summaryrefslogtreecommitdiff
path: root/doc/rfc/rfc2344.txt
diff options
context:
space:
mode:
Diffstat (limited to 'doc/rfc/rfc2344.txt')
-rw-r--r--doc/rfc/rfc2344.txt1067
1 files changed, 1067 insertions, 0 deletions
diff --git a/doc/rfc/rfc2344.txt b/doc/rfc/rfc2344.txt
new file mode 100644
index 0000000..158d9ff
--- /dev/null
+++ b/doc/rfc/rfc2344.txt
@@ -0,0 +1,1067 @@
+
+
+
+
+
+
+Network Working Group G. Montenegro, Editor
+Request for Comments: 2344 Sun Microsystems, Inc.
+Category: Standards Track May 1998
+
+
+ Reverse Tunneling for Mobile IP
+
+Status of this Memo
+
+ This document specifies an Internet standards track protocol for the
+ Internet community, and requests discussion and suggestions for
+ improvements. Please refer to the current edition of the "Internet
+ Official Protocol Standards" (STD 1) for the standardization state
+ and status of this protocol. Distribution of this memo is unlimited.
+
+Copyright Notice
+
+ Copyright (C) The Internet Society (1998). All Rights Reserved.
+
+Abstract
+
+ Mobile IP uses tunneling from the home agent to the mobile node's
+ care-of address, but rarely in the reverse direction. Usually, a
+ mobile node sends its packets through a router on the foreign
+ network, and assumes that routing is independent of source address.
+ When this assumption is not true, it is convenient to establish a
+ topologically correct reverse tunnel from the care-of address to the
+ home agent.
+
+ This document proposes backwards-compatible extensions to Mobile IP
+ in order to support topologically correct reverse tunnels. This
+ document does not attempt to solve the problems posed by firewalls
+ located between the home agent and the mobile node's care-of address.
+
+Table of Contents
+
+ 1. Introduction ................................................ 2
+ 1.1. Terminology ............................................... 3
+ 1.2. Assumptions ............................................... 4
+ 1.3. Justification ............................................. 4
+ 2. Overview .................................................... 4
+ 3. New Packet Formats .......................................... 5
+ 3.1. Mobility Agent Advertisement Extension .................... 5
+ 3.2. Registration Request ...................................... 5
+ 3.3. Encapsulating Delivery Style Extension .................... 6
+ 3.4. New Registration Reply Codes .............................. 7
+ 4. Changes in Protocol Behavior ................................ 8
+ 4.1. Mobile Node Considerations ................................ 8
+
+
+
+Montenegro Standards Track [Page 1]
+
+RFC 2344 Reverse Tunneling for Mobile IP May 1998
+
+
+ 4.1.1. Sending Registration Requests to the Foreign Agent ...... 8
+ 4.1.2. Receiving Registration Replies from the Foreign Agent ... 9
+ 4.2. Foreign Agent Considerations .............................. 9
+ 4.2.1. Receiving Registration Requests from the Mobile Node ... 10
+ 4.2.2. Relaying Registration Requests to the Home Agent ....... 10
+ 4.3. Home Agent Considerations ................................ 10
+ 4.3.1. Receiving Registration Requests from the Foreign Agent . 11
+ 4.3.2. Sending Registration Replies to the Foreign Agent ...... 11
+ 5. Mobile Node to Foreign Agent Delivery Styles ............... 12
+ 5.1. Direct Delivery Style .................................... 12
+ 5.1.1. Packet Processing ...................................... 12
+ 5.1.2. Packet Header Format and Fields ........................ 12
+ 5.2. Encapsulating Delivery Style ............................. 13
+ 5.2.1 Packet Processing ....................................... 13
+ 5.2.2. Packet Header Format and Fields ........................ 14
+ 5.3. Support for Broadcast and Multicast Datagrams ............ 15
+ 5.4. Selective Reverse Tunneling .............................. 15
+ 6. Security Considerations .................................... 16
+ 6.1. Reverse-tunnel Hijacking and Denial-of-Service Attacks ... 16
+ 6.2. Ingress Filtering ........................................ 17
+ 7. Acknowledgements ........................................... 17
+ References .................................................... 17
+ Editor and Chair Addresses .................................... 18
+ Full Copyright Statement ...................................... 19
+
+1. Introduction
+
+ Section 1.3 of the Mobile IP specification [1] lists the following
+ assumption:
+
+ It is assumed that IP unicast datagrams are routed based on the
+ destination address in the datagram header (i.e., not by source
+ address).
