1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
|
Network Working Group J. Arkko
Request for Comments: 3776 Ericsson
Category: Standards Track V. Devarapalli
Nokia Research Center
F. Dupont
GET/ENST Bretagne
June 2004
Using IPsec to Protect Mobile IPv6 Signaling Between
Mobile Nodes and Home Agents
Status of this Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2004).
Abstract
Mobile IPv6 uses IPsec to protect signaling between the home agent
and the mobile node. Mobile IPv6 base document defines the main
requirements these nodes must follow. This document discusses these
requirements in more depth, illustrates the used packet formats,
describes suitable configuration procedures, and shows how
implementations can process the packets in the right order.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . 5
3. Packet Formats . . . . . . . . . . . . . . . . . . . . . . . 5
3.1 Binding Updates and Acknowledgements . . . . . . . . . 5
3.2 Return Routability Signaling . . . . . . . . . . . . . 7
3.3 Prefix Discovery . . . . . . . . . . . . . . . . . . . 8
3.4 Payload Packets . . . . . . . . . . . . . . . . . . . 9
4. Requirements . . . . . . . . . . . . . . . . . . . . . . . . 9
4.1 Mandatory Support . . . . . . . . . . . . . . . . . . 10
4.2 Policy Requirements . . . . . . . . . . . . . . . . . 10
4.3 IPsec Protocol Processing . . . . . . . . . . . . . . 13
4.4 Dynamic Keying . . . . . . . . . . . . . . . . . . . . 15
5. Example Configurations . . . . . . . . . . . . . . . . . . . 16
Arkko, et al. Standards Track [Page 1]
^L
RFC 3776 Home Agent IPsec June 2004
5.1 Format . . . . . . . . . . . . . . . . . . . . . . . . 17
5.2 Manual Configuration . . . . . . . . . . . . . . . . . 18
5.2.1 Binding Updates and Acknowledgements . . . . . . 18
5.2.2 Return Routability Signaling . . . . . . . . . . 19
5.2.3 Prefix Discovery . . . . . . . . . . . . . . . . 20
5.2.4 Payload Packets . . . . . . . . . . . . . . . . 21
5.3 Dynamic Keying . . . . . . . . . . . . . . . . . . . . 22
5.3.1 Binding Updates and Acknowledgements . . . . . . 22
5.3.2 Return Routability Signaling . . . . . . . . . . 23
5.3.3 Prefix Discovery . . . . . . . . . . . . . . . . 24
5.3.4 Payload Packets . . . . . . . . . . . . . . . . 25
6. Processing Steps within a Node . . . . . . . . . . . . . . . 25
6.1 Binding Update to the Home Agent . . . . . . . . . . . 25
6.2 Binding Update from the Mobile Node . . . . . . . . . 26
6.3 Binding Acknowledgement to the Mobile Node . . . . . . 27
6.4 Binding Acknowledgement from the Home Agent . . . . . 28
6.5 Home Test Init to the Home Agent . . . . . . . . . . . 29
6.6 Home Test Init from the Mobile Node . . . . . . . . . 30
6.7 Home Test to the Mobile Node . . . . . . . . . . . . . 30
6.8 Home Test from the Home Agent . . . . . . . . . . . . 31
6.9 Prefix Solicitation Message to the Home Agent . . . . 31
6.10 Prefix Solicitation Message from the Mobile Node . . . 31
6.11 Prefix Advertisement Message to the Mobile Node . . . 32
6.12 Prefix Advertisement Message from the Home Agent . . . 32
6.13 Payload Packet to the Home Agent . . . . . . . . . . . 32
6.14 Payload Packet from the Mobile Node . . . . . . . . . 32
6.15 Payload Packet to the Mobile Node . . . . . . . . . . 32
6.16 Payload Packet from the Home Agent . . . . . . . . . . 32
6.17 Establishing New Security Associations . . . . . . . . 32
6.18 Rekeying Security Associations . . . . . . . . . . . . 33
6.19 Movements and Dynamic Keying . . . . . . . . . . . . . 34
7. Implementation Considerations . . . . . . . . . . . . . . . 35
7.1 IPsec . . . . . . . . . . . . . . . . . . . . . . . . 35
7.2 IKE . . . . . . . . . . . . . . . . . . . . . . . . . 36
7.3 Bump-in-the-Stack . . . . . . . . . . . . . . . . . . 37
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . 37
9. Security Considerations . . . . . . . . . . . . . . . . . . 37
10 References . . . . . . . . . . . . . . . . . . . . . . . . . 38
10.1 Normative References . . . . . . . . . . . . . . . . . 38
10.2 Informative References . . . . . . . . . . . . . . . . 38
11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 39
12. Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 39
13. Full Copyright Statement . . . . . . . . . . . . . . . . . . 40
Arkko, et al. Standards Track [Page 2]
^L
RFC 3776 Home Agent IPsec June 2004
1. Introduction
This document illustrates the use of IPsec in securing Mobile IPv6
[7] traffic between mobile nodes and home agents. In Mobile IPv6, a
mobile node is always expected to be addressable at its home address,
whether it is currently attached to its home link or is away from
home. The "home address" is an IP address assigned to the mobile
node within its home subnet prefix on its home link. While a mobile
node is at home, packets addressed to its home address are routed to
the mobile node's home link.
