One document matched: draft-koodli-netext-multiaccess-indicator-00.txt
Netext Working Group Rajeev Koodli
Internet-Draft Cisco Systems
Intended status: Informational October 18, 2010
Expires: April 21, 2011
Multi-access Indicator for Flow Mobility
draft-koodli-netext-multiaccess-indicator-00.txt
Abstract
When a Mobile Node attaches to the mobile network using multiple
access networks, it is important for the Mobile Network Gateway to
know whether the Mobile Node is capable of simultaneous multi-access,
so that the former can distribute the traffic flows using the most
appropriate interface. This document defines a new EAP attribute
which can be used for such an indication to the Mobile Network
Gateway.
Status of this Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 21, 2011.
Copyright Notice
Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
Koodli Expires April 21, 2011 [Page 1]
Internet-Draft Multi-access Indicator for Flow Mobility October 2010
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Protocol Overview and Extensions . . . . . . . . . . . . . . . 3
3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 5
4. Security Considerations . . . . . . . . . . . . . . . . . . . . 5
5. Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . . 5
6. Informative References . . . . . . . . . . . . . . . . . . . . 5
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 6
Koodli Expires April 21, 2011 [Page 2]
Internet-Draft Multi-access Indicator for Flow Mobility October 2010
1. Introduction
With multi-access, a Mobile Node (MN) may be simultaneously attached
to a mobile network. For instance, in the 3GPP architecture, a MN
may be attached to the same Mobile Network Gateway (called PGW) via
4G cellular LTE technology as well as the Wireless LAN (WiFI)
technology. Such simultaneous access provides opportunity to
distribute traffic based on the most appropriate access for the type
of traffic in question (and potentially based on the Time Of the
Day). In order to accomplish this flow distribution (or flow
mobility), the MNG needs to know that the MN's attachment is for
multi-access (and not handover) purposes and that the MN has
necessary host abstractions to support prefix sharing across access
interfaces. This document defines an attribute to be used during the
EAP-AKA authentication process so that the 3GPP AAA server
understands the MN's capabilities. Subsequently, the 3GPP AAA server
provides the MN's capabilities in the Diameter message to the PGW,
which can then make the policy decision to perform flow mobility
accordingly.
2. Protocol Overview and Extensions
In the 3GPP architecture [3gpp.4g-2], two types of "non-3GPP"
accesses are supported. In the trusted access model, the access
network is considered trustworthy by the 3GPP network operator. An
example of a trusted network is another cellular network such as CDMA
or WiMax, but may also include broadband wireline network with WiFi
access (such as a residential access network operated by the 3GPP
cellular service provider). In the untrusted access model, the 3GPP
service provider does not possess a trust relationship with the non-
3GPP access provider. An example includes WiFi hot spot access.
In the trusted access model, the MN communicates with an Access
Network Gateway (ANG). In the untrusted access model, the MN
communicates with a node called ePDG that serves as a secure data
termination point. In both the trusted and untrusted access models,
the MN performs EAP-AKA or EAP-AKA' authentication. In the trusted
access model, the EAP-AKA messages are transported from the MN to the
ANG over a protocol specific to the access network. In the untrusted
access model, the EAP-AKA messages are transported from the MN to the
ePDG over IKEv2. Both the ANG and the ePDG communicate with the
(3GPP) AAA server using Diameter. This is shown in Figure 1, which
we explain further below.
Koodli Expires April 21, 2011 [Page 3]
Internet-Draft Multi-access Indicator for Flow Mobility October 2010
MN ANG/ePDG AAA MNG (PGW)
| | | |
|---- EAP ------->|--- AAA[EAP] -->| |
| | | |
|<--- EAP --------|<--- AAA[EAP] --| |
| | | |
| |----------------|---- PBU ---------->|
| | | |
| | |<----- AAA ---------|
| | | |
| | |------ AAA -------->|
| | | |
| |<---------------|----- PBA ----------|
| | | |
Figure 1: Authentication and Registration
o The MN attaches to the non-3GPP access network
o The MN performs EAP-AKA or EAP-AKA' authentication. The EAP
messages are sent over IKEv2 when the MN is connected using
untrusted access.
o As a part of the EAP-AKA procedure, the MN responds with EAP-
Response/AKA-Challenge message. In this message, the MN includes
a new attribute AT_MA_IND which indicates that the MN's attachment
is for multi-access purposes, and that the MN supports the
necessary abstraction (Logical Interface) for flow mobility.
o The ANG/ePDG forward the EAP message to the AAA server using the
Diameter protocol message Authorization Request (AAR) message
specified in [RFC4005].
o The 3GPP AAA server verifies through subscription records (at
HSS) that the the MN is allowed to use flow mobility.
Subsequently, the AAA server provides the result in a new EAP
attribute AT_MA_STATUS in the EAP-Request/AKA-Notification message
(which is used for indicating the IP Mobility Selection mode).
The EAP message sent using the Diameter Authorization Answer (AAA)
message to the ANG/ePDG, which forwards the EAP message to the MN.
o The ANG/ePDG sends the PMIP6 PBU message
Koodli Expires April 21, 2011 [Page 4]
Internet-Draft Multi-access Indicator for Flow Mobility October 2010
o The PGW contacts the AAA server to update the PGW's address for
the MN's connection
o The AAA server provides the MN's multi-access indication and
Logical Interface capability in a new MN_MULTIACCESS
(0x0000000000000003) flag in the MIP6-Feature-Vector AVP
[RFC5447].
o The PGW now understands that the MN is capable of flow mobility.
It provides a prefix in the PBA accordingly. For instance, it may
provide a new prefix as well as one or more of the already-
assigned prefixes in the PBA.
o The ANG/ePDG MUST be able to provide forwarding support for the
prefixes provided in the PBA, regardless of the type of attachment
indicated in the PBU message.
3. IANA Considerations
This document defines a new flag for the MIP6-Feature-Vector AVP in
RFC 5447, which may need IANA assignment.
4. Security Considerations
This documents defines a new EAP attribute to extend the capability
of EAP-AKA protocol as specified in Section 8.2 of RFC 4187
[RFC4187]. This attribute is passed from the MN to the AAA server.
The document does not specify any new messages or options to the EAP-
AKA protocol.
5. Acknowledgement
Thanks to Aeneas-Dodd Noble for flow mobility discussions.
6. Informative References
[3gpp.4g-2]
"Architecture Enhancements for non-3GPP accesses, 3GPP TS
23.402 8.7.0, December 2009.", .
[RFC4005] Calhoun, P., Zorn, G., Spence, D., and D. Mitton,
"Diameter Network Access Server Application", RFC 4005,
Koodli Expires April 21, 2011 [Page 5]
Internet-Draft Multi-access Indicator for Flow Mobility October 2010
August 2005.
[RFC4187] Arkko, J. and H. Haverinen, "Extensible Authentication
Protocol Method for 3rd Generation Authentication and Key
Agreement (EAP-AKA)", RFC 4187, January 2006.
[RFC5447] Korhonen, J., Bournelle, J., Tschofenig, H., Perkins, C.,
and K. Chowdhury, "Diameter Mobile IPv6: Support for
Network Access Server to Diameter Server Interaction",
RFC 5447, February 2009.
Author's Address
Rajeev Koodli
Cisco Systems
USA
Email: rkoodli@cisco.com
Koodli Expires April 21, 2011 [Page 6]
| PAFTECH AB 2003-2026 | 2026-04-24 02:49:09 |