+
+ Because of security concerns (for example, IP spoofing attacks), and
+ in accordance with RFC 2267 [8] and CERT [3] advisories to this
+ effect, routers that break this assumption are increasingly more
+ common.
+
+ In the presence of such routers, the source and destination IP
+ address in a packet must be topologically correct. The forward tunnel
+ complies with this, as its endpoints (home agent address and care-of
+ address) are properly assigned addresses for their respective
+ locations. On the other hand, the source IP address of a packet
+ transmitted by the mobile node does not correspond to the network
+ prefix from where it emanates.
+
+ This document discusses topologically correct reverse tunnels.
+
+
+
+Montenegro Standards Track [Page 2]
+
+RFC 2344 Reverse Tunneling for Mobile IP May 1998
+
+
+ Mobile IP does dictate the use of reverse tunnels in the context of
+ multicast datagram routing and mobile routers. However, the source IP
+ address is set to the mobile node's home address, so these tunnels
+ are not topologically correct.
+
+ Notice that there are several uses for reverse tunnels regardless of
+ their topological correctness:
+
+ - Mobile routers: reverse tunnels obviate the need for recursive
+ tunneling [1].
+
+ - Multicast: reverse tunnels enable a mobile node away from home
+ to (1) join multicast groups in its home network, and (2)
+ transmit multicast packets such that they emanate from its home
+ network [1].
+
+ - The TTL of packets sent by the mobile node (for example, when
+ sending packets to other hosts in its home network) may be so
+ low that they might expire before reaching their destination. A
+ reverse tunnel solves the problem as it represents a TTL
+ decrement of one [5].
+
+1.1. Terminology
+
+ The discussion below uses terms defined in the Mobile IP
+ specification. Additionally, it uses the following terms:
+
+ Forward Tunnel
+
+ A tunnel that shuttles packets towards the mobile node. It
+ starts at the home agent, and ends at the mobile node's care-of
+ address.
+
+ Reverse Tunnel
+
+ A tunnel that starts at the mobile node's care-of address and
+ terminates at the home agent.
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in RFC 2119 [9].
+
+
+
+
+
+
+
+
+
+
+Montenegro Standards Track [Page 3]
+
+RFC 2344 Reverse Tunneling for Mobile IP May 1998
+
+
+1.2. Assumptions
+
+ Mobility is constrained to a common IP address space (that is, the
+ routing fabric between, say, the mobile node and the home agent is
+ not partitioned into a "private" and a "public" network).
+
+ This document does not attempt to solve the firewall traversal
+ problem. Rather, it assumes one of the following is true:
+
+ - There are no intervening firewalls along the path of the
+ tunneled packets.
+
+ - Any intervening firewalls share the security association
+ necessary to process any authentication [6] or encryption [7]
+ headers which may have been added to the tunneled packets.
+
+ The reverse tunnels considered here are symmetric, that is, they use
+ the same configuration (encapsulation method, IP address endpoints)
+ as the forward tunnel. IP in IP encapsulation [2] is assumed unless
+ stated otherwise.
+
+ Route optimization [4] introduces forward tunnels initiated at a
+ correspondent host. Since a mobile node may not know if the
+ correspondent host can decapsulate packets, reverse tunnels in that
+ context are not discussed here.
+
+1.3. Justification
+
+ Why not let the mobile node itself initiate the tunnel to the home
+ agent? This is indeed what it should do if it is already operating
+ with a topologically correct co-located care-of address.
+
+ However, one of the primary objectives of the Mobile IP specification
+ is not to require this mode of operation.
+
+ The mechanisms outlined in this document are primarily intended for
+ use by mobile nodes that rely on the foreign agent for forward tunnel
+ support. It is desirable to continue supporting these mobile nodes,
+ even in the presence of filtering routers.
+
+2. Overview
+
+ A mobile node arrives at a foreign network, listens for agent
+ advertisements and selects a foreign agent that supports reverse
+ tunnels. It requests this service when it registers through the
+ selected foreign agent. At this time, and depending on how the
+
+
+
+
+
+Montenegro Standards Track [Page 4]
+
+RFC 2344 Reverse Tunneling for Mobile IP May 1998
+
+
+ mobile node wishes to deliver packets to the foreign agent, it also
+ requests either the Direct or the Encapsulating Delivery Style
+ (section 5).
+
+ In the Direct Delivery Style, the mobile node designates the foreign
+ agent as its default router and proceeds to send packets directly to
+ the foreign agent, that is, without encapsulation. The foreign agent
+ intercepts them, and tunnels them to the home agent.
+
+ In the Encapsulating Delivery Style, the mobile node encapsulates all
+ its outgoing packets to the foreign agent. The foreign agent
+ decapsulates and re-tunnels them to the home agent, using the foreign
+ agent's care-of address as the entry-point of this new tunnel.
+
+3. New Packet Formats
+
+3.1. Mobility Agent Advertisement Extension
+
+ 0 1 2 3
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Type | Length | Sequence Number |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Lifetime |R|B|H|F|M|G|V|T| reserved |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | zero or more Care-of Addresses |
+ | ... |
+
+ The only change to the Mobility Agent Advertisement Extension [1] is
+ the additional 'T' bit:
+
+ T Agent offers reverse tunneling service.
+
+ A foreign agent that sets the 'T' bit MUST support the two delivery
+ styles currently supported: Direct and Encapsulating Delivery Style
+ (section 5).
+
+ Using this information, a mobile node is able to choose a foreign
+ agent that supports reverse tunnels. Notice that if a mobile node
+ does not understand this bit, it simply ignores it as per [1].
+
+3.2. Registration Request
+
+ Reverse tunneling support is added directly into the Registration
+ Request by using one of the "rsvd" bits. If a foreign or home agent
+ that does not support reverse tunnels receives a request with the 'T'
+ bit set, the Registration Request fails. This results in a
+ registration denial (failure codes are specified in section 3.4).
+
+
+
+Montenegro Standards Track [Page 5]
+
+RFC 2344 Reverse Tunneling for Mobile IP May 1998
+
+
+ Most home agents would not object to providing reverse tunnel
+ support, because they "SHOULD be able to decapsulate and further
+ deliver packets addressed to themselves, sent by a mobile node" [1].
+ In the case of topologically correct reverse tunnels, the packets are
+ not sent by the mobile node as distinguished by its home address.
+ Rather, the outermost (encapsulating) IP source address on such
+ datagrams is the care-of address of the mobile node. Nevertheless,
+ home agents probably already support the required decapsulation and
+ further forwarding.
+
+ In Registration Requests sent by a mobile node, the Time to Live
+ field in the IP header MUST be set to 255. This limits a denial of
+ service attack in which malicious hosts send false Registration
+ Requests (see Section 6).
+
+ 0 1 2 3
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Type |S|B|D|M|G|V|T|-| Lifetime |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Home Address |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Home Agent |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Care-of Address |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Identification |
+ | |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Extensions ...
+ +-+-+-+-+-+-+-+-
+
+ The only change to the Registration Request packet is the additional
+ 'T' bit:
+
+ T If the 'T' bit is set, the mobile node asks its home
+ agent to accept a reverse tunnel from the care-of
+ address. Mobile nodes using a foreign agent care-of
+ address ask the foreign agent to reverse-tunnel its
+ packets.
+
+3.3. Encapsulating Delivery Style Extension
+
+ The Encapsulating Delivery Style Extension MAY be included by the
+ mobile node in registration requests to further specify reverse
+ tunneling behavior. It is expected to be used only by the foreign
+ agent. Accordingly, the foreign agent MUST consume this extension
+ (that is, it must not relay it to the home agent or include it in
+
+
+
+Montenegro Standards Track [Page 6]
+
+RFC 2344 Reverse Tunneling for Mobile IP May 1998
+
+
+ replies to the mobile node). As per Section 3.6.1.3 of [1], the
+ mobile node MUST include the Encapsulating Delivery Style Extension
+ after the Mobile-Home Authentication Extension, and before the
+ Mobile-Foreign Authentication Extension, if present.
+
+ The Encapsulating Delivery Style Extension MUST NOT be included if
+ the 'T' bit is not set in the Registration Request.
+
+ If this extension is absent, Direct Delivery is assumed.
+ Encapsulation is done according to what was negotiated for the
+ forward tunnel (that is, IP in IP is assumed unless specified
+ otherwise). For more details on the delivery styles, please refer to
+ section 5.
+
+ 0 1
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Type | Length |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+ Type
+
+ 130
+
+ Length
+
+ 0
+
+3.4. New Registration Reply Codes
+
+ Foreign and home agent registration replies MUST convey if the
+ reverse tunnel request failed. These new reply codes are defined:
+
+ Service denied by the foreign agent:
+
+ 74 requested reverse tunnel unavailable
+ 75 reverse tunnel is mandatory and 'T' bit not set
+ 76 mobile node too distant
+
+ and
+
+ Service denied by the home agent:
+
+ 137 requested reverse tunnel unavailable
+ 138 reverse tunnel is mandatory and 'T' bit not set
+ 139 requested encapsulation unavailable
+
+
+
+
+
+Montenegro Standards Track [Page 7]
+
+RFC 2344 Reverse Tunneling for Mobile IP May 1998
+
+
+ In response to a Registration Request with the 'T' bit set, mobile
+ nodes may receive (and MUST accept) code 70 (poorly formed request)
+ from foreign agents and code 134 (poorly formed request) from home
+ agents. However, foreign and home agents that support reverse
+ tunneling MUST use codes 74 and 137, respectively.
+
+ Absence of the 'T' bit in a Registration Request MAY elicit denials
+ with codes 75 and 138 at the foreign agent and the home agent,
+ respectively.
+
+ Forward and reverse tunnels are symmetric, that is, both are able to
+ use the same tunneling options negotiated at registration. This
+ implies that the home agent MUST deny registrations if an unsupported
+ form of tunneling is requested (code 139). Notice that Mobile IP [1]
+ already defines the analogous failure code 72 for use by the foreign
+ agent.
+
+4. Changes in Protocol Behavior
+
+ Unless otherwise specified, behavior specified by Mobile IP [1] is
+ assumed. In particular, if any two entities share a mobility security
+ association, they MUST use the appropriate Authentication Extension
+ (Mobile-Foreign, Foreign-Home or Mobile-Home Authentication
+ Extension) when exchanging registration protocol datagrams. The
+ Mobile-Home Authentication Extension MUST always be present.
+
+ Reverse tunneling imposes additional protocol processing requirements
+ on mobile entities. Differences in protocol behavior with respect to
+ Mobile IP [1] are specified in the subsequent sections.
+
+4.1. Mobile Node Considerations
+
+ This section describes how the mobile node handles registrations that
+ request a reverse tunnel.
+
+4.1.1. Sending Registration Requests to the Foreign Agent
+
+ In addition to the considerations in [1], a mobile node sets the 'T'
+ bit in its Registration Request to petition a reverse tunnel.
+
+ The mobile node MUST set the TTL field of the IP header to 255. This
+ is meant to limit the reverse tunnel hijacking attack (Section 6).
+
+ The mobile node MAY optionally include an Encapsulating Delivery
+ Style Extension.
+
+
+
+
+
+
+Montenegro Standards Track [Page 8]
+
+RFC 2344 Reverse Tunneling for Mobile IP May 1998
+
+
+4.1.2. Receiving Registration Replies from the Foreign Agent
+
+ Possible valid responses are:
+
+ - A registration denial issued by either the home agent or the
+ foreign agent:
+
+ a. The mobile node follows the error checking guidelines in
+ [1], and depending on the reply code, MAY try modifying the
+ registration request (for example, by eliminating the
+ request for alternate forms of encapsulation), and issuing a
+ new registration.
+
+ b. Depending on the reply code, the mobile node MAY try
+ zeroing the 'T' bit, eliminating the Encapsulating Delivery
+ Style Extension (if one was present), and issuing a new
+ registration. Notice that after doing so the registration
+ may succeed, but due to the lack of a reverse tunnel data
+ transfer may not be possible.
+
+ - The home agent returns a Registration Reply indicating that the
+ service will be provided.
+
+ In this last case, the mobile node has succeeded in establishing a
+ reverse tunnel between its care-of address and its home agent. If
+ the mobile node is operating with a co-located care-of address, it
+ MAY encapsulate outgoing data such that the destination address of
+ the outer header is the home agent. This ability to selectively
+ reverse-tunnel packets is discussed further in section 5.4.
+
+ If the care-of address belongs to a separate foreign agent, the
+ mobile node MUST employ whatever delivery style was requested (Direct
+ or Encapsulating) and proceed as specified in section 5.
+
+ A successful registration reply is an assurance that both the foreign
+ agent and the home agent support whatever alternate forms of
+ encapsulation (other than IP in IP) were requested. Accordingly, the
+ mobile node MAY use them at its discretion.
+
+4.2. Foreign Agent Considerations
+
+ This section describes how the foreign agent handles registrations
+ that request a reverse tunnel.
+
+
+
+
+
+
+
+
+Montenegro Standards Track [Page 9]
+
+RFC 2344 Reverse Tunneling for Mobile IP May 1998
+
+
+4.2.1. Receiving Registration Requests from the Mobile Node
+
+ A foreign agent that receives a Registration Request with the 'T' bit
+ set processes the packet as specified in the Mobile IP specification
+ [1], and determines whether it can accomodate the forward tunnel
+ request. If it cannot, it returns an appropriate code. In particular,
+ if the foreign agent is unable to support the requested form of
+ encapsulation it MUST return code 72.
+
+ The foreign agent MAY reject Registration Requests without the 'T'
+ bit set by denying them with code 75 (reverse tunnel is mandatory and
+ 'T' bit not set).
+
+ The foreign agent MUST verify that the TTL field of the IP header is
+ set to 255. Otherwise, it MUST reject the registration with code 76
+ (mobile node too distant). The foreign agent MUST limit the rate at
+ which it sends these registration replies to a maximum of one per
+ second.
+
+ As a last check, the foreign agent verifies that it can support a
+ reverse tunnel with the same configuration. If it cannot, it MUST
+ return a Registration Reply denying the request with code 74
+ (requested reverse tunnel unavailable).
+
+4.2.2. Relaying Registration Requests to the Home Agent
+
+ Otherwise, the foreign agent MUST relay the Registration Request to
+ the home agent.
+
+ Upon receipt of a Registration Reply that satisfies validity checks,
+ the foreign agent MUST update its visitor list, including indication
+ that this mobile node has been granted a reverse tunnel and the
+ delivery style expected (section 5).
+
+ While this visitor list entry is in effect, the foreign agent MUST
+ process incoming traffic according to the delivery style, encapsulate
+ it and tunnel it from the care-of address to the home agent's
+ address.
+
+4.3. Home Agent Considerations
+
+ This section describes how the home agent handles registrations that
+ request a reverse tunnel.
+
+
+
+
+
+
+
+
+Montenegro Standards Track [Page 10]
+
+RFC 2344 Reverse Tunneling for Mobile IP May 1998
+
+
+4.3.1. Receiving Registration Requests from the Foreign Agent
+
+ A home agent that receives a Registration Request with the 'T' bit
+ set processes the packet as specified in the Mobile IP specification
+ [1] and determines whether it can accomodate the forward tunnel
+ request. If it cannot, it returns an appropriate code. In
+ particular, if the home agent is unable to support the requested form
+ of encapsulation it MUST return code 139 (requested encapsulation
+ unavailable).
+
+ The home agent MAY reject registration requests without the 'T' bit
+ set by denying them with code 138 (reverse tunnel is mandatory and '
+ T' bit not set).
+
+ As a last check, the home agent determines whether it can support a
+ reverse tunnel with the same configuration as the forward tunnel. If
+ it cannot, it MUST send back a registration denial with code 137
+ (requested reverse tunnel unavailable).
+
+ Upon receipt of a Registration Reply that satisfies validity checks,
+ the home agent MUST update its mobility bindings list to indicate
+ that this mobile node has been granted a reverse tunnel and the type
+ of encapsulation expected.
+
+4.3.2. Sending Registration Replies to the Foreign Agent
+
+ In response to a valid Registration Request, a home agent MUST issue
+ a Registration Reply to the mobile node.
+
+ After a successful registration, the home agent may receive
+ encapsulated packets addressed to itself. Decapsulating such packets
+ and blindly injecting them into the network is a potential security
+ weakness (section 6.1). Accordingly, the home agent MUST implement,
+ and, by default, SHOULD enable the following check for encapsulated
+ packets addressed to itself:
+
+ The home agent searches for a mobility binding whose care-of
+ address is the source of the outer header, and whose mobile node
+ address is the source of the inner header.
+
+ If no such binding is found, or if the packet uses an encapsulation
+ mechanism that was not negotiated at registration the home agent MUST
+ silently discard the packet and SHOULD log the event as a security
+ exception.
+
+ Home agents that terminate tunnels unrelated to Mobile IP (for
+ example, multicast tunnels) MAY turn off the above check, but this
+ practice is discouraged for the aforementioned reasons.
+
+
+
+Montenegro Standards Track [Page 11]
+
+RFC 2344 Reverse Tunneling for Mobile IP May 1998
+
+
+ While the registration is in effect, a home agent MUST process each
+ valid reverse tunneled packet (as determined by checks like the
+ above) by decapsulating it, recovering the original packet, and then
+ forwarding it on behalf of its sender (the mobile node) to the
+ destination address (the correspondent host).
+
+5. Mobile Node to Foreign Agent Delivery Styles
+
+ This section specifies how the mobile node sends its data traffic via
+ the foreign agent. In all cases, the mobile node learns the foreign
+ agent's link-layer address from the link-layer header in the agent
+ advertisement.
+
+5.1. Direct Delivery Style
+
+ This delivery mechanism is very simple to implement at the mobile
+ node, and uses small (non-encapsulated) packets on the link between
+ the mobile node and the foreign agent (potentially a very slow link).
+ However, it only supports reverse-tunneling of unicast packets, and
+ does not allow selective reverse tunneling (section 5.4).
+
+5.1.1. Packet Processing
+
+ The mobile node MUST designate the foreign agent as its default
+ router. Not doing so will not guarantee encapsulation of all the
+ mobile node's outgoing traffic, and defeats the purpose of the
+ reverse tunnel. The foreign agent MUST:
+
+ - detect packets sent by the mobile node, and
+
+ - modify its forwarding function to encapsulate them before
+ forwarding.
+
+5.1.2. Packet Header Format and Fields
+
+ This section shows the format of the packet headers used by the
+ Direct Delivery style. The formats shown assume IP in IP
+ encapsulation [2].
+
+ Packet format received by the foreign agent (Direct Delivery Style):
+
+ IP fields:
+ Source Address = mobile node's home address Destination Address
+ = correspondent host's address
+ Upper Layer Protocol
+
+ Packet format forwarded by the foreign agent (Direct Delivery Style):
+
+
+
+
+Montenegro Standards Track [Page 12]
+
+RFC 2344 Reverse Tunneling for Mobile IP May 1998
+
+
+ IP fields (encapsulating header):
+ Source Address = foreign agent's care-of address
+ Destination Address = home agent's address
+ Protocol field: 4 (IP in IP)
+ IP fields (original header):
+ Source Address = mobile node's home address
+ Destination Address = correspondent host's address
+ Upper Layer Protocol
+
+ These fields of the encapsulating header MUST be chosen as follows:
+
+ IP Source Address
+
+ Copied from the Care-of Address field within the Registration
+ Request.
+
+ IP Destination Address
+
+ Copied from the Home Agent field within the Registration
+ Request.
+
+ IP Protocol Field
+
+ Default is 4 (IP in IP [2]), but other methods of encapsulation
+ MAY be used as negotiated at registration time.
+
+5.2. Encapsulating Delivery Style
+
+ This mechanism requires that the mobile node implement encapsulation,
+ and explicitly directs packets at the foreign agent by designating it
+ as the destination address in a new outermost header. Mobile nodes
+ that wish to send either broadcast or multicast packets MUST use the
+ Encapsulating Delivery Style.
+
+5.2.1 Packet Processing
+
+ The foreign agent does not modify its forwarding function. Rather,
+ it receives an encapsulated packet and after verifying that it was
+ sent by the mobile node, it:
+
+ - decapsulates to recover the inner packet,
+
+ - re-encapsulates, and sends it to the home agent.
+
+ If a foreign agent receives an un-encapsulated packet from a mobile
+ node which had explicitly requested the Encapsulated Delivery Style,
+ then the foreign agent MUST NOT reverse tunnel such a packet and
+ rather MUST forward it using standard, IP routing mechanisms.
+
+
+
+Montenegro Standards Track [Page 13]
+
+RFC 2344 Reverse Tunneling for Mobile IP May 1998
+
+
+5.2.2. Packet Header Format and Fields
+
+ This section shows the format of the packet headers used by the
+ Encapsulating Delivery style. The formats shown assume IP in IP
+ encapsulation [2].
+
+ Packet format received by the foreign agent (Encapsulating Delivery
+ Style):
+
+ IP fields (encapsulating header):
+ Source Address = mobile node's home address
+ Destination Address = foreign agent's address
+ Protocol field: 4 (IP in IP)
+ IP fields (original header):
+ Source Address = mobile node's home address
+ Destination Address = correspondent host's address
+ Upper Layer Protocol
+
+ The fields of the encapsulating IP header MUST be chosen as follows:
+
+ IP Source Address
+
+ The mobile node's home address.
+
+ IP Destination Address
+
+ The address of the agent as learned from the IP source address
+ of the agent's most recent registration reply.
+
+ IP Protocol Field
+
+ Default is 4 (IP in IP [2]), but other methods of encapsulation
+ MAY be used as negotiated at registration time.
+
+ Packet format forwarded by the foreign agent (Encapsulating Delivery
+ Style):
+
+ IP fields (encapsulating header):
+ Source Address = foreign agent's care-of address
+ Destination Address = home agent's address
+ Protocol field: 4 (IP in IP)
+ IP fields (original header):
+ Source Address = mobile node's home address
+ Destination Address = correspondent host's address
+ Upper Layer Protocol
+
+ These fields of the encapsulating IP header MUST be chosen as
+ follows:
+
+
+
+Montenegro Standards Track [Page 14]
+
+RFC 2344 Reverse Tunneling for Mobile IP May 1998
+
+
+ IP Source Address
+
+ Copied from the Care-of Address field within the Registration
+ Request.
+
+ IP Destination Address
+
+ Copied from the Home Agent field within the Registration
+ Request.
+
+ IP Protocol Field
+
+ Default is 4 (IP in IP [2]), but other methods of encapsulation
+ MAY be used as negotiated at registration time.
+
+5.3. Support for Broadcast and Multicast Datagrams
+
+ If a mobile node is operating with a co-located care-of address,
+ broadcast and multicast datagrams are handled according to Sections
+ 4.3 and 4.4 of the Mobile IP specification [1]. Mobile nodes using a
+ foreign agent care-of address MAY have their broadcast and multicast
+ datagrams reverse-tunneled by the foreign agent. However, any mobile
+ nodes doing so MUST use the encapsulating delivery style.
+
+ This delivers the datagram only to the foreign agent. The latter
+ decapsulates it and then processes it as any other packet from the
+ mobile node, namely, by reverse tunneling it to the home agent.
+
+5.4. Selective Reverse Tunneling
+
+ Packets destined to local resources (for example, a nearby printer)
+ might be unaffected by ingress filtering. A mobile node with a co-
+ located care-of address MAY optimize delivery of these packets by not
+ reverse tunneling them. On the other hand, a mobile node using a
+ foreign agent care-of address MAY use this selective reverse
+ tunneling capability by requesting the Encapsulating Delivery Style,
+ and following these guidelines:
+
+ Packets NOT meant to be reversed tunneled:
+
+ Sent using the Direct Delivery style. The foreign agent MUST
+ process these packets as regular traffic: they MAY be
+ forwarded but MUST NOT be reverse tunneled to the home agent.
+
+
+
+
+
+
+
+
+Montenegro Standards Track [Page 15]
+
+RFC 2344 Reverse Tunneling for Mobile IP May 1998
+
+
+ Packets meant to be reverse tunneled:
+
+ Sent using the Encapsulating Delivery style. The foreign agent
+ MUST process these packets as specified in section 5.2: they
+ MUST be reverse tunneled to the home agent.
+
+6. Security Considerations
+
+ The extensions outlined in this document are subject to the security
+ considerations outlined in the Mobile IP specification [1].
+ Essentially, creation of both forward and reverse tunnels involves an
+ authentication procedure, which reduces the risk for attack.
+
+6.1. Reverse-tunnel Hijacking and Denial-of-Service Attacks
+
+ Once the tunnel is set up, a malicious node could hijack it to inject
+ packets into the network. Reverse tunnels might exacerbate this
+ problem, because upon reaching the tunnel exit point packets are
+ forwarded beyond the local network. This concern is also present in
+ the Mobile IP specification, as it already dictates the use of
+ reverse tunnels for certain applications.
+
+ Unauthenticated exchanges involving the foreign agent allow a
+ malicious node to pose as a valid mobile node and re-direct an
+ existing reverse tunnel to another home agent, perhaps another
+ malicious node. The best way to protect against these attacks is by
+ employing the Mobile-Foreign and Foreign-Home Authentication
+ Extensions defined in [1].
+
+ If the necessary mobility security associations are not available,
+ this document introduces a mechanism to reduce the range and
+ effectiveness of the attacks. The mobile node MUST set to 255 the TTL
+ value in the IP headers of Registration Requests sent to the foreign
+ agent. This prevents malicious nodes more than one hop away from
+ posing as valid mobile nodes. Additional codes for use in
+ registration denials make those attacks that do occur easier to
+ track.
+
+ With the goal of further reducing the attacks the Mobile IP Working
+ Group considered other mechanisms involving the use of
+ unauthenticated state. However, these introduce the possibilities of
+ denial-of-service attacks. The consensus was that this was too much
+ of a trade-off for mechanisms that guarantee no more than weak (non-
+ cryptographic) protection against attacks.
+
+
+
+
+
+
+
+Montenegro Standards Track [Page 16]
+
+RFC 2344 Reverse Tunneling for Mobile IP May 1998
+
+
+6.2. Ingress Filtering
+
+ There has been some concern regarding the long-term effectiveness of
+ reverse-tunneling in the presence of ingress filtering. The
+ conjecture is that network administrators will target reverse-
+ tunneled packets (IP in IP encapsulated packets) for filtering. The
+ ingress filtering recommendation spells out why this is not the case
+ [8]:
+
+ Tracking the source of an attack is simplified when the source is
+ more likely to be "valid."
+
+7. Acknowledgements
+
+ The encapsulating style of delivery was proposed by Charlie Perkins.
+ Jim Solomon has been instrumental in shaping this document into its
+ present form.
+
+References
+
+ [1] Perkins, C., "IP Mobility Support", RFC 2002, October 1996.
+
+ [2] Perkins, C., "IP Encapsulation within IP", RFC 2003, October
+ 1996.
+
+ [3] Computer Emergency Response Team (CERT), "IP Spoofing Attacks
+ and Hijacked Terminal Connections", CA-95:01, January 1995.
+ Available via anonymous ftp from info.cert.org
+ in/pub/cert_advisories.
+
+ [4] Johnson, D., and C. Perkins, "Route Optimization in Mobile IP",
+ Work in Progress.
+
+ [5] Manuel Rodriguez, private communication, August 1995.
+
+ [6] Atkinson, R., "IP Authentication Header", RFC 1826, August 1995.
+
+ [7] Atkinson, R., "IP Encapsulating Security Payload", RFC 1827,
+ August 1995.
+
+ [8] Ferguson, P., and D. Senie, "Network Ingress Filtering: Defeating
+ Denial of Service Attacks which employ IP Source Address
+ Spoofing", RFC 2267, January 1998.
+
+ [9] Bradner, S., "Key words for use in RFCs to Indicate Requirement
+ Levels", BCP 14, RFC 2119, March 1997.
+
+
+
+
+
+Montenegro Standards Track [Page 17]
+
+RFC 2344 Reverse Tunneling for Mobile IP May 1998
+
+
+Editor and Chair Addresses
+
+ Questions about this document may be directed at:
+
+ Gabriel E. Montenegro
+ Sun Microsystems, Inc.
+ 901 San Antonio Road
+ Mailstop UMPK 15-214
+ Mountain View, California 94303
+
+ Voice: +1-415-786-6288
+ Fax: +1-415-786-6445
+ EMail: gabriel.montenegro@eng.sun.com
+
+ The working group can be contacted via the current chairs:
+
+ Jim Solomon
+ Motorola, Inc.
+ 1301 E. Algonquin Rd. - Rm 2240
+ Schaumburg, IL 60196
+
+ Voice: +1-847-576-2753
+ Fax: +1-847-576-3240
+ EMail: solomon@comm.mot.com
+
+
+ Erik Nordmark
+ Sun Microsystems, Inc.
+ 901 San Antonio Road
+ Mailstop UMPK17-202
+ Mountain View, California 94303
+
+ Voice: +1-415-786-5166
+ EMail: erik.nordmark@eng.sun.com
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Montenegro Standards Track [Page 18]
+
+RFC 2344 Reverse Tunneling for Mobile IP May 1998
+
+
+Full Copyright Statement
+
+ Copyright (C) The Internet Society (1998). All Rights Reserved.
+
+ This document and translations of it may be copied and furnished to
+ others, and derivative works that comment on or otherwise explain it
+ or assist in its implementation may be prepared, copied, published
+ and distributed, in whole or in part, without restriction of any
+ kind, provided that the above copyright notice and this paragraph are
+ included on all such copies and derivative works. However, this
+ document itself may not be modified in any way, such as by removing
+ the copyright notice or references to the Internet Society or other
+ Internet organizations, except as needed for the purpose of
+ developing Internet standards in which case the procedures for
+ copyrights defined in the Internet Standards process must be
+ followed, or as required to translate it into languages other than
+ English.
+
+ The limited permissions granted above are perpetual and will not be
+ revoked by the Internet Society or its successors or assigns.
+
+ This document and the information contained herein is provided on an
+ "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+ TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+ BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
+ HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+ MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Montenegro Standards Track [Page 19]
+