While a mobile node is attached to some foreign link away from home,
it is also addressable at a care-of address. A care-of address is an
IP address associated with a mobile node that has a subnet prefix
from a particular foreign link. The association between a mobile
node's home address and care-of address is known as a "binding" for
the mobile node. While away from home, a mobile node registers its
primary care-of address with a router on its home link, requesting
this router to function as the "home agent" for the mobile node. The
mobile node performs this binding registration by sending a "Binding
Update" message to the home agent. The home agent replies to the
mobile node by returning a "Binding Acknowledgement" message.
Any other nodes communicating with a mobile node are referred to as
"correspondent nodes". Mobile nodes can provide information about
their current location to correspondent nodes, again using Binding
Updates and Acknowledgements. Additionally, return routability test
is performed between the mobile node, home agent, and the
correspondent node in order to authorize the establishment of the
binding. Packets between the mobile node and the correspondent node
are either tunneled via the home agent, or sent directly if a binding
exists in the correspondent node for the current location of the
mobile node.
Mobile IPv6 tunnels payload packets between the mobile node and the
home agent in both directions. This tunneling uses IPv6
encapsulation [6]. Where these tunnels need to be secured, they are
replaced by IPsec tunnels [2].
Mobile IPv6 also provides support for the reconfiguration of the home
network. Here, the home subnet prefixes may change over time.
Mobile nodes can learn new information about home subnet prefixes
through the "prefix discovery" mechanism.
This document discusses security mechanisms for the control traffic
between the mobile node and the home agent. If this traffic is not
protected, mobile nodes and correspondent nodes are vulnerable to
man-in-the-middle, hijacking, passive wiretapping, impersonation, and
Arkko, et al. Standards Track [Page 3]
^L
RFC 3776 Home Agent IPsec June 2004
denial-of-service attacks. Any third parties are also vulnerable to
denial-of-service attacks, for instance if an attacker could direct
the traffic flowing through the home agent to a innocent third party.
These attacks are discussed in more detail in Section 15.1 of the
Mobile IPv6 base specification [7].
In order to avoid these attacks, the base specification uses IPsec
Encapsulating Security Payload (ESP) [3] to protect control traffic
between the home agent and the mobile node. This control traffic
consists of various messages carried by the Mobility Header protocol
in IPv6 [5]. The traffic takes the following forms:
o Binding Update and Acknowledgement messages exchanged between the
mobile node and the home agent, as described in Sections 10.3.1,
10.3.2, 11.7.1, and 11.7.3 of the base specification [7].
o Return routability messages Home Test Init and Home Test that pass
through the home agent on their way to a correspondent node, as
described in Section 10.4.6 of the base specification [7].
o ICMPv6 messages exchanged between the mobile node and the home
agent for the purposes of prefix discovery, as described in
Sections 10.6 and 11.4 of the base specification [7].
The nodes may also optionally protect payload traffic passing through
the home agent, as described in Section 5.5 of the base specification
[7]. If multicast group membership control protocols or stateful
address autoconfiguration protocols are supported, payload data
protection support is required.
