From 4bfd864f10b68b71482b35c818559068ef8d5797 Mon Sep 17 00:00:00 2001 From: Thomas Voss Date: Wed, 27 Nov 2024 20:54:24 +0100 Subject: doc: Add RFC documents --- doc/rfc/rfc6252.txt | 3195 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 3195 insertions(+) create mode 100644 doc/rfc/rfc6252.txt (limited to 'doc/rfc/rfc6252.txt') diff --git a/doc/rfc/rfc6252.txt b/doc/rfc/rfc6252.txt new file mode 100644 index 0000000..4a92311 --- /dev/null +++ b/doc/rfc/rfc6252.txt @@ -0,0 +1,3195 @@ + + + + + + +Internet Research Task Force (IRTF) A. Dutta, Ed. +Request for Comments: 6252 V. Fajardo +Category: Informational NIKSUN +ISSN: 2070-1721 Y. Ohba + K. Taniuchi + Toshiba + H. Schulzrinne + Columbia Univ. + June 2011 + + + A Framework of Media-Independent Pre-Authentication (MPA) for + Inter-Domain Handover Optimization + +Abstract + + This document describes Media-independent Pre-Authentication (MPA), a + new handover optimization mechanism that addresses the issues on + existing mobility management protocols and mobility optimization + mechanisms to support inter-domain handover. MPA is a mobile- + assisted, secure handover optimization scheme that works over any + link layer and with any mobility management protocol, and is most + applicable to supporting optimization during inter-domain handover. + MPA's pre-authentication, pre-configuration, and proactive handover + techniques allow many of the handoff-related operations to take place + before the mobile node has moved to the new network. We describe the + details of all the associated techniques and their applicability for + different scenarios involving various mobility protocols during + inter-domain handover. We have implemented the MPA mechanism for + various network-layer and application-layer mobility protocols, and + we report a summary of experimental performance results in this + document. + + This document is a product of the IP Mobility Optimizations (MOBOPTS) + Research Group. + +Status of This Memo + + This document is not an Internet Standards Track specification; it is + published for informational purposes. + + This document is a product of the Internet Research Task Force + (IRTF). The IRTF publishes the results of Internet-related research + and development activities. These results might not be suitable for + deployment. This RFC represents the consensus of the MOBOPTS + Research Group of the Internet Research Task Force (IRTF). Documents + approved for publication by the IRSG are not a candidate for any + level of Internet Standard; see Section 2 of RFC 5741. + + + +Dutta, et al. Informational [Page 1] + +RFC 6252 MPA Framework June 2011 + + + Information about the current status of this document, any errata, + and how to provide feedback on it may be obtained at + http://www.rfc-editor.org/info/rfc6252. + +Copyright Notice + + Copyright (c) 2011 IETF Trust and the persons identified as the + document authors. All rights reserved. + + This document is subject to BCP 78 and the IETF Trust's Legal + Provisions Relating to IETF Documents + (http://trustee.ietf.org/license-info) in effect on the date of + publication of this document. Please review these documents + carefully, as they describe your rights and restrictions with respect + to this document. + +Table of Contents + + 1. Introduction ....................................................3 + 1.1. Specification of Requirements ..............................5 + 1.2. Performance Requirements ...................................5 + 2. Terminology .....................................................7 + 3. Handover Taxonomy ...............................................7 + 4. Related Work ...................................................11 + 5. Applicability of MPA ...........................................12 + 6. MPA Framework ..................................................13 + 6.1. Overview ..................................................13 + 6.2. Functional Elements .......................................14 + 6.3. Basic Communication Flow ..................................16 + 7. MPA Operations .................................................20 + 7.1. Discovery .................................................21 + 7.2. Pre-Authentication in Multiple-CTN Environment ............22 + 7.3. Proactive IP Address Acquisition ..........................23 + 7.3.1. PANA-Assisted Proactive IP Address Acquisition .....24 + 7.3.2. IKEv2-Assisted Proactive IP Address Acquisition ....24 + 7.3.3. Proactive IP Address Acquisition Using + DHCPv4 Only ........................................24 + 7.3.4. Proactive IP Address Acquisition Using Stateless + Autoconfiguration ..................................26 + 7.4. Tunnel Management .........................................26 + 7.5. Binding Update ............................................28 + 7.6. Preventing Packet Loss ....................................29 + 7.6.1. Packet Loss Prevention in Single-Interface MPA .....29 + 7.6.2. Preventing Packet Losses for Multiple Interfaces ...29 + 7.6.3. Reachability Test ..................................30 + + + + + + +Dutta, et al. Informational [Page 2] + +RFC 6252 MPA Framework June 2011 + + + 7.7. Security and Mobility .....................................31 + 7.7.1. Link-Layer Security and Mobility ...................31 + 7.7.2. IP-Layer Security and Mobility .....................32 + 7.8. Authentication in Initial Network Attachment ..............33 + 8. Security Considerations ........................................33 + 9. Acknowledgments ................................................34 + 10. References ....................................................34 + 10.1. Normative References .....................................34 + 10.2. Informative References ...................................36 + Appendix A. Proactive Duplicate Address Detection .................40 + Appendix B. Address Resolution ....................................41 + Appendix C. MPA Deployment Issues .................................42 + C.1. Considerations for Failed Switching and Switch-Back ........42 + C.2. Authentication State Management ............................43 + C.3. Pre-Allocation of QoS Resources ............................44 + C.4. Resource Allocation Issue during Pre-Authentication ........45 + C.5. Systems Evaluation and Performance Results .................47 + C.5.1. Intra-Technology, Intra-Domain .........................47 + C.5.2. Inter-Technology, Inter-Domain .........................49 + C.5.3. MPA-Assisted Layer 2 Pre-Authentication ................49 + C.6. Guidelines for Handover Preparation ........................54 + +1. Introduction + + As wireless technologies, including cellular and wireless LANs, are + becoming popular, supporting terminal handovers across different + types of access networks, such as from a wireless LAN to CDMA or to + General Packet Radio Service (GPRS), is considered a clear challenge. + On the other hand, supporting seamless terminal handovers between + access networks of the same type is still more challenging, + especially when the handovers are across IP subnets or administrative + domains. To address those challenges, it is important to provide + terminal mobility that is agnostic to link-layer technologies in an + optimized and secure fashion without incurring unreasonable + complexity. In this document, we discuss a framework to support + terminal mobility that provides seamless handovers with low latency + and low loss. Seamless handovers are characterized in terms of + performance requirements as described in Section 1.2. [MPA-WIRELESS] + is an accompanying document that describes implementation of a few + MPA-based systems, including performance results to show how existing + protocols could be leveraged to realize the functionalities of MPA. + + Terminal mobility is accomplished by a mobility management protocol + that maintains a binding between a locator and an identifier of a + mobile node, where the binding is referred to as the mobility + binding. The locator of the mobile node may dynamically change when + there is a movement of the mobile node. The movement that causes a + + + + +Dutta, et al. Informational [Page 3] + +RFC 6252 MPA Framework June 2011 + + + change of the locator may occur when there is a change in attachment + point due to physical movement or network change. A mobility + management protocol may be defined at any layer. In the rest of this + document, the term "mobility management protocol" refers to a + mobility management protocol that operates at the network layer or + higher. + + There are several mobility management protocols at different layers. + Mobile IP [RFC5944] and Mobile IPv6 [RFC3775] are mobility management + protocols that operate at the network layer. Similarly, MOBIKE + (IKEv2 Mobility and Multihoming) [RFC4555] is an extension to the + Internet Key Exchange Protocol (IKEv2) that provides the ability to + deal with a change of an IP address of an IKEv2 end-point. There are + several ongoing activities in the IETF to define mobility management + protocols at layers higher than the network layer. HIP (Host + Identity Protocol) [RFC5201] defines a new protocol layer between the + network layer and transport layer to provide terminal mobility in a + way that is transparent to both the network layer and transport + layer. Also, SIP-based mobility is an extension to SIP to maintain + the mobility binding of a SIP user agent [SIPMM]. + + While mobility management protocols maintain mobility bindings, these + cannot provide seamless handover if used in their current form. An + additional optimization mechanism is needed to prevent the loss of + in-flight packets transmitted during the mobile node's binding update + procedure and to achieve seamless handovers. Such a mechanism is + referred to as a mobility optimization mechanism. For example, + mobility optimization mechanisms for Mobile IPv4 [RFC4881] and Mobile + IPv6 [RFC5568] are defined to allow neighboring access routers to + communicate and carry information about mobile terminals. There are + protocols that are considered as "helpers" of mobility optimization + mechanisms. The CARD (Candidate Access Router Discovery) protocol + [RFC4066] is designed to discover neighboring access routers. CXTP + (Context Transfer Protocol) [RFC4067] is designed to carry state that + is associated with the services provided for the mobile node, or + context, among access routers. In Section 4, we describe some of the + fast-handover schemes that attempt to reduce the handover delay. + + There are several issues in existing mobility optimization + mechanisms. First, existing mobility optimization mechanisms are + tightly coupled with specific mobility management protocols. For + example, it is not possible to use mobility optimization mechanisms + designed for Mobile IPv4 or Mobile IPv6 with MOBIKE. What is + strongly desired is a single, unified mobility optimization mechanism + that works with any mobility management protocol. Second, there is + no existing mobility optimization mechanism that easily supports + handovers across administrative domains without assuming a + pre-established security association between administrative domains. + + + +Dutta, et al. Informational [Page 4] + +RFC 6252 MPA Framework June 2011 + + + A mobility optimization mechanism should work across administrative + domains in a secure manner only based on a trust relationship between + a mobile node and each administrative domain. Third, a mobility + optimization mechanism needs to support not only terminals with + multiple interfaces where simultaneous connectivity through multiple + interfaces or connectivity through a single interface can be + expected, but also terminals with a single interface. + + This document describes a framework of Media-independent + Pre-Authentication (MPA), a new handover optimization mechanism that + addresses all those issues. MPA is a mobile-assisted, secure + handover optimization scheme that works over any link layer and with + any mobility management protocol, including Mobile IPv4, Mobile IPv6, + MOBIKE, HIP, and SIP mobility. In cases of multiple operators + without a roaming relationship or without an agreement to participate + in a key management scheme, MPA provides a framework that can perform + pre-authentication to establish the security mechanisms without + assuming a common source of trust. In MPA, the notion of IEEE + 802.11i pre-authentication is extended to work at a higher layer, + with additional mechanisms to perform early acquisition of an IP + address from a network where the mobile node may move, as well as + proactive handover to the network while the mobile node is still + attached to the current network. Since this document focuses on the + MPA framework, it is left to future work to choose the protocols for + MPA and define detailed operations. The accompanying document + [MPA-WIRELESS] provides one method that describes usage and + interactions between existing protocols to accomplish MPA + functionality. + + This document represents the consensus of the IP Mobility + Optimizations (MOBOPTS) Research Group. It has been reviewed by + Research Group members active in the specific area of work. + +1.1. Specification of Requirements + + In this document, several words are used to signify the requirements + of the specification. These words are often capitalized. The key + words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", + "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document + are to be interpreted as described in [RFC2119]. + +1.2. Performance Requirements + + In order to provide desirable quality of service for interactive + Voice over IP (VoIP) and streaming traffic, one needs to limit the + value of end-to-end delay, jitter, and packet loss to a certain + threshold level. ITU-T and ITU-E standards define the acceptable + values for these parameters. For example, for one-way delay, ITU-T + + + +Dutta, et al. Informational [Page 5] + +RFC 6252 MPA Framework June 2011 + + + G.114 [RG98] recommends 150 ms as the upper limit for most of the + applications, and 400 ms as generally unacceptable delay. One-way + delay tolerance for video conferencing is in the range of 200 to + 300 ms [ITU98]. Also, if an out-of-order packet is received after a + certain threshold, it is considered lost. According to ETSI TR 101 + [ETSI], a normal voice conversation can tolerate up to 2% packet + loss. But this is the mean packet loss probability and may be + applicable to a scenario when the mobile node is subjected to + repeated handoff during a normal conversation. Measurement + techniques for delay and jitter are described in [RFC2679], + [RFC2680], and [RFC2681]. + + In the case of interactive VoIP traffic, end-to-end delay affects the + jitter value, and thus is an important issue to consider. An end-to- + end delay consists of several components, such as network delay, + operating system (OS) delay, codec delay, and application delay. A + complete analysis of these delays can be found in [WENYU]. During a + mobile node's handover, in-flight transient traffic cannot reach the + mobile node because of the associated handover delay. These + in-flight packets could either be lost or buffered. If the in-flight + packets are lost, this packet loss will contribute to jitter between + the last packet before handoff and the first packet after handoff. + If these packets are buffered, packet loss is minimized, but there is + additional jitter for the in-flight packets when these are flushed + after the handoff. Buffering during handoff avoids the packet loss, + but at the cost of additional one-way delay. A tradeoff between one- + way delay and packet loss is desired based on the type of + application. For example, for a streaming application, packet loss + can be reduced by increasing the playout buffer, resulting in longer + one-way packet delay. + + The handover delay is attributed to several factors, such as + discovery, configuration, authentication, binding update, and media + delivery. Many of the security-related procedures, such as handover + keying and re-authentication procedures, deal with cases where there + is a single source of trust at the top, and the underlying + Authentication, Authorization, and Accounting (AAA) domain elements + trust the top source of trust and the keys it generates and + distributes. In this scenario, there is an appreciable delay in + re-establishing link-security-related parameters, such as + authentication, link key management, and access authorization during + inter-domain handover. The focus of this document is the design of a + framework that can reduce the delay due to authentication and other + handoff-related operations such as configuration and binding update. + + + + + + + +Dutta, et al. Informational [Page 6] + +RFC 6252 MPA Framework June 2011 + + +2. Terminology + + Mobility Binding: A binding between a locator and an identifier of a + mobile terminal. + + Mobility Management Protocol (MMP): A protocol that operates at the + network layer or above to maintain a binding between a locator and + an identifier of a mobile node. + + Binding Update (BU): A procedure to update a mobility binding. + + Media-independent Pre-Authentication Mobile Node (MN): A mobile node + using Media-independent Pre-Authentication (MPA). MPA is a + mobile-assisted, secure handover optimization scheme that works + over any link layer and with any mobility management protocol. An + MPA mobile node is an IP node. In this document, the term "mobile + node" or "MN" without a modifier refers to "MPA mobile node". An + MPA mobile node usually has a functionality of a mobile node of a + mobility management protocol as well. + + Candidate Target Network (CTN): A network to which the mobile node + may move in the near future. + + Target Network (TN): The network to which the mobile node has + decided to move. The target network is selected from one or more + candidate target networks. + + Proactive Handover Tunnel (PHT): A bidirectional IP tunnel [RFC2003] + [RFC2473] that is established between the MPA mobile node and an + access router of a candidate target network. In this document, + the term "tunnel" without a modifier refers to "proactive handover + tunnel". + + Point of Attachment (PoA): A link-layer device (e.g., a switch, an + access point, or a base station) that functions as a link-layer + attachment point for the MPA mobile node to a network. + + Care-of Address (CoA): An IP address used by a mobility management + protocol as a locator of the MPA mobile node. + +3. Handover Taxonomy + + Based on the type of movement, type of access network, and underlying + mobility support, one can primarily define the handover as inter- + technology, intra-technology, inter-domain, and intra-domain. We + describe briefly each of these handover processes. However, our + focus of the discussion is on inter-domain handover. + + + + +Dutta, et al. Informational [Page 7] + +RFC 6252 MPA Framework June 2011 + + + Inter-technology: A mobile node may be equipped with multiple + interfaces, where each interface can support a different access + technology (e.g., 802.11, CDMA). A mobile node may communicate + with one interface at any time in order to conserve power. During + the handover, the mobile node may move out of the footprint of one + access technology (e.g., 802.11) and move into the footprint of a + different access technology (e.g., CDMA). This will warrant + switching of the communicating interface on the mobile node as + well. This type of inter-technology handover is often called + "vertical handover", since the mobile node moves between two + different cell sizes. + + Intra-technology: An intra-technology handover is defined as when a + mobile node moves within the same type of access technology, such + as between 802.11[a,b,n] and 802.11 [a,b,n] or between CDMA1XRTT + and CDMA1EVDO. In this scenario, a mobile node may be equipped + with a single interface (with multiple PHY types of the same + technology) or with multiple interfaces. An intra-technology + handover may involve intra-subnet or inter-subnet movement and + thus may need to change its L3 locator, depending upon the type of + movement. + + Inter-domain: A domain can be defined in several ways. But for the + purposes of roaming, we define "domain" as an administrative + domain that consists of networks managed by a single + administrative entity that authenticates and authorizes a mobile + node for accessing the networks. An administrative entity may be + a service provider, an enterprise, or any organization. Thus, an + inter-domain handover will by default be subjected to inter-subnet + handover, and in addition it may be subjected to either inter- + technology or intra-technology handover. A mobile node is + subjected to inter-subnet handover when it moves from one subnet + (broadcast domain) to another subnet (broadcast domain). Inter- + domain handover will be subjected to all the transition steps a + subnet handover goes through, and it will be subjected to + authentication and authorization processes as well. It is also + likely that the type of mobility support in each administrative + domain will be different. For example, administrative domain A + may have Mobile IP version 6 (MIPv6) support, while administrative + domain B may use Proxy MIPv6 [RFC5213]. + + Intra-domain: When a mobile node's movement is confined to movement + within an administrative domain, it is called "intra-domain + movement". An intra-domain movement may involve intra-subnet, + inter-subnet, intra-technology, and inter-technology as well. + + + + + + +Dutta, et al. Informational [Page 8] + +RFC 6252 MPA Framework June 2011 + + + Both inter-domain and intra-domain handovers can be subjected to + either inter-technology or intra-technology handover based on the + network access characteristics. Inter-domain handover requires + authorization for acquisition or modification of resources assigned + to a mobile node, and the authorization needs interaction with a + central authority in a domain. In many cases, an authorization + procedure during inter-domain handover follows an authentication + procedure that also requires interaction with a central authority in + a domain. Thus, security associations between the network entities, + such as routers in the neighboring administrative domains, need to be + established before any interaction takes place between these + entities. Similarly, an inter-domain mobility may involve different + mobility protocols, such as MIPv6 and Proxy MIPv6, in each of its + domains. In that case, one needs a generalized framework to achieve + the optimization during inter-domain handover. Figure 1 shows a + typical example of inter-domain mobility involving two domains, + domain A and domain B. It illustrates several important components, + such as a AAA Home server (AAAH); AAA visited servers (e.g., AAAV1 + and AAAV2); an Authentication Agent (AA); a layer 3 point of + attachment, such as an Access Router (AR); and a layer 2 point of + attachment, such as an Access Point (AP). Any mobile node may be + using a specific mobility protocol and associated mobility + optimization technique during intra-domain movement in either domain. + But the same optimization technique may not be suitable to support + inter-domain handover, independent of whether it uses the same or a + different mobility protocol in either domain. + + + + + + + + + + + + + + + + + + + + + + + + + +Dutta, et al. Informational [Page 9] + +RFC 6252 MPA Framework June 2011 + + + +-----------------------------+ + | +--------+ | + | | | | + | | AAAH ------------------| + | | | | | + | +|-------+ | | + | | | | + | | Home Domain | | + | | | | + +-------|---------------------+ | + | | + | | + | | + +----------------------------|---------+ +-------------|------------+ + | Domain A | | | Domain B | | + | | | | +|-------+ | + | +-------|+ | | +-----+ | | | + | | | | | | ------ AAAV2 | | + | | AAAV1 | | | | AA | | | | + | +-------------- | | | +|----+ +--------+ | + | | | +--------+ | | | | + | |AA | | | |--- ---- | + | +--|--+ | | / \ / \ | + | | /----\ | || AR |-----| AR | | + | -|-- / \ | | \ / \ / | + | / \ | AR | | | -|-- --|- | + | | AR ----------- / | |+--|---+ +------|------+ | + | \ / \--|-/ | || AP4 | | L2 Switch | | + | -/-- +-----|------+ | || | +-|---------|-+ | + | / | L2 Switch | | |+------+ | | | + | / +-|-------|--+ | | +---|--+ +----|-+ | + | +----/-+ +----|-+ +-|----+ | | | | | | | + | | | | | | | | | | AP5 | |AP6 | | + | | AP1 | | AP2 | | AP3 | | | +----|-+ +------+ | + | +------+ +------+ +--|---+ | | | | + +--------------------------------|-----+ +------------ |------------+ + --|--------- | + //// \\\\ -----|----- + // +------+ //// +------+ \\\\ + | | MN ------------->|MN | \\\ + | | | | | | | | + | +------+ | | +------+ | + \\ | // | + \\\\ \\\/ /// + ------------ \\\\------------- //// + + Figure 1: Inter-Domain Mobility + + + + +Dutta, et al. Informational [Page 10] + +RFC 6252 MPA Framework June 2011 + + +4. Related Work + + While basic mobility management protocols such as Mobile IP + [RFC5944], Mobile IPv6 [RFC3775], and SIP-Mobility [SIPMM] provide + continuity to TCP and RTP traffic, these are not optimized to reduce + the handover latency during a mobile node's movement between subnets + and domains. In general, these mobility management protocols + introduce handover delays incurred at several layers, such as layer 3 + and the application layer, for updating the mobile node's mobility + binding. These protocols are affected by underlying layer 2 delay as + well. As a result, applications using these mobility protocols + suffer from performance degradation. + + There have been several optimization techniques that apply to current + mobility management schemes that try to reduce handover delay and + packet loss during a mobile node's movement between cells, subnets, + and domains. Micro-mobility management schemes such as [CELLIP] and + [HAWAII], and intra-domain mobility management schemes such as + [IDMP], [MOBIP-REG], and [RFC5380], provide fast handover by limiting + the signaling updates within a domain. Fast Mobile IP protocols for + IPv4 and IPv6 networks [RFC4881] [RFC5568] utilize mobility + information made available by link-layer triggers. Yokota et + al. [YOKOTA] propose the joint use of an access point and a dedicated + Media Access Control (MAC) bridge to provide fast handover without + altering the MIPv4 specification. Shin et al. [MACD] propose a + scheme that reduces the delay due to MAC-layer handoff by providing a + cache-based algorithm. In this scheme, the mobile node caches the + neighboring channels that it has already visited and thus uses a + selective scanning method. This helps to reduce the associated + scanning time. + + Some mobility management schemes use dual interfaces, thus providing + make-before-break [SUM]. In a make-before-break situation, + communication usually continues with one interface when the secondary + interface is in the process of getting connected. The IEEE 802.21 + working group is discussing these scenarios in detail [802.21]. + Providing fast handover using a single interface needs more careful + design than for a client with multiple interfaces. Dutta et + al. [SIPFAST] provide an optimized handover scheme for SIP-based + mobility management, where the transient traffic is forwarded from + the old subnet to the new one by using an application-layer + forwarding scheme. [MITH] provides a fast-handover scheme for the + single-interface case that uses mobile-initiated tunneling between + the old Foreign Agent and a new Foreign Agent. [MITH] defines two + types of handover schemes: Pre-MIT (Mobile Initiated Tunneling) and + Post-MIT (Media Initiated Tunneling). The proposed MPA scheme is + very similar to Mobile Initiated Tunneling Handoff's (MITH's) + predictive scheme, where the mobile node communicates with the + + + +Dutta, et al. Informational [Page 11] + +RFC 6252 MPA Framework June 2011 + + + Foreign Agent before actually moving to the new network. However, + the MPA scheme is not limited to MIP; this scheme takes care of + movement between domains and performs pre-authentication in addition + to proactive handover. Thus, MPA reduces the overall delay to a + period close to that of link-layer handover delay. Most of the + mobility optimization techniques developed so far are restricted to a + specific type of mobility protocol only. While supporting + optimization for inter-domain mobility, these protocols assume that + there is a pre-established security arrangement between two + administrative domains. But this assumption may not always be + viable. Thus, there is a need to develop an optimization mechanism + that can support inter-domain mobility without any underlying + constraints or security-related assumptions. + + Recently, the HOKEY working group within the IETF has been defining + ways to expedite the authentication process. In particular, it has + defined pre-authentication [RFC5836] and fast re-authentication + [RFC5169] mechanisms to expedite the authentication and security + association process. + +5. Applicability of MPA + + MPA is more applicable where an accurate prediction of movement can + be easily made. For other environments, special care must be taken + to deal with issues such as pre-authentication to multiple CTNs + (Candidate Target Networks), and failed switching and switching back + as described in [MPA-WIRELESS]. However, addressing those issues in + actual deployments may not be easier. Some of the deployment issues + are described in Appendix C. + + The authors of the accompanying document [MPA-WIRELESS] have cited + several use cases of how MPA can be used to optimize several network- + layer and application-layer mobility protocols. The effectiveness of + MPA may be relatively reduced if the network employs network- + controlled localized mobility management in which the MN does not + need to change its IP address while moving within the network. The + effectiveness of MPA may also be relatively reduced if signaling for + network access authentication is already optimized for movements + within the network, e.g., when simultaneous use of multiple + interfaces during handover is allowed. In other words, MPA is more + viable as a solution for inter-administrative domain predictive + handover without the simultaneous use of multiple interfaces. Since + MPA is not tied to a specific mobility protocol, it is also + applicable to support optimization for inter-domain handover where + each domain may be equipped with a different mobility protocol. + + + + + + +Dutta, et al. Informational [Page 12] + +RFC 6252 MPA Framework June 2011 + + + Figure 1 shows an example of inter-domain mobility where MPA could be + applied. For example, domain A may support just Proxy MIPv6, whereas + domain B may support Client Mobile IPv6. MPA's different functional + components can provide the desired optimization techniques + proactively. + +6. MPA Framework + +6.1. Overview + + Media-independent Pre-Authentication (MPA) is a mobile-assisted, + secure handover optimization scheme that works over any link layer + and with any mobility management protocol. With MPA, a mobile node + is not only able to securely obtain an IP address and other + configuration parameters for a CTN, but also able to send and receive + IP packets using the IP address obtained before it actually attaches + to the CTN. This makes it possible for the mobile node to complete + the binding update of any mobility management protocol and use the + new CoA before performing a handover at the link layer. + + MPA adopts the following basic procedures to provide this + functionality. The first procedure is referred to as + "pre-authentication", the second procedure is referred to as + "pre-configuration", and the combination of the third and fourth + procedures is referred to as "secure proactive handover". The + security association established through pre-authentication is + referred to as an "MPA-SA". + + This functionality is provided by allowing a mobile node that has + connectivity to the current network, but is not yet attached to a + CTN, to + + (i) establish a security association with the CTN to secure the + subsequent protocol signaling, then + + (ii) securely execute a configuration protocol to obtain an IP + address and other parameters from the CTN as well as execute a + tunnel management protocol to establish a