missing is a network route
for the mobile network prefix (prefix of the second interface of
MR) via the care-of address of MR.
Indeed, the HA is unable to redirect packets and CNs unable to
communicate directly with Stationary Nodes since they are unaware
of their location. As a result, no communication is possible for
the Stationary Nodes since they can not receive packets at all.
We conclude that the Mobile IPv6 specification needs to be
extended in order to:
o redirect packets from the HA to Stationary Nodes.
o transmit packets from the CN to the Stationary Nodes by the
most optimal route.
4. Mobile IPv6 extensions to support mobile networks
4.0. Overview
According to the observations made in section 3.2.4, we propose to
extend Mobile IPv6 with "Prefix Scope Binding Updates". Instead of
establishing a one-to-one relationship between a home address and a
care-of-address, the binding establishes a many-to-one relationship
between the set of nodes that share the same mobile network prefix
and a care-of-address. Prefix Scope Binding Updates are Binding
Updates that associate a care-of address with the mobile network
prefix instead of the full 128-bits IPv6 home address. The mobile
network prefix is used as a netmask in the Binding Cache.
The Mobile Router sends Prefix Scope Binding Updates containing both
its care-of address and the mobile network prefix to all the
Correspondent Nodes that communicate with itself or any Stationary
Node on the mobile network it is serving. The Prefix Scope Binding
Update instructs its recipients to use the care-of address of the
Mobile Router for all packets which destination address corresponds
Ernst & Bellier Expires 24 May 2001 [Page 11]
INTERNET-DRAFT Mobile Networks Support in Mobile-IPv6 24 November 2000
to the mobile network prefix.
As a result, a sole copy of the Prefix Scope Binding Update allows
optimal routing between a CN and any Stationary Node on the same
mobile network.
The mobile network prefix is carried in a new Sub-Option and requires
a new flag in the Mobile IPv6 Binding Update Option. The procedure
for searching the Binding Cache is slightly modified.
4.1. Packet Format of the Binding Update
We propose to extend the Mobile IPv6 Binding Update Option with an
extra flag "Prefix Scope Registration" (P) taken from the
"Reserved" field. In addition, the "Mobile Network Prefix" is a
new sub-option that contains the mobile network prefix.
4.1.1. New Binding Update Option format
The Binding Update option is encoded in type-length-value (TLV)
format as follows:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Option Type | Option Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|A|H|R|D|P|Rsrvd| Prefix Length | Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Lifetime |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sub-Options...
+-+-+-+-+-+-+-+-+-+-+-+-
Prefix Scope Registration (P)
When set, it indicates that the sending mobile node attempts
to register a care-of address for an entire network. It
also requests the receiving node to process the Mobile
Network Prefix Sub-Option.
Rsrvd
This field is reduced from a 4-bit field to a 3-bit field to
account for the addition of the "Prefix Scope Registration"
bit. The remaining 3 bits are unused and MUST be
initialized to zero by the sender and MUST be ignored by the
receiver.
Ernst & Bellier Expires 24 May 2001 [Page 12]
INTERNET-DRAFT Mobile Networks Support in Mobile-IPv6 24 November 2000
4.1.2. Mobile Network Prefix Sub-Option
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Sub-Option Type| Sub-Option Len| Prefix Length | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ Mobile Network Prefix +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The Mobile Network Prefix is filled by the sending mobile node
to request the receiving node to record a Prefix Scope entry in
the Binding Cache (see section 4.2).
The Prefix Length field is set to the (nonzero) length of the
mobile network prefix.
The Mobile Network Prefix field is set to the prefix of the
mobile network.
4.2. Cache Management
4.2.1. Binding Cache entries
Each Binding Cache entry contains the same fields as defined in
[4]. A new "Prefix Scope Registration" flag is added:
- a flag "Prefix Scope Registration" (P) indicating whether
or not this Binding Cache entry represents a mobile network
served by a mobile network whose prefix is recorded in the
"Home Address" field.
- the value of the "Prefix Length" field received in the
Binding Update that created or last modified this Binding
Cache entry. This field is only valid if the "Prefix Scope
Registration" flag or the "Home Registration" flag is set on
this Binding Cache entry. If the "Prefix Scope
Registration" flag is set, the "Prefix Length corresponds to
the length of the mobile network prefix, otherwise the
meaning is as defined in [4].
- if the "Prefix Scope Registration" (P) flag is set, the
"home address" field is filled with the mobile network
prefix.
Ernst & Bellier Expires 24 May 2001 [Page 13]
INTERNET-DRAFT Mobile Networks Support in Mobile-IPv6 24 November 2000
4.2.2. Searching the Binding Cache entries
The Binding Cache is searched for an entry corresponding to the
destination address of the packet. The destination address is
compared with the home address field of entries recorded in the
Binding Cache.
If the "Prefix Scope Registration" flag is set in the entry
under comparison, the comparison is made between the "Prefix
Length" set of initial bits of the destination address and the
"home address" field. If the prefix of the destination matches
the mobile network prefix recorded in the entry, the
destination is located in a mobile network.
If the "Prefix Scope Registration" flag is not set, the
comparison is made on the 128-bits addresses. If the
destination address matches the home address, the destination
is a mobile node.
In both case, the care-of address of the corresponding entry is
returned.
4.3. Extended Mobile IPv6 protocol operation
The Mobile Node operation is extended to set the (P) bit to 1 and
to fill the Mobile Network Prefix Sub-Option when it is a Mobile
Router that serves as the gateway of a mobile network. It is also
extended to send Binding Updates to all CNs that communicate with
any Stationary Node on the mobile network.
The Correspondent Node and the Home Agent operations are extended
to process Mobile Network Prefix Sub-Option if the (P) bit from
the Binding Update Option is set and to transmit via the care-of
address of the Mobile Router all packets that have
The following sections only describe changes according to sections
8, 9 and 10 of the Mobile IPv6 specification [4].
4.3.1. Correspondent Node Operation
Receiving Binding Updates
Upon receiving a Binding Update, the CN performs validity
checks as described in [4] section 8.2. In addition, if the
"Prefix Scope Registration" (P) bit in the Binding Update
Option is set, the CN received a Binding Update from a
Mobile Router serving a mobile network. The Mobile Network
Prefix Sub-Option MUST be ignored if the "Prefix Scope
Ernst & Bellier Expires 24 May 2001 [Page 14]
INTERNET-DRAFT Mobile Networks Support in Mobile-IPv6 24 November 2000
Registration" (P) bit from the Binding Update Option is not
set.
If the Binding Update is valid, the CN creates a new entry
in its Binding Cache for this mobile node. This is
performed as described in [4].
In addition, if the (P) bit is set, the CN creates a second
Binding Cache entry similar to the first one and copies in
the Binding Cache entry the "Prefix Scope Registration" bit
from the Binding Update Option, the "Prefix Length" field
from the Mobile Network Prefix Sub-Option. The "Home
Address" field in the Binding Cache is filled from the
Mobile Network Prefix" field in the Mobile Network Prefix
Sub-Option.
Figure 6 shows the content of the Binding Cache.
Sending Packets
Before sending any packet, the sending node examine its
Binding Cache for an entry for the destination address to
which the packet is being sent (see section 4.2.2 "Searching
the Binding Cache"). If the sending node has a Binding
Cache entry, the sending node uses a routing header to route
the packet to the destination node via the returned care-of
address.
4.3.2. Home Agent Operation
Primary care-of address registration
Upon receiving a Binding Update, the HA performs validity
checks as described in [4] section 9.3. In addition, if the
"Prefix Scope Registration" (P) bit in the Binding Update
Option is set, the HA received a Binding Update from a
Mobile Router serving a mobile network. The Mobile Network
Prefix Sub-Option MUST be ignored if the "Prefix Scope
Registration" (P) bit from the Binding Update Option is not
set.
If the Binding Update is valid, the HA creates a new entry
in its Binding Cache for this mobile node as it is performed
in [4].
In addition, if the (P) bit is set, the sending node is a
Mobile Router and the HA creates a second Binding Cache
entry similar to the first one and copies the "Prefix Scope
Ernst & Bellier Expires 24 May 2001 [Page 15]
INTERNET-DRAFT Mobile Networks Support in Mobile-IPv6 24 November 2000
Registration" bit from the Binding Update Option, the
"Prefix Length" field from the Mobile Network Prefix Sub-
Option. The "Home Address" field in the Binding Cache is
filled from the Mobile Network Prefix" field in the Mobile
Network Prefix Sub-Option.
Figure 6 shows the content of the Binding Cache.
Intercepting Packets
Datagrams sent by the CN to the IP address of the Stationary
Node are routed towards the home link of the mobile router
where they are intercepted by the HA as specified in [4]
section 9.5.
Tunneling Intercepted Packets to a Mobile Node
For any packet sent to a mobile node or a Stationary Node
for which the Home Agent is the original sender of the
packet, the Home Agent is operating as a Correspondent Node
and the procedures described in section 4.3.2 applies.
While acting as a Home Agent, the Home Agent intercepts any
packet on the home link addressed to a mobile node or to a
Stationary Node. The Home Agent examines its Binding Cache
for an entry for the destination address to which the packet
is being sent (see section 4.2.2 "Searching the Binding
Cache"). If the sending node has a Binding Cache entry, the
Home Agent tunnels the packet to the care-of address
recorded in that Binding Cache entry.
4.3.3. Mobile Router Operation
Sending Binding Updates
Similarly to standard mobile nodes in the Mobile IPv6
specification [4], the Mobile Router obtains a new care-of
address at each of its subsequent points of attachment using
either stateless or stateful DHCPv6 address configuration.
A Mobile Router serving as a gateway to a mobile network
sends Binding Update datagrams to its Home Agent, its own
CNs, and CNs of Stationary Nodes it is serving as specified
in [4] section 10.6 and 10.8 and fills its Binding List
accordingly. In addition, it sets to "1" the Prefix Scope
Registration" bit of the Binding Update Option and fills the
"Prefix Length" and the "Mobile Network Prefix" fields of
the Mobile Network Prefix Sub-Option. The Mobile Network
Ernst & Bellier Expires 24 May 2001 [Page 16]
INTERNET-DRAFT Mobile Networks Support in Mobile-IPv6 24 November 2000
Prefix corresponds to the prefix of its second interface
(the one in the mobile network, not to be confused with the
interface on the home link).
The Mobile Router learns the identity of its own CNs and CNs
of Stationary Nodes on the mobile network whenever it
receives an encapsulated packet tunneled from its Home
Agent.
____
| |
| CN | Binding cache:
|____| 3ffe:306:1130:100::eui64 -> COA
| 3ffe:306:1130:200/64 -> COA
___|____________________
| |
| |
| Internet |
| |
|________________________|
__|_ __|_ ____
| | | | | | Home Agent
| FG | | BR | | HA | Binding cache:
|____| |____| |____| 3ffe:306:1130:100::eui64 -> COA
| | | 3ffe:306:1130:200/64 -> COA
| | |
_______|__ foreign __|________|____ home link
| link | 3ffe:306:1130:100::/64
__|_
| | Mobile Router
| MR | home address 3ffe:306:1130:100::eui64
|____| COA 3ffe:306:5555:7777::eui64
|
_____|_________ internal link
| | 3ffe:306:1130:200::/64
__|__ __|__
| | | |
| SN1 | | SN2 | Stationary Node 1
|_____| |_____| 3ffe:306:1130:200::eui64
Figure 6 : Mobile Network Prefix is recorded in the Binding Cache
5. Security Issues
5.1. Prefix scope registration
Ernst & Bellier Expires 24 May 2001 [Page 17]
INTERNET-DRAFT Mobile Networks Support in Mobile-IPv6 24 November 2000
The registration of the Mobile Router's care-of address for a set of
nodes that share the same network prefix in addition to the sole
Mobile Router does not break IPsec and does not differ for the Mobile
IPv6 registration.
In Mobile IPv6, the mobile node is authenticated by its HA and CNs.
However, the validity of the care-of address is not guaranteed to the
HA and CNs. Indeed, the Mobile IPv6 policy allows a mobile node to
register a care-of address where to route packets. HA and CNs trust
whatever care-of address is being carried in the Binding Update as
long as the sender is authenticated because this is the Mobile IPv6
policy.
Similarly, nothing breaks the authentication of our proposed mobile
router's registration. Recipients of the prefix scope Binding
Updates are not misled about the identity of the sender. The mobile
router is clearly authenticated by its HA and CNs whatever contains
the Binding Update message. The Mobile IPv6 policy only needs to
authorize the registration of a care-of address to be used for a set
of nodes that share the same network prefix. The authorization of
the mobile network prefix's registration is therefore a matter of the
Mobile IPv6 security policy. If the Mobile IPv6 security policy
allows to register a care-of address for a set of nodes, then the
mobile node is allowed of doing so as long as it is authenticated.
The only question that may arise is how to certify that the router is
a valid border router for the mobile network. One means for doing so
is to use a certificate with IKE. The certificate guarantees that
the mobile router is authorized to serve the mobile network.
6. Main changes since last draft
- Updated definitions of the terminology section 2.2, particularly:
o clarified the distinction between possible kinds of nodes
located in the mobile network: Fixed Nodes (FN) and Visiting
mobile Nodes (VN).
o clarified that the Mobile Router has (at least) two interfaces,
one on the home link, one on the mobile network
- New example showing IPv6 addresses
- Added a description of an experimentation outlining HA is unable to
tunnel packets to the mobile network if the final destination is not
the Mobile Router itself.
- Enhanced section about security concerns
Ernst & Bellier Expires 24 May 2001 [Page 18]
INTERNET-DRAFT Mobile Networks Support in Mobile-IPv6 24 November 2000
7. Acknowledgments
We would like to thank Francis Dupont (Francis.Dupont@enst-
bretagne.fr) for his careful reading and his very valuable comments
and suggestions.
8. References
[1] J. Bound and C. Perkins. Dynamic Host Configuration Protocol for
IPv6 (DHCPv6), February 1999. Work in Progress
[2] S. Thomson and T. Narten. IPv6 Stateless Address
Autoconfiguration. RFC 2462, December 1998.
[3] S. Deering and R. Hinden. Internet Protocol Version 6 (IPv6)
Specification. RFC 2460, December 1998.
[4] D. B. Johnson and C. Perkins. Mobility Support in IPv6, April
2000. Work in progress.
[5] S. Kent and R. Atkinson. IP Authentication Header. RFC 2402,
November 1998.
[6] S. Kent and R. Atkinson. IP Encapsulating Security Payload (ESP).
RFC 2406, November 1998.
[7] J. D. Solomon. Mobile IP, The Internet Unplugged. Prentice Hall
Series in Computer Networking and Distributed Systems. Prentice Hall
PTR, 1998. ISBN 0-13-856246-6.
[8] C. Perkins (Editor). IP Mobility Support. RFC 2002, October 1996.
[9] C. E. Perkins. Mobile IP, Design Principles and Practices.
Wireless Communications Series. Addison-Wesley, 1998. ISBN 0-201-
63469-4.
[10] T. Narten, E. Nordmark, and W. Simpson. Neighbor Discovery for
IP version 6 (IPv6). RFC 2461, December 1998.
[11] C. Perkins and D. B. Johnson. Route Optimization in Mobile IP,
Sun Microsystems and Carnegie Mellon University, February 2000. Work
in progress.
Author's Addresses
Please direct questions about this memo to first author
Ernst & Bellier Expires 24 May 2001 [Page 19]
INTERNET-DRAFT Mobile Networks Support in Mobile-IPv6 24 November 2000
Thierry Ernst
Motorola Labs - Networking and Applications Lab (NAL)
Espace Technologique - Saint Aubin
91193 Gif-sur-Yvette Cedex, France
and
INRIA - PLANETE team
ZIRST-655 avenue de l'Europe
38330 Montbonnot Saint Martin, France
http://www.inrialpes.fr/planete/
Phone: +33 4 76 61 52 69
Email: Thierry.Ernst@inrialpes.fr or Thierry.Ernsr@crm.mot.com
Ludovic Bellier
INRIA - PLANETE team
ZIRST-655 avenue de l'Europe
38330 Montbonnot Saint Martin, France
Email: Ludovic.Bellier@inrialpes.fr
Claude Castelluccia
INRIA - PLANETE team
ZIRST-655 avenue de l'Europe
38330 Montbonnot Saint Martin, France
Phone: +33 4 76 61 52 15
Email: Claude.Castelluccia@inrialpes.fr
Hong-Yon Lach
Motorola Labs, Lab Manager, Networking and Applications Lab (NAL)
Espace Technologique - Saint Aubin
91193 Gif-sur-Yvette Cedex, France
Hong-Yon Lach
Phone: +33 1 69 35 25 36
Email: Hong-Yon.Lach@crm.mot.com
Ernst & Bellier Expires 24 May 2001 [Page 20]
| PAFTECH AB 2003-2026 | 2026-04-23 09:05:42 |