The control traffic between the mobile node and the home agent
requires message authentication, integrity, correct ordering and
anti-replay protection. The mobile node and the home agent must have
an IPsec security association to protect this traffic. IPsec does
not proving correct ordering of messages. Correct ordering of the
control traffic is ensured by a sequence number in the Binding Update
and Binding Acknowledgement messages. The sequence number in the
Binding Updates also provides protection to a certain extent. It
fails in some scenarios, for example, if the Home Agent loses the
Binding Cache state. Full protection against replay attacks is
possible only when IKE is used.
Great care is needed when using IKE [4] to establish security
associations to Mobile IPv6 home agents. The right kind of addresses
must be used for transporting IKE. This is necessary to avoid
circular dependencies in which the use of a Binding Update triggers
the need for an IKE exchange that cannot complete prior to the
Binding Update having been completed.
Arkko, et al. Standards Track [Page 4]
^L
RFC 3776 Home Agent IPsec June 2004
The mobile IPv6 base document defines the main requirements the
mobile nodes and home agents must follow when securing the above
traffic. This document discusses these requirements in more depth,
illustrates the used packet formats, describes suitable configuration
procedures, and shows how implementations can process the packets in
the right order.
We begin our description by showing the required wire formats for the
protected packets in Section 3. Section 4 describes rules which
associated Mobile IPv6, IPsec, and IKE implementations must observe.
Section 5 discusses how to configure either manually keyed IPsec
security associations or how to configure IKE to establish them
automatically. Section 6 shows examples of how packets are processed
within the nodes.
All implementations of Mobile IPv6 mobile node and home agent MUST
support at least the formats described in Section 3 and obey the
rules in Section 4.
The configuration and processing sections are informative, and should
only be considered as one possible way of providing the required
functionality.
Note that where this document indicates a feature MUST be supported
and SHOULD be used, this implies that all implementations must be
capable of using the specified feature, but there may be cases where,
for instance, a configuration option disables to use of the feature
in a particular situation.
2. Terminology
The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [1].
3. Packet Formats
3.1. Binding Updates and Acknowledgements
When the mobile node is away from its home, the BUs sent by it to the
home agent MUST support at least the following headers in the
following order:
IPv6 header (source = care-of address,
destination = home agent)
Destination Options header
Home Address option (home address)
ESP header in transport mode
Arkko, et al. Standards Track [Page 5]
^L
RFC 3776 Home Agent IPsec June 2004
Mobility header
Binding Update
Alternate Care-of Address option (care-of address)
Note that the Alternate Care-of Address option is used to ensure that
the care-of address is protected by ESP. The home agent considers
the address within this option as the current care-of address for the
mobile node. The home address is not protected by ESP directly, but
the use of a specific home address with a specific security
association is required by policy.
The Binding Acknowledgements sent back to the mobile node when it is
away from home MUST support at least the following headers in the
following order:
IPv6 header (source = home agent,
destination = care-of address)
Routing header (type 2)
home address
ESP header in transport mode
Mobility header
Binding Acknowledgement
When the mobile node is at home, the above rules are different as the
mobile node can use its home address as a source address. This
typically happens for the de-registration Binding Update when the
mobile is returning home. In this situation, the Binding Updates
MUST support at least the following headers in the following order:
IPv6 header (source = home address,
destination = home agent)
ESP header in transport mode
Mobility header
Binding Update
The Binding Acknowledgement messages sent to the home address MUST
support at least the following headers in the following order:
IPv6 header (source = home agent,
destination = home address)
ESP header in transport mode
Mobility header
Binding Acknowledgement
Arkko, et al. Standards Track [Page 6]
^L
RFC 3776 Home Agent IPsec June 2004
3.2. Return Routability Signaling
When the Home Test Init messages tunneled to the home agent are
protected by IPsec, they MUST support at least the following headers
in the following order:
IPv6 header (source = care-of address,
destination = home agent)
ESP header in tunnel mode
IPv6 header (source = home address,
destination = correspondent node)
Mobility Header
Home Test Init
This format assumes that the mobile node's current care-of address is
used as the outer header destination address in the security
association. As discussed in Section 4.3, this requires the home
agent to update the destination address when the mobile node moves.