Proactive Handover + Tunnel (PHT) [RFC2003] between the mobile node and an access + router of the CTN, then + + (iii) send and receive IP packets, including signaling messages + for the binding update of an MMP and data packets transmitted + after completion of the binding update, over the PHT, using the + obtained IP address as the tunnel inner address, and finally + + + + + + +Dutta, et al. Informational [Page 13] + +RFC 6252 MPA Framework June 2011 + + + (iv) delete or disable the PHT immediately before attaching to the + CTN when it becomes the target network, and then re-assign the + inner address of the deleted or disabled tunnel to its physical + interface immediately after the mobile node is attached to the + target network through the interface. Instead of deleting or + disabling the tunnel before attaching to the target network, the + tunnel may be deleted or disabled immediately after being attached + to the target network. + + Step (iii) above (i.e., the binding update procedure), in particular, + makes it possible for the mobile node to complete the higher-layer + handover before starting a link-layer handover. This means that the + mobile node is able to send and receive data packets transmitted + after completing the binding update over the tunnel, while data + packets transmitted before completion of the binding update do not + use the tunnel. + +6.2. Functional Elements + + In the MPA framework, the following functional elements are expected + to reside in each CTN to communicate with a mobile node: an + Authentication Agent (AA), a Configuration Agent (CA), and an Access + Router (AR). These elements can reside in one or more network + devices. + + An authentication agent is responsible for pre-authentication. An + authentication protocol is executed between the mobile node and the + authentication agent to establish an MPA-SA. The authentication + protocol MUST be able to establish a shared key between the mobile + node and the authentication agent and SHOULD be able to provide + mutual authentication. The authentication protocol SHOULD be able to + interact with a AAA protocol, such as RADIUS or Diameter, to carry + authentication credentials to an appropriate authentication server in + the AAA infrastructure. This interaction happens through the + authentication agent, such as the PANA Authentication Agent (PAA). + In turn, the derived key is used to derive additional keys that will + be applied to protecting message exchanges used for pre-configuration + and secure proactive handover. Other keys that are used for + bootstrapping link-layer and/or network-layer ciphers MAY also be + derived from the MPA-SA. A protocol that can carry the Extensible + Authentication Protocol (EAP) [RFC3748] would be suitable as an + authentication protocol for MPA. + + + + + + + + + +Dutta, et al. Informational [Page 14] + +RFC 6252 MPA Framework June 2011 + + + A configuration agent is responsible for one part of + pre-configuration, namely securely executing a configuration protocol + to deliver an IP address and other configuration parameters to the + mobile node. The signaling messages of the configuration protocol + (e.g., DHCP) MUST be protected using a key derived from the key + corresponding to the MPA-SA. + + An access router in the MPA framework is a router that is responsible + for the other part of pre-configuration, i.e., securely executing a + tunnel management protocol to establish a proactive handover tunnel + to the mobile node. IP packets transmitted over the proactive + handover tunnel SHOULD be protected using a key derived from the key + corresponding to the MPA-SA. Details of this procedure are described + in Section 6.3. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Dutta, et al. Informational [Page 15] + +RFC 6252 MPA Framework June 2011 + + + Figure 2 shows the basic functional components of MPA. + + +----+ + | CN | + +----+ + / + (Core Network) + / \ + / \ + +----------------/--------+ +----\-----------------+ + | +-----+ | |+-----+ | + | | | +-----+ | || | +-----+ | + | | AA | |CA | | ||AA | | CA | | + | +--+--+ +--+--+ | |+--+--+ +--+--+ | + | | +------+ | | | | +-----+ | | + | | | pAR | | | | | |nAR | | | + | ---+---+ +---+-----+----+---+-+ +-----+ | + | +---+--+ | | +-----+ | + | | | | | + | | | | | + | | | | | + +------------+------------+ +--------|-------------+ + Current | Candidate| Target Network + Network | | + +------+ +------+ + | oPoA | | nPoA | + +--.---+ +--.---+ + . . + . . + +------+ + | MN | ----------> + +------+ + + Figure 2: MPA Functional Components + +6.3. Basic Communication Flow + + Assume that the mobile node is already connected to a point of + attachment, say oPoA (old point of attachment), and assigned a + care-of address, say oCoA (old care-of address). The communication + flow of MPA is described as follows. Throughout the communication + flow, data packet loss should not occur except for the period during + the switching procedure in Step 5 below, and it is the responsibility + of link-layer handover to minimize packet loss during this period. + + + + + + + +Dutta, et al. Informational [Page 16] + +RFC 6252 MPA Framework June 2011 + + + Step 1 (pre-authentication phase): The mobile node finds a CTN + through some discovery process, such as IEEE 802.21, and obtains + the IP addresses of an authentication agent, a configuration + agent, and an access router in the CTN (Candidate Target Network) + by some means. Details about discovery mechanisms are discussed + in Section 7.1. The mobile node performs pre-authentication with + the authentication agent. As discussed in Section 7.2, the mobile + node may need to pre-authenticate with multiple candidate target + networks. The decision regarding with which candidate network the + mobile node needs to pre-authenticate will depend upon several + factors, such as signaling overhead, bandwidth requirement + (Quality of Service (QoS)), the mobile node's location, + communication cost, handover robustness, etc. Determining the + policy that decides the target network with which the mobile node + should pre-authenticate is out of scope for this document. + + If the pre-authentication is successful, an MPA-SA is created + between the mobile node and the authentication agent. Two keys + are derived from the MPA-SA, namely an MN-CA key and an MN-AR key, + which are used to protect subsequent signaling messages of a + configuration protocol and a tunnel management protocol, + respectively. The MN-CA key and the MN-AR key are then securely + delivered to the configuration agent and the access router, + respectively. + + Step 2 (pre-configuration phase): The mobile node realizes that its + point of attachment is likely to change from the oPoA to a new + one, say nPoA (new point of attachment). It then performs + pre-configuration with the configuration agent, using the + configuration protocol to obtain several configuration parameters + such as an IP address, say nCoA (new care-of address), and a + default router from the CTN. The mobile node then communicates + with the access router using the tunnel management protocol to + establish a proactive handover tunnel. In the tunnel management + protocol, the mobile node registers the oCoA and the nCoA as the + tunnel outer address and the tunnel inner address, respectively. + The signaling messages of the pre-configuration protocol are + protected using the MN-CA key and the MN-AR key. When the + configuration agent and the access router are co-located in the + same device, the two protocols may be integrated into a single + protocol, such as IKEv2. After completion of the tunnel + establishment, the mobile node is able to communicate using both + the oCoA and the nCoA by the end of Step 4. A configuration + protocol and a tunnel management protocol may be combined in a + single protocol or executed in different orders depending on the + actual protocol(s) used for configuration and tunnel management. + + + + + +Dutta, et al. Informational [Page 17] + +RFC 6252 MPA Framework June 2011 + + + Step 3 (secure proactive handover main phase): The mobile node + decides to switch to the new point of attachment by some means. + Before the mobile node switches to the new point of attachment, it + starts secure proactive handover by executing the binding update + operation of a mobility management protocol and transmitting + subsequent data traffic over the tunnel (main phase). This + proactive binding update could be triggered based on certain local + policy at the mobile node end, after the pre-configuration phase + is over. This local policy could be Signal-to-Noise Ratio, + location of the mobile node, etc. In some cases, it may cache + multiple nCoA addresses and perform simultaneous binding with the + Correspondent Node (CN) or Home Agent (HA). + + Step 4 (secure proactive handover pre-switching phase): The mobile + node completes the binding update and becomes ready to switch to + the new point of attachment. The mobile node may execute the + tunnel management protocol to delete or disable the proactive + handover tunnel and cache the nCoA after deletion or disabling of + the tunnel. This transient tunnel can be deleted prior to or + after the handover. The buffering module at the next access + router buffers the packets once the tunnel interface is deleted. + The decision as to when the mobile node is ready to switch to the + new point of attachment depends on the handover policy. + + Step 5 (switching): It is expected that a link-layer handover occurs + in this step. + + Step 6 (secure proactive handover post-switching phase): The mobile + node executes the switching procedure. Upon successful completion + of the switching procedure, the mobile node immediately restores + the cached nCoA and assigns it to the physical interface attached + to the new point of attachment. If the proactive handover tunnel + was not deleted or disabled in Step 4, the tunnel is deleted or + disabled as well. After this, direct transmission of data packets + using the nCoA is possible without using a proactive handover + tunnel. + + Call flow for MPA is shown in Figures 3 and 4. + + + + + + + + + + + + + +Dutta, et al. Informational [Page 18] + +RFC 6252 MPA Framework June 2011 + + + IP address(es) + Available for + Use by MN + | + +-----------------------------------+ | + | Candidate Target Network | | + | (Future Target Network) | | + MN oPoA | nPoA AA CA AR | | + | | | | | | | | | + | | +-----------------------------------+ | + | | | | | | . + +---------------+ | | | | | . + |(1) Found a CTN| | | | | | . + +---------------+ | | | | | | + | Pre-authentication | | | | + | [authentication protocol] | | | + |<--------+------------->|MN-CA key| | | + | | | |-------->|MN-AR key| | + +-----------------+ | | |------------------>| | + |(2) Increased | | | | | | [oCoA] + |chance to switch | | | | | | | + | to CTN | | | | | | | + +-----------------+ | | | | | | + | | | | | | | + | Pre-configuration | | | | + | [configuration protocol to get nCoA] | | + |<--------+----------------------->| | | + | Pre-configuration | | | | + | [tunnel management protocol to establish PHT] V + |<--------+--------------------------------->| + | | | | | | ^ + +-----------------+ | | | | | | + |(3) Determined | | | | | | | + |to switch to CTN | | | | | | | + +-----------------+ | | | | | | + | | | | | | | + | Secure proactive handover main phase | | + | [execution of binding update of MMP and | | + | transmission of data packets through AR | [oCoA, nCoA] + | based on nCoA over the PHT] | | | + |<<=======+================================>+--->... | + . . . . . . . + . . . . . . . + . . . . . . . + + Figure 3: Example Communication Flow (1/2) + + + + + +Dutta, et al. Informational [Page 19] + +RFC 6252 MPA Framework June 2011 + + + | | | | | | | + +----------------+ | | | | | | + |(4) Completion | | | | | | | + |of MMP BU and | | | | | | | + |ready to switch | | | | | | | + +----------------+ | | | | | | + | Secure proactive handover pre-switching phase | + | [tunnel management protocol to delete PHT] V + |<--------+--------------------------------->| + +---------------+ | | | | + |(5)Switching | | | | | + +---------------+ | | | | + | | | | | + +---------------+ | | | | + |(6) Completion | | | | | + |of switching | | | | | + +---------------+ | | | | + o<- Secure proactive handover post-switching phase ^ + | [Re-assignment of Tunnel Inner Address | | + | to the physical I/F] | | + | | | | | | + | Transmission of data packets through AR | [nCoA] + | based on nCoA| | | | | + |<---------------+---------------------------+-->... | + | | | | | . + + Figure 4: Example Communication Flow (2/2) + +7. MPA Operations + + In order to provide an optimized handover for a mobile node + experiencing rapid movement between subnets and/or domains, one needs + to look into several operations. These issues include: + + i) discovery of neighboring networking elements, + + ii) connecting to the right network based on certain policy, + + iii) changing the layer 2 point of attachment, + + iv) obtaining an IP address from a DHCP or PPP server, + + v) confirming the uniqueness of the IP address, + + vi) pre-authenticating with the authentication agent, + + vii) sending the binding update to the Correspondent Host (CH), + + + + +Dutta, et al. Informational [Page 20] + +RFC 6252 MPA Framework June 2011 + + + viii) obtaining the redirected streaming traffic to the new point + of attachment, + + ix) ping-pong effect, and + + x) probability of moving to more than one network and associating + with multiple target networks. + + We describe these issues in detail in the following paragraphs and + describe how we have optimized these issues in the case of MPA-based + secure proactive handover. + +7.1. Discovery + + Discovery of neighboring networking elements such as access points, + access routers, and authentication servers helps expedite the + handover process during a mobile node's movement between networks. + After discovering the network neighborhood with a desired set of + coordinates, capabilities, and parameters, the mobile node can + perform many of the operations, such as pre-authentication, proactive + IP address acquisition, proactive address resolution, and binding + update, while in the previous network. + + There are several ways a mobile node can discover neighboring + networks. The Candidate Access Router Discovery protocol [RFC4066] + helps discover the candidate access routers in the neighboring + networks. Given a certain network domain, SLP (Service Location + Protocol) [RFC2608] and DNS help provide addresses of the networking + components for a given set of services in the specific domain. In + some cases, many of the network-layer and upper-layer parameters may + be sent over link-layer management frames, such as beacons, when the + mobile node approaches the vicinity of the neighboring networks. + IEEE 802.11u is considering issues such as discovering the + neighborhood using information contained in the link layer. However, + if the link-layer management frames are encrypted by some link-layer + security mechanism, then the mobile node may not be able to obtain + the requisite information before establishing link-layer connectivity + to the access point. In addition, this may add burden to the + bandwidth-constrained wireless medium. In such cases, a higher-layer + protocol is preferred to obtain the information regarding the + neighboring elements. Some proposals, such as [802.21], help obtain + information about the neighboring networks from a mobility server. + When the movement is imminent, the mobile node starts the discovery + process by querying a specific server and obtains the required + parameters, such as the IP address of the access point, its + characteristics, routers, SIP servers, or authentication servers of + the neighboring networks. In the event of multiple networks, it may + obtain the required parameters from more than one neighboring network + + + +Dutta, et al. Informational [Page 21] + +RFC 6252 MPA Framework June 2011 + + + and keep these in a cache. At some point, the mobile node finds + several CTNs out of many probable networks and starts the pre- + authentication process by communicating with the required entities in + the CTNs. Further