One document matched: draft-ohba-mobopts-mpa-framework-03.txt
Differences from draft-ohba-mobopts-mpa-framework-02.txt
MOBOPTS Research Group A. Dutta (Ed.)
Internet-Draft Telcordia
Expires: April 25, 2007 V. Fajardo
Y. Ohba
K. Taniuchi
TARI
H. Schulzrinne
Columbia Univ.
October 22, 2006
A Framework of Media-Independent Pre-Authentication (MPA)
draft-ohba-mobopts-mpa-framework-03
Status of this Memo
By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on April 25, 2007.
Copyright Notice
Copyright (C) The Internet Society (2006).
Abstract
This document describes a framework of Media-independent Pre-
Authentication (MPA), a new handover optimization mechanism that has
a potential to address issues on existing mobility management
Dutta (Ed.), et al. Expires April 25, 2007 [Page 1]
Internet-Draft MPA Framework October 2006
protocols and mobility optimization mechanisms. MPA is a mobile-
assisted, secure handover optimization scheme that works over any
link-layer and with any mobility management protocol. [I-D.ohba-
mobopts-mpa-implementation] is an accompanying document which shows
two sets of implementation of MPA including performance results to
show how existing protocols could be leveraged to realize the
functionalities of MPA.
Dutta (Ed.), et al. Expires April 25, 2007 [Page 2]
Internet-Draft MPA Framework October 2006
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.1. Performance Requirements . . . . . . . . . . . . . . . . . 6
2. Existing Work on Fast-handover . . . . . . . . . . . . . . . . 8
3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 9
4. MPA Framework . . . . . . . . . . . . . . . . . . . . . . . . 11
4.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . . 11
4.2. Functional Elements . . . . . . . . . . . . . . . . . . . 12
4.3. Basic Communication Flow . . . . . . . . . . . . . . . . . 12
5. Detailed Issues . . . . . . . . . . . . . . . . . . . . . . . 17
5.1. Discovery . . . . . . . . . . . . . . . . . . . . . . . . 17
5.2. Pre-authentciation in multiple CTN environement . . . . . 18
5.3. Proactive IP address acquisition . . . . . . . . . . . . . 19
5.3.1. PANA-assisted proactive IP address acquisition . . . . 19
5.3.2. IKEv2-assisted proactive IP address acquisition . . . 20
5.3.3. Proactive IP address acquisition using DHCP only . . . 20
5.3.4. Proactive IP address acquisition using stateless
autoconfiguration . . . . . . . . . . . . . . . . . . 21
5.4. Address resolution issues . . . . . . . . . . . . . . . . 22
5.4.1. Proactive duplicate address detection . . . . . . . . 22
5.4.2. Proactive address resolution update . . . . . . . . . 22
5.5. Pre-authentication with FA-CoA . . . . . . . . . . . . . . 23
5.6. Tunnel management . . . . . . . . . . . . . . . . . . . . 25
5.7. Binding Update . . . . . . . . . . . . . . . . . . . . . . 26
5.8. Preventing packet loss . . . . . . . . . . . . . . . . . . 27
5.8.1. Packet loss prevention in single interface MPA . . . . 27
5.8.2. Packet loss prevention in multi-interface MPA . . . . 27
5.8.3. Reachability test . . . . . . . . . . . . . . . . . . 28
5.9. Considerations for failed switching and switch-back . . . 28
5.10. Authentication state management . . . . . . . . . . . . . 30
5.11. Pre-allocation of QoS resources . . . . . . . . . . . . . 30
5.12. Scalability and resource allocation . . . . . . . . . . . 31
5.13. Link-layer security and mobility . . . . . . . . . . . . . 33
5.14. Authentication in initial network attachment . . . . . . . 34
5.15. Multicast mobility . . . . . . . . . . . . . . . . . . . . 34
5.16. IP layer security and mobility . . . . . . . . . . . . . . 36
5.17. Applicability of MPA to other Fast-handoff techniques . . 36
6. Security Considerations . . . . . . . . . . . . . . . . . . . 38
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 39
8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 40
9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 41
9.1. Normative References . . . . . . . . . . . . . . . . . . . 41
9.2. Informative References . . . . . . . . . . . . . . . . . . 42
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 45
Intellectual Property and Copyright Statements . . . . . . . . . . 47
Dutta (Ed.), et al. Expires April 25, 2007 [Page 3]
Internet-Draft MPA Framework October 2006
1. Introduction
As wireless technologies including cellular and wireless LAN are
popularly used, supporting terminal handovers across different types
of access networks, such as from a wireless LAN to CDMA or to GPRS is
considered as a clear challenge. On the other hand, supporting
terminal handovers between access networks of the same type is still
more challenging, especially when the handovers are across IP subnets
or administrative domains. To address those challenges, it is
important to provide terminal mobility that is agnostic to link-layer
technologies in an optimized and secure fashion without incurring
unreasonable complexity. In this document we discuss terminal
mobility that provides seamless handovers with low-latency and low-
loss. Seamless handovers are characterized in terms of performance
requirements as described in Section 1.1.
The basic part of terminal mobility is accomplished by a mobility
management protocol that maintains a binding between a locator and an
identifier of a mobile terminal, where the binding is referred to as
the mobility binding. The locator of the mobile node may dynamically
change when there is a movement of the mobile terminal. The movement
that causes a change of the locator may occur not only physically but
also logically. A mobility management protocol may be defined at any
layer. In the rest of this document, the term "mobility management
protocol" refers to a mobility management protocol which operates at
network layer or higher.
There are several mobility management protocols at different layers.
Mobile IP [RFC3344] and Mobile IPv6 [RFC3775] are mobility management
protocols that operate at network-layer. There are several ongoing
activities in the IETF to define mobility management protocols at
layers higher than network layer. For example, MOBIKE (IKEv2
Mobility and Multihoming) [I-D.ietf-mobike-design] is an extension to
IKEv2 that provides the ability to deal with a change of an IP
address of an IKEv2 end-point. HIP (the Host Identity Protocol)
[I-D.ietf-hip-base] defines a new protocol layer between network
layer and transport layer to provide terminal mobility in a way that
is transparent to both network layer and transport layer. Also, SIP-
Mobility is an extension to SIP to maintain the mobility binding of a
SIP user agent [SIPMM].
While mobility management protocols maintain mobility bindings, using
them solely in their current form is not sufficient to provide
seamless handovers. An additional optimization mechanism that works
in the visited network of the mobile terminal to prevent loss of
outstanding packets transmitted while updating the mobility binding
is needed to achieve seamless handovers. Such a mechanism is
referred to as a mobility optimization mechanism. For example,
Dutta (Ed.), et al. Expires April 25, 2007 [Page 4]
Internet-Draft MPA Framework October 2006
mobility optimization mechanisms [I-D.ietf-mobileip-lowlatency-
handoffs-v4] and [RFC4068] are defined for Mobile IPv4 and Mobile
IPv6, respectively, by allowing neighboring access routers to
communicate and carry information about mobile terminals. There are
protocols that are considered as "helpers" of mobility optimization
mechanisms. The CARD (Candidate Access Router Discovery Mechanism)
protocol [I-D.ietf-seamoby-card-protocol] is designed to discover
neighboring access routers. The CTP (Context Transfer Protocol)
[I-D.ietf-seamoby-ctp] is designed to carry state that is associated
with the services provided for the mobile terminal, or context, among
access routers.
There are several issues in existing mobility optimization
mechanisms. First, existing mobility optimization mechanisms are
tightly coupled with specific mobility management protocols. For
example, it is not possible to use mobility optimization mechanisms
designed for Mobile IPv4 or Mobile IPv6 for MOBIKE. What is strongly
desired is a single, unified mobility optimization mechanism that
works with any mobility management protocol. Second, there is no
existing mobility optimization mechanism that easily supports
handovers across administrative domains without assuming a pre-
established security association between administrative domains. A
mobility optimization mechanism should work across administrative
domains in a secure manner only based on a trust relationship between
a mobile node and each administrative domain. Third, a mobility
optimization mechanism needs to support not only multi-interface
terminals where multiple simultaneous connectivity through multiple
interfaces can be expected, but also single-interface terminals.
This document describes a framework of Media-independent Pre-
Authentication (MPA), a new handover optimization mechanism that has
a potential to address all those issues. MPA is a mobile-assisted,
secure handover optimization scheme that works over any link-layer
and with any mobility management protocol including Mobile IPv4,
Mobile IPv6, MOBIKE, HIP, SIP mobility, etc. In MPA, the notion of
IEEE 802.11i pre-authentication is extended to work at higher layer,
with additional mechanisms to perform early acquisition of IP address
from a network where the mobile terminal may move as well as
proactive handover to the network while the mobile terminal is still
attached to the current network. Since this document focuses on the
MPA framework, it is left to the future work to choose actual set of
protocols for MPA and define detailed operations. The accompanying
document [I-D.ohba-mobopts-mpa-implementation] provides one method
that describes usage and interactions between existing protocols to
accomplish MPA functionality.
Dutta (Ed.), et al. Expires April 25, 2007 [Page 5]
Internet-Draft MPA Framework October 2006
1.1. Performance Requirements
In order to provide desirable quality of service for interactive VoIP
and streaming traffic, one needs to limit the value of end-to-end
delay, jitter and packet loss to a certain threshold level. ITU-T
and ITU-E standards define the acceptable values for these
parameters. For example for one-way delay, ITU-T G.114 recommends
150 ms as the upper limit for most of the applications, and 400 ms as
generally unacceptable delay. One way delay tolerance for video
conferencing is in the range of 200 to 300 ms. Also if an out-of-
order packet is received after a certain threshold it is considered
lost. References [RFC2679], [RFC2680] and 2681 [RFC2681] describe
some of the measurement techniques for delay and jitter.