Policy entries and security association selectors stay the same,
however, as the inner packets do not change upon movements.
Note that there are trade-offs in using care-of addresses as the
destination addresses versus using the home address and attaching an
additional Home Address destination option and/or Routing header to
the packets. The basis for requiring support for at least the
care-of address case has been discussed in Section 7.
Similarly, when the Home Test messages tunneled from the home agent
are protected by IPsec, they MUST support at least the following
headers in the following order:
IPv6 header (source = home agent,
destination = care-of address)
ESP header in tunnel mode
IPv6 header (source = correspondent node,
destination = home address)
Mobility Header
Home Test
The format used to protect return routability packets relies on the
destination of the tunnel packets to change for the mobile node as it
moves. The home agent's address stays the same, but the mobile
node's address changes upon movements, as if the security
association's outer header destination address had changed. When the
mobile node adopts a new care-of address, it adopts also a new source
address for outgoing tunnel packets. The home agent accepts packets
sent like this, as the outer source address in tunnel packets is not
checked according to the rules in RFC 2401. (We note, however, that
Arkko, et al. Standards Track [Page 7]
^L
RFC 3776 Home Agent IPsec June 2004
some implementations are known to make source address checks.) For a
discussion of the role of source addresses in outer tunnel headers,
see Section 5.1.2.1 of RFC 2401 [2]. Note also that the home agent
requires the packets to be authenticated regardless of the source
address change, hence the "new" sender must possess the same keys for
the security association as it had in the previous location. This
proves that the sender is the same entity, regardless of the changes
in the addresses.
The process is more complicated in the home agent side, as the home
agent has stored the previous care-of address in its Security
Association Database as the outer header destination address. When
IKE is being used, the mobile node runs it on top of its current
care-of address, and the resulting tunnel-mode security associations
will use the same addresses as IKE run over. In order for the home
agent to be able to tunnel a Home Test message to the mobile node, it
uses the current care-of address as the destination of the tunnel
packets, as if the home agent had modified the outer header
destination address in the security association used for this
protection. This implies that the same security association can be
used in multiple locations, and no new configuration or
re-establishment of IKE phases is needed per movement. Section 5.2.2
discusses the security policy and security association database
entries that are needed to accomplish this.
3.3. Prefix Discovery
If IPsec is used to protect prefix discovery, requests for prefixes
from the mobile node to the home agent MUST support at least the
following headers in the following order.
IPv6 header (source = care-of address,
destination = home agent)
Destination Options header
Home Address option (home address)
ESP header in transport mode
ICMPv6
Mobile Prefix Solicitation
Again if IPsec is used, solicited and unsolicited prefix information
advertisements from the home agent to the mobile node MUST support at
least the following headers in the following order.
IPv6 header (source = home agent,
destination = care-of address)
Routing header (type 2)
home address
ESP header in transport mode
Arkko, et al. Standards Track [Page 8]
^L
RFC 3776 Home Agent IPsec June 2004
ICMPv6
Mobile Prefix Advertisement
3.4. Payload Packets
If IPsec is used to protect payload packets tunneled to the home
agent from the mobile node, we use a format similar to the one in
Section 3.2. However, instead of the MobilityHeader, these packets
may contain any legal IPv6 protocol(s):
IPv6 header (source = care-of address,
destination = home agent)
ESP header in tunnel mode
IPv6 header (source = home address,
destination = correspondent node)
Any protocol
Similarly, when the payload packets are tunneled from the home agent
to the mobile node with ESP encapsulation, they MUST support at least
the following headers in the following order:
IPv6 header (source = home agent,
destination = care-of address)
ESP header in tunnel mode
IPv6 header (source = correspondent node,
destination = home address)
Any protocol
4. Requirements
This section describes mandatory rules for all Mobile IPv6 mobile
nodes and home agents. These rules are necessary in order for it to
be possible to enable IPsec communications despite movements,
guarantee sufficient security, and to ensure correct processing order
of packets.
The rules in the following sections apply only to the communications
between home agents and mobile nodes. They should not be taken as
requirements on how IPsec in general is used by mobile nodes.
Arkko, et al. Standards Track [Page 9]
^L
RFC 3776 Home Agent IPsec June 2004
4.1. Mandatory Support
The following requirