summaryrefslogtreecommitdiff
path: root/doc/rfc/rfc3024.txt
diff options
context:
space:
mode:
authorThomas Voss <mail@thomasvoss.com> 2024-11-27 20:54:24 +0100
committerThomas Voss <mail@thomasvoss.com> 2024-11-27 20:54:24 +0100
commit4bfd864f10b68b71482b35c818559068ef8d5797 (patch)
treee3989f47a7994642eb325063d46e8f08ffa681dc /doc/rfc/rfc3024.txt
parentea76e11061bda059ae9f9ad130a9895cc85607db (diff)
doc: Add RFC documents
Diffstat (limited to 'doc/rfc/rfc3024.txt')
-rw-r--r--doc/rfc/rfc3024.txt1683
1 files changed, 1683 insertions, 0 deletions
diff --git a/doc/rfc/rfc3024.txt b/doc/rfc/rfc3024.txt
new file mode 100644
index 0000000..b0cf429
--- /dev/null
+++ b/doc/rfc/rfc3024.txt
@@ -0,0 +1,1683 @@
+
+
+
+
+
+
+Network Working Group G. Montenegro, Editor
+Request for Comments: 3024 Sun Microsystems, Inc.
+Obsoletes: 2344 January 2001
+Category: Standards Track
+
+
+ Reverse Tunneling for Mobile IP, revised
+
+Status of this Memo
+
+ This document specifies an Internet standards track protocol for the
+ Internet community, and requests discussion and suggestions for
+ improvements. Please refer to the current edition of the "Internet
+ Official Protocol Standards" (STD 1) for the standardization state
+ and status of this protocol. Distribution of this memo is unlimited.
+
+Copyright Notice
+
+ Copyright (C) The Internet Society (2001). All Rights Reserved.
+
+Abstract
+
+ Mobile Internet Protocol (IP) uses tunneling from the home agent to
+ the mobile node's care-of address, but rarely in the reverse
+ direction. Usually, a mobile node sends its packets through a router
+ on the foreign network, and assumes that routing is independent of
+ source address. When this assumption is not true, it is convenient
+ to establish a topologically correct reverse tunnel from the care-of
+ address to the home agent.
+
+ This document proposes backwards-compatible extensions to Mobile IP
+ to support topologically correct reverse tunnels. This document does
+ not attempt to solve the problems posed by firewalls located between
+ the home agent and the mobile node's care-of address.
+
+ This document obsoletes RFC 2344.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Montenegro Standards Track [Page 1]
+
+RFC 3024 Reverse Tunneling for Mobile IP, revised January 2001
+
+
+Table of Contents
+
+ 1. Introduction ................................................... 3
+ 1.1. Terminology .................................................. 4
+ 1.2. Assumptions .................................................. 4
+ 1.3. Justification ................................................ 5
+ 2. Overview ....................................................... 5
+ 3. New Packet Formats ............................................. 6
+ 3.1. Mobility Agent Advertisement Extension ....................... 6
+ 3.2. Registration Request ......................................... 6
+ 3.3. Encapsulating Delivery Style Extension ....................... 7
+ 3.4. New Registration Reply Codes ................................. 8
+ 4. Changes in Protocol Behavior ................................... 9
+ 4.1. Mobile Node Considerations ................................... 9
+ 4.1.1. Sending Registration Requests to the Foreign Agent ......... 9
+ 4.1.2. Receiving Registration Replies from the Foreign Agent ...... 10
+ 4.2. Foreign Agent Considerations ................................. 10
+ 4.2.1. Receiving Registration Requests from the Mobile Node ....... 11
+ 4.2.2. Relaying Registration Requests to the Home Agent ........... 11
+ 4.3. Home Agent Considerations .................................... 11
+ 4.3.1. Receiving Registration Requests from the Foreign Agent ..... 12
+ 4.3.2. Sending Registration Replies to the Foreign Agent .......... 12
+ 5. Mobile Node to Foreign Agent Delivery Styles ................... 13
+ 5.1. Direct Delivery Style ........................................ 13
+ 5.1.1. Packet Processing .......................................... 13
+ 5.1.2. Packet Header Format and Fields ............................ 13
+ 5.2. Encapsulating Delivery Style ................................. 14
+ 5.2.1 Packet Processing ........................................... 14
+ 5.2.2. Packet Header Format and Fields ............................ 15
+ 5.3. Support for Broadcast and Multicast Datagrams ................ 16
+ 5.4. Selective Reverse Tunneling .................................. 16
+ 6. Security Considerations ........................................ 17
+ 6.1. Reverse-tunnel Hijacking and Denial-of-Service Attacks ....... 17
+ 6.2. Ingress Filtering ............................................ 18
+ 6.3. Reverse Tunneling for Disparate Address Spaces ............... 18
+ 7. IANA Considerations ............................................ 18
+ 8. Acknowledgements ............................................... 18
+ References ........................................................ 19
+ Editor and Chair Addresses ........................................ 20
+ Appendix A: Disparate Address Space Support ....................... 21
+ A.1. Scope of the Reverse Tunneling Solution ................... 21
+ A.2. Terminating Forward Tunnels at the Foreign Agent .......... 24
+ A.3. Initiating Reverse Tunnels at the Foreign Agent ........... 26
+ A.4. Limited Private Address Scenario .......................... 26
+ Appendix B: Changes from RFC2344 .................................. 29
+ Full Copyright Statement .......................................... 30
+
+
+
+
+
+Montenegro Standards Track [Page 2]
+
+RFC 3024 Reverse Tunneling for Mobile IP, revised January 2001
+
+
+1. Introduction
+
+ Section 1.3 of the Mobile IP specification [1] lists the following
+ assumption:
+
+ It is assumed that IP unicast datagrams are routed based on the
+ destination address in the datagram header (i.e., not by source
+ address).
+
+ Because of security concerns (for example, IP spoofing attacks), and
+ in accordance with RFC 2267 [8] and CERT [3] advisories to this
+ effect, routers that break this assumption are increasingly more
+ common.
+
+ In the presence of such routers, the source and destination IP
+ address in a packet must be topologically correct. The forward
+ tunnel complies with this, as its endpoints (home agent address and
+ care-of address) are properly assigned addresses for their respective
+ locations. On the other hand, the source IP address of a packet
+ transmitted by the mobile node does not correspond to the network
+ prefix from where it emanates.
+
+ This document discusses topologically correct reverse tunnels.
+
+ Mobile IP does dictate the use of reverse tunnels in the context of
+ multicast datagram routing and mobile routers. However, the source
+ IP address is set to the mobile node's home address, so these tunnels
+ are not topologically correct.
+
+ Notice that there are several uses for reverse tunnels regardless of
+ their topological correctness:
+
+ - Mobile routers: reverse tunnels obviate the need for recursive
+ tunneling [1].
+
+ - Multicast: reverse tunnels enable a mobile node away from home
+ to (1) join multicast groups in its home network, and (2)
+ transmit multicast packets such that they emanate from its home
+ network [1].
+
+ - The TTL of packets sent by the mobile node (for example, when
+ sending packets to other hosts in its home network) may be so
+ low that they might expire before reaching their destination.
+ A reverse tunnel solves the problem as it represents a TTL
+ decrement of one [5].
+
+
+
+
+
+
+Montenegro Standards Track [Page 3]
+
+RFC 3024 Reverse Tunneling for Mobile IP, revised January 2001
+
+
+1.1. Terminology
+
+ The discussion below uses terms defined in the Mobile IP
+ specification. Additionally, it uses the following terms:
+
+ Forward Tunnel
+
+ A tunnel that shuttles packets towards the mobile node. It
+ starts at the home agent, and ends at the mobile node's care-of
+ address.
+
+ Reverse Tunnel
+
+ A tunnel that starts at the mobile node's care-of address and
+ terminates at the home agent.
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in RFC 2119 [9].
+
+1.2. Assumptions
+
+ Mobility is constrained to a common IP address space (that is, the
+ routing fabric between, say, the mobile node and the home agent is
+ not partitioned into a "private" and a "public" network).
+
+ This document does not attempt to solve the firewall traversal
+ problem. Rather, it assumes one of the following is true:
+
+ - There are no intervening firewalls along the path of the
+ tunneled packets.
+
+ - Any intervening firewalls share the security association
+ necessary to process any authentication [6] or encryption [7]
+ headers which may have been added to the tunneled packets.
+
+ The reverse tunnels considered here are symmetric, that is, they use
+ the same configuration (encapsulation method, IP address endpoints)
+ as the forward tunnel. IP in IP encapsulation [2] is assumed unless
+ stated otherwise.
+
+ Route optimization [4] introduces forward tunnels initiated at a
+ correspondent host. Since a mobile node may not know if the
+ correspondent host can decapsulate packets, reverse tunnels in that
+ context are not discussed here.
+
+
+
+
+
+
+Montenegro Standards Track [Page 4]
+
+RFC 3024 Reverse Tunneling for Mobile IP, revised January 2001
+
+
+1.3. Justification
+
+ Why not let the mobile node itself initiate the tunnel to the home
+ agent? This is indeed what it should do if it is already operating
+ with a topologically correct co-located care-of address.
+
+ However, one of the primary objectives of the Mobile IP specification
+ is not to require this mode of operation.
+
+ The mechanisms outlined in this document are primarily intended for
+ use by mobile nodes that rely on the foreign agent for forward tunnel
+ support. It is desirable to continue supporting these mobile nodes,
+ even in the presence of filtering routers.
+
+2. Overview
+
+ A mobile node arrives at a foreign network, listens for agent
+ advertisements and selects a foreign agent that supports reverse
+ tunnels. It requests this service when it registers through the
+ selected foreign agent. At this time, and depending on how the
+ mobile node wishes to deliver packets to the foreign agent, it also
+ requests either the Direct or the Encapsulating Delivery Style
+ (section 5).
+
+ In the Direct Delivery Style, the mobile node designates the foreign
+ agent as its default router and proceeds to send packets directly to
+ the foreign agent, that is, without encapsulation. The foreign agent
+ intercepts them, and tunnels them to the home agent.
+
+ In the Encapsulating Delivery Style, the mobile node encapsulates all
+ its outgoing packets to the foreign agent. The foreign agent
+ decapsulates and re-tunnels them to the home agent, using the foreign
+ agent's care-of address as the entry-point of this new tunnel.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Montenegro Standards Track [Page 5]
+
+RFC 3024 Reverse Tunneling for Mobile IP, revised January 2001
+
+
+3. New Packet Formats
+
+3.1. Mobility Agent Advertisement Extension
+
+ 0 1 2 3
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Type | Length | Sequence Number |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Lifetime |R|B|H|F|M|G|V|T| reserved |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | zero or more Care-of Addresses |
+ | ... |
+
+ The only change to the Mobility Agent Advertisement Extension [1] is
+ the additional 'T' bit:
+
+ T Agent offers reverse tunneling service.
+
+ A foreign agent that sets the 'T' bit MUST support the Direct
+ Delivery Style. Encapsulating Delivery Style SHOULD be supported as
+ well (section 5).
+
+ Using this information, a mobile node is able to choose a foreign
+ agent that supports reverse tunnels. Notice that if a mobile node
+ does not understand this bit, it simply ignores it as per [1].
+
+3.2. Registration Request
+
+ Reverse tunneling support is added directly into the Registration
+ Request by using one of the "rsvd" bits. If a foreign or home agent
+ that does not support reverse tunnels receives a request with the 'T'
+ bit set, the Registration Request fails. This results in a
+ registration denial (failure codes are specified in section 3.4).
+
+ Home agents SHOULD NOT object to providing reverse tunnel support,
+ because they "SHOULD be able to decapsulate and further deliver
+ packets addressed to themselves, sent by a mobile node" [1]. In the
+ case of topologically correct reverse tunnels, the packets are not
+ sent by the mobile node as distinguished by its home address.
+ Rather, the outermost (encapsulating) IP source address on such
+ datagrams is the care-of address of the mobile node.
+
+ In Registration Requests sent by a mobile node, the Time to Live
+ field in the IP header MUST be set to 255. This limits a denial of
+ service attack in which malicious hosts send false Registration
+ Requests (see Section 6).
+
+
+
+
+Montenegro Standards Track [Page 6]
+
+RFC 3024 Reverse Tunneling for Mobile IP, revised January 2001
+
+
+ 0 1 2 3
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Type |S|B|D|M|G|V|T|-| Lifetime |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Home Address |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Home Agent |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Care-of Address |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Identification |
+ | |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Extensions ...
+ +-+-+-+-+-+-+-+-
+
+ The only change to the Registration Request packet is the additional
+ 'T' bit:
+
+ T If the 'T' bit is set, the mobile node asks its home
+ agent to accept a reverse tunnel from the care-of
+ address. Mobile nodes using a foreign agent care-of
+ address ask the foreign agent to reverse-tunnel its
+ packets.
+
+3.3. Encapsulating Delivery Style Extension
+
+ The Encapsulating Delivery Style Extension MAY be included by the
+ mobile node in registration requests to further specify reverse
+ tunneling behavior. It is expected to be used only by the foreign
+ agent. Accordingly, the foreign agent MUST consume this extension
+ (that is, it must not relay it to the home agent or include it in
+ replies to the mobile node). As per Section 3.6.1.3 of [1], the
+ mobile node MUST include the Encapsulating Delivery Style Extension
+ after the Mobile-Home Authentication Extension, and before the
+ Mobile-Foreign Authentication Extension, if present.
+
+ The Encapsulating Delivery Style Extension MUST NOT be included if
+ the 'T' bit is not set in the Registration Request.
+
+ If this extension is absent, Direct Delivery is assumed.
+ Encapsulation is done according to what was negotiated for the
+ forward tunnel (that is, IP in IP is assumed unless specified
+ otherwise). For more details on the delivery styles, please refer to
+ section 5.
+
+
+
+
+
+Montenegro Standards Track [Page 7]
+
+RFC 3024 Reverse Tunneling for Mobile IP, revised January 2001
+
+
+ Foreign agents SHOULD support the Encapsulating Delivery Style
+ Extension.
+
+ 0 1
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Type | Length |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+ Type
+
+ 130
+
+ Length
+
+ 0
+
+3.4. New Registration Reply Codes
+
+ Foreign and home agent registration replies MUST convey if the
+ reverse tunnel request failed. These new reply codes are defined:
+
+ Service denied by the foreign agent:
+
+ 74 requested reverse tunnel unavailable
+ 75 reverse tunnel is mandatory and 'T' bit not set
+ 76 mobile node too distant
+ 79 delivery style not supported
+
+ NOTE: Code 79 has not yet been assigned by IANA.
+
+ and
+
+ Service denied by the home agent:
+
+ 137 requested reverse tunnel unavailable
+ 138 reverse tunnel is mandatory and 'T' bit not set
+ 139 requested encapsulation unavailable
+
+ In response to a Registration Request with the 'T' bit set, mobile
+ nodes may receive (and MUST accept) code 70 (poorly formed request)
+ from foreign agents and code 134 (poorly formed request) from home
+ agents. However, foreign and home agents that support reverse
+ tunneling MUST use codes 74 and 137, respectively.
+
+ In addition to setting the 'T' bit, the mobile node also MAY request
+ the Encapsulating Delivery Style by including the corresponding
+ extension. If a foreign agent does not implement the Encapsulating
+
+
+
+Montenegro Standards Track [Page 8]
+
+RFC 3024 Reverse Tunneling for Mobile IP, revised January 2001
+
+
+ Delivery Style, it MUST respond to the mobile node with code 79
+ (delivery style not supported). This also applies if the foreign
+ agent does not support a requested delivery style that may be defined
+ in the future.
+
+ Absence of the 'T' bit in a Registration Request MAY elicit denials
+ with codes 75 and 138 at the foreign agent and the home agent,
+ respectively.
+
+ Forward and reverse tunnels are symmetric, that is, both are able to
+ use the same tunneling options negotiated at registration. This
+ implies that the home agent MUST deny registrations if an unsupported
+ form of tunneling is requested (code 139). Notice that Mobile IP [1]
+ already defines the analogous failure code 72 for use by the foreign
+ agent.
+
+4. Changes in Protocol Behavior
+
+ Unless otherwise specified, behavior specified by Mobile IP [1] is
+ assumed. In particular, if any two entities share a mobility
+ security association, they MUST use the appropriate Authentication
+ Extension (Mobile-Foreign, Foreign-Home or Mobile-Home Authentication
+ Extension) when exchanging registration protocol datagrams. An
+ admissible authentication extension (for example the Mobile-Home
+ Authentication Extension) MUST always be present to authenticate
+ registration messages between a mobile node and its home agent.
+
+ Reverse tunneling imposes additional protocol processing requirements
+ on mobile entities. Differences in protocol behavior with respect to
+ Mobile IP [1] are specified in the subsequent sections.
+
+4.1. Mobile Node Considerations
+
+ This section describes how the mobile node handles registrations that
+ request a reverse tunnel.
+
+4.1.1. Sending Registration Requests to the Foreign Agent
+
+ In addition to the considerations in [1], a mobile node sets the 'T'
+ bit in its Registration Request to petition a reverse tunnel.
+
+ The mobile node MUST set the TTL field of the IP header to 255. This
+ is meant to limit the reverse tunnel hijacking attack (Section 6).
+
+ The mobile node MAY optionally include an Encapsulating Delivery
+ Style Extension.
+
+
+
+
+
+Montenegro Standards Track [Page 9]
+
+RFC 3024 Reverse Tunneling for Mobile IP, revised January 2001
+
+
+4.1.2. Receiving Registration Replies from the Foreign Agent
+
+ Possible valid responses are:
+
+ - A registration denial issued by either the home agent or the
+ foreign agent:
+
+ a. The mobile node follows the error checking guidelines in
+ [1], and depending on the reply code, MAY try modifying the
+ registration request (for example, by eliminating the
+ request for alternate forms of encapsulation or delivery
+ style), and issuing a new registration.
+
+ b. Depending on the reply code, the mobile node MAY try zeroing
+ the 'T' bit, eliminating the Encapsulating Delivery Style
+ Extension (if one was present), and issuing a new
+ registration. Notice that after doing so the registration
+ may succeed, but due to the lack of a reverse tunnel data
+ transfer may not be possible.
+
+ - The home agent returns a Registration Reply indicating that the
+ service will be provided.
+
+ In this last case, the mobile node has succeeded in establishing a
+ reverse tunnel between its care-of address and its home agent. If
+ the mobile node is operating with a co-located care-of address, it
+ MAY encapsulate outgoing data such that the destination address of
+ the outer header is the home agent. This ability to selectively
+ reverse-tunnel packets is discussed further in section 5.4.
+
+ If the care-of address belongs to a separate foreign agent, the
+ mobile node MUST employ whatever delivery style was requested (Direct
+ or Encapsulating) and proceed as specified in section 5.
+
+ A successful registration reply is an assurance that both the foreign
+ agent and the home agent support whatever alternate forms of
+ encapsulation (other than IP in IP) were requested. Accordingly, the
+ mobile node MAY use them at its discretion.
+
+4.2. Foreign Agent Considerations
+
+ This section describes how the foreign agent handles registrations
+ that request a reverse tunnel.
+
+
+
+
+
+
+
+
+Montenegro Standards Track [Page 10]
+
+RFC 3024 Reverse Tunneling for Mobile IP, revised January 2001
+
+
+4.2.1. Receiving Registration Requests from the Mobile Node
+
+ A foreign agent that receives a Registration Request with the 'T' bit
+ set processes the packet as specified in the Mobile IP specification
+ [1], and determines whether it can accommodate the forward tunnel
+ request. If it cannot, it returns an appropriate code. In
+ particular, if the foreign agent is unable to support the requested
+ form of encapsulation it MUST return code 72. If it cannot support
+ the requested form of delivery style it MUST return code 79 (delivery
+ style not supported).
+
+ The foreign agent MAY reject Registration Requests without the 'T'
+ bit set by denying them with code 75 (reverse tunnel is mandatory and
+ 'T' bit not set).
+
+ The foreign agent MUST verify that the TTL field of the IP header is
+ set to 255. Otherwise, it MUST reject the registration with code 76
+ (mobile node too distant). The foreign agent MUST limit the rate at
+ which it sends these registration replies to a maximum of one per
+ second.
+
+ As a last check, the foreign agent verifies that it can support a
+ reverse tunnel with the same configuration. If it cannot, it MUST
+ return a Registration Reply denying the request with code 74
+ (requested reverse tunnel unavailable).
+
+4.2.2. Relaying Registration Requests to the Home Agent
+
+ Otherwise, the foreign agent MUST relay the Registration Request to
+ the home agent.
+
+ Upon receipt of a Registration Reply that satisfies validity checks,
+ the foreign agent MUST update its visitor list, including indication
+ that this mobile node has been granted a reverse tunnel and the
+ delivery style expected (section 5).
+
+ While this visitor list entry is in effect, the foreign agent MUST
+ process incoming traffic according to the delivery style, encapsulate
+ it and tunnel it from the care-of address to the home agent's
+ address.
+
+4.3. Home Agent Considerations
+
+ This section describes how the home agent handles registrations that
+ request a reverse tunnel.
+
+
+
+
+
+
+Montenegro Standards Track [Page 11]
+
+RFC 3024 Reverse Tunneling for Mobile IP, revised January 2001
+
+
+4.3.1. Receiving Registration Requests from the Foreign Agent
+
+ A home agent that receives a Registration Request with the 'T' bit
+ set processes the packet as specified in the Mobile IP specification
+ [1] and determines whether it can accommodate the forward tunnel
+ request. If it cannot, it returns an appropriate code. In
+ particular, if the home agent is unable to support the requested form
+ of encapsulation it MUST return code 139 (requested encapsulation
+ unavailable).
+
+ The home agent MAY reject registration requests without the 'T' bit
+ set by denying them with code 138 (reverse tunnel is mandatory and '
+ T' bit not set).
+
+ As a last check, the home agent determines whether it can support a
+ reverse tunnel with the same configuration as the forward tunnel. If
+ it cannot, it MUST send back a registration denial with code 137
+ (requested reverse tunnel unavailable).
+
+ Upon receipt of a Registration Reply that satisfies validity checks,
+ the home agent MUST update its mobility bindings list to indicate
+ that this mobile node has been granted a reverse tunnel and the type
+ of encapsulation expected.
+
+4.3.2. Sending Registration Replies to the Foreign Agent
+
+ In response to a valid Registration Request, a home agent MUST issue
+ a Registration Reply to the mobile node.
+
+ After a successful registration, the home agent may receive
+ encapsulated packets addressed to itself. Decapsulating such packets
+ and blindly injecting them into the network is a potential security
+ weakness (section 6.1). Accordingly, the home agent MUST implement,
+ and, by default, SHOULD enable the following check for encapsulated
+ packets addressed to itself:
+
+ The home agent searches for a mobility binding whose care-of
+ address is the source of the outer header, and whose mobile node
+ address is the source of the inner header.
+
+ If no such binding is found, or if the packet uses an encapsulation
+ mechanism that was not negotiated at registration the home agent MUST
+ silently discard the packet and SHOULD log the event as a security
+ exception.
+
+ Home agents that terminate tunnels unrelated to Mobile IP (for
+ example, multicast tunnels) MAY turn off the above check, but this
+ practice is discouraged for the aforementioned reasons.
+
+
+
+Montenegro Standards Track [Page 12]
+
+RFC 3024 Reverse Tunneling for Mobile IP, revised January 2001
+
+
+ While the registration is in effect, a home agent MUST process each
+ valid reverse tunneled packet (as determined by checks like the
+ above) by decapsulating it, recovering the original packet, and then
+ forwarding it on behalf of its sender (the mobile node) to the
+ destination address (the correspondent host).
+
+5. Mobile Node to Foreign Agent Delivery Styles
+
+ This section specifies how the mobile node sends its data traffic via
+ the foreign agent. In all cases, the mobile node learns the foreign
+ agent's link-layer address from the link-layer header in the agent
+ advertisement.
+
+5.1. Direct Delivery Style
+
+ This delivery mechanism is very simple to implement at the mobile
+ node, and uses small (non-encapsulated) packets on the link between
+ the mobile node and the foreign agent (potentially a very slow link).
+ However, it only supports reverse-tunneling of unicast packets, and
+ does not allow selective reverse tunneling (section 5.4).
+
+5.1.1. Packet Processing
+
+ The mobile node MUST designate the foreign agent as its default
+ router. Not doing so will not guarantee encapsulation of all the
+ mobile node's outgoing traffic, and defeats the purpose of the
+ reverse tunnel. The foreign agent MUST:
+
+ - detect packets sent by the mobile node, and
+
+ - modify its forwarding function to encapsulate them before
+ forwarding.
+
+5.1.2. Packet Header Format and Fields
+
+ This section shows the format of the packet headers used by the
+ Direct Delivery style. The formats shown assume IP in IP
+ encapsulation [2].
+
+ Packet format received by the foreign agent (Direct Delivery Style):
+
+ IP fields:
+ Source Address = mobile node's home address
+ Destination Address = correspondent host's address
+ Upper Layer Protocol
+
+ Packet format forwarded by the foreign agent (Direct Delivery Style):
+
+
+
+
+Montenegro Standards Track [Page 13]
+
+RFC 3024 Reverse Tunneling for Mobile IP, revised January 2001
+
+
+ IP fields (encapsulating header):
+ Source Address = foreign agent's care-of address
+ Destination Address = home agent's address
+ Protocol field: 4 (IP in IP)
+ IP fields (original header):
+ Source Address = mobile node's home address
+ Destination Address = correspondent host's address
+ Upper Layer Protocol
+
+ These fields of the encapsulating header MUST be chosen as follows:
+
+ IP Source Address
+
+ Copied from the Care-of Address field within the Registration
+ Request.
+
+ IP Destination Address
+
+ Copied from the Home Agent field within the most recent
+ successful Registration Reply.
+
+ IP Protocol Field
+
+ Default is 4 (IP in IP [2]), but other methods of encapsulation
+ MAY be used as negotiated at registration time.
+
+5.2. Encapsulating Delivery Style
+
+ This mechanism requires that the mobile node implement encapsulation,
+ and explicitly directs packets at the foreign agent by designating it
+ as the destination address in a new outermost header. Mobile nodes
+ that wish to send either broadcast or multicast packets MUST use the
+ Encapsulating Delivery Style.
+
+5.2.1 Packet Processing
+
+ The foreign agent does not modify its forwarding function. Rather,
+ it receives an encapsulated packet and after verifying that it was
+ sent by the mobile node, it:
+
+ - decapsulates to recover the inner packet,
+
+ - re-encapsulates, and sends it to the home agent.
+
+ If a foreign agent receives an un-encapsulated packet from a mobile
+ node which had explicitly requested the Encapsulated Delivery Style,
+ then the foreign agent MUST NOT reverse tunnel such a packet and
+ rather MUST forward it using standard, IP routing mechanisms.
+
+
+
+Montenegro Standards Track [Page 14]
+
+RFC 3024 Reverse Tunneling for Mobile IP, revised January 2001
+
+
+5.2.2. Packet Header Format and Fields
+
+ This section shows the format of the packet headers used by the
+ Encapsulating Delivery style. The formats shown assume IP in IP
+ encapsulation [2].
+
+ Packet format received by the foreign agent (Encapsulating Delivery
+ Style):
+
+ IP fields (encapsulating header):
+ Source Address = mobile node's home address
+ Destination Address = foreign agent's address
+ Protocol field: 4 (IP in IP)
+ IP fields (original header):
+ Source Address = mobile node's home address
+ Destination Address = correspondent host's address
+ Upper Layer Protocol
+
+ The fields of the encapsulating IP header MUST be chosen as follows:
+
+ IP Source Address
+
+ The mobile node's home address.
+
+ IP Destination Address
+
+ The address of the agent as learned from the IP source address
+ of the agent's most recent successful registration reply.
+
+ IP Protocol Field
+
+ Default is 4 (IP in IP [2]), but other methods of encapsulation
+ MAY be used as negotiated at registration time.
+
+ Packet format forwarded by the foreign agent (Encapsulating Delivery
+ Style):
+
+ IP fields (encapsulating header):
+ Source Address = foreign agent's care-of address
+ Destination Address = home agent's address
+ Protocol field: 4 (IP in IP)
+ IP fields (original header):
+ Source Address = mobile node's home address
+ Destination Address = correspondent host's address
+ Upper Layer Protocol
+
+ These fields of the encapsulating IP header MUST be chosen as
+ follows:
+
+
+
+Montenegro Standards Track [Page 15]
+
+RFC 3024 Reverse Tunneling for Mobile IP, revised January 2001
+
+
+ IP Source Address
+
+ Copied from the Care-of Address field within the Registration
+ Request.
+
+ IP Destination Address
+
+ Copied from the Home Agent field within the most recent
+ successful Registration Reply.
+
+ IP Protocol Field
+
+ Default is 4 (IP in IP [2]), but other methods of encapsulation
+ MAY be used as negotiated at registration time.
+
+5.3. Support for Broadcast and Multicast Datagrams
+
+ If a mobile node is operating with a co-located care-of address,
+ broadcast and multicast datagrams are handled according to Sections
+ 4.3 and 4.4 of the Mobile IP specification [1]. Mobile nodes using a
+ foreign agent care-of address MAY have their broadcast and multicast
+ datagrams reverse-tunneled by the foreign agent. However, any mobile
+ nodes doing so MUST use the encapsulating delivery style.
+
+ This delivers the datagram only to the foreign agent. The latter
+ decapsulates it and then processes it as any other packet from the
+ mobile node, namely, by reverse tunneling it to the home agent.
+
+5.4. Selective Reverse Tunneling
+
+ Packets destined to local resources (for example, a nearby printer)
+ might be unaffected by ingress filtering. A mobile node with a co-
+ located care-of address MAY optimize delivery of these packets by not
+ reverse tunneling them. On the other hand, a mobile node using a
+ foreign agent care-of address MAY use this selective reverse
+ tunneling capability by requesting the Encapsulating Delivery Style,
+ and following these guidelines:
+
+ Packets NOT meant to be reversed tunneled:
+
+ Sent using the Direct Delivery style. The foreign agent MUST
+ process these packets as regular traffic: they MAY be
+ forwarded but MUST NOT be reverse tunneled to the home agent.
+
+
+
+
+
+
+
+
+Montenegro Standards Track [Page 16]
+
+RFC 3024 Reverse Tunneling for Mobile IP, revised January 2001
+
+
+ Packets meant to be reverse tunneled:
+
+ Sent using the Encapsulating Delivery style. The foreign agent
+ MUST process these packets as specified in section 5.2: they
+ MUST be reverse tunneled to the home agent.
+
+6. Security Considerations
+
+ The extensions outlined in this document are subject to the security
+ considerations outlined in the Mobile IP specification [1].
+ Essentially, creation of both forward and reverse tunnels involves an
+ authentication procedure, which reduces the risk for attack.
+
+6.1. Reverse-tunnel Hijacking and Denial-of-Service Attacks
+
+ Once the tunnel is set up, a malicious node could hijack it to inject
+ packets into the network. Reverse tunnels might exacerbate this
+ problem, because upon reaching the tunnel exit point packets are
+ forwarded beyond the local network. This concern is also present in
+ the Mobile IP specification, as it already dictates the use of
+ reverse tunnels for certain applications.
+
+ Unauthenticated exchanges involving the foreign agent allow a
+ malicious node to pose as a valid mobile node and re-direct an
+ existing reverse tunnel to another home agent, perhaps another
+ malicious node. The best way to protect against these attacks is by
+ employing the Mobile-Foreign and Foreign-Home Authentication
+ Extensions defined in [1].
+
+ If the necessary mobility security associations are not available,
+ this document introduces a mechanism to reduce the range and
+ effectiveness of the attacks. The mobile node MUST set to 255 the
+ TTL value in the IP headers of Registration Requests sent to the
+ foreign agent. This prevents malicious nodes more than one hop away
+ from posing as valid mobile nodes. Additional codes for use in
+ registration denials make those attacks that do occur easier to
+ track.
+
+ With the goal of further reducing the attacks the Mobile IP Working
+ Group considered other mechanisms involving the use of
+ unauthenticated state. However, these introduce the possibilities of
+ denial-of-service attacks. The consensus was that this was too much
+ of a trade-off for mechanisms that guarantee no more than weak (non-
+ cryptographic) protection against attacks.
+
+
+
+
+
+
+
+Montenegro Standards Track [Page 17]
+
+RFC 3024 Reverse Tunneling for Mobile IP, revised January 2001
+
+
+6.2. Ingress Filtering
+
+ There has been some concern regarding the long-term effectiveness of
+ reverse-tunneling in the presence of ingress filtering. The
+ conjecture is that network administrators will target reverse-
+ tunneled packets (IP in IP encapsulated packets) for filtering. The
+ ingress filtering recommendation spells out why this is not the case
+ [8]:
+
+ Tracking the source of an attack is simplified when the source is
+ more likely to be "valid."
+
+6.3. Reverse Tunneling for Disparate Address Spaces
+
+ There are security implications involved with the foreign agent's
+ using link-layer information to select the proper reverse tunnel for
+ mobile node packets (section A.3). Unauthenticated link-layers allow
+ a malicious mobile node to misuse another's existing reverse tunnel,
+ and inject packets into the network.
+
+ For this solution to be viable, the link-layer MUST securely
+ authenticate traffic received by the foreign agent from the mobile
+ nodes. Unauthenticated link-layer technologies (for example shared
+ ethernet) are not recommended to implement disparate address support.
+
+7. IANA Considerations
+
+ The Encapsulating Delivery Style extension defined in section 3.3 is
+ a Mobile IP registration extension as defined in [1]. IANA assigned
+ the value of 130 for this purpose at the time of the publication of
+ RFC 2344.
+
+ The Code values defined in section 3.4 are error codes as defined in
+ [1]. They correspond to error values associated with rejection by
+ the home and foreign agents. At the time of the publication of RFC
+ 2344, IANA assigned codes 74-76 for the foreign agent rejections and
+ codes 137-139 for the home agent rejections. The code for 'delivery
+ style not supported' has been assigned a value of 79 by the IANA for
+ this purpose.
+
+8. Acknowledgements
+
+ The encapsulating style of delivery was proposed by Charlie Perkins.
+ Jim Solomon has been instrumental in shaping this document into its
+ present form. Thanks to Samita Chakrabarti for helpful comments on
+ disparate address space support, and for most of the text in section
+ A.4.
+
+
+
+
+Montenegro Standards Track [Page 18]
+
+RFC 3024 Reverse Tunneling for Mobile IP, revised January 2001
+
+
+References
+
+ [1] Perkins, C., "IP Mobility Support", RFC 2002, October 1996.
+
+ [2] Perkins, C., "IP Encapsulation within IP", RFC 2003, October
+ 1996.
+
+ [3] Computer Emergency Response Team (CERT), "IP Spoofing Attacks
+ and Hijacked Terminal Connections", CA-95:01, January 1995.
+ Available via anonymous ftp from info.cert.org in
+ /pub/cert_advisories.
+
+ [4] Perkins, C. and D. Johnson, "Route Optimization in Mobile IP",
+ Work in Progress.
+
+ [5] Manuel Rodriguez, private communication, August 1995.
+
+ [6] Kent, S. and R. Atkinson, "IP Authentication Header", RFC 2402,
+ November 1998.
+
+ [7] Kent, S. and R. Atkinson, "IP Encapsulating Payload", RFC 2406,
+ November 1998.
+
+ [8] Ferguson, P. and D. Senie, "Network Ingress Filtering: Defeating
+ Denial of Service Attacks which employ IP Source Address
+ Spoofing", RFC 2267, January 1998.
+
+ [9] Bradner, S., "Key words for use in RFCs to Indicate Requirement
+ Levels", BCP 14, RFC 2119, March 1997.
+
+ [10] Farinacci, D., Li, T., Hanks, S., Meyer, D. and P. Traina,
+ "Generic Routing Encapsulation (GRE)", RFC 2784, March 2000.
+
+ [11] Aboba, B. and M. Beadles, "The Network Access Identifier", RFC
+ 2486, January 1999.
+
+ [12] Rekhter, Y., Moskowitz, B., Karrenberg, D., de Groot, G.J. and
+ E. Lear, "Address Allocation for Private Internets", BCP 5, RFC
+ 1918, February 1996.
+
+ [13] Dommety, G., "Key and Sequence Number Extensions to GRE", RFC
+ 2890, August 2000.
+
+
+
+
+
+
+
+
+
+Montenegro Standards Track [Page 19]
+
+RFC 3024 Reverse Tunneling for Mobile IP, revised January 2001
+
+
+Editor and Chair Addresses
+
+ Questions about this document may be directed at:
+
+ Gabriel E. Montenegro
+ Sun Microsystems
+ Laboratories, Europe
+ 29, chemin du Vieux Chene
+ 38240 Meylan
+ FRANCE
+
+ Phone: +33 476 18 80 45
+ EMail: gab@sun.com
+
+
+ The working group can be contacted via the current chairs:
+
+ Basavaraj Patil
+ Nokia Networks
+ 6000 Connection Drive
+ Irving, TX 75039
+ USA
+
+ Phone: +1 972-894-6709
+ Fax : +1 972-894-5349
+ EMail: Raj.Patil@nokia.com
+
+
+ Phil Roberts
+ Motorola
+ 1501 West Shure Drive
+ Arlington Heights, IL 60004
+ USA
+
+ Phone: +1 847-632-3148
+ EMail: QA3445@email.mot.com
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Montenegro Standards Track [Page 20]
+
+RFC 3024 Reverse Tunneling for Mobile IP, revised January 2001
+
+
+Appendix A: Disparate Address Space Support
+
+ Mobile IP [1] assumes that all the entities involved (mobile
+ node, foreign agent and home agent) have addresses within the
+ same globally routable address space. In many deployment
+ scenarios, when a mobile node leaves its home network it may
+ wander into a region where its home address is not routable or
+ known by the local routing fabric. Similarly, the IP addresses
+ of the foreign agent and the home agent may belong to disparate
+ address spaces, which precludes their exchanging registration
+ protocol messages directly. These issues are possible
+ particularly if the entities involved use addresses from the
+ ranges specified in RFC1918 [12] to support private networks.
+
+ Accurately speaking, the use of private addresses is not the
+ only cause. It may, in fact, be the most common, but the root of
+ the problem lies in the use of disparate address spaces. For
+ example, corporations often have several properly allocated
+ address ranges. They typically advertise reachability to only a
+ subset of those ranges, leaving the others for use exclusively
+ within the corporate network. Since these ranges are not
+ routable in the general Internet, their use leads to the same
+ problems encountered with "private" addresses, even though they
+ are not taken from the ranges specified in RFC1918.
+
+ Even if the mobile node, home agent and foreign agent all reside
+ within the same address space, problems may arise if the
+ correspondent node does not. However, this problem is not
+ specific to Mobile IP, and is beyond the scope of this
+ document. The next section limits even further the scope of the
+ issues relevant to this document. A subsequent section explains
+ how reverse tunneling may be used to tackle them.
+
+A.1. Scope of the Reverse Tunneling Solution
+
+ Reverse tunneling (as defined in this document) may be used to
+ cope with disparate address spaces, within the following
+ constraints:
+
+ - There are no provisions to solve the case in which the
+ correspondent node and the mobile node are in disparate
+ address spaces. This limits the scope of the problem to
+ only those issues specific to Mobile IP.
+
+ - The foreign agent and the home agent are directly reachable
+ to each other by virtue of residing in the same address
+ space. This limits the scope of the problem to only the
+ simplest of cases. This also implies that the registration
+
+
+
+Montenegro Standards Track [Page 21]
+
+RFC 3024 Reverse Tunneling for Mobile IP, revised January 2001
+
+
+ protocol itself has a direct path between the foreign
+ agent and the home agent, and, in this respect, is not
+ affected by disparate address spaces. This restriction
+ also applies to mobile nodes operating with a co-located
+ care-of address. In this case, reverse tunneling is a
+ complete and elegant solution.
+
+ - There are no additional protocol elements beyond those
+ defined by Mobile IP [1] and reverse tunneling. In
+ particular, additional extensions to the registration
+ requests or replies, or additional bits in the
+ header--although potentially useful--are outside the scope
+ of this document.
+
+ In spite of the limitations, reverse tunneling may be used to
+ solve the most common issues. The range of problems that can be
+ solved are best understood by looking at some simple diagrams:
+
+ Figure A1: NON-ROUTABLE PACKETS IN DISPARATE ADDRESS SPACES
+
+ Mc Fa Fb Hb Hc Yc
+ [MN]-----------------[FA]----------------[HA]---------------[Y]
+ Addr space A Addr space B Addr space C
+
+ In this diagram, there are three disparate address spaces: A, B and
+ C. The home agent (HA) has one address each on address spaces B and
+ C, and the foreign agent (FA), on address spaces A and B. The mobile
+ node's (MN) has a permanent address, Mc, within address space C.
+
+ In the most common scenario both A and C are "private" address
+ spaces, and B is the public Internet.
+
+ Suppose MN sends a packet to correspondent node (Y) in its home
+ network. Presumably, MN has no difficulties delivering this packet
+ to the FA, because it does so using layer 2 mechanisms. Somehow, the
+ FA must realize that this packet must be reverse tunneled, and it
+ must fetch the proper binding to do so. Possible mechanisms are
+ outlined in section A.3.
+
+ However, once the packet is in address space B it becomes non-
+ routable. Note that ingress filtering only exacerbates the problem,
+ because it adds a requirement of topological significance to the
+ source IP address in addition to the that of the destination address.
+ As Mobile IP matures, others entities may be defined (for example,
+ AAA servers). Their addition places even more requirements on the
+ address spaces in use.
+
+
+
+
+
+Montenegro Standards Track [Page 22]
+
+RFC 3024 Reverse Tunneling for Mobile IP, revised January 2001
+
+
+ Reverse tunneling adds a topologically significant IP header to the
+ packet (source IP address of Fb, destination of Hb) during its
+ transit within address space B. Assuming IP in IP encapsulation
+ (although others, like GRE are also possible), this is what the
+ packet looks like:
+
+ Figure A2: IP IN IP REVERSE TUNNELED PACKET FROM FA TO HA
+
+ +-----------------+
+ | +-------+|
+ | Fb->Hb | Mc->Yc||
+ | +-------+|
+ +--------+--------+
+
+ HA receives this packet, recovers the original packet, and since it
+ is cognizant of address space C, delivers it to the appropriate
+ interface.
+
+ Of course, for this to happen, the care-of address registered by the
+ MN is not the usual Fa, but Fb. How this happens is outside the
+ scope of this document. Some possible mechanisms are:
+
+ - FA recognizes mobile nodes whose addresses fall within the
+ private address ranges specified by RFC1918. In this case, the
+ foreign agent could force the use of Fb as the care-of address,
+ perhaps by rejecting the initial registration request with an
+ appropriate error message and supplemental information.
+
+ - FA could be configured to always advertise Fb as long as H->Fb
+ and Fb->H are guaranteed to be valid forward and reverse
+ tunnels, respectively, for all values of H. Here, H is the
+ address of any home agent whose mobile nodes may register via
+ FA.
+
+ - FA could indicate that it supports disparate address spaces via
+ a currently undefined 'P' bit in its advertisements, and an
+ indication of the relevant address space for any or all of its
+ care-of addressed by including an NAI [11] or a realm indicator
+ (perhaps a variant of the NAI). Alternatively, mobile nodes so
+ configured could solicit the NAI or realm indicator information
+ in response to advertisements with the 'P' bit set.
+
+ Additionally, the mobile node needs to supply the appropriate address
+ for its home agent: Hb instead of the usual Hc. How this happens is
+ outside the scope of this document. Some possible mechanisms are:
+
+ - This determination could be triggered in response to using the
+ foreign agent's Fb as the care-of address.
+
+
+
+Montenegro Standards Track [Page 23]
+
+RFC 3024 Reverse Tunneling for Mobile IP, revised January 2001
+
+
+ - The mobile node could always use Hb as its home agent address,
+ specially (1) if Hb is routable within address space C, or (2)
+ if MN is certain never to be at home (in some configurations,
+ the mobile nodes are always roaming).
+
+ - The mobile node could be configured with different home agent
+ addresses and their corresponding address space (perhaps
+ indicated via an NAI [11] or a variant of it).
+
+ Another major issue introduced by private addresses is that of two or
+ more mobile nodes with the same numeric IP address:
+
+ Figure A3: MOBILE NODES WITH CONFLICTING ADDRESSES
+
+ Mc=M H1b H1c
+ [MN1]-------+ +----[HA1]----+---------
+ | | | Address
+ | | | space C
+ Address | | Address +----------
+ Space Fa-[FA]-Fb Space
+ A | | B +---------
+ | | | Address
+ | | | space D
+ [MN2]-------+ +----[HA2]----+---------
+ Md=M H2b H2d
+
+ Suppose there are two address spaces A and B, and a foreign agent
+ (FA) with interfaces on both. There are two home agents (HA1 and
+ HA2) in address space B, with addresses H1b and H2b, respectively.
+ Each of the home agents has an interface in a private address space
+ in addition to address space B: HA1 has H1c on C, and HA2 has H2d on
+ D. MN1 and MN2 are two mobile nodes with home addresses Mc and Md,
+ corresponding to address space C and D, respectively.
+
+ If Mc and Md are private addresses as defined in RFC1918, they may be
+ numerically equivalent (both equal to M). Because of this, the
+ foreign agent can no longer rely on only the mobile node's home
+ address to disambiguate amongst its different bindings.
+
+A.2. Terminating Forward Tunnels at the Foreign Agent
+
+ In figure A1, suppose the correspondent node Y sends a packet to the
+ mobile node at address Mc. The packet is intercepted by the home
+ agent at Hc and tunneled towards the mobile node via address Fb.
+
+
+
+
+
+
+
+Montenegro Standards Track [Page 24]
+
+RFC 3024 Reverse Tunneling for Mobile IP, revised January 2001
+
+
+ Once the packet reaches FA (via address Fb), the foreign agent must
+ identify which of its registered mobile nodes is the ultimate
+ destination for the internal packet. In order to do so, it needs to
+ identify the proper binding via a tuple guaranteed to be unique among
+ all of its mobile nodes.
+
+ The unique tuple sufficient for demultiplexing IP in IP packets
+ [IPIP] (protocol 4) is:
+
+ - destination IP address of the encapsulated (internal) header
+
+ This is mobile node MN's home address (Mc in the above
+ example). At first glance, it seems like this is unique among
+ all mobile nodes, but as mentioned above, with private
+ addresses another mobile may have an address Md numerically
+ equivalent to Mc.
+
+ - source IP address of the external header
+
+ This, the remote end of the tunnel, is Hb in the above example.
+
+ - destination IP address of the external header
+
+ This, the local end of the tunnel, is Fb in the above example.
+
+ The three values above are learned from a successful registration and
+ are the mobile node's home address, the home agent's address and the
+ care-of address. Thus, it is possible to identify the right binding.
+ Once FA identifies the ultimate destination of the packet, Mc, it
+ delivers the internal packet using link layer mechanisms.
+
+ GRE packets [10] (protocol 47) are only handled if their Protocol
+ Type field has a value of 0x800 (other values are outside the scope
+ of this document), and are demultiplexed based on the same tuple as
+ IP in IP packets. In GRE terminology, the tuple is:
+
+ - destination IP address of the payload (internal) packet
+
+ - source IP address of the delivery (external) packet
+
+ - destination IP address of the delivery (external) packet
+
+ Notice that the Routing, Sequence Number, Strict Source Route and Key
+ fields have been deprecated from GRE [10]. However, a separate
+ document specifies their use [13].
+
+
+
+
+
+
+Montenegro Standards Track [Page 25]
+
+RFC 3024 Reverse Tunneling for Mobile IP, revised January 2001
+
+
+ The above tuples work for IP-in-IP or GRE encapsulation, and assume
+ that the inner packet is in the clear. Encapsulations which encrypt
+ the inner packet header are outside the scope of this document.
+
+A.3. Initiating Reverse Tunnels at the Foreign Agent
+
+ In figure A3, suppose mobile node M1 sends a packet to a
+ correspondent node in its home address space, C, and mobile node M2
+ sends a packet to a correspondent node in its home address space, D.
+
+ At FA, the source addresses for both packets will be seen as M, thus
+ this is not sufficient information. The unique tuple required to
+ identify the proper binding is:
+
+ - link-layer information related to the MN
+
+ This may be in the form of a MAC address, a PPP session (or
+ incoming interface) or channel coding for a digital cellular
+ service. Device ID's can also be used in this context.
+
+ - source IP address of the IP header.
+
+ As was pointed out, this by itself is not guaranteed to be
+ unique.
+
+ This information must be established and recorded at registration
+ time. The above items are sufficient for the foreign agent to select
+ the proper binding to use. This, in turn, produces the address of
+ the home agent, and the reverse tunneling options negotiated during
+ the registration process. The foreign agent can now proceed with
+ reverse tunneling.
+
+A.4. Limited Private Address Scenario
+
+ The Limited Private Address Scenario (LPAS) has received much
+ attention from the cellular wireless industry, so it is useful to
+ define it and to clarify what its requirements are.
+
+ LPAS is a subset of the disparate address space scenario discussed in
+ this appendix. This section explains how LPAS could be deployed
+ given the current state of the Mobile IP specifications.
+
+
+
+
+
+
+
+
+
+
+Montenegro Standards Track [Page 26]
+
+RFC 3024 Reverse Tunneling for Mobile IP, revised January 2001
+
+
+ Figure A4: EXAMPLE PRIVATE ADDRESS SCENARIO
+
+ 10.10.1.2
+ +----+ IF1=COA1+-------+ HAA2 +-----+
+ | MN1|------------------------| FA |---------| HA2 |
+ +----+ +------------| | +-----+
+ | IF2=COA2+-------+
+ +---+ |
+ | |
+ +-----+ |
+ | MN2 | |
+ +-----+ |
+ 10.10.1.2 |
+ | HAA1
+ +------+
+ | HA1 |
+ +------+
+
+ The above figure presents a very simple scenario in which private
+ addresses are used. Here, "private addresses" are strictly those
+ defined in RFC 1918 [12]. In this deployment scenario, the only
+ entities that have private addresses are the mobile nodes. Foreign
+ agent and home agent addresses are publicly routable on the general
+ Internet. More specifically, the care-of addresses advertised by the
+ foreign agents (COA1 and COA2 in Figure A4) and the home agent
+ addresses used by mobile nodes in registration requests (HAA1 and
+ HAA2 in Figure A4) are publicly routable on the general Internet. As
+ a consequence, any Mobile IP tunnels can be established between any
+ home agent home address and any foreign agent care-of address.
+
+ Also, note that two different mobile nodes (MN1 and MN2) with the
+ same private address (10.10.1.2) are visiting the same foreign agent
+ FA. This is supported as long as MN1 and MN2 are serviced by
+ different home agents. Hence, from any given home agent's
+ perspective, each mobile node has a unique IP address, even if it
+ happens to be a private address as per RFC 1918.
+
+ Operation in the presence of route optimization [4] is outside the
+ scope of this document.
+
+ Requirements for the above private address scenario:
+
+ Mobile node requirements:
+
+ Mobile nodes intending to use private addresses with Mobile IP
+ MUST set the 'T' bit and employ reverse tunneling. Mobile
+ node's private addresses within a given address space MUST be
+ unique. Thus two mobile nodes belonging to a single home agent
+
+
+
+Montenegro Standards Track [Page 27]
+
+RFC 3024 Reverse Tunneling for Mobile IP, revised January 2001
+
+
+ cannot have the same private addresses. Thus, when receiving
+ or sending tunneled traffic for a mobile node, the tunnel
+ endpoints are used to disambiguate amongst conflicting mobile
+ node addresses.
+
+ If the mobile node happens to register with multiple home
+ agents simultaneously through the same foreign agent, there
+ must be some link-layer information that is distinct for each
+ mobile node. If no such distinct link-layer information is
+ available, the mobile nodes MUST use unique address.
+
+ Foreign agent requirements:
+
+ All advertising interfaces of the foreign agent MUST have
+ publicly routable care-of address. Thus, a mobile node with a
+ private address visits the foreign agent only in its publicly
+ routable network.
+
+ Foreign agents MUST support reverse tunneling in order to
+ support private addressed mobile nodes. If a foreign agent
+ receives a registration request from a mobile node with a
+ private address, and the mobile node has not set the 'T' bit,
+ the foreign agent SHOULD reject it.
+
+ When delivering packets to or receiving packets from mobile
+ nodes, foreign agents MUST disambiguate among mobile node with
+ conflicting private addresses by using link-layer information
+ as mentioned previously (Appendix section A.2 and A.3). A
+ foreign agent in absence of route optimization, should make
+ sure that two mobile nodes visiting the same foreign agent
+ corresponds with each other through their respective home
+ agents.
+
+ If a foreign agent supports reverse tunneling, then it MUST
+ support the simple scenario of private address support
+ described in this section.
+
+ Home agent requirements:
+
+ Any home agent address used by mobile nodes in registration
+ request MUST be a publicly routable address. Home agents will
+ not support overlapping private home addresses, thus each
+ private home address of a mobile node registered with a home
+ agent is unique. When the 'T' bit is set in the registration
+ request from the mobile node, the home agent MUST recognize and
+ accept registration request from mobile nodes with private
+
+
+
+
+
+Montenegro Standards Track [Page 28]
+
+RFC 3024 Reverse Tunneling for Mobile IP, revised January 2001
+
+
+ addresses. Also, the home agent SHOULD be able to assign
+ private addresses out of its address pool to mobile nodes for
+ use as home addresses. This does not contravene home agent
+ processing in section 3.8 of [1].
+
+Appendix B: Changes from RFC2344
+
+ This section lists the changes with respect to the previous version
+ of this document (RFC2344).
+
+ - Added Appendix A on support for Disparate Addresses spaces and
+ private addresses.
+
+ - Added the corresponding section (6.3) under 'Security
+ Considerations'.
+
+ - Made Encapsulating Delivery Support optional by demoting from
+ a MUST to a should. This also required defining a new error
+ code 79 (assigned by IANA).
+
+ - Mentioned the possibility of an admissible authentication
+ extension which may be different from the Mobile-Home
+ authentication extension.
+
+ - An IANA considerations section was added.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Montenegro Standards Track [Page 29]
+
+RFC 3024 Reverse Tunneling for Mobile IP, revised January 2001
+
+
+Full Copyright Statement
+
+ Copyright (C) The Internet Society (2001). All Rights Reserved.
+
+ This document and translations of it may be copied and furnished to
+ others, and derivative works that comment on or otherwise explain it
+ or assist in its implementation may be prepared, copied, published
+ and distributed, in whole or in part, without restriction of any
+ kind, provided that the above copyright notice and this paragraph are
+ included on all such copies and derivative works. However, this
+ document itself may not be modified in any way, such as by removing
+ the copyright notice or references to the Internet Society or other
+ Internet organizations, except as needed for the purpose of
+ developing Internet standards in which case the procedures for
+ copyrights defined in the Internet Standards process must be
+ followed, or as required to translate it into languages other than
+ English.
+
+ The limited permissions granted above are perpetual and will not be
+ revoked by the Internet Society or its successors or assigns.
+
+ This document and the information contained herein is provided on an
+ "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+ TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+ BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
+ HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+ MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+Acknowledgement
+
+ Funding for the RFC Editor function is currently provided by the
+ Internet Society.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Montenegro Standards Track [Page 30]
+