details of this scenario are in Section 7.2. + +7.2. Pre-Authentication in Multiple-CTN Environment + + In some cases, although a mobile node selects a specific network to + be the target network, it may actually end up moving into a + neighboring network other than the target network, due to factors + that are beyond the mobile node's control. Thus, it may be useful to + perform the pre-authentication with a few probable candidate target + networks and establish time-bound transient tunnels with the + respective access routers in those networks. Thus, in the event of a + mobile node moving to a candidate target network other than that + chosen as the target network, it will not be subjected to packet loss + due to authentication and IP address acquisition delay that could + occur if the mobile node did not pre-authenticate with that candidate + target network. It may appear that by pre-authenticating with a + number of candidate target networks and reserving the IP addresses, + the mobile node is reserving resources that could be used otherwise. + But since this happens for a time-limited period, it should not be a + big problem; it depends upon the mobility pattern and duration. The + mobile node uses a pre-authentication procedure to obtain an IP + address proactively and to set up the time-bound tunnels with the + access routers of the candidate target networks. Also, the MN may + retain some or all of the nCoAs for future movement. + + The mobile node may choose one of these addresses as the binding + update address and send it to the CN (Correspondent Node) or HA (Home + Agent), and will thus receive the tunneled traffic via the target + network while in the previous network. But in some instances, the + mobile node may eventually end up moving to a network that is other + than the target network. Thus, there will be a disruption in traffic + as the mobile node moves to the new network, since the mobile node + has to go through the process of assigning the new IP address and + sending the binding update again. There are two solutions to this + problem. As one solution to the problem, the mobile node can take + advantage of the simultaneous mobility binding and send multiple + binding updates to the Correspondent Host or HA. Thus, the + Correspondent Host or HA forwards the traffic to multiple IP + addresses assigned to the virtual interfaces for a specific period of + time. This binding update gets refreshed at the CH after the mobile + node moves to the new network, thus stopping the flow to the other + candidate networks. RFC 5648 [RFC5648] discusses different scenarios + of mobility binding with multiple care-of-addresses. As the second + + + + + +Dutta, et al. Informational [Page 22] + +RFC 6252 MPA Framework June 2011 + + + solution, in case simultaneous binding is not supported in a specific + mobility scheme, forwarding of traffic from the previous target + network will help take care of the transient traffic until the new + binding update is sent from the new network. + +7.3. Proactive IP Address Acquisition + + In general, a mobility management protocol works in conjunction with + the Foreign Agent or in the co-located address mode. The MPA + approach can use both the co-located address mode and the Foreign + Agent address mode. We discuss here the address assignment component + that is used in the co-located address mode. There are several ways + a mobile node can obtain an IP address and configure itself. In some + cases, a mobile node can configure itself statically in the absence + of any configuration element such as a server or router in the + network. In a LAN environment, the mobile node can obtain an IP + address from DHCP servers. In the case of IPv6 networks, a mobile + node has the option of obtaining the IP address using stateless + autoconfiguration or DHCPv6. In some wide-area networking + environments, the mobile node uses PPP (Point-to-Point Protocol) to + obtain the IP address by communicating with a NAS (Network Access + Server). + + Each of these processes takes on the order of few hundred + milliseconds to a few seconds, depending upon the type of IP address + acquisition process and operating system of the clients and servers. + Since IP address acquisition is part of the handover process, it adds + to the handover delay, and thus it is desirable to reduce this delay + as much as possible. There are a few optimized techniques available, + such as DHCP Rapid Commit [RFC4039] and GPS-coordinate-based IP + address [GPSIP], that attempt to reduce the handover delay due to IP + address acquisition time. However, in all these cases, the mobile + node also obtains the IP address after it moves to the new subnet and + incurs some delay because of the signaling handshake between the + mobile node and the DHCP server. + + In Fast MIPv6 [RFC5568], through the RtSolPr and PrRtAdv messages, + the MN also formulates a prospective new CoA (nCoA) when it is still + present on the Previous Access Router's (pAR's) link. Hence, the + latency due to new prefix discovery subsequent to handover is + eliminated. However, in this case, both the pAR and the Next Access + Router (nAR) need to cooperate with each other to be able to retrieve + the prefix from the target network. + + In the following paragraph, we describe a few ways that a mobile node + can obtain the IP address proactively from the CTN, and the + associated tunnel setup procedure. These can broadly be divided into + four categories: PANA-assisted proactive IP address acquisition, + + + +Dutta, et al. Informational [Page 23] + +RFC 6252 MPA Framework June 2011 + + + IKE-assisted proactive IP address acquisition, proactive IP address + acquisition using DHCP only, and stateless autoconfiguration. When + DHCP is used for address configuration, a DHCP server is assumed to + be serving one subnet. + +7.3.1. PANA-Assisted Proactive IP Address Acquisition + + In the case of PANA-assisted proactive IP address acquisition, the + mobile node obtains an IP address proactively from a CTN. The mobile + node makes use of PANA [RFC5191] messages to trigger the IP address + acquisition process via a DHCP client that is co-located with the + PANA authentication agent in the access router in the CTN acting on + behalf of the mobile node. Upon receiving a PANA message from the + mobile node, the DHCP client on the authentication agent performs + normal DHCP message exchanges to obtain the IP address from the DHCP + server in the CTN. This address is piggy-backed in a PANA message + and is delivered to the mobile node. In the case of IPv6, a Router + Advertisement (RA) is carried as part of the PANA message. In the + case of stateless autoconfiguration, the mobile node uses the + prefix(es) obtained as part of the RA and its MAC address to + construct the unique IPv6 address(es) as it would have done in the + new network. In the case of stateful address autoconfiguration, a + procedure similar to DHCPv4 can be applied. + +7.3.2. IKEv2-Assisted Proactive IP Address Acquisition + + IKEv2-assisted proactive IP address acquisition works when an IPsec + gateway and a DHCP relay agent [RFC3046] are resident within each + access router in the CTN. In this case, the IPsec gateway and DHCP + relay agent in a CTN help the mobile node acquire the IP address from + the DHCP server in the CTN. The MN-AR key established during the + pre-authentication phase is used as the IKEv2 pre-shared secret + needed to run IKEv2 between the mobile node and the access router. + The IP address from the CTN is obtained as part of the standard IKEv2 + procedure, using the co-located DHCP relay agent for obtaining the IP + address from the DHCP server in the target network using standard + DHCP. The obtained IP address is sent back to the client in the + IKEv2 Configuration Payload exchange. In this case, IKEv2 is also + used as the tunnel management protocol for a proactive handover + tunnel (see Section 7.4). Alternatively, a VPN gateway can dispense + the IP address from its IP address pool. + +7.3.3. Proactive IP Address Acquisition Using DHCPv4 Only + + As another alternative, DHCP may be used for proactively obtaining an + IP address from a CTN without relying on PANA or IKEv2-based + approaches by allowing direct DHCP communication between the mobile + node and the DHCP relay agent or DHCP server in the CTN. The + + + +Dutta, et al. Informational [Page 24] + +RFC 6252 MPA Framework June 2011 + + + mechanism described in this section is applicable to DHCPv4 only. + The mobile node sends a unicast DHCP message to the DHCP relay agent + or DHCP server in the CTN requesting an address, while using the + address associated with the current physical interface as the source + address of the request. + + When the message is sent to the DHCP relay agent, the DHCP relay + agent relays the DHCP messages back and forth between the mobile node + and the DHCP server. In the absence of a DHCP relay agent, the + mobile node can also directly communicate with the DHCP server in the + target network. The broadcast option in the client's unicast + DISCOVER message should be set to 0 so that the relay agent or the + DHCP server can send the reply directly back to the mobile node using + the mobile node's source address. + + In order to prevent malicious nodes from obtaining an IP address from + the DHCP server, DHCP authentication should be used, or the access + router should be configured with a filter to block unicast DHCP + messages sent to the remote DHCP server from mobile nodes that are + not pre-authenticated. When DHCP authentication is used, the DHCP + authentication key may be derived from the MPA-SA established between + the mobile node and the authentication agent in the candidate target + network. + + The proactively obtained IP address is not assigned to the mobile + node's physical interface until the mobile node has moved to the new + network. The IP address thus obtained proactively from the target + network should not be assigned to the physical interface but rather + to a virtual interface of the client. Thus, such a proactively + acquired IP address via direct DHCP communication between the mobile + node and the DHCP relay agent or the DHCP server in the CTN may be + carried with additional information that is used to distinguish it + from other addresses as assigned to the physical interface. + + Upon the mobile node's entry to the new network, the mobile node can + perform DHCP over the physical interface to the new network to get + other configuration parameters, such as the SIP server or DNS server, + by using DHCP INFORM. This should not affect the ongoing + communication between the mobile node and Correspondent Host. Also, + the mobile node can perform DHCP over the physical interface to the + new network to extend the lease of the address that was proactively + obtained before entering the new network. + + In order to maintain the DHCP binding for the mobile node and keep + track of the dispensed IP address before and after the secure + proactive handover, the same DHCP client identifier needs to be used + + + + + +Dutta, et al. Informational [Page 25] + +RFC 6252 MPA Framework June 2011 + + + for the mobile node for both DHCP for proactive IP address + acquisition and for DHCP performed after the mobile node enters the + target network. The DHCP client identifier may be the MAC address of + the mobile node or some other identifier. + +7.3.4. Proactive IP Address Acquisition Using Stateless + Autoconfiguration + + For IPv6, a network address is configured either using DHCPv6 or + stateless autoconfiguration. In order to obtain the new IP address + proactively, the router advertisement of the next-hop router can be + sent over the established tunnel, and a new IPv6 address is generated + based on the prefix and MAC address of the mobile node. Generating a + CoA from the new network will avoid the time needed to obtain an IP + address and perform Duplicate Address Detection. + + Duplicate Address Detection and address resolution are part of the IP + address acquisition process. As part of the proactive configuration, + these two processes can be done ahead of time. Details of how these + two processes can be done proactively are described in Appendix A and + Appendix B, respectively. + + In the case of stateless autoconfiguration, the mobile node checks to + see the prefix of the router advertisement in the new network and + matches it with the prefix of the newly assigned IP address. If + these turn out to be the same, then the mobile node does not go + through the IP address acquisition phase again. + +7.4. Tunnel Management + + After an IP address is proactively acquired from the DHCP server in a + CTN, or via stateless autoconfiguration in the case of IPv6, a + proactive handover tunnel is established between the mobile node and + the access router in the CTN. The mobile node uses the acquired IP + address as the tunnel's inner address. + + There are several reasons why this transient tunnel is established + between the nAR and the mobile node in the old PoA, unlike the + transient tunnel in FMIPv6 (Fast MIPv6) [RFC5568], where it is set up + between the mobile node's new point of attachment and the old access + router. + + In the case of inter-domain handoff, it is important that any + signaling message between the nPoA and the mobile node needs to be + secured. This transient secured tunnel provides the desired + functionality, including securing the proactive binding update and + transient data between the end-points before the handover has taken + place. Unlike the proactive mode of FMIPv6, transient handover + + + +Dutta, et al. Informational [Page 26] + +RFC 6252 MPA Framework June 2011 + + + packets are not sent to the pAR, and thus a tunnel between the mobile + node's new point of attachment and the old access router is not + needed. + + In the case of inter-domain handoff, the pAR and nAR could logically + be far from each other. Thus, the signaling and data during the + pre-authentication period will take a longer route, and thus may be + subjected to longer one-way delay. Hence, MPA provides a tradeoff + between larger packet loss or larger one-way packet delay for a + transient period, when the mobile node is preparing for handoff. + + The proactive handover tunnel is established using a tunnel + management protocol. When IKEv2 is used for proactive IP address + acquisition, IKEv2 is also used as the tunnel management protocol. + Alternatively, when PANA is used for proactive IP address + acquisition, PANA may be used as the secure tunnel management + protocol. + + Once the proactive handover tunnel is established between the mobile + node and the access router in the candidate target network, the + access router also needs to perform proxy address resolution (Proxy + ARP) on behalf of the mobile node so that it can capture any packets + destined to the mobile node's new address. + + Since the mobile node needs to be able to communicate with the + Correspondent Node while in the previous network, some or all parts + of the binding update and data from the Correspondent Node to the + mobile node need to be sent back to the mobile node over a proactive + handover tunnel. Details of these binding update procedures are + described in Section 7.5. + + In order for the traffic to be directed to the mobile node after the + mobile node attaches to the target network, the proactive handover + tunnel needs to be deleted or disabled. The tunnel management + protocol used for establishing the tunnel is used for this purpose. + Alternatively, when PANA is used as the authentication protocol, the + tunnel deletion or disabling at the access router can be triggered by + means of the PANA update mechanism as soon as the mobile node moves + to the target network. A link-layer trigger ensures that the mobile + node is indeed connected to the target network and can also be used + as the trigger to delete or disable the tunnel. A tunnel management + protocol also triggers the router advertisement (RA) from the next + access router to be sent over the tunnel, as soon as the tunnel + creation is complete. + + + + + + + +Dutta, et al. Informational [Page 27] + +RFC 6252 MPA Framework June 2011 + + +7.5. Binding Update + + There are several kinds of binding update mechanisms for different + mobility management schemes. + + In the case of Mobile IPv4 and Mobile IPv6, the mobile node performs + a binding update with the Home Agent only, if route optimization is + not used. Otherwise, the mobile node performs the binding update + with both the Home Agent (HA) and Correspondent Node (CN). + + In the case of SIP-based terminal mobility, the mobile node sends a + binding update using an INVITE to the Correspondent Node and a + REGISTER message to the Registrar. Based on the distance between the + mobile node and the Correspondent Node, the binding update may + contribute to the handover delay. SIP-fast handover [SIPFAST] + provides several ways of reducing the handover delay due to binding + update. In the case of secure proactive handover using SIP-based + mobility management, we do not encounter the delay due to the binding + update at all, as it takes place in the previous network. + + Thus, this proactive binding update scheme looks more attractive when + the Correspondent Node is too far from the communicating mobile node. + Similarly, in the case of Mobile IPv6, the mobile node sends the + newly acquired CoA from the target network as the binding update to + the HA and CN. Also, all signaling messages between the MN and HA + and between the MN and CN are passed through this proactive tunnel + that is set up. These messages include Binding Update (BU); Binding + Acknowledgement (BA); and the associated return routability messages, + such as Home Test Init (HoTI), Home Test (HoT), Care-of Test Init + (CoTI), and Care-of Test (CoT). In Mobile IPv6, since the receipt of + an on-link router advertisement is mandatory for the mobile node to + detect the movement and trigger the binding update, a router + advertisement from the next access router needs to be advertised over + the tunnel. By proper configuration on the nAR, the router + advertisement can be sent over the tunnel interface to trigger the + proactive binding update. The mobile node also needs to make the + tunnel interface the active interface, so that it can send the + binding update using this interface as soon as it receives the router + advertisement. + + If the proactive handover tunnel is realized as an IPsec tunnel, it + will also protect these signaling messages between the tunnel end- + points and will make the return routability test secured as well. + Any subsequent data will also be tunneled through, as long as the + mobile node is in the previous network. The accompanying document + [MPA-WIRELESS] talks about the details of how binding updates and + signaling for return routability are sent over the secured tunnel. + + + + +Dutta, et al. Informational [Page 28] + +RFC 6252 MPA Framework June 2011 + + +7.6. Preventing Packet Loss + + In the MPA case, packet loss due to IP address acquisition, secured + authentication, and binding update does not occur. However, + transient packets during link-layer handover can be lost. Possible + scenarios of packet loss and its prevention are described below. + +7.6.1. Packet Loss Prevention in Single-Interface MPA + + For single-interface MPA, there may be some transient packets during + link-layer handover that are directed to the mobile node at the old + point of attachment before the mobile node is able to attach to the + target network. Those transient packets can be lost. Buffering + these packets at the access router of the old point of attachment can + eliminate packet loss. Dynamic buffering signals from the MN can + temporarily hold transient traffic during handover, and then these + packets can be forwarded to the MN once it attaches to the target + network. A detailed analysis of the buffering technique can be found + in [PIMRC06]. + + An alternative method is to use bicasting. Bicasting helps to + forward the traffic to two destinations at the same time. However, + it does not eliminate packet loss if link-layer handover is not + seamlessly performed. On the other hand, buffering does not reduce + packet delay. While packet delay can be compensated by a playout + buffer at the receiver side for a streaming application, a playout + buffer does not help much for interactive VoIP applications that + cannot tolerate large delay jitters. Thus, it is still important to + optimize the link-layer handover anyway. + +7.6.2. Preventing Packet Losses for Multiple Interfaces + + MPA usage in multi-interface handover scenarios involves preparing + the second interface for use via the current active interface. This + preparation involves pre-authentication and provisioning at a target + network where the second interface would be the eventual active + interface. For example, during inter-technology handover from a WiFi + to a CDMA network, pre-authentication at the CDMA network can be + performed via the WiFi interface. The actual handover occurs when + the CDMA interface becomes the active interface for the MN. + + In such scenarios, if handover occurs while both interfaces are + active, there is generally no packet loss, since transient packets + directed towards the old interface will still reach the MN. However, + if sudden disconnection of the current active interface is used to + initiate handover to the prepared interface, then transient packets + for the disconnected interface will be lost while the MN attempts to + be reachable at the prepared interface. In such cases, a specialized + + + +Dutta, et al. Informational [Page 29] + +RFC 6252 MPA Framework June 2011 + + + form of buffering can be used to eliminate packet loss where packets + are merely copied at an access router in the current active network + prior to disconnection. If sudden disconnection does occur, copied + packets can be forwarded to the MN once the prepared interface + becomes the active reachable interface. The copy-and-forward + mechanism is not limited to multi-interface handover. + + A notable side-effect of this process is the possible duplication of + packets during forwarding to the new active interface. Several + approaches can be employed to minimize this effect. Relying on + upper-layer protocols such as TCP to detect and eliminate duplicates + is the most common approach. Customized duplicate detection and + handling techniques can also be used. In general, packet duplication + is a well-known issue that can also be handled locally by the MN. + + If the mobile node takes a longer amount of time to detect the + disconnection event of the current active interface, this can also + have an adverse effect on the length of the handover process. Thus, + it becomes necessary to use an optimized scheme of detecting + interface disconnection in such scenarios. Use of the current + interface to perform pre-authentication instead of the new interface + is desirable in certain circumstances, such as to save battery power, + or in cases where the adjacent cells (e.g., WiFi or CDMA) are + non-overlapping, or in cases when the carrier does not allow the + simultaneous use of both interfaces. However, in certain + circumstances, depending upon the type of target network, only parts + of MPA operations can be performed (e.g., pre-authentication, + pre-configuration, or proactive binding update). In a specific + scenario involving handoff between WiFi and CDMA networks, some of + the PPP context can be set up during the pre-authentication period, + thus reducing the time for PPP activation. + +7.6.3. Reachability Test + + In addition to previous techniques, the MN may also want to ensure + reachability of the new point of attachment before switching from the + old one. This can be done by exchanging link-layer management frames + with the new point of attachment. This reachability check should be + performed as quickly as possible. In order to prevent packet loss + during this reachability check, transmission of packets over the link + between the MN and the old point of attachment should be suspended by + buffering the packets at both ends of the link during the + reachability check. How to perform this buffering is out of scope of + this document. Some of the results of using this buffering scheme + are explained in the accompanying document [MPA-WIRELESS]. + + + + + + +Dutta, et al. Informational [Page 30] + +RFC 6252 MPA Framework June 2011 + + +7.7. Security and Mobility + + This section describes how MPA can help establish layer 2 and layer 3 + security association in the target networks while the mobile node is + in the previous network. + +7.7.1. Link-Layer Security and Mobility + + Using the MPA-SA established between the mobile node and the + authentication agent for a CTN, during the pre-authentication phase, + it is possible to bootstrap link-layer security in the CTN while the + mobile node is in the current network, as described in the following + steps. Figure 5 shows the sequence of operation. + + (1) The authentication agent and the mobile node derive a PMK (Pair- + wise Master Key) [RFC5247] using the MPA-SA that is established + as a result of successful pre-authentication. Successful + operation of EAP and a AAA protocol may be involved during + pre-authentication to establish the MPA-SA. From the PMK, + distinct TSKs (Transient Session Keys) [RFC5247] for the mobile + node are directly or indirectly derived for each point of + attachment of the CTN. + + (2) The authentication agent may install the keys derived from the + PMK and used for secure association to points of attachment. + The derived keys may be TSKs or intermediary keys from which + TSKs are derived. + + (3) After the mobile node chooses a CTN as the target network and + switches to a point of attachment in the target network (which + now becomes the new network for the mobile node), it executes a + secure association protocol such as the IEEE 802.11i 4-way + handshake [802.11], using the PMK in order to establish PTKs + (Pair-wise Transient Keys) and group keys [RFC5247] used for + protecting link-layer packets between the mobile node and the + point of attachment. No additional execution of EAP + authentication is needed here. + + (4) While the mobile node is roaming in the new network, the mobile + node only needs to perform a secure association protocol with + its point of attachment, and no additional execution of EAP + authentication is needed either. Integration of MPA with link- + layer handover optimization mechanisms such as 802.11r can be + archived this way. + + The mobile node may need to know the link-layer identities of the + points of attachment in the CTN to derive TSKs. + + + + +Dutta, et al. Informational [Page 31] + +RFC 6252 MPA Framework June 2011 + + + _________________ ____________________________ + | Current Network | | CTN | + | ____ | | ____ | + | | | (1) pre-authentication | | | + | | MN |<------------------------------->| AA | | + | |____| | | |____| | + | . | | | | + | . | | | | + |____.____________| | | | + .movement | |(2) Keys | + ____.___________________| | | + | _v__ _____ | | + | | |(3) secure assoc. | | | | + | | MN |<------------------>| AP1 |<-------+ | + | |____| |_____| | | + | . | | + | .movement | | + | . | | + | . | | + | _v__ _____ | | + | | |(4) secure assoc. | | | | + | | MN |<------------------>| AP2 |<-------+ | + | |____| |_____| | + |_____________________________________________________| + + Figure 5: Bootstrapping Link-Layer Security + +7.7.2. IP-Layer Security and Mobility + + IP-layer security is typically maintained between the mobile node and + the first-hop router, or any other network element such as SIP proxy + by means of IPsec. This IPsec SA can be set up either in tunnel mode + or in ESP mode. However, as the mobile node moves, the IP address of + the router and outbound proxy will change in the new network. The + mobile node's IP address may or may not change, depending upon the + mobility protocol being used. This will warrant re-establishing a + new security association between the mobile node and the desired + network entity. In some cases, such as in a 3GPP/3GPP2 IMS/MMD + environment, data traffic is not allowed to pass through unless there + is an IPsec SA established between the mobile node and outbound + proxy. This will of course add unreasonable delay to the existing + real-time communication during a mobile node's movement. In this + scenario, key exchange is done as part of a SIP registration that + follows a key exchange procedure called AKA (Authentication and Key + Agreement). + + + + + + +Dutta, et al. Informational [Page 32] + +RFC 6252 MPA Framework June 2011 + + + MPA can be used to bootstrap this security association as part of + pre-authentication via the new outbound proxy. Prior to the + movement, if the mobile node can pre-register via the new outbound + proxy in the target network and completes the pre-authentication + procedure, then the new SA state between the mobile node and new + outbound proxy can be established prior to the movement to the new + network. A similar approach can also be applied if a key exchange + mechanism other than AKA is used or the network element with which + the security association has to be established is different than an + outbound proxy. + + By having the security association established ahead of time, the + mobile node does not need to be involved in any exchange to set up + the new security association after the movement. Any further key + exchange will be limited to renew the expiry time. This will reduce + the delay for real-time communication as well. + +7.8. Authentication in Initial Network Attachment + + When the mobile node initially attaches to a network, network access + authentication would occur regardless of the use of MPA. The + protocol used for network access authentication when MPA is used for + handover optimization can be a link-layer network access + authentication protocol such as IEEE 802.1X, or a higher-layer + network access authentication protocol such as PANA. + +8. Security Considerations + + This document describes a framework for a secure handover + optimization mechanism based on performing handover-related signaling + between a mobile node and one or more candidate target networks to + which the mobile node may move in the future. This framework + involves acquisition of the resources from the CTN as well as data + packet redirection from the CTN to the mobile node in the current + network before the mobile node physically connects to one of those + CTNs. + + Acquisition of the resources from the candidate target networks must + be done with appropriate authentication and authorization procedures + in order to prevent an unauthorized mobile node from obtaining the + resources. For this reason, it is important for the MPA framework to + perform pre-authentication between the mobile node and the candidate + target networks. The MN-CA key and the MN-AR key generated as a + result of successful pre-authentication can protect subsequent + handover signaling packets and data packets exchanged between the + mobile node and the MPA functional elements in the CTNs. + + + + + +Dutta, et al. Informational [Page 33] + +RFC 6252 MPA Framework June 2011 + + + The MPA framework also addresses security issues when the handover is + performed across multiple administrative domains. With MPA, it is + possible for handover signaling to be performed based on direct + communication between the mobile node and routers or mobility agents + in the candidate target networks. This eliminates the need for a + context transfer protocol [RFC5247] for which known limitations exist + in terms of security and authorization. For this reason, the MPA + framework does not require trust relationships among administrative + domains or access routers, which makes the framework more deployable + in the Internet without compromising the security in mobile + environments. + +9. Acknowledgments + + We would like to thank Farooq Anjum and Raziq Yaqub for their review + of this document, and Subir Das for standardization support in the + IEEE 802.21 working group. + + The authors would like to acknowledge Christian Vogt, Rajeev Koodli, + Marco Liebsch, Juergen Schoenwaelder, and Charles Perkins for their + thorough review of the document and useful feedback. + + Author and Editor