An end-to-end delay consists of several components, such as network
delay, operating system (OS) delay, CODEC delay and application
delay. Network delay consists of transmission delay, propagation
delay, queueing delay in the intermediate routers. Operating System
related delay consists of scheduling behavior of the operating system
in the sender and receiver. CODEC delay is generally caused due to
packetization and depacketization at the sender and receiver end.
Application delay is mainly attributed to playout delay that helps
compensate the delay variation within a network. End-to-end delay
and jitter values can be adjusted using proper value of the playout
buffer at the receiver end. In case of interactive VoIP traffic,
end-to-end delay affects the jitter value and is an important issue
to consider. During a mobile's frequent handover, transient traffic
cannot reach the mobile and this contributes to the jitter as well.
If the end system has a playout buffer, then this jitter is subsumed
by the playout buffer delay, but otherwise this adds to the delay for
interactive traffic. Packet loss is typically caused by congestion,
routing instability, link failure, lossy links such as wireless
links. During a mobile's handover a mobile is subjected to packet
loss because of its change in attachment to the network. Thus for
both streaming traffic and VoIP interactive traffic packet loss will
contribute to the service quality of the real-time application.
Number of packets lost is proportional to the delay during handover
and rate of traffic the mobile is receiving. Lost packets contribute
to congestion in case of TCP traffic because of re-transmission, but
it does not add to any congestion in case of streaming traffic that
is RTP/UDP based. Thus it is essential to reduce the packet loss and
effect of handover delay in any mobility management scheme. In
Section 2, we describe some of the fast-handover scheme that have
tried to reduce the handover delay.
According to ETSI TR 101 [ETSI] a normal voice conversation can
tolerate up to 2% packet loss. If a mobile is subjected to frequent
handoff during a conversation, each handoff will contribute to packet
Dutta (Ed.), et al. Expires April 25, 2007 [Page 6]
Internet-Draft MPA Framework October 2006
loss for the period of handoff. Thus maximum loss during a
conversation needs to be reduced to an acceptable level. There is no
clear threshold value for packet loss for streaming application, but
it needs to be reduced as much as possible to provide better quality
of service to a specific application.
Dutta (Ed.), et al. Expires April 25, 2007 [Page 7]
Internet-Draft MPA Framework October 2006
2. Existing Work on Fast-handover
While basic mobility management protocols such as Mobile IP
[RFC3344], Mobile IPv6 [RFC3775], SIP-Mobility [SIPMM] offer
solutions to provide continuity to TCP and RTP traffic, these are not
optimized to reduce the handover latency during mobile's frequent
movement between subnets and domains. In general these mobility
management protocols suffer from handover delays incurred at several
layers such as layer 2, layer 3 and application layer for updating
the mobile's mobility binding.
There have been several optimization techniques that apply to
currently mobility management schemes that try to reduce handover
delay and packet loss during a mobile's movement between cells,
subnet and domain. There are few micro-mobility management schemes
[CELLIP], [HAWAII], and intra-domain mobility management schemes such
as [IDMP], [I-D.ietf-mobileip-reg-tunnel] and [RFC4140] that provide
fast-handover by limiting the signaling updates within a domain.
Fast Mobile IP protocols for IPv4 and IPv6 networks [I-D.ietf-
mobileip-lowlatency-handoffs-v4], [RFC4068] provide fast-handover
techniques that utilize mobility information made available by the
link layer triggers. Yokota et al. [YOKOTA] propose joint use of
access point and dedicated MAC bridge to provide fast-handover
without altering MIPv4 specification. [MACD] scheme reduces the
delay due to MAC layer handoff by providing a cache-based algorithm.
Some of the mobility management schemes use dual interfaces thus
providing make-before-break scenario [SUM]. In a make-before-break
situation communication usually continues with one interface, when
the secondary interface is in the process of getting connected. The
IEEE 802.21 working group is discussing these scenarios in details
[802.21]. Providing fast-handover using a single interface needs
more careful design techniques than for a client with multiple
interfaces. [SIPFAST] provides an optimized handover scheme for SIP-
based mobility management, where the transient traffic is forwarded
from the old subnet to the new one by using an application layer
forwarding scheme. [MITH] provides a fast handover scheme for a
single interface case that uses mobile initiated tunneling between
the old foreign agent and new foreign agent. [MITH] defines two
types of handover schemes such as Pre-MIT and Post-MIT. Proposed MPA
scheme is very similar in nature to MITH's predictive scheme where
the mobile communicates with the foreign agent before actually moving
to the new network. However the proposed MPA scheme described in
this document is not limited to MIP type mobility protocol only and
in addition this scheme takes care of movement between domains and
performs pre-authentication in addition to proactive handover. Thus
the proposed scheme reduces the overall delay to close to link-layer
handover delay.
Dutta (Ed.), et al. Expires April 25, 2007 [Page 8]
Internet-Draft MPA Framework October 2006
3. Terminology
Mobility Binding:
A binding between a locator and an identifier of a mobile
terminal.
Mobility Management Protocol (MMP):
A protocol that operates at network layer or higher to maintain a
binding between a locator and an identifier of a mobile terminal.
Binding Update:
A procedure to update a mobility binding.
Media-independent Pre-Authentication Mobile Node (MN):
A mobile terminal of media-independent pre-authentication (MPA)
which is a mobile-assisted, secure handover optimization scheme
that works over any link-layer and with any mobility management
protocol. An MPA mobile node is an IP node. In this document,
the term "mobile node" or "MN" without a modifier refers to "MPA
mobile node". An MPA mobile node usually has a functionality of a
mobile node of a mobility management protocol as well.
Candidate Target Network (CTN):
A network to which the mobile may move in the near future.
Target Network (TN):
The network to which the mobile has decided to move. The target
network is selected from one or more candidate target network.
Dutta (Ed.), et al. Expires April 25, 2007 [Page 9]
Internet-Draft MPA Framework October 2006
Proactive Handover Tunnel (PHT):
A bidirectional IP tunnel that is established between the MPA
mobile node and an access router of a candidate target network.
In this document, the term "tunnel" without a modifier refers to
"proactive handover tunnel".
Point of Attachment (PoA):
A link-layer device (e.g., a switch, an access point or a base
station, etc.) that functions as a link-layer attachment point for
the MPA mobile node to a network.
Care-of Address (CoA):
An IP address used by a mobility management protocol as a locator
of the MPA mobile node.
Dutta (Ed.), et al. Expires April 25, 2007 [Page 10]
Internet-Draft MPA Framework October 2006
4. MPA Framework
4.1. Overview
Media-independent Pre-Authentication (MPA) is a mobile-assisted,
secure handover optimization scheme that works over any link-layer
and with any mobility management protocol. With MPA, a mobile node
is not only able to securely obtain an IP address and other
configuration parameters for a CTN, but also able to send and receive
IP packets using the obtained IP address before it actually attaches
to the CTN. This makes it possible for the mobile node to complete
the binding update of any mobility management protocol and use the
new CoA before performing a handover at link-layer.
This functionality is provided by allowing a mobile node, which has a
connectivity to the current network but is not yet attached to a CTN,
to (i) establish a security association with the CTN to secure the
subsequent protocol signaling, then (ii) securely execute a
configuration protocol to obtain an IP address and other parameters
from the CTN as well as a execute tunnel management protocol to
establish a PHT between the mobile node and an access router of the
CTN, then (iii) send and receive IP packets, including signaling
messages for binding update of an MMP and data packets transmitted
after completion of binding update, over the PHT using the obtained
IP address as the tunnel inner address, and finally (iv) deleting or
disabling the PHT immediately before attaching to the CTN when it
becomes the target network and then re-assigning the inner address of
the deleted or disabled tunnel to its physical interface immediately
after the mobile node is attached to the target network through the
interface. Instead of deleting or disabling the tunnel before
attaching to the the target network, the tunnel may be deleted or
disabled immediately after being attached to the target network.
Especially, the third procedure makes it possible for the mobile to
complete higher-layer handover before starting link-layer handover.
This means that the mobile is able to send and receive data packets
transmitted after completion of binding update over the tunnel, while
it is still able to send and receive data packets transmitted before
completion of binding update outside the tunnel.
In the above four basic procedures of MPA, the first procedure is
referred to as "pre-authentication", the second procedure is referred
to as "pre-configuration", the combination of the third and fourth
procedures are referred to as "secure proactive handover". The
security association established through pre-authentication is
referred to as an "MPA-SA".
Dutta (Ed.), et al. Expires April 25, 2007 [Page 11]
Internet-Draft MPA Framework October 2006
4.2. Functional Elements
In the MPA framework, the following functional elements are expected
to reside in each CTN to communicate with a mobile node:
Authentication Agent (AA), Configuration Agent (CA) and Access Router
(AR). Some or all of those elements can be placed in a single
network device or in separate network devices.
An authentication agent is responsible for pre-authentication. An
authentication protocol is executed between the mobile node and the
authentication agent to establish an MPA-SA. The authentication
protocol MUST be able to derive a key between the mobile node and the
authentication agent and SHOULD be able to provide mutual
authentication. The authentication protocol SHOULD be able to
interact with a AAA protocol such as RADIUS and Diameter to carry
authentication credentials to an appropriate authentication server in
the AAA infrastructure. The derived key is used for further deriving
keys used for protecting message exchanges used for pre-configuration
and secure proactive handover. Other keys that are used for
bootstrapping link-layer and/or network-layer ciphers MAY also be
derived from the MPA-SA. A protocol that can carry EAP [RFC3748]
would be suitable as an authentication protocol for MPA.
A configuration agent is responsible for one part of pre-
configuration, namely securely executing a configuration protocol to
securely deliver an IP address and other configuration parameters to
the mobile node. The signaling messages of the configuration
protocol MUST be protected using a key derived from the key
corresponding to the MPA-SA.
An access router is a router that is responsible for the other part
of pre-configuration, i.e., securely executing a tunnel management
protocol to establish a proactive handover tunnel to the mobile node.
The signaling messages of the configuration protocol MUST be
protected using a key derived from the key corresponding to the
MPA-SA. IP packets transmitted over the proactive handover tunnel
SHOULD be protected using a key derived from the key corresponding to
the MPA-SA.
4.3. Basic Communication Flow
Assume that the mobile node is already connected to a point of
attachment, say oPoA (old point of attachment), and assigned a
care-of address, say oCoA (old care-of address). The communication
flow of MPA is described as follows. Throughout the communication
flow, data packet loss should not occur except for the period during
the switching procedure in Step 5, and it is the responsibility of
link-layer handover to minimize packet loss during this period.
Dutta (Ed.), et al. Expires April 25, 2007 [Page 12]
Internet-Draft MPA Framework October 2006
Step 1 (pre-authentication phase): The mobile node finds a CTN
through some discovery process and obtains the IP addresses, an
authentication agent, a configuration agent and an access router in
the CTN by some means. The mobile node performs pre-authentication
with the authentication agent. If the pre-authentication is
successful, an MPA-SA is created between the mobile node and the
authentication agent. Two keys are derived from the MPA-SA, namely
an MN-CA key and an MN-AR key, which are used to protect subsequent
signaling messages of a configuration protocol and a tunnel
management protocol, respectively. The MN-CA key and the MN-AR key
are then securely delivered to the configuration agent and the access
router, respectively.
Step 2 (pre-configuration phase): The mobile node realizes that its
point of attachment is likely to change from oPoA to a new one, say
nPoA (new point of attachment). It then performs pre-configuration,
with the configuration agent using the configuration protocol to
obtain an IP address, say nCoA (new care-of address), and other
configuration parameters from the CTN, and with the access router
using the tunnel management protocol to establish a proactive
handover tunnel. In the tunnel management protocol, the mobile node
registers oCoA and nCoA as the tunnel outer address and the tunnel
inner address, respectively. The signaling messages of the pre-
configuration protocol are protected using the MN-CA key and the
MN-AR key. When the configuration and the access router are co-
located in the same device, the two protocols may be integrated into
a single protocol like IKEv2. After completion of the tunnel
establishment, the mobile node is able to communicate using both oCoA
and nCoA by the end of Step 4.
Step 3 (secure proactive handover main phase): The mobile node
decides to switch to the new point of attachment by some means.
Before the mobile node switches to the new point of attachment, it
starts secure proactive handover by executing binding update of a
mobility management protocol and transmitting subsequent data traffic
over the tunnel (main phase). In some cases, it may like to cache
multiple nCOA addresses and perform simultaneous binding with the CH
or HA.
Step 4 (secure proactive handover pre-switching phase): The mobile
node completes binding update and becomes ready to switch to the new
point of attachment point. The mobile may execute the tunnel
management protocol to delete or disable the proactive handover
tunnel and cache nCoA after deletion or disabling of the tunnel. The
decision as to when the mobile node is ready to switch to the new
point of attachment depends on handover policy.
Step 5 (switching): It is expected that a link-layer handover occurs
Dutta (Ed.), et al. Expires April 25, 2007 [Page 13]
Internet-Draft MPA Framework October 2006
in this step.
Step 6 (secure proactive handover post-switching phase): The mobile
node executes the switching procedure. Upon successful completion of
the switching procedure, the mobile node immediately restores the
cached nCoA and assigns it to the physical interface attached to the
new point of attachment. If the proactive handover tunnel was not
deleted or disabled in Step 4, the tunnel is deleted or disabled as
well. After this, direct transmission of data packets using nCoA is
possible without using a proactive handover tunnel.
An example call flow of MPA is shown in Figure 1 and Figure 2.
Dutta (Ed.), et al. Expires April 25, 2007 [Page 14]
Internet-Draft MPA Framework October 2006
IP address(es)
Available for
Use by MN
|
+-----------------------------------+ |
| Candidate Target Network | |
| (Future Target Network) | |
MN oPoA | nPoA AA CA AR | |
| | | | | | | | |
| | +-----------------------------------+ |
| | | | | | .
+---------------+ | | | | | .
|(1) Found a CTN| | | | | | .
+---------------+ | | | | | |
| Pre-authentication | | | |
| [authentication protocol] | | |
|<--------+------------->|MN-CA key| | |
| | | |-------->|MN-AR key| |
+-----------------+ | | |------------------>| |
|(2) Increased | | | | | | [oCoA]
|chance to switch | | | | | | |
| to CTN | | | | | | |
+-----------------+ | | | | | |
| | | | | | |
| Pre-configuration | | | |
| [configuration protocol to get nCoA] | |
|<--------+----------------------->| | |
| Pre-configuration | | | |
| [tunnel management protocol to establish PHT] V
|<--------+--------------------------------->|
| | | | | | ^
+-----------------+ | | | | | |
|(3) Determined | | | | | | |
|to switch to CTN | | | | | | |
+-----------------+ | | | | | |
| | | | | | |
| Secure proactive handover main phase | |
| [execution of binding update of MMP and | |
| transmission of data packets through AR | [oCoA, nCoA]
| based on nCoA over the PHT] | | |
|<<=======+================================>+--->... |
. . . . . . .
. . . . . . .
. . . . . . .
Figure 1: Basic Communication Flow (1/2)
Dutta (Ed.), et al. Expires April 25, 2007 [Page 15]
Internet-Draft MPA Framework October 2006
| | | | | | |
+----------------+ | | | | | |
|(4) Completion | | | | | | |
|of MMP BU and | | | | | | |
|ready to switch | | | | | | |
+----------------+ | | | | | |
| Secure proactive handover pre-switching phase |
| [tunnel management protocol to delete PHT] V
|<--------+--------------------------------->|
+---------------+ | | | |
|(5)Switching | | | | |
+---------------+ | | | |
| | | | |
+---------------+ | | | |
|(6) Completion | | | | |
|of switching | | | | |
+---------------+ | | | |
o<- Secure proactive handover post-switching phase ^
| [Re-assignment of TIA to the physical I/F] |
| | | | | |
| Transmission of data packets through AR | [nCoA]
| based on nCoA| | | | |
|<---------------+---------------------------+-->... |
| | | | | .
Figure 2: Basic Communication Flow (2/2)
Dutta (Ed.), et al. Expires April 25, 2007 [Page 16]
Internet-Draft MPA Framework October 2006
5. Detailed Issues
In order to provide an optimized handover for a mobile experiencing
rapid subnet and domain handover, one needs to look into several
issues. These issues include discovery of neighboring networking
elements, choosing the right network to connect to based on certain
policy, changing the layer 2 point of attachment, obtaining an IP
address from a DHCP or PPP server, confirming the uniqueness of the
IP address, pre-authenticating with the authentication agent, sending
the binding update to the correspondent host and obtaining the
redirected streaming traffic to the new point of attachment, ping-
pong effect, probability of moving to more than one network and
associating with multiple target networks. We describe these issues
in details in the following paragraphs and describe how we have
optimized these in case of MPA-based secure proactive handover.
5.1. Discovery
Discovery of neighboring networking elements such as access points,
access routers, authentication servers help expedite the handover
process during a mobile's rapid movement between networks. By
discovering the network neighborhood with a desired set of
coordinates, capabilities and parameters the mobile can perform many
of the operation such as pre-authentication, proactive IP address
acquisition, proactive address resolution, and binding update while
in the previous network.
There are several ways a mobile can discover the neighboring
networks. The Candidate Access Router Discovery protocol [I-D.ietf-
seamoby-card-protocol] helps discover the candidate access routers in
the neighboring networks. Given a certain network domain SLP and DNS
help provide addresses of the networking components for a given set
of services in the specific domain. In some cases many of the
network layer and upper layer parameters may be sent over link-layer
management frames such as beacons when the mobile approaches the
vicinity of the neighboring networks. IEEE 802.11u is considering
issues such as discovering neighborhood using information contained
in link-layer. However, if the link-layer management frames are
encrypted by some link-layer security mechanism, then the mobile node
may not be able to obtain the requisite information before
establishing link-layer connectivity to the access point. In
addition this may add burden to the bandwidth constrained wireless
medium. In such cases a higher layer protocol is preferred to obtain
the information regarding the neighboring elements. There is some
proposal such as [802.21] that helps obtain these information about
the neighboring networks from a mobility server. When the mobile's
movement is imminent, it starts the discovery process by querying a
specific server and obtains the required parameters such as the IP
Dutta (Ed.), et al. Expires April 25, 2007 [Page 17]
Internet-Draft MPA Framework October 2006
address of the access point, its characteristics, routers, SIP
servers or authentication servers of the neighboring networks. In
the event of multiple networks, it may obtain the required parameters
from more than one neighboring networks and keep these in cache. At
some point the mobile finds out several CTN's out of many probable
networks and starts the pre-authentication process by communicating
with the required entities in the CTN's. Futher details of this
scenario is in Section 5.2.
5.2. Pre-authentciation in multiple CTN environement
In some cases, although a mobile decides a specific network to be the
target network, it may actually end up with moving into a neighboring
network other than the target network due to factors that are beyond
the mobile's control. Thus it may be useful to perform the pre-
authentication with a few probable candidate target networks and
establish time-bound tunnels with the respective access routers in
those networks. Thus in the event of a mobile moving to a candidate
target network other than that was chosen as the target network, it
will not be subjected to packet loss due to authentication and IP
address acquisition delay that could incur if the mobile did not pre-
authenticate with that candidate target network. It may appear that
by pre-authenticating with a number of candidate target networks and
reserving the IP addresses, the mobile is provisioning the resources
that could be used otherwise. But since this happens for a time-
limited period it should not be a big problem. Mobile uses pre-
authentication procedure to obtain IP address proactively and set up
the time bound tunnels with the access routers of the candidate
target networks. Also MN may hold some or all of the nCoAs for
future movement.
Mobile may choose one of these addresses as the binding update
address and send it to the CN (Correspondent Node) or HA (Home
Agent), and will thus receive the tunneled traffic via the target
network while in the previous network. But in some instances, the
mobile may eventually end up moving to a network that is other than
the target network. Thus there will be a disruption in traffic as
the mobile moves to the new network since the mobile has to go
through the process of assigning the new IP address and sending the
binding update again. Two solutions can be proposd to take care of
this problem. Mobile can take advantage of the simultaneous mobility
binding and send multiple binding updates to the corresponsing host
or HA. Thus the corresponsing host or HA forwards the traffic to
multiple IP addresses assigned to the virtual interfaces for a
specific period of time. This binding update gets refreshed at the
CH after the mobile moves to the new network, thus stopping the flow
to the other candidate networks. Reference [I-D.wakikawa-mobileip-
multiplecoa] discusses different scenarios of mobility binding with
Dutta (Ed.), et al. Expires April 25, 2007 [Page 18]
Internet-Draft MPA Framework October 2006
multiple care-of-addresses. In case simultaneous binding is not
supported in a specific mobility scheme, forwarding of traffic from
the previous target network will help take care of the transient
traffic until the new binding update goes from the new network.
5.3. Proactive IP address acquisition
In general a mobility management protocol works in conjunction with
Foreign Agent or in co-located address mode. MPA approach can use
both co-located address mode and foreign agent address mode. We
discuss here the address assignment component that is used in co-
located address mode. There are several ways a mobile node can
obtain an IP address and configure itself. Most commonly a mobile
can configure itself statically in the absence of any configuring
element such as a server or router in the network. The IETF Zeroconf
working group defines auto-IP mechanism where a mobile is configured
in an ad-hoc manner and picks a unique address from a specified range
such as 169.254.x.x. In a LAN environment the mobile can obtain IP
address from DHCP servers. In case of IPv6 networks, a mobile has
the option of obtaining the IP address using stateless auto-
configuration or DHCPv6. In a wide area networking environment,
mobile uses PPP to obtain the IP address by communicating with a NAS.
Each of these processes takes of the order of few hundred
milliseconds to few seconds depending upon the type of IP address
acquisition process and operating system of the clients and servers.
Since IP address acquisition is part of the handover process, it adds
to the handover delay and thus it is desirable to reduce this timing
as much as possible. There are few optimized techniques such as DHCP
Rapid Commit [I-D.ietf-dhc-rapid-commit-opt], GPS-coordinate based IP
address [GPSIP] available that attempt to reduce the handover time
due to IP address acquisition time. However in all these cases the
mobile also obtains the IP address after it moves to the new subnet
and incurs some delay because of the signaling handshake between the
mobile node and the DHCP server.
In the following paragraph we describe few ways a mobile node can
obtain the IP address proactively from the CTN and the associated
tunnel setup procedure. These can broadly be defined into four
categories such as PANA-assisted proactive IP address acquisition,
IKE-assisted proactive IP address acquisition, proactive IP address
acquisition using DHCP only and stateless autoconfiguration.
5.3.1. PANA-assisted proactive IP address acquisition
In case of PANA-assisted proactive IP address acquisition, the mobile
node obtains an IP address proactively from a CTN. The mobile node
makes use of PANA [I-D.ietf-pana-pana] messages to trigger the
Dutta (Ed.), et al. Expires April 25, 2007 [Page 19]
Internet-Draft MPA Framework October 2006
address acquisition process on the DHCP relay agent that co-locates
with PANA authentication agent in the access router in the CTN. Upon
receiving a PANA message from the mobile node, the DHCP relay agent
performs normal DHCP message exchanges to obtain the IP address from
the DHCP server in the CTN. This address is piggy-backed in a PANA
message and is delivered to the client. In case of MIPv6 with
stateless autoconfiguration, the router advertisement from the new
target network is passed to the client as part of PANA message.
Mobile uses this prefix and its MAC address to construct the unique
IPv6 address as it would have done in the new network. Mobile IPv6
in stateful mode works very similar to DHCPv4.
5.3.2. IKEv2-assisted proactive IP address acquisition
IKEv2-assisted proactive IP address acquisition works when an IPsec
gateway and a DHCP relay agent are resident within each access router
in the CTN. In this case, the IPsec gateway and DHCP relay agent in
a CTN help the mobile node acquire the IP address from the DHCP
server in the CTN. The MN-AR key established during the pre-
authentication phase is used as the IKEv2 pre-shared secret needed to
run IKEv2 between the mobile node and the access router. The IP
address from the CTN is obtained as part of standard IKEv2 procedure,
with using the co-located DHCP relay agent for obtaining the IP
address from the DHCP server in the target network using standard
DHCP. The obtained IP address is sent back to the client in the
IKEv2 Configuration Payload exchange. In this case, IKEv2 is also
used as the tunnel management protocol for a proactive handover
tunnel (see Section 5.6). Alternatively VPN-GW can itself dispense
the IP address from its IP address pool.
5.3.3. Proactive IP address acquisition using DHCP only
As another alternative, DHCP may be used for proactively obtaining an
IP address from a CTN without relying on PANA or IKEv2-based
approaches by allowing direct DHCP communication between the mobile
node and the DHCP relay or DHCP server in the CTN. In this case, the
mobile node sends a unicast DHCP message to the DHCP relay agent or
DHCP server in the CTN requesting an address, while using the address
associated with the current physical interface as the source address
of the request.
When the message is sent to the DHCP relay agent, the DHCP relay
agent relays the DHCP messages back and forth between the mobile node
and the DHCP server. In the absence of a DHCP relay agent the mobile
can also directly communicate with the DHCP server in the target
network. The broadcast option in client's unicast DISCOVER message
should be set to 0 so that the relay agent or the DHCP server can
send back the reply directly to the mobile using the mobile node's
Dutta (Ed.), et al. Expires April 25, 2007 [Page 20]
Internet-Draft MPA Framework October 2006
source address. This mechanism works as well for an IPv6 node using
stateful configuration.
In order to prevent malicious nodes from obtaining an IP address from
the DHCP server, DHCP authentication should be used or the access
router should install a filter to block unicast DHCP message sent to
the remote DHCP server from mobile nodes that are not pre-
authenticated. When DHCP authentication is used, the DHCP
authentication key may be derived from the MPA-SA established between
the mobile node and the authentication agent in the candidate target
network.
The proactively obtained IP address is not assigned to the mobile
node's physical interface until the mobile has moved to the new
network. The IP address thus obtained proactively from the target
network should not be assigned to the physical interface but rather
to a virtual interface of the client. Thus such a proactively
acquired IP address via direct DHCP communication between the mobile
node and the DHCP relay or the DHCP server in the CTN may be carried
with additional information that is used to distinguish it from other
address assigned to the physical interface.
Upon the mobile's entry to the new network, the mobile node can
perform DHCP over the physical interface to the new network to get
other configuration parameters such as SIP server, DNS server, etc.,
by using e.g., DHCP INFORM. This should not affect the ongoing
communication between the mobile and correspondent host. Also, the
mobile node can perform DHCP over the physical interface to the new
network to extend the lease of the address that was proactively
obtained before entering the new network.
5.3.4. Proactive IP address acquisition using stateless
autoconfiguration
In case of IPv6, network address configuration is done either using
DHCPv6 or stateless autoconfiguration. In order to obtain the new IP
address proactively, the router advertisement of the next hop router
can be sent over the established tunnel, and a new IPv6 address is
generated based on the prefix and MAC address of the mobile.
Generating a COA from the new network will avoid the time needed to
obtain an IP address and perform the Duplicate Address Detection.
In order to maintain the DHCP binding for the mobile node and keep
track of the dispensed IP address before and after the secure
proactive handover, the same DHCP client identifier needs to be used
for the mobile node for both DHCP for proactive IP address
acquisition and DHCP performed after the mobile node enters the
target network. The DHCP client identifier may be the MAC address of
Dutta (Ed.), et al. Expires April 25, 2007 [Page 21]
Internet-Draft MPA Framework October 2006
the mobile node or some other identifier. In case of stateless
autoconfiguration, the mobile checks to see the prefix of the router
advertisement in the new network and matches it with the prefix of
newly assigned IP address. If these turn out to be the same then the
mobile does not go through the IP address acquisition phase again.
5.4. Address resolution issues
5.4.1. Proactive duplicate address detection
When the DHCP server dispenses an IP address, it updates its lease
table, so that this same address is not given to another client for
that specific period of time. At the same time the client also keeps
a lease table locally so that it can renew when needed. In some
cases where a network consists of both DHCP and non-DHCP enabled
clients, there is a probability that another client with the LAN may
have been configured with an IP address from the DHCP address pool.
In such scenario the server does a duplicate address detection based
on ARP (Address Resolution Protocol) or IPv6 Neighbor Discovery
before assigning the IP address. This detection procedure may take
up to 4 sec to 15 sec [MAGUIRE] and will thus contribute to a larger
handover delay. In case of proactive IP address acquisition process,
this detection is performed ahead of time and thus does not affect
the handover delay at all. By performing the duplicate address
detection ahead of time, we reduce the handover delay factor.
5.4.2. Proactive address resolution update
During the process of pre-configuration, the address resolution
mappings needed by the mobile node to communicate with nodes in the
target network after attaching to the target network can also be
known, where the nodes may be the access router, authentication
agent, configuration agent and correspondent node. There are several
possible ways of performing such proactive address resolution.
o Use an information service mechanism [802.21] to resolve the MAC
addresses of the nodes. This might require each node in the
target network to involve in the information service so that the
server of the information service can construct the database of
proactive address resolution.
o Extend the authentication protocol used for pre-authentication or
the configuration protocol used for pre-configuration to support
proactive address resolution. For example, if PANA is used as the
authentication protocol for pre-authentication, PANA messages may
carry AVPs used for proactive address resolution. In this case,
Dutta (Ed.), et al. Expires April 25, 2007 [Page 22]
Internet-Draft MPA Framework October 2006
the PANA authentication agent in the target network may perform
address resolution for on behalf of the mobile node.
o One can also make use of DNS to map the MAC address of the
specific interface associated with a specific IP address of the
network element in the target network. One may define a new DNS
resource record (RR) to proactively resolve the MAC addresses of
the nodes in the target network. But this approach may have its
own limitations since a MAC address is a resource that is bound to
an IP address, not directly to a domain name.
When the mobile node attaches to the target network, it installs the
proactively obtained address resolution mappings without necessarily
performing address resolution query for the nodes in the target
network.
On the other hand, the nodes that reside in the target network and
are communicating with the mobile node should also update their
address resolution mappings for the mobile node as soon as the mobile
node attaches to the target network. The above proactive address
resolution methods could also be used for those nodes to proactively
resolve the MAC address of the mobile node before the mobile node
attaches to the target network. However, this is not useful since
the those nodes need to detect the attachment of the mobile node to
the target network before adopting the proactively resolved address
resolution mapping. A better approach would be integration of
attachment detection and address resolution mapping update. This is
based on gratuitously performing address resolution [RFC3344],
[RFC3775] in which the mobile node sends an ARP Request or an ARP
Reply in the case of IPv4 or a Neighbor Advertisement in the case of
IPv6 immediately after the mobile node attaches to the new network so
that the nodes in the target network can quickly update the address
resolution mapping for the mobile node.
5.5. Pre-authentication with FA-CoA
In many of the deployment scenarios such as in IMS/MMD (IP Multimedia
Subsystem/Multimedia Domain) architecture using MIPv4 as the binding
protocol, IP address of the mobile does not change as the mobile
moves from one visited network to another. A typical example is when
the mobile uses MIPv4 and uses FA Care-of-Address and interacts with
outbound SIP proxy. In such a situation the mobile has only Home
Address (HoA) on its interface. MPA mechanism in its current form
will give rise to routing loop, if the mobile uses HoA as the outer
address of the MPA proactive tunnel described previously.
In this scenario while the mobile is still with pFA, if it sets up a
Dutta (Ed.), et al. Expires April 25, 2007 [Page 23]
Internet-Draft MPA Framework October 2006
proactive tunnel with nFA using the HoA as the outer address and
sends the binding update with with nFA's care-of-address, then any
packet destined to mobile will first be routed to nFA and then
because of the associated tunnel, it will be sent back to the HA,
resulting in a routing loop.
In order to take care of this routing problem we propose different
ways of creating two tunnels such as forward proactive and reverse
proactive tunnels. Forward proactive tunnel helps tunnel the traffic
from nFA to MN whereas the packets from the mobile goes over the
reverse proactive tunnel. We propose to use p-FA's CoA as the tunnel
outer address of the MN for forward proactive tunnel and propose to
use mobile's HoA as the outer address of the reverse proactive
tunnel. Traffic destined to HoA when arrives at nFA will get routed
to pFA over proactive tunnel using the host based routing set up at
nFA. Figure 3 shows a scenario of assymmetric procative tunnel that
is needed to care of this routing loop.
Dutta (Ed.), et al. Expires April 25, 2007 [Page 24]
Internet-Draft MPA Framework October 2006
+------+ +----+
| +---------| |
|HA | |CN |
+-++---+ +----+
Forward Proactive ||
Handover Tunnel ||/ Mobile IP
||--------Forward and Reverse
| ||\ Tunnel
| ||
+------+ \|/ +--++--+
| +--------------+ |
|pFA +--------------+nFA |
| -+--------------+ |
+---+-++--------------+------+
| | /|\
| |/ |
| |--------Reverse Proactive
| |\ Handover Tunnel
+--+-+
|MN |
| |
+----+
Figure 3: MPA with FA-CoA Scenario
5.6. Tunnel management
After an IP address is proactively acquired from the DHCP server in a
CTN, a proactive handover tunnel is established between the mobile
node and the access router in the CTN. The mobile node uses the
acquired IP address as the tunnel inner address.
The proactive handover tunnel is established using a tunnel
management protocol. When IKEv2 is used for proactive IP address
acquisition, IKEv2 is also used as the tunnel management protocol.
Alternatively, when PANA is used for proactive IP address
acquisition, PANA may be used as the secure tunnel management
protocol.
Once the proactive handover tunnel is established between the mobile
node and the access router in the candidate target network, the
access router also needs to perform proxy address resolution on
behalf of the mobile node so that it can capture any packets destined
to the mobile node's new address.
Since mobile needs to be able to communicate with the correspondent
node while in the previous network some or all parts of binding
Dutta (Ed.), et al. Expires April 25, 2007 [Page 25]
Internet-Draft MPA Framework October 2006
update and data from the correspondent node to mobile node need to be
sent back to the mobile node over a proactive handover tunnel.
Details of these binding update procedure are described in Section
5.6.
In order for the traffic to be directed to the mobile node after the
mobile node attaches to the target network, the proactive handover
tunnel needs to be deleted or disabled. The tunnel management
protocol used for establishing the tunnel is used for this purpose.
Alternatively, when PANA is used as the authentication protocol the
tunnel deletion or disabling at the access router can be triggered by
means of PANA update mechanism as soon as the mobile moves to the
target network. A link-layer trigger ensures that the mobile node is
indeed connected to the target network and can also be used as the
trigger to delete or disable the tunnel.
5.7. Binding Update
There are several kinds of binding update mechanisms for different
mobility management schemes. In case of Mobile IPv4 and Mobile IPv6,
the mobile performs binding update with the home agent only, if route
optimization is not used. Otherwise, the mobile performs binding
update with both the home agent (HA) and corresponding node (CN). In
case of SIP-based terminal mobility the mobile sends binding update
using Re-INVITE to the correspondent node and REGISTER message to the
Registrar. Based on the distance between the mobile and the
correspondent node the binding update may contribute to the handover
delay. SIP-fast handover [SIPFAST] provides several ways of reducing
the handover delay due to binding update. In case of secure
proactive handover using SIP-based mobility management we rule out
the delay due to binding update completely, as it takes place in the
previous network. Thus this scheme looks more attractive when the
correspondent node is too far from the communicating mobile node.
Similarly in case of Mobile IPv6, the mobile sends the newly acquired
CoA from the target network as the binding update to the HA and CN.
Also all signaling messages between MN and HA and between MN and CN
are passed through this proactive tunnel that is set up. These
messages include Binding Update (BU), Binding Acknowledgement (BA)
and the associated return routability messages such as Home Test Init
(HoTI), Home Test (HoT), Care-of Test Init (CoTI),Care-of Test (COT).
If the proactive handover tunnel is realized as an IPsec tunnel, it
will also protect these signaling messages between the tunnel end
points and will make the return routability test securer. Any
subsequent data will also be tunneled through as long as the mobile
is in the previous network. The accompanying document [I-D.ohba-
mobopts-mpa-implementation] talks about the details of how binding
updates and signaling for return routability are sent over the
secured tunnel.
Dutta (Ed.), et al. Expires April 25, 2007 [Page 26]
Internet-Draft MPA Framework October 2006
5.8. Preventing packet loss
5.8.1. Packet loss prevention in single interface MPA
For single interface MPA, there may be some transient packets during
link-layer handover that is directed to the mobile node at the old
point of attachment before the mobile node is able to attach to the
target network. Those transient packets can be lost. The use of a
general purpose buffer at the access router of the old point of
attachment can eliminate packet loss. Intelligent buffering
techniques that is signalled from the MN can temporarily hold
transient traffic during handover and then these packets can be
forwarded to the MN once it is reachable in the target network.
An alternative method is to use bicasting. However it does not
eliminate packet loss if link-layer handover is not seamlessly
performed. On the other hand, buffering does not reduce packet
delay. While packet delay can be compensated by playout buffer at
the receiver side for streaming application, playout buffer does not
help much for interactive VoIP application which cannot tolerate for
large delay jitters. Thus it is still important to optimize the
link-layer handover anyway.
5.8.2. Packet loss prevention in multi-interface MPA
MPA usage in multi-interface handover scenario involves preparing the
second interface for use via the current active interface.
Preparation would involve pre-authentication and provisioning at a
target network where the second interface would be the eventual
active interface. An example, would be inter-technology handover
from a Wi-Fi to a CDMA network where pre-authentication at the CDMA
network can be performed via the Wi-Fi interface. Handover occurs
when the CDMA interface becomes the active interface for the MN.
In such scenario, if handover occurs while both interfaces are
active, there is generally no packet loss since transient packets
directed towards the old interface will still reach the MN. However,
if sudden disconnection of the current active interface is used to
initiate handover to the prepared interface then transient packets
for the disconnected interface will be lost while the MN attempts to
be reachable at the prepared interface. In such cases, a specialized
form of buffering can be used to eliminate packet loss where packets
are merely copied at an access router in the current active network
prior to disconnection. If sudden disconnection does occur, copied
packets can be forwarded to the MN once the prepared interface
becomes the active reachable interface.The copy-and-foward mechanism
is not limited to multi-interface handover. Single interface
scenarios can also employ copy-and-fowarding instead of general
Dutta (Ed.), et al. Expires April 25, 2007 [Page 27]
Internet-Draft MPA Framework October 2006
buffering though its use is most obvious in sudden disconnection
scenario.
A notable side-effect of this process is the possible duplication of
packets during forwarding at the new active interface. Several
approaches can be employed to minimize this effect. Relying on upper
layer protocols such as TCP to detect and eliminate duplicates is the
most common way. Specialized duplicate detection and handling
mechanisms can also be used. In general, packet duplication is a
well know issue that can be handled locally by the MN.
A lengthy detection of a disconnection event of the current active
interface can also have an adverse effect on the length of the
handover process. Thus it becomes necessary to use an optimized
scheme of detecting interface disconnection in such scenarios.
5.8.3. Reachability test
In addtion to previous techniques, the MN may also ensure
reachability to the new point of attachment before switching from the
old one. This can be done by exchanging link-layer management frames
with the new point of attachment. This reachability check should be
performed as quickly as possible. In order to prevent packet loss
during this reachability check, transmission of packets over the link
between the MN and old point of attachment should be suspended by
buffering the packets at the both ends of the link during the
reachability check. How to perform this buffering is out of scope of
this document. Some of the results using this buffering scheme have
been explained in the accompanying implementation document.
5.9. Considerations for failed switching and switch-back
Ping-Pong effect is one of the common problems found during handover
scenario. Ping-pong effect arises when a mobile is situated at the
borderline of the cell or decision point and a handover procedure is
frequently executed. This results in higher call drop probability,
lower connection quality, increased signaling traffic and waste of
resources. All of these affect mobility optimization. Handoff
algorithms are the deciding factors for performing the handoff
between the networks. Traditionally these algorithms employ a
threshold to compare the values of different metrics to decide on the
handoff. These metrics include signal strength, path loss, carrier-
to-interference ratios (CIR), Signal to Interference Ratios (SIR),
Bit Error Rate (BER), power budget etc. In order to avoid ping-pong
effect some additional parameters are employed by the decision
algorithm such as hystereris margin, dwell timers, and averaging
window. For a high moving vehicle, other parameters such as distance
between the mobile node and the point of attachment, velocity of the
Dutta (Ed.), et al. Expires April 25, 2007 [Page 28]
Internet-Draft MPA Framework October 2006
mobile, location of the mobile, traffic and bandwidth characteristics
are also taken into account to reduce the ping-pong effect. Most
recently there are other handoff algorithms that help reduce the
ping-pong effect in a heterogeneous network environment that are
based on techniques such as hypothesis testing, dynamic programming
and pattern recognition techniques. While it is important to devise
smart handoff algorithms to reduce the ping-pong effect, it is also
important to devise methods to recover from these effect.
In the case of MPA framework, ping-pong effect will result in the
back-and-forth movement of the mobile between current network and
target network and between the candidate target networks. MPA in its
current form will be affected because of numerous tunnel setup,
number of binding updates and associated handoff latency resulting
out of ping-pong situation. Since ping-pong effect is related to
handoff rate, it may also contribute to delay and packet loss. We
propose several algorithms that will help reduce the probability of
ping-pong and propose several methods for the MPA framework so that
it can recover from the packet loss resulting out of ping-pong
effect.
MPA framework can take advantage of the mobile's geo-location with
respect to APs in the neighboring networks using GPS. In order to
avoid the oscillation between the networks, a location-based
intelligent algorithm can be derived by using a co-relation between
user's location and cached data from the previous handover attempts.
In some cases only location may not be the only indicator for a
handoff decision. For example in Manhattan type networks, although a
mobile is close to an AP, it may not have enough SNR (Signal to Noise
Ration) to make a good connection. Thus knowledge of mobility
pattern, dwell time in a call and path identification will help avoid
the ping-pong problem to a great extent.
In the absence of a good handoff algorithm that can avoid ping-pong
effect, it may be required to put in place a good recovery mechanism
so as to mitigate the effect of Ping-Pong. It may be necessary to
keep the established context in the current network for a period of
time, so that it can be quickly recovered when the mobile comes back
to the network where the context was last used. These context may
include security association, IP address used, tunnels established
etc. Bicasting the data to both previous network and new network for
a predefined period will also the mobile help take care of the lost
packets in case the mobile moves back and forth between the networks.
The mobile should be able to determine if it is in a stable state
with respect to ping-pong situation.
When MPA framework takes advantage of a combination of IKEv2 and
MOBIKE, the ping-pong effect can be reduced further [mpa-mobike]
Dutta (Ed.), et al. Expires April 25, 2007 [Page 29]
Internet-Draft MPA Framework October 2006
5.10. Authentication state management
In case of pre-authentication with multiple target networks, one
needs to maintain the state in the authentication agent of each of
the neighboring networks for certain time. Thus in the event the
mobile does move back and forth between neighboring networks, already
maintained authentication state can be helpful. We provide some
highlights on multiple security association state management below.
A MN that has pre-authenticated to an authentication agent in a
candidate target network and has a MPA-SA may need to continue to
keep the MPA-SA while it continues to stay in the current network or
even after it handovers to a network that is different from the
candidate target network.
When an MN that has been authenticated and authorized by an
authentication agent in the current network makes a handover to a
target network, it may want to hold the SA that has been established
between the MN and the authentication agent for a certain time period
so that it does not have to go through the entire authentication
signaling to create an SA from scratch in case it returns to the
previous network due to ping pong effect. Such an SA being held at
the authentication agent after the MN's handover to other network is
considered as an MPA-SA. In this case, the authentication agent
should change the fully authorized state for the MN to an
unauthorized state. The unauthorized state can be changed to the
fully authorized state only when the MN comes back to the network and
provides a proof of possession of a key associated with the MPA-SA.
While an MPA-SA is being held at an authentication agent, the MN will
need to keep updating the authentication agent when an IP address of
the MN changes due to a handover.
5.11. Pre-allocation of QoS resources
In the pre-configuration phase, it is also possible to pre-allocate
QoS resources that may be used by the mobile node not only after
handover but also before handover. When pre-allocated QoS resources
are used before handover, it is used for application traffic carried
over a proactive handover tunnel.
It is possible that QoS resources are pre-allocated in an end-to-end
fashion. One method to achieve this proactive end-to-end QoS
reservation is to execute NSLP [I-D.ietf-nsis-qos-nslp] or RSVP
[RFC2205] over a proactive handover tunnel where pre-authentication
can be used for bootstrapping a security association for the
proactive handover tunnel to protect the QoS signaling. In this
case, QoS resources are pre-allocated on the path between the
Dutta (Ed.), et al. Expires April 25, 2007 [Page 30]
Internet-Draft MPA Framework October 2006
correspondent node and a target access router can be used
continuously before and after handover. On the other hand, duplicate
pre-allocation of QoS resources between the target access router and
the mobile node would be necessary when using pre-allocated QoS
resources before handover due to difference in paths between the
target access router and the mobile node before and after handover.
QoS resources to be used for the path between the target access
router and the mobile node after handover may be pre-allocated by
extending NSLP to work for off-path signaling (Note: this path can be
viewed as off-path before handover) or by media-specific QoS
signaling.
5.12. Scalability and resource allocation
In case of multiple CTNs, establishing multiple tunnels with the
neighboring target networks provides some additional benefits. But
it also contributes to some scalability and resource utilization
issues as well. Pre-authentication process with multiple candidate
target networks can happen in several ways.
The very basic scheme involves authenticating the mobile with the
multiple authentication agents in the neighboring networks, but
actual pre-configuration and binding update take place only after
layer 2 movement to a specific network is complete. By having the
pre-authentication done ahead of time, the mobile does not need to do
any more authentication after it moves to the new network.
Configuration and binding updates actually take place after the
mobile has moved to the new network and thus may contribute to the
delay.
Similarly, in addition to pre-authentication, the mobile can also
complete the pre-configuration while in the previous network, but can
postpone the binding update until after the mobile has moved. This
way, the mobile can obtain multiple IP addresses from the neighboring
networks ahead of time but store these in the cache for a certain
period. By being able to cache the IP addresses from the neighboring
networks, the mobile does not need to spend any additional time for
the IP address acquisition after the handover. Like the previous
case, in this case the mobile also does not need to set up the pre-
configured the tunnels. While pre-authentication process and part of
pre-configuration process are taken care of before the mobile has
moved to the new network, binding update is actually done after the
mobile has moved.
The third type of multiple pre-authentication involves all the three
steps while the mobile is in the previous networks, such as
authentication, configuration and binding update. But, this specific
process utilizes the most amount of resources. Some of the resources
Dutta (Ed.), et al. Expires April 25, 2007 [Page 31]
Internet-Draft MPA Framework October 2006
that get used during this process are as follows:
1)Additional signaling for pre-authentication in the neighboring
networks
2)Holding the IP address of the neighboring networks in mobiles cache
for certain amount of time. It needs additional processing in the
mobile for storing these IP addresses. In addition it also uses up
the temporary IP addresses from the neighboring routers.
3)There is an additional cost associated with setting up additional
transient tunnels with the target routers in the neighboring networks
and mobile.
4) In case of binding update with multiple IP addresses obtained from
the neighboring networks, multiple transient streams flow between the
CN and mobile using these transient tunnels.
When only pre-authentication and pre-configuration are done ahead of
time with multiple networks, the mobile sends one binding update to
the CN. In this case it is important to find out when to send the
binding update after the layer 2 handoff.
In case binding update with multiple contact addresses is sent,
multiple media streams stem out of CN using the transient tunnels.
But in that case one needs to send another Binding Update after the
handover with the contact address set to the new address (only one
address) where the mobile has moved. This way the mobile stops
sending media to other neighboring networks where the mobile did not
move.
The following is an illustration of this specific case that takes
care of multiple binding streams, when the mobile moves only to a
specific network, but sends multiple binding updates in the previous
network. MN sends a binding update to CH with multiple contact
addresses such as c1,c2, and c3 that were obtained from three
neighboring networks. This allows the CN to send transient multiple
streams to the mobile over the pre-setablished tunnels. After the
mobile moves to the actual network, it sends another binding update
to the CN with the care-of-address of the mobile in the network where
the mobile has moved in. Some of the issues with multiple stream are
consumption of extra bandwidth for a small period of time.
Alternatively, one can apply the buffering technique at the target
access router or at the home agent. Transient data can be forwarded
to the mobile after it has moved in. Forwarding of data can be
triggered by the mobile either as part of Mobile IP registration or
as a separate buffering protocol.
Dutta (Ed.), et al. Expires April 25, 2007 [Page 32]
Internet-Draft MPA Framework October 2006
5.13. Link-layer security and mobility
Using the MPA-SA established between the mobile node and the
authentication agent for a CTN, during the pre-authentication phase,
it is possible to bootstrap link-layer security in the CTN while the
mobile node is in the current network in the following way.
(1) The authentication agent and the mobile node derives a PMK (Pair-
wise Master Key) [I-D.ietf-eap-keying] using the MPA-SA that is
established as a result of successful pre-authentication. Executions
of EAP and an AAA protocol may be involved during pre-authentication
to establish the MPA-SA. From the PMK, distinct TSKs (Transient
Session Keys) [I-D.ietf-eap-keying] for the mobile node are directly
or indirectly derived for each point of attachment of the CTN.
(2) The authentication agent may install the keys derived from the
PMK and used for secure association to points of attachment. The
derived keys may be TSKs or intermediary keys from which TSKs are
derived.
(3) After the mobile node chooses a CTN as the target network and
switches to a point of attachment in the target network (which now
becomes the new network for the mobile node), it executes a secure
association protocol such as IEEE 802.11i 4-way handshake [802.11i]
using the PMK in order to establish PTKs (Pair-wise Transient Keys)
and GTKs (Group Transient Keys) [I-D.ietf-eap-keying] used for
protecting link-layer packets between the mobile node and the point
of attachment. No additional execution of EAP authentication is
needed here.
(4) While the mobile node is roaming in the new network, the mobile
node only needs to perform a secure association protocol with its
point of attachment point and no additional execution of EAP
authentication is needed either. Integration of MPA with link-layer
handover optimization mechanisms such as 802.11r can be archived this
way.
The mobile node may need to know the link-layer identities of the
point of attachments in the CTN to derive TSKs. If PANA is used as
the authentication protocol for pre-authentication, this is possible
by carrying Device-Id AVPs in the PANA-Bind-Request message sent from
the PAA [I-D.ietf-pana-pana], with each AVP containing the BSSID of a
distinct access point.
Dutta (Ed.), et al. Expires April 25, 2007 [Page 33]
Internet-Draft MPA Framework October 2006
_________________ ____________________________
| Current Network | | CTN |
| ____ | | ____ |
| | | (1) pre-authentication | | |
| | MN |<------------------------------->| AA | |
| |____| | | |____| |
| . | | | |
| . | | | |
|____.____________| | | |
.movement | |(2) Keys |
____.___________________| | |
| _v__ _____ | |
| | |(3) secure assoc. | | | |
| | MN |<------------------>| AP1 |<-------+ |
| |____| |_____| | |
| . | |
| .movement | |
| . | |
| . | |
| _v__ _____ | |
| | |(4) secure assoc. | | | |
| | MN |<------------------>| AP2 |<-------+ |
| |____| |_____| |
|_____________________________________________________|
Figure 4: Bootstrapping Link-layer Security
5.14. Authentication in initial network attachment
When the mobile node initially attaches to a network, network access
authentication would occur regardless of the use of MPA. The
protocol used for network access authentication when MPA is used for
handover optimization can be a link-layer network access
authentication protocol such as IEEE 802.1X or a higher-layer network
access authentication protocol such as PANA.
5.15. Multicast mobility
Group-based communication is always receiver driven. A specific
mobile can subscribe to one or more IP multicast group. When a
mobile moves to a new network multicast communication is interrupted
because of the associated join latency. This interruption can be
minimized by reducing the join latency during the mobile's movement.
Multicast mobility can be home subscription-based or remote
subscription based. In home subscription-based approach there is a
multicast router in the home network, that joins on behalf of the
mobile. But all the data and control signal are tunneled between the
home agent and foreign agent or the mobile. Home subscription based
Dutta (Ed.), et al. Expires April 25, 2007 [Page 34]
Internet-Draft MPA Framework October 2006
approach is not suitable for mobility protocols other than MIPv4 or
MIPv6 as it depends upon the multicast router at the home network and
the tunnel. On the other hand remote subscription-based approach
does not add any burden on the home agent unlike the previous
approach but communicates with the first hop router in the remote
network everytime it moves. MPA can help to provide proactive
multicast mobility support for both the approaches. We first
describe the remote subscription-based approach in case of MPA.
There are two ways to reduce the join latency in case of MPA by
joining the multicast tree proactively. In MPA scenario, Next Access
Router (NAR) can behave as the multicast proxy when the mobile is
about to move to the new network. During the pre-configuration phase
of the MPA process after the mobile has been pre-authenticated, the
mobile can pass on the information about the multicast groups that it
is currently subscribed to. As an example, if PANA is used as the
protocol to preconfigure the mobile in the current network by
interacting with the configuration server in the next network, then
it can also pass on the currently subscribed group information to the
PAA (Pana Authentication Agent) as part of the PUR message. PAA in
turn can communicate with the NAR to trigger the multicast join to
the upstream router. Thus during the tunnel setup process between
the mobile and NAR, NAR also joins the multicast group on behalf of
the mobile. Alternatively the mobile can directly send the multicast
join request to the NAR using the tunnel created in the current
network even before the mobile has moved in. In this case the source
address of the multicast join request will be set to that of mobile's
tunnel end-point address, so that the NAR can figure out from which
interface the request has come in and assumes that there is a host
subscribed in that interface. In both the cases we assume that NAR
is configured as a multicast router as well. When the mobile is in
the current network, it can still receive the multicast traffic via
the PAR on its currently configured IP address. But as soon as the
mobile moves to the new network and deletes the tunnel, it starts
receiving the multicast traffic on the same group multicast address
with almost zero join latency. Since the mobile already has obtained
an address ahead of time it also does not need to spend any time to
configure its interface. In case of home subscription based
approach, MPA can provide the mobility support for multicast services
the way it provides unicast services for both MIPv4 and MIPv6. The
data gets delivered to the mobile in the previous network via the
transient MPA tunnel between the mobile and the next access router.
This tunnel is usually a tunnel within a tunnel. As the mobile moves
to the new network, regular MIP tunnel takes care of delivering the
multicast traffic in the new network. This mechanism provides fast
delivery of multicast stream, as the home agent has already started
to send multicast traffic destined to the new network.
Dutta (Ed.), et al. Expires April 25, 2007 [Page 35]
Internet-Draft MPA Framework October 2006
5.16. IP layer security and mobility
IP layer security is typically maintained between the mobile and
first hop router or any other network element such as SIP proxy by
means of IPsec. This IPSec SA can be set up either in tunnel mode or
in ESP mode. However as the mobile moves IP address of the router
and outbound proxy will change in the new network, mobile's IP
address may or may not change depending upon the mobility protocol
being used. This will warrant re-establishing a new security
association between the mobile and the desired network entity. In
some cases such as in 3GPP/3GPP2 IMS/MMD environment data traffic is
not allowed to pass through unless there is an IPsec SA established
between the mobile and outbound proxy. This will of course add
unreasonable delay to the existing real-time communication during
mobile's movement. In this scenario key exchange is done as part of
SIP registration that follows a key exchange procedure called AKA
(Authentication and Key Agreement).
MPA can be used to bootstrap this security association as part of
pre-authentication via the new outbound proxy. Prior to the movement
if the mobile can pre-register via the new outbound proxy in the
target network and completes the pre-authentication procedure, then
the new SA state between the mobile and new outbound proxy can be
established prior to the movement to the new network. A similar
approach can also be applied if a key exchange mechanism other than
AKA is used or the network element with which the security
association has to be established is different than an outbound
proxy.
By having the security association established ahead of time, the
mobile does not need to involve in any exchange to set up the new
security association after the movement. Any further key exchange
will be limited to renew the expiry time. This will also reduce the
delay for real-time communication as well.
5.17. Applicability of MPA to other Fast-handoff techniques
There are some similarities between the techniques associated with
MPA and other related fast-handoff mecahnisms such as proactive part
of FMIPv6. Experimental results from both of these handoff
techniques demonstrate that these results are bounded by layer 2
delay. However if these could be augmented by IEEE 802.21 network
discovery mechanism, layer 2 handoff delay can also be optimized.
This has been demonstrated in the accompanying draft [I-D.ohba-
mobopts-mpa-implementation]. On the other hand, certain features of
MPA could also be used to enhance the functionality of FMIPv6
[RFC4068]. In particular, MPA's pre-authentication feature for both
layer2 and layer3, and stateful pre-configuration feature can also be
Dutta (Ed.), et al. Expires April 25, 2007 [Page 36]
Internet-Draft MPA Framework October 2006
used for FMIPv6.
Dutta (Ed.), et al. Expires April 25, 2007 [Page 37]
Internet-Draft MPA Framework October 2006
6. Security Considerations
This document describes a framework of a secure handover optimization
mechanism based on performing handover-related signaling between a
mobile node and one or more candidate target networks to which the
mobile node may move in the future. This framework involves
acquisition of the resources from the CTN as well as data packet
redirection from the CTN to the mobile node in the current network
before the mobile node physically connects to one of those CTN.
Acquisition of the resources from the candidate target networks must
accompany with appropriate authentication and authorization
procedures in order to prevent unauthorized mobile node from
obtaining the resources. For this reason, it is important for the
MPA framework to perform pre-authentication between the mobile node
and the candidate target networks. The MN-CA key and the MN-AR key
generated as a result of successful pre-authentication can protect
subsequent handover signaling packets and data packets exchanged
between the mobile node and the MPA functional elements in the CTN's.
The MPA framework also addresses security issues when the handover is
performed across multiple administrative domains. With MPA, it is
possible for handover signaling to be performed based on direct
communication between the mobile node and routers or mobility agents
in the candidate target networks. This eliminates the need for a
context transfer protocol for which known limitations exist in terms
of security and authorization. [I-D.ietf-eap-keying]. For this
reason, the MPA framework does not require trust relationship among
administrative domains or access routers, which makes the framework
more deployable in the Internet without compromising the security in
mobile environments.
Dutta (Ed.), et al. Expires April 25, 2007 [Page 38]
Internet-Draft MPA Framework October 2006
7. IANA Considerations
This document has no actions for IANA.
Dutta (Ed.), et al. Expires April 25, 2007 [Page 39]
Internet-Draft MPA Framework October 2006
8. Acknowledgments
We would like to thank Farooq Anjum and Raziq Yakub for their review
of this document, and Subir Das for standardization support in the
IEEE 802.21 WG.
Dutta (Ed.), et al. Expires April 25, 2007 [Page 40]
Internet-Draft MPA Framework October 2006
9. References
9.1. Normative References
[RFC2026] Bradner, S., "The Internet Standards Process -- Revision
3", BCP 9, RFC 2026, October 1996.
[RFC3978] Bradner, S., "IETF Rights in Contributions", BCP 78,
RFC 3978, March 2005.
[RFC3344] Perkins, C., "IP Mobility Support for IPv4", RFC 3344,
August 2002.
[RFC3748] Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., and H.
Levkowetz, "Extensible Authentication Protocol (EAP)",
RFC 3748, June 2004.
[RFC3775] Johnson, D., Perkins, C., and J. Arkko, "Mobility Support
in IPv6", RFC 3775, June 2004.
[RFC2205] Braden, B., Zhang, L., Berson, S., Herzog, S., and S.
Jamin, "Resource ReSerVation Protocol (RSVP) -- Version 1
Functional Specification", RFC 2205, September 1997.
[I-D.ietf-mobileip-lowlatency-handoffs-v4]
Malki, K., "Low Latency Handoffs in Mobile IPv4",
draft-ietf-mobileip-lowlatency-handoffs-v4-11 (work in
progress), October 2005.
[RFC4140] Soliman, H., Castelluccia, C., El Malki, K., and L.
Bellier, "Hierarchical Mobile IPv6 Mobility Management
(HMIPv6)", RFC 4140, August 2005.
[RFC4068] Koodli, R., "Fast Handovers for Mobile IPv6", RFC 4068,
July 2005.
[I-D.ietf-seamoby-card-protocol]
Liebsch, M., "Candidate Access Router Discovery",
draft-ietf-seamoby-card-protocol-08 (work in progress),
September 2004.
[I-D.ietf-seamoby-ctp]
Loughney, J., "Context Transfer Protocol",
draft-ietf-seamoby-ctp-11 (work in progress), August 2004.
[I-D.ietf-eap-keying]
Aboba, B., "Extensible Authentication Protocol (EAP) Key
Management Framework", draft-ietf-eap-keying-14 (work in
Dutta (Ed.), et al. Expires April 25, 2007 [Page 41]
Internet-Draft MPA Framework October 2006
progress), June 2006.
[I-D.ietf-pana-pana]
Forsberg, D., "Protocol for Carrying Authentication for
Network Access (PANA)", draft-ietf-pana-pana-12 (work in
progress), August 2006.
[RG98] ITU-T, "General Characteristics of International Telephone
Connections and International Telephone Circuits: One-Way
Transmission Time", ITU-T Recommendation G.114 1998.
[ITU98] ITU-T, "The E-Model, a computational model for use in
transmission planning", ITU-T Recommendation G.107 1998.
[ETSI] ETSI, "Telecommunications and Internet Protocol
Harmonization Over Networks (TIPHON) Release 3: End-to-end
Quality of Service in TIPHON systems; Part 1: General
aspects of Quality of Service.", ETSI TR 101 329-6 V2.1.1.
9.2. Informative References
[I-D.ietf-mobike-design]
Kivinen, T. and H. Tschofenig, "Design of the MOBIKE
Protocol", draft-ietf-mobike-design-08 (work in progress),
March 2006.
[I-D.ietf-hip-base]
Moskowitz, R., "Host Identity Protocol",
draft-ietf-hip-base-06 (work in progress), June 2006.
[RFC2679] Almes, G., Kalidindi, S., and M. Zekauskas, "A One-way
Delay Metric for IPPM", RFC 2679, September 1999.
[RFC2680] Almes, G., Kalidindi, S., and M. Zekauskas, "A One-way
Packet Loss Metric for IPPM", RFC 2680, September 1999.
[RFC2681] Almes, G., Kalidindi, S., and M. Zekauskas, "A Round-trip
Delay Metric for IPPM", RFC 2681, September 1999.
[RFC1853] Simpson, W., "IP in IP Tunneling", RFC 1853, October 1995.
[RFC3046] Patrick, M., "DHCP Relay Agent Information Option",
RFC 3046, January 2001.
[I-D.ietf-dhc-rapid-commit-opt]
Kim, P., Volz, B., and S. Park, "Rapid Commit Option for
DHCPv4", draft-ietf-dhc-rapid-commit-opt-05 (work in
progress), June 2004.
Dutta (Ed.), et al. Expires April 25, 2007 [Page 42]
Internet-Draft MPA Framework October 2006
[I-D.ohba-mobopts-mpa-implementation]
Ohba, Y., "Media-Independent Pre-Authentication (MPA)
Implementation Results",
draft-ohba-mobopts-mpa-implementation-02 (work in
progress), March 2006.
[I-D.wakikawa-mobileip-multiplecoa]
Wakikawa, R., "Multiple Care-of Addresses Registration",
draft-wakikawa-mobileip-multiplecoa-05 (work in progress),
March 2006.
[I-D.ietf-nsis-qos-nslp]
Manner, J., "NSLP for Quality-of-Service Signaling",
draft-ietf-nsis-qos-nslp-11 (work in progress), June 2006.
[SIPMM] Schulzrinne, H. and E. Wedlund, "Application Layer
Mobility Using SIP", ACM MC2R.
[CELLIP] Cambell, A., Gomez, J., Kim, S., Valko, A., and C. Wan,
"Design, Implementation, and Evaluation of Cellular IP",
IEEE Personal communication Auguest 2000.
[HAWAII] Ramjee, R., Porta, T., Thuel, S., Varadhan, K., and S.
Wang, "HAWAII: A Domain-based Approach for Supporting
Mobility in Wide-area Wireless networks", International
Conference on Network Protocols ICNP'99.
[IDMP] Das, S., Dutta, A., Misra, A., and S. Das, "IDMP: An
Intra-Domain Mobility Management Protocol for Next
Generation Wireless Networks", IEEE Wireless Communication
Magazine October 2000.
[I-D.ietf-mobileip-reg-tunnel]
Calhoun, P., Montenegro, G., Perkins, C., and E.
Gustafsson, "Mobile IPv4 Regional Registration",
draft-ietf-mobileip-reg-tunnel-09 (work in progress),
July 2004.
[YOKOTA] Yokota, H., Idoue, A., and T. Hasegawa, "Link Layer
Assisted Mobile IP Fast Handoff Method over Wireless LAN
Networks", Proceedings of ACM Mobicom 2002.
[MACD] Shin, S., "Reducing MAC Layer Handoff Latency in IEEE
802.11 Wireless LANs", MOBIWAC Workshop .
[SUM] Dutta, A., Zhang, T., Madhani, S., Taniuchi, K., Ohba, Y.,
and H. Schulzrinne, "Secured Universal Mobility",
WMASH 2004.
Dutta (Ed.), et al. Expires April 25, 2007 [Page 43]
Internet-Draft MPA Framework October 2006
[SIPFAST] Dutta, A., Madhani, S., and H. Schulzrinne, "Fast handoff
Schemes for Application Layer Mobility Management",
PIMRC 2004.
[MITH] Gwon, Y., Fu, G., and R. Jain, "Fast Handoffs in Wireless
LAN Networks using Mobile initiated Tunneling Handoff
Protocol for IPv4 (MITHv4)", Wireless Communications and
Networking 2003, January 2005.
[802.21] "Draft IEEE Standard for Local and Metropolitan Area
Networks: Media Independent Handover Services, IEEE
P802.21/D00.01,", A contribution to IEEE 802.21 WG ,
July 2005.
[802.11] "IEEE Wireless LAN Edition A compilation based on IEEE Std
802.11-1999(R2003)", Institute of Electrical and
Electronics Engineers September 2003.
[GPSIP] Dutta, A., "GPS-IP based fast-handoff for Mobiles",
NYMAN 2003.
[MAGUIRE] Vatn, J. and G. Maguire, "The effect of using co-located
care-of-address on macro handover latency", 14th Nordic
Teletraffic Seminar 1998.
[mpa-mobike]
Mghazli, Y. and J. Bournelle, "MPA using IKEv2 and
MOBIKE", draft-yacine-preauth-ipsec-00 IETF.
Dutta (Ed.), et al. Expires April 25, 2007 [Page 44]
Internet-Draft MPA Framework October 2006
Authors' Addresses
Ashutosh Dutta
Telcordia Technologies
1 Telcordia Drive
Piscataway, NJ 08854
USA
Phone: +1 732 699 3130
Email: adutta@research.telcordia.com
Victor Fajardo
Toshiba America Research, Inc.
1 Telcordia Drive
Piscataway, NJ 08854
USA
Phone: +1 732 699 5368
Email: vfajardo@tari.toshiba.com
Yoshihiro Ohba
Toshiba America Research, Inc.
1 Telcordia Drive
Piscataway, NJ 08854
USA
Phone: +1 732 699 5305
Email: yohba@tari.toshiba.com
Kenichi Taniuchi
Toshiba America Research, Inc.
1 Telcordia Drive
Piscataway, NJ 08854
USA
Phone: +1 732 699 5308
Email: ktaniuchi@tari.toshiba.com
Dutta (Ed.), et al. Expires April 25, 2007 [Page 45]
Internet-Draft MPA Framework October 2006
Henning Schulzrinne
Columbia University
Department of Computer Science
450 Computer Science Building
New York, NY 10027
USA
Phone: +1 212 939 7004
Email: hgs@cs.columbia.edu
Dutta (Ed.), et al. Expires April 25, 2007 [Page 46]
Internet-Draft MPA Framework October 2006
Intellectual Property Statement
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
Disclaimer of Validity
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Copyright Statement
Copyright (C) The Internet Society (2006). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights.
Acknowledgment
Funding for the RFC Editor function is currently provided by the
Internet Society.
Dutta (Ed.), et al. Expires April 25, 2007 [Page 47]
| PAFTECH AB 2003-2026 | 2026-04-22 21:45:40 |