Ashutosh Dutta would like to thank Telcordia + Technologies, and author Victor Fajardo would like to thank Toshiba + America Research and Telcordia Technologies, for supporting the + development of their document while they were employed in their + respective organizations. + +10. References + +10.1. Normative References + + [RFC5944] Perkins, C., Ed., "IP Mobility Support for IPv4, Revised", + RFC 5944, November 2010. + + [RFC3748] Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., and H. + Levkowetz, Ed., "Extensible Authentication Protocol + (EAP)", RFC 3748, June 2004. + + [RFC3775] Johnson, D., Perkins, C., and J. Arkko, "Mobility Support + in IPv6", RFC 3775, June 2004. + + [RFC2205] Braden, R., Ed., Zhang, L., Berson, S., Herzog, S., and S. + Jamin, "Resource ReSerVation Protocol (RSVP) -- Version 1 + Functional Specification", RFC 2205, September 1997. + + + + + + +Dutta, et al. Informational [Page 34] + +RFC 6252 MPA Framework June 2011 + + + [RFC5380] Soliman, H., Castelluccia, C., El Malki, K., and L. + Bellier, "Hierarchical Mobile IPv6 (HMIPv6) Mobility + Management", RFC 5380, October 2008. + + [RFC5568] Koodli, R., Ed., "Mobile IPv6 Fast Handovers", RFC 5568, + July 2009. + + [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate + Requirement Levels", BCP 14, RFC 2119, March 1997. + + [RFC4555] Eronen, P., "IKEv2 Mobility and Multihoming Protocol + (MOBIKE)", RFC 4555, June 2006. + + [RFC4881] El Malki, K., Ed., "Low-Latency Handoffs in Mobile IPv4", + RFC 4881, June 2007. + + [RFC4066] Liebsch, M., Ed., Singh, A., Ed., Chaskar, H., Funato, D., + and E. Shim, "Candidate Access Router Discovery (CARD)", + RFC 4066, July 2005. + + [RFC4067] Loughney, J., Nakhjiri, M., Perkins, C., and R. Koodli, + "Context Transfer Protocol (CXTP)", RFC 4067, July 2005. + + [RFC5247] Aboba, B., Simon, D., and P. Eronen, "Extensible + Authentication Protocol (EAP) Key Management Framework", + RFC 5247, August 2008. + + [RFC5191] Forsberg, D., Ohba, Y., Ed., Patil, B., Tschofenig, H., + and A. Yegin, "Protocol for Carrying Authentication for + Network Access (PANA)", RFC 5191, May 2008. + + [RG98] ITU-T, "General Characteristics of International Telephone + Connections and International Telephone Circuits: One-Way + Transmission Time", ITU-T Recommendation G.114, 1998. + + [ITU98] ITU-T, "The E-Model, a computational model for use in + transmission planning", ITU-T Recommendation G.107, 1998. + + [ETSI] ETSI, "Telecommunications and Internet Protocol + Harmonization Over Networks (TIPHON) Release 3; End-to-end + Quality of Service in TIPHON systems; Part 1: General + aspects of Quality of Service (QoS)", ETSI TR 101 + 329-1 V3.1.2, 2002. + + + + + + + + +Dutta, et al. Informational [Page 35] + +RFC 6252 MPA Framework June 2011 + + +10.2. Informative References + + [RFC5201] Moskowitz, R., Nikander, P., Jokela, P., Ed., and T. + Henderson, "Host Identity Protocol", RFC 5201, + April 2008. + + [RFC2679] Almes, G., Kalidindi, S., and M. Zekauskas, "A One-way + Delay Metric for IPPM", RFC 2679, September 1999. + + [RFC2680] Almes, G., Kalidindi, S., and M. Zekauskas, "A One-way + Packet Loss Metric for IPPM", RFC 2680, + September 1999. + + [RFC2681] Almes, G., Kalidindi, S., and M. Zekauskas, "A + Round-trip Delay Metric for IPPM", RFC 2681, + September 1999. + + [RFC2003] Perkins, C., "IP Encapsulation within IP", RFC 2003, + October 1996. + + [RFC2608] Guttman, E., Perkins, C., Veizades, J., and M. Day, + "Service Location Protocol, Version 2", RFC 2608, + June 1999. + + [RFC2473] Conta, A. and S. Deering, "Generic Packet Tunneling in + IPv6 Specification", RFC 2473, December 1998. + + [RFC3046] Patrick, M., "DHCP Relay Agent Information Option", + RFC 3046, January 2001. + + [RFC4039] Park, S., Kim, P., and B. Volz, "Rapid Commit Option + for the Dynamic Host Configuration Protocol version 4 + (DHCPv4)", RFC 4039, March 2005. + + [RFC5172] Varada, S., Ed., "Negotiation for IPv6 Datagram + Compression Using IPv6 Control Protocol", RFC 5172, + March 2008. + + [RFC5648] Wakikawa, R., Ed., Devarapalli, V., Tsirtsis, G., + Ernst, T., and K. Nagami, "Multiple Care-of Addresses + Registration", RFC 5648, October 2009. + + [RFC4429] Moore, N., "Optimistic Duplicate Address Detection + (DAD) for IPv6", RFC 4429, April 2006. + + + + + + + +Dutta, et al. Informational [Page 36] + +RFC 6252 MPA Framework June 2011 + + + [RFC5836] Ohba, Y., Ed., Wu, Q., Ed., and G. Zorn, Ed., + "Extensible Authentication Protocol (EAP) Early + Authentication Problem Statement", RFC 5836, + April 2010. + + [RFC5213] Gundavelli, S., Ed., Leung, K., Devarapalli, V., + Chowdhury, K., and B. Patil, "Proxy Mobile IPv6", + RFC 5213, August 2008. + + [RFC5974] Manner, J., Karagiannis, G., and A. McDonald, "NSIS + Signaling Layer Protocol (NSLP) for Quality-of-Service + Signaling", RFC 5974, October 2010. + + [RFC5169] Clancy, T., Nakhjiri, M., Narayanan, V., and L. + Dondeti, "Handover Key Management and + Re-Authentication Problem Statement", RFC 5169, + March 2008. + + [SIPMM] Schulzrinne, H. and E. Wedlund, "Application-Layer + Mobility Using SIP", ACM MC2R, July 2000. + + [CELLIP] Campbell, A., Gomez, J., Kim, S., Valko, A., Wan, C., + and Z. Turanyi, "Design, Implementation, and + Evaluation of Cellular IP", IEEE Personal + Communications, August 2000. + + [MOBIQUIT07] Lopez, R., Dutta, A., Ohba, Y., Schulzrinne, H., and + A. Skarmeta, "Network-layer assisted mechanism to + optimize authentication delay during handoff in 802.11 + networks", IEEE Mobiquitous, June 2007. + + [MISHRA04] Mishra, A., Shin, M., Petroni, N., Clancy, T., and W. + Arbaugh, "Proactive key distribution using neighbor + graphs", IEEE Wireless Communications Magazine, + February 2004. + + [SPRINGER07] Dutta, A., Das, S., Famolari, D., Ohba, Y., Taniuchi, + K., Fajardo, V., Lopez, R., Kodama, T., Schulzrinne, + H., and A. Skarmeta, "Seamless proactive handover + across heterogeneous access networks", Wireless + Personal Communications, November 2007. + + [HAWAII] Ramjee, R., La Porta, T., Thuel, S., Varadhan, K., and + S. Wang, "HAWAII: A Domain-based Approach for + Supporting Mobility in Wide-area Wireless networks", + International Conference on Network Protocols ICNP'99. + + + + + +Dutta, et al. Informational [Page 37] + +RFC 6252 MPA Framework June 2011 + + + [IDMP] Das, S., McAuley, A., Dutta, A., Misra, A., + Chakraborty, K., and S. Das, "IDMP: An Intra-Domain + Mobility Management Protocol for Next Generation + Wireless Networks", IEEE Wireless Communications + Magazine, October 2000. + + [MOBIP-REG] Gustafsson, E., Jonsson, A., and C. Perkins, "Mobile + IPv4 Regional Registration", Work in Progress, + June 2004. + + [YOKOTA] Yokota, H., Idoue, A., Hasegawa, T., and T. Kato, + "Link Layer Assisted Mobile IP Fast Handoff Method + over Wireless LAN Networks", Proceedings of ACM + MobiCom02, 2002. + + [MACD] Shin, S., Forte, A., Rawat, A., and H. Schulzrinne, + "Reducing MAC Layer Handoff Latency in IEEE 802.11 + Wireless LANs", MobiWac Workshop, 2004. + + [SUM] Dutta, A., Zhang, T., Madhani, S., Taniuchi, K., + Fujimoto, K., Katsube, Y., Ohba, Y., and H. + Schulzrinne, "Secured Universal Mobility for Wireless + Internet", WMASH'04, October 2004. + + [SIPFAST] Dutta, A., Madhani, S., Chen, W., Altintas, O., and H. + Schulzrinne, "Fast-handoff Schemes for Application + Layer Mobility Management", PIMRC 2004. + + [PIMRC06] Dutta, A., Berg, E., Famolari, D., Fajardo, V., Ohba, + Y., Taniuchi, K., Kodama, T., and H. Schulzrinne, + "Dynamic Buffering Control Scheme for Mobile Handoff", + Proceedings of PIMRC 2006, 1-11. + + [MITH] Gwon, Y., Fu, G., and R. Jain, "Fast Handoffs in + Wireless LAN Networks using Mobile initiated Tunneling + Handoff Protocol for IPv4 (MITHv4)", Wireless + Communications and Networking 2003, January 2005. + + [WENYU] Jiang, W. and H. Schulzrinne, "Modeling of Packet Loss + and Delay and their Effect on Real-Time Multimedia + Service Quality", NOSSDAV 2000, June 2000. + + [802.21] "IEEE Standard for Local and Metropolitan Area + Networks: Media Independent Handover Services, IEEE + 802.21-2008", a contribution to IEEE 802.21 WG, + January 2009. + + + + + +Dutta, et al. Informational [Page 38] + +RFC 6252 MPA Framework June 2011 + + + [802.11] "IEEE Wireless LAN Edition A compilation based on IEEE + Std 802.11-1999(R2003)", Institute of Electrical and + Electronics Engineers, September 2003. + + [GPSIP] Dutta, A., Madhani, S., Chen, W., Altintas, O., and H. + Schulzrinne, "GPS-IP based fast-handoff approaches for + Mobiles", IEEE Sarnoff Symposium 2006. + + [MAGUIRE] Vatn, J. and G. Maguire, "The effect of using + co-located care-of addresses on macro handover + latency", 14th Nordic Teletraffic Seminar 1998. + + [MPA-MOBIKE] El Mghazli, Y., Bournelle, J., and J. Laganier, "MPA + using IKEv2 and MOBIKE", Work in Progress, June 2006. + + [MPA-WIRELESS] Dutta, A., Famolari, D., Das, S., Ohba, Y., Fajardo, + V., Taniuchi, K., Lopez, R., and H. Schulzrinne, + "Media- Independent Pre-authentication Supporting + Secure Interdomain Handover Optimization", IEEE + Wireless Communications Magazine, April 2008. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Dutta, et al. Informational [Page 39] + +RFC 6252 MPA Framework June 2011 + + +Appendix A. Proactive Duplicate Address Detection + + When the DHCP server dispenses an IP address, it updates its lease + table, so that this same address is not given to another client for + that specific period of time. At the same time, the client also + keeps a lease table locally so that it can renew when needed. In + some cases where a network consists of both DHCP and non-DHCP-enabled + clients, there is a probability that another client in the LAN may + have been configured with an IP address from the DHCP address pool. + In such a scenario, the server detects a duplicate address based on + ARP (Address Resolution Protocol) or IPv6 Neighbor Discovery before + assigning the IP address. This detection procedure may take from 4 + sec to 15 sec [MAGUIRE] and will thus contribute to a larger handover + delay. In the case of a proactive IP address acquisition process, + this detection is performed ahead of time and thus does not affect + the handover delay at all. By performing the Duplicate Address + Detection (DAD) ahead of time, we reduce the IP address acquisition + time. + + The proactive DAD over the candidate target network should be + performed by the nAR on behalf of the mobile node at the time of + proactive handover tunnel establishment, since DAD over a tunnel is + not always performed. For example, in the case of IPv6, DAD over an + IP-IP tunnel interface is turned off in an existing implementation. + In the case of IPv6 over PPP [RFC5172], the IP Control Protocol + (IPCPv6) negotiates the link-local addresses, and hence DAD over the + tunnel is not needed. After the mobile node has moved to the target + network, a DAD procedure may be started because of reassignment of + the nCoA to the physical interface to the target network. In that + case, the mobile node should use optimistic DAD [RFC4429] over the + physical interface so that the nCoA that was used inside the + proactive handover tunnel before handover can be immediately used + over that physical interface after handover. The schemes used for + the proactive DAD and optimistic DAD are applicable to both stateless + and stateful address autoconfiguration schemes used for obtaining a + nCoA. + + + + + + + + + + + + + + + +Dutta, et al. Informational [Page 40] + +RFC 6252 MPA Framework June 2011 + + +Appendix B. Address Resolution + + Address resolution involves updating the next access router's + neighbor cache. We briefly describe these two operations below. + + During the process of pre-configuration, the MAC address resolution + mappings needed by the mobile node to communicate with nodes in the + target network after attaching to the target network can also be + known, where the communicating nodes may be the access router, + authentication agent, configuration agent, or Correspondent Node. + There are several possible ways of performing such proactive MAC + address resolution. + + o One can use an information service mechanism [802.21] to resolve + the MAC addresses of the nodes. This might require each node in + the target network to be involved in the information service so + that the server of the information service can construct the + database for proactive MAC address resolution. + + o One can extend the authentication protocol used for pre- + authentication or the configuration protocol used for + pre-configuration to support proactive MAC address resolution. + For example, if PANA is used as the authentication protocol for + pre-authentication, PANA messages may carry attribute-value pairs + (AVPs) used for proactive address resolution. In this case, the + PANA authentication agent in the target network may perform + address resolution on behalf of the mobile node. + + o One can also make use of DNS to map the MAC address of the + specific interface associated with a specific IP address of the + network element in the target network. One may define a new DNS + resource record (RR) to proactively resolve the MAC addresses of + the nodes in the target network. But this approach may have its + own limitations, since a MAC address is a resource that is bound + to an IP address, and not directly to a domain name. + + When the mobile node attaches to the target network, it installs the + proactively obtained address resolution mappings without necessarily + performing address resolution queries for the nodes in the target + network. + + On the other hand, the nodes that reside in the target network and + that are communicating with the mobile node should also update their + address resolution mappings for the mobile node as soon as the mobile + node attaches to the target network. The above proactive address + resolution methods could also be used for those nodes to proactively + resolve the MAC address of the mobile node before the mobile node + attaches to the target network. However, this is not useful, since + + + +Dutta, et al. Informational [Page 41] + +RFC 6252 MPA Framework June 2011 + + + those nodes need to detect the attachment of the mobile node to the + target network before adopting the proactively resolved address + resolution mapping. A better approach would be integration of + attachment detection and address resolution mapping update. This is + based on gratuitously performing address resolution [RFC5944], + [RFC3775] in which the mobile node sends an ARP Request or an ARP + Reply in the case of IPv4, or a Neighbor Advertisement in the case of + IPv6, immediately after the mobile node attaches to the new network, + so that the nodes in the target network can quickly update the + address resolution mapping for the mobile node. + +Appendix C. MPA Deployment Issues + + In this section, we describe some of the deployment issues related to + MPA. + +C.1. Considerations for Failed Switching and Switch-Back + + The ping-pong effect is one of the common problems found during + handover. The ping-pong effect arises when a mobile node is located + at the borderline of the cell or decision point and a handover + procedure is frequently executed. This results in higher call drop + probability, lower connection quality, increased signaling traffic, + and waste of resources. All of these affect mobility optimization. + Handoff algorithms are the deciding factors for performing the + handoff between the networks. Traditionally, these algorithms employ + a threshold to compare the values of different metrics to decide on + the handoff. These metrics include signal strength, path loss, + Carrier-to-Interference Ratio (CIR), Signal-to-Interference Ratio + (SIR), Bit Error Rate (BER), and power budget. In order to avoid the + ping-pong effect, some additional parameters are employed by the + decision algorithm, such as hysteresis margin, dwell timers, and + averaging window. For a vehicle moving at a high speed, other + parameters, such as the distance between the mobile node and the + point of attachment, velocity of the mobile node, location of the + mobile node, traffic, and bandwidth characteristics are also taken + into account to reduce the ping-pong effect. More recently, there + are other handoff algorithms available that help reduce the ping-pong + effect in a heterogeneous network environment and that are based on + techniques such as hypothesis testing, dynamic programming, and + pattern recognition techniques. While it is important to devise + smart handoff algorithms to reduce the ping-pong effect, it is also + important to devise methods to recover from this effect. + + In the case of the MPA framework, the ping-pong effect will result in + the back-and-forth movement of the mobile node between the current + network and target network, and between the candidate target + networks. MPA in its current form will be affected because of the + + + +Dutta, et al. Informational [Page 42] + +RFC 6252 MPA Framework June 2011 + + + number of tunnels set up between the mobile node and neighboring + access routers, the number of binding updates, and associated handoff + latency resulting from the ping-pong situation. The mobile node's + handoff rate may also contribute to delay and packet loss. We + propose a few techniques that will help reduce the probability of the + ping-pong effect and propose several methods for the MPA framework so + that it can recover from the packet loss resulting from the ping-pong + effect. + + The MPA framework can take advantage of the mobile node's geo- + location with respect to APs in the neighboring networks using GPS. + In order to avoid the oscillation between the networks, a location- + aware algorithm can be derived by using a co-relation between the + user's location and cached data from the previous handover attempts. + In some cases, location may not be the only indicator for a handoff + decision. For example, in Manhattan-type grid networks, although a + mobile node is close to an AP, it may not have enough SNR (Signal-to- + Noise Ratio) to make a good connection. Thus, knowledge of the + mobility pattern, dwell time in a call, and path identification will + help avoid the ping-pong problem to a great extent. + + In the absence of a good handoff algorithm that can avoid the ping- + pong effect, it may be required to put in place a good recovery + mechanism so as to mitigate the effect of ping-pong. It may be + necessary to keep the established context in the current network for + a period of time, so that it can be quickly recovered when the mobile + node comes back to the network where the context was last used. This + context may include security association, IP address used, and + tunnels established. Bicasting the data to both the previous network + and the new network for a predefined period will also help the mobile + node to take care of the lost packets in case the mobile node moves + back and forth between the networks. The mobile node can also take + certain action, after it determines that it is in a stable state with + respect to a ping-pong situation. + + When the MPA framework takes advantage of a combination of IKEv2 and + MOBIKE, the ping-pong effect can be reduced further [MPA-MOBIKE]. + +C.2. Authentication State Management + + In the case of pre-authentication with multiple target networks, it + is useful to maintain the state in the authentication agent of each + of the neighboring networks for a certain time period. Thus, if the + mobile node does move back and forth between neighboring networks, + already-maintained authentication state can be helpful. We provide + some highlights on multiple security association state management + below. + + + + +Dutta, et al. Informational [Page 43] + +RFC 6252 MPA Framework June 2011 + + + A mobile node that has pre-authenticated with an authentication agent + in a candidate target network and has an MPA-SA may need to continue + to keep the MPA-SA while it continues to stay in the current network + or even after it makes a handover to a network that is different from + the candidate target network. + + When an MN that has been authenticated and authorized by an + authentication agent in the current network makes a handover to a + target network, it may want to hold the SA that has been established + between the MN and the authentication agent for a certain time period + so that it does not have to go through the entire authentication + signaling to create an SA from scratch, in case it returns to the + previous network. Such an SA being held at the authentication agent + after the MN's handover to another network is considered as an + MPA-SA. In this case, the authentication agent should change the + fully authorized state for the MN to an unauthorized state. The + unauthorized state can be changed to the fully authorized state only + when the MN comes back to the network and provides proof of + possession of a key associated with the MPA-SA. + + While an MPA-SA is being held at an authentication agent, the MN will + need to keep updating the authentication agent when an IP address of + the MN changes due to a handover, to re-establish the new SA. + +C.3. Pre-Allocation of QoS Resources + + In the pre-configuration phase, it is also possible to pre-allocate + QoS resources that may be used by the mobile node not only after + handover but also before handover. When pre-allocated QoS resources + are used before handover, they are used for application traffic + carried over a proactive handover tunnel. + + It is possible that QoS resources are pre-allocated in an end-to-end + fashion. One method to achieve this proactive end-to-end QoS + reservation is to execute the NSIS Signaling Layer Protocol (NSLP) + [RFC5974] or the Resource Reservation Protocol (RSVP) [RFC2205] over + a proactive handover tunnel where pre-authentication can be used for + bootstrapping a security association for the proactive handover + tunnel to protect the QoS signaling. In this case, QoS resources are + pre-allocated on the path between the Correspondent Node and a target + access router and can be used continuously before and after handover. + On the other hand, duplicate pre-allocation of QoS resources between + the target access router and the mobile node is necessary when using + pre-allocated QoS resources before handover, due to differences in + + + + + + + +Dutta, et al. Informational [Page 44] + +RFC 6252 MPA Framework June 2011 + + + paths between the target access router and the mobile node before and + after handover. QoS resources to be used for the path between the + target access router and the mobile node after handover may be + pre-allocated by extending NSLP to work for off-path signaling (Note: + this path can be viewed as off-path before handover) or by + media-specific QoS signaling at layer 2. + +C.4. Resource Allocation Issue during Pre-Authentication + + In the case of multiple CTNs, establishing multiple tunnels with the + neighboring target networks provides some additional benefits. But + it contributes to some resource utilization issues as well. A + pre-authentication process with multiple candidate target networks + can happen in several ways. + + The very basic scheme involves authenticating the mobile node with + the multiple authentication agents in the neighboring networks, but + actual pre-configuration and binding update take place only after + layer 2 movement to a specific network is complete. + + Similarly, in addition to pre-authentication, the mobile node can + also complete the pre-configuration while in the previous network, + but can postpone the binding update until after the mobile node has + moved. Like the previous case, in this case the mobile node also + does not need to set up the pre-configured tunnels. While the pre- + authentication process and part of the pre-configuration process are + taken care of before the mobile node has moved to the new network, + the binding update is actually done after the mobile node has moved. + + The third type of multiple pre-authentication involves all the three + steps while the mobile node is in the previous networks, such as + authentication, configuration, and binding update. But, this + specific process utilizes the highest amount of resources. Some of + the resources that get used during this process are as follows: + + (1) Additional signaling for pre-authentication in the neighboring + networks + + (2) Holding the IP address of the neighboring networks in the mobile + node's cache for a certain amount of time. Additional + processing in the mobile node is needed for storing these IP + addresses. In addition, this caching of addresses also uses up + the temporary IP addresses from the neighboring routers. + + (3) There is an additional cost associated with setting up + additional transient tunnels with the target routers in the + neighboring networks and the mobile node. + + + + +Dutta, et al. Informational [Page 45] + +RFC 6252 MPA Framework June 2011 + + + (4) In the case of a binding update with multiple IP addresses + obtained from the neighboring networks, multiple transient + streams flow between the CN and mobile node using these + transient tunnels. + + However, there are pros and cons related to sending the binding + update after the handover. If the binding update is sent after the + mobile node has moved to the new network, this will contribute to the + delay if the CH or HA is far from the MN. Multiple binding updates + can be taken care of in many different ways. We describe a few of + these update mechanisms below. + + When only pre-authentication and pre-configuration are done ahead of + time with multiple networks, the mobile node sends one binding update + to the CN. In this case, it is important to find out when to send + the binding update after the layer 2 handoff. + + In case a binding update with multiple contact addresses is sent, + multiple media streams stem out of the CN, using the transient + tunnels. But in that case, one needs to send another binding update + after the handover, with the contact address set to the new address + (only one address) where the mobile node has moved. This way, the + mobile node stops sending media to other neighboring networks where + the mobile node did not move. + + The following is an illustration of this specific case that takes + care of multiple binding streams, when the mobile node moves only to + a specific network, but sends multiple binding updates in the + previous network. The MN sends a binding update to the CH with + multiple contact addresses, such as c1, c2, and c3, that were + obtained from three neighboring networks. This allows the CN to send + transient multiple streams to the mobile node over the pre- + established tunnels. After the mobile node moves to the actual + network, it sends another binding update to the CN with the care-of + address of the mobile node in the network where the mobile node has + moved. One issue with multiple streams is consumption of extra + bandwidth for a small period of time. + + Alternatively, one can apply the buffering technique at the target + access router or at the Home Agent. Transient data can be forwarded + to the mobile node after it has moved. Forwarding of data can be + triggered by the mobile node either as part of Mobile IP registration + or as a separate buffering protocol. + + + + + + + + +Dutta, et al. Informational [Page 46] + +RFC 6252 MPA Framework June 2011 + + +C.5. Systems Evaluation and Performance Results + + In this section, we present some of the results from MPA + implementation when applied to different handover scenarios. We + present the summary of results from our experiments using MPA + techniques for two types of handovers: i) intra-technology and + intra-domain, and ii) inter-technology and inter-domain. We also + present the results of how the MPA can bootstrap layer 2 security for + both roaming and non-roaming cases. Detailed procedures and results + are explained in [MOBIQUIT07] and [SPRINGER07]. + +C.5.1. Intra-Technology, Intra-Domain + + The results for MIPv6 and SIP mobility involving intra-domain + mobility are shown in Figures 6 and 7, respectively. + + Buffering Buffering Buffering Buffering + (disabled) (enabled) (disabled) (enabled) + & RO & RO & RO & RO + (disabled) (disabled) (enabled) (enabled) + ------------------------------------------------------------------- + L2 handoff (ms) 4.00 4.33 4.00 4.00 + + L3 handoff (ms) 1.00 1.00 1.00 1.00 + + Avg. packet loss 1.33 0 0.66 0 + + Avg. inter-packet 16.00 16.00 16.00 16.00 + arrival interval + (ms) + + Avg. inter-packet n/a 45.33 n/a 66.60 + arrival time during + handover + (ms) + + Avg. packet jitter n/a 29.33 n/a 50.60 + (ms) + + Buffering Period n/a 50.00 n/a 50.00 + (ms) + + Buffered Packets n/a 2.00 n/a 3.00 + + + RO = Router Optimization + + Figure 6: Mobile IPv6 with MPA Results + + + +Dutta, et al. Informational [Page 47] + +RFC 6252 MPA Framework June 2011 + + + Buffering Buffering + disabled enabled + ----------------------------------------------- + L2 handoff (ms) 4.00 5.00 + + L3 handoff (ms) 1.00 1.00 + + Avg. packet loss 1.50 0 + + Avg. inter-packet 16.00 16.00 + arrival interval + (ms) + + Avg. inter-packet n/a 29.00 + arrival time during + handover + (ms) + + Avg. packet jitter n/a 13.00 + (ms) + + Buffering Period n/a 20.00 + (ms) + + Buffered Packets n/a 3.00 + + Figure 7: SIP Mobility with MPA Results + + For all measurements, we did not experience any performance + degradation during handover in terms of the audio quality of the + voice traffic. + + With the use of buffering during handover, packet loss during the + actual L2 and L3 handover is eliminated with appropriate and + reasonable settings of the buffering period for both MIP6 and SIP + mobility. In the case of MIP6, there is not a significant difference + in results with and without route optimization. It should be noted + that results with more samples would be necessary for a more detailed + analysis. + + In the case of non-MPA-assisted handover, handover delay and + associated packet loss occur from the moment the link-layer handover + procedure begins, up to successful processing of the binding update. + During this process, IP address acquisitions via DHCP incur the + longest delay. This is due to the detection of duplicate IP + addresses in the network before the DHCP request completes. The + binding update exchange also experiences a long delay if the CN is + too far from the MN. As a result, the non-MPA-assisted handover took + + + +Dutta, et al. Informational [Page 48] + +RFC 6252 MPA Framework June 2011 + + + an average of 4 seconds to complete, with an approximate packet loss + of about 200 packets. The measurement is based on the same traffic + rate and traffic source as the MPA-assisted handover. + +C.5.2. Inter-Technology, Inter-Domain + + Handoff involving heterogeneous access can take place in many + different ways. We limit the experiment to two interfaces, and + therefore results in several possible setup scenarios, depending upon + the activity of the second interface. In one scenario, the second + interface comes up when the link to the first interface goes down. + This is a reactive scenario and usually gives rise to undesirable + packet loss and handoff delay. In a second scenario, the second + interface is being prepared while the mobile node still communicates + using the old interface. Preparation of the second interface should + include setup of all the required state and security associations + (e.g., PPP state, the Link Control Protocol (LCP), the Challenge + Handshake Authentication Protocol (CHAP)). If such a lengthy process + is established ahead of time, it reduces the time taken for the + secondary interface to be attached to the network. After + preparation, the mobile node decides to use the second interface as + the active interface. This results in less packet loss, as it uses + make-before-break techniques. This is a proactive scenario and can + have two "flavors". The first is where both interfaces are up; the + second is when only the old interface is up and the prepared + interface is brought up only when handoff is about to occur. This + scenario may be beneficial from a battery management standpoint. + Devices that operate two interfaces simultaneously can rapidly + deplete their batteries. However, by activating the second interface + only after an appropriate network has been selected, the client may + utilize battery power effectively. + + As compared to non-optimized handover that may result in a delay of + up to 18 sec and loss of 1000 or more packets during the handover + from the wireless LAN (WLAN) to CDMA, we observed 0 packet loss and a + 50-ms handoff delay between the last pre-handoff packet and the first + in-handoff packet. This handoff delay includes the time due to link + down detection and time needed to delete the tunnel after the mobile + node has moved. However, we observed about 10 duplicate packets + because of the copy-and-forward mechanism at the access routers. But + these duplicate packets are usually handled easily by the upper-layer + protocols. + +C.5.3. MPA-Assisted Layer 2 Pre-Authentication + + In this section, we discuss the results obtained from MPA-assisted + layer 2 pre-authentication and compare these with EAP authentication + and IEEE 802.11i's pre-authentication techniques. Figure 8 shows the + + + +Dutta, et al. Informational [Page 49] + +RFC 6252 MPA Framework June 2011 + + + experimental testbed where we have conducted the MPA-assisted + pre-authentication experiment for bootstrapping layer 2 security as + explained in Section 7. By pre-authenticating and pre-configuring + the link, the security association procedure during handoff reduces + to a 4-way handshake only. Then the MN moves to the AP and, after + association, runs a 4-way handshake by using the PSKap (Pre-shared + Key at AP) generated during PANA pre-authentication. At this point, + the handoff is complete. Details of this experimental testbed can be + found in [MOBIQUIT07]. + + +----------------------------+-----------+ +-------------+----------+ + | | | | + | Home Domain +-------++ | | | + | | | | | | + | |AAAHome | | | | + | + | | | | + | +-----+--+ | | | + | | | | Network B | + | Network A | | | | + | /----\ | | /---\ | + | /nAR \ | | / \ | + | | PAA |--------+-+----------+ pAR | | + | \ / | | \ / | + | \----/ | | \-+-/ | + | | | | | | + | +-------------------| | | | | + | | IEEE 802.11i| | | | | + | +------+ +------+ | | +---+--+ | + | | | | | | | | | | + | |AP2 | |AP1 | | | |AP0 | | + | +------+ +------+ | | +------+ | + | +------+ +-----+ | | +-----+ | + | | | | | | | | | | + | |MN +----------->|MN |<+------------- |MN | | + | +------+ +-----+ | | ++----+ | + |----------------------------------------+ +------------+-----------+ + + Figure 8: Experimental Testbed for MPA-Assisted + L2 Pre-Authentication (Non-Roaming) + + + + + + + + + + + + +Dutta, et al. Informational [Page 50] + +RFC 6252 MPA Framework June 2011 + + + +-----------------------------+ + | +--------+ | + | | | | + | | AAAH + | + | | | | + | ++-------+ | + | | | + | | Home AAA Domain | + | | | + +-------+---------------------+ + | + | + | + RADIUS/ | + Diameter | + | + | + +----------------------------+-----------+ +-------------+----------+ + | | | | | + | Roaming +-------++ | | | + | AAA Domain A | | | | | + | | AAAV | | | | + | + | | | | + | Network A +-----+--+ | | Network B | + | | | | | + | | | | | + | /----\ | | /---\ | + | /nAR \ | | / \ | + | | PAA |--------+-+----------+ pAR | | + | \ / | | \ / | + | \----/ | | \-+-/ | + | | | | | | + | +-------------------| | | | | + | | IEEE 802.11i| | | | | + | +------+ +------+ | | +---+--+ | + | | | | | | | | | | + | |AP2 | |AP1 | | | |AP0 | | + | +------+ +------+ | | +------+ | + | +------+ +-----+ | | +-----+ | + | | | | | | | | | | + | |MN +----------->|MN |<---------------| MN | | + | +------+ +-----+ | | ++----+ | + -----------------------------------------+ +------------+-----------+ + + Figure 9: Experimental Testbed for MPA-Assisted + L2 Pre-Authentication (Roaming) + + + + + +Dutta, et al. Informational [Page 51] + +RFC 6252 MPA Framework June 2011 + + + We have experimented with three types of movement scenarios involving + both non-roaming and roaming cases, using the testbeds shown in + Figures 8 and 9, respectively. In the roaming case, the MN is + visiting in a domain different than its home domain. Consequently, + the MN needs to contact the AAA server in the home domain (AAAH) from + its new domain. For the non-roaming case, we assume the MN is moving + within its home domain, and only the local AAA server (AAAHome), + which is the home AAA server for the mobile node, is contacted. + + The first scenario does not involve any pre-authentication. The MN + is initially connected to AP0 and moves to AP1. Because neither + network-layer authentication nor IEEE 802.11i pre-authentication is + used, the MN needs to engage in a full EAP authentication with AP1 to + gain access to the network after the move (post-authentication). + This experiment shows the effect of the absence of any kind of + pre-authentication. + + The second scenario involves 802.11i pre-authentication and involves + movement between AP1 and AP2. In this scenario, the MN is initially + connected to AP2, and starts IEEE 802.11i pre-authentication with + AP1. This is an ideal scenario to compare the values obtained from + 802.11i pre-authentication with that of network-layer assisted + pre-authentication. Both scenarios use RADIUS as the AAA protocol + (APs implement a RADIUS client). The third scenario takes advantage + of network-layer assisted link-layer pre-authentication. It involves + movement between two APs (e.g., between AP0 and AP1) that belong to + two different subnets where 802.11i pre-authentication is not + possible. Here, Diameter is used as the AAA protocol (PAA implements + a Diameter client). + + In the third movement scenario, the MN is initially connected to AP0. + The MN starts PANA pre-authentication with the PAA, which is + co-located on the AR in the new candidate target network (nAR in + network A) from the current associated network (network B). After + authentication, the PAA proactively installs two keys, PSKap1 and + PSKap2, in AP1 and AP2, respectively. By doing the key installations + proactively, the PAA preempts the process of communicating with the + AAA server for the keys after the mobile node moves to the new + network. Finally, because PSKap1 is already installed, AP1 + immediately starts the 4-way handshake. We have used measurement + tools such as ethereal and kismet to analyze the measurements for the + 4-way handshake and PANA authentication. These measurements reflect + different operations involved during network-layer pre- + authentication. + + In our experiment, as part of the discovery phase, we assume that the + MN is able to retrieve the PAA's IP address and all required + information about AP1 and AP2 (e.g., channel, security-related + + + +Dutta, et al. Informational [Page 52] + +RFC 6252 MPA Framework June 2011 + + + parameters, etc.) at some point before the handover. This avoids the + scanning during link-layer handoff. We have applied this assumption + to all three scenarios. Because our focus is on reducing the time + spent on the authentication phase during handoff, we do not discuss + the details of how we avoid the scanning. + + ===================================================================== + Types |802.11i | 802.11i | MPA-assisted + |Post- | Pre- | Layer 2 + |authentication | authentication | Pre-authentication + ===================================================================== + Operation| Non- | Roaming | Non- | Roaming |Non- | Roaming| + | Roaming | | Roaming | |Roaming| | + =================================================================== + Tauth | 61 ms | 599 ms | 99 ms | 638 ms | 177 ms| 831 ms | + ------------------------------------------------------------------- + Tconf | -- | -- | -- | -- | 16 ms | 17ms | + ------------------------------------------------------------------- + Tassoc+ | | | | | | | + 4way | 18 ms | 17 ms | 16 ms | 17 ms | 16 ms | 17 ms | + ------------------------------------------------------------------| + Total | 79 ms | 616 ms | 115 ms | 655 ms | 208 ms| 865 ms | + ------------------------------------------------------------------| + Time | | | | | | | + affecting| 79 ms | 616 ms | 16 ms | 17 ms | 15 ms | 17 ms | + handover | | | | | | | + ------------------------------------------------------------------| + + Figure 10: Results of MPA-Assisted Layer 2 + Pre- and Post-Authentication + + Figure 10 shows the timing (rounded off to the most significant + number) associated with some of the handoff operations we have + measured in the testbed. We describe each of the timing parameters + below. + + "Tauth" refers to the execution of EAP-Transport Layer Security (TLS) + authentication. This time does not distinguish whether this + authentication was performed during pre-authentication or a typical + post-authentication. + + "Tconf" refers to the time spent during PSK generation and + installation after EAP authentication is complete. When network- + layer pre-authentication is not used, this time is not considered. + + "Tassoc+4way" refers to the time dedicated to the completion of the + association and the 4-way handshake with the target AP after the + handoff. + + + +Dutta, et al. Informational [Page 53] + +RFC 6252 MPA Framework June 2011 + + + The first two columns in the figure show the results for non-roaming + and roaming cases, respectively, when no pre-authentication is used + at all. The second two columns depict the same cases when IEEE + 802.11i pre-authentication is used. The last two columns show when + we used network-layer-assisted layer 2 pre-authentication. When pre- + authentication is used, only the factor Tassoc+4way affects the + handoff time. When no pre-authentication is used, the time affecting + the handoff includes Tauth (the complete EAP-TLS authentication) plus + Tassoc+4way. + + That is precisely the time affecting the handoff in the case where + the MN moves from AP0 to AP1 in the absence of pre-authentication. + As it is seen, these delays are not suitable for real-time + applications. Indeed, for the non-roaming case, we obtained a ~80-ms + delay for re-establishing the connection with target AP1. It takes + about 600 ms to complete the handoff when the MN moves to a visited + domain and the home AAA server is located far away. However, + network-layer pre-authentication is only affected by Tassoc+4way + (~17 ms) involving any kind of handoff authentication. As is + evident, IEEE 802.11i pre-authentication provides a comparable + benefit (~16 ms) in terms of handoff but is limited to cases when APs + are in the same Distribution System (DS). Additionally, network- + layer pre-authentication leverages a single EAP authentication to + bootstrap security in several target APs by allowing the MN to move + among APs under the same PAA without running EAP and consequently + without contacting the AAA server. In this sense, it extends IEEE + 802.11r advantages over IEEE 802.11i by allowing inter-subnet and + inter-domain and even inter-technology handoffs. + +C.6. Guidelines for Handover Preparation + + In this section, we provide some guidelines for the roaming clients + that use pre-authentication mechanisms to reduce the handoff delay. + These guidelines can help determine the extent of the + pre-authentication operation that is needed based on a specific type + of movement of the client. IEEE 802.11i and 802.11r take advantage + of the pre-authentication mechanism at layer 2. Thus, many of the + guidelines observed for 802.11i-based pre-authentication and 802.11r- + based fast roaming could also be applicable to the clients that use + MPA-based pre-authentication techniques. However, since MPA + operations are not limited to a specific subnet and involve inter- + subnet and inter-domain handover, the guidelines need to take into + account other factors, such as movement pattern of the mobile node, + cell size, etc. + + + + + + + +Dutta, et al. Informational [Page 54] + +RFC 6252 MPA Framework June 2011 + + + The time needed to complete the pre-authentication mechanism is an + important parameter, since the mobile node needs to determine how + much ahead of time the mobile node needs to start the + pre-authentication process so that it can finish the desired + operations before the handover to the target network starts. The + pre-authentication time will vary, depending upon the speed of the + mobile node (e.g., pedestrian vs. vehicular) and cell sizes (e.g., + WiFi, Cellular). Cell residence time is defined as the average time + the mobile node stays in the cell before the next handoff takes + place. Cell residence time is dependent upon the coverage area and + velocity of the mobile node. Thus, cell residence time is an + important factor in determining the desirable pre-authentication time + that a mobile node should consider. + + Since the pre-authentication operation involves six steps as + described in Section 6.3 and each step takes some discrete amount of + time, only part of these sub-operations may be completed before + handoff, depending upon the available delay budget. + + For example, a mobile node could complete only network discovery and + the network-layer authentication process before the handoff and + postpone the rest of the operations until after the handover is + complete. On the other hand, if it is a slow-moving vehicle and the + adjacent cells are sparsely spaced, a mobile node could complete all + the desired MPA-related operations. Finishing all the MPA-related + operations ahead of time reduces the handoff delay but adds other + constraints, such as cell residence time. + + We give a numerical example here, similar to [MISHRA04]. + + D = Coverage diameter + + v = Mobile node's velocity + + RTT = round trip time from AP to AAA server, including processing + time for authentication (Tauth) + + Tpsk = Time spent to install keys proactively on the target APs + + If for a given value of D = 100 ft, Tpsk = 10 ms, and RTT = 100 ms, a + mobile node needs to execute only the pre-authentication procedure + associated with MPA, then the following can be calculated for a + successful MPA procedure before the handoff is complete. + + 2RTT + Tpsk < D/v + + v = 100 ft/(200 ms + 10 ms) = ~500 ft/sec + + + + +Dutta, et al. Informational [Page 55] + +RFC 6252 MPA Framework June 2011 + + + Similarly, for a similar cell size, if the mobile node is involved in + both pre-authentication and pre-configuration operations as part of + the MPA procedure, and it takes an amount of time Tconf = 190 ms to + complete the layer 3 configuration including IP address + configuration, then for a successful MPA operation, + + 2RTT + Tpsk + Tconf < D/v + + v = 100 ft/(200 ms + 10 ms + 190 ms) = ~250 ft/sec + + Thus, compared to only the pre-authentication part of the MPA + operation, in order to be able to complete both pre-authentication + and pre-configuration operations successfully, either the mobile node + needs to move at a slower pace or it needs to expedite these + operations for this given cell size. Thus, types of MPA operations + will be constrained by the velocity of the mobile node. + + As an alternative, if a mobile node does complete all of the + pre-authentication procedure well ahead of time, it uses up the + resources accordingly by way of an extra IP address, tunnel, and + extra bandwidth. Thus, there is always a tradeoff between the + performance benefit obtained from the pre-authentication mechanism + and network characteristics, such as movement speed, cell size, and + resources utilized. + + + + + + + + + + + + + + + + + + + + + + + + + + + +Dutta, et al. Informational [Page 56] + +RFC 6252 MPA Framework June 2011 + + +Authors' Addresses + + Ashutosh Dutta (editor) + NIKSUN + 100 Nassau Park Blvd. + Princeton, NJ 08540 + USA + + EMail: ashutosh.dutta@ieee.org + + + Victor Fajardo + NIKSUN + 100 Nassau Park Blvd. + Princeton, NJ 08540 + USA + + EMail: vf0213@gmail.com + + + Yoshihiro Ohba + Corporate R&D Center, Toshiba Corporation + 1 Komukai-Toshiba-cho, Saiwai-ku + Kawasaki, Kanagawa 212-0001 + Japan + + EMail: yoshihiro.ohba@toshiba.co.jp + + + Kenichi Taniuchi + Toshiba Corporation + 2-9 Suehiro-cho + Ome, Tokyo 198-8710 + Japan + + EMail: kenichi.taniuchi@toshiba.co.jp + + + Henning Schulzrinne + Columbia University + Department of Computer Science + 450 Computer Science Building + New York, NY 10027 + USA + + Phone: +1 212 939 7004 + EMail: hgs@cs.columbia.edu + + + + +Dutta, et al. Informational [Page 57] + -- cgit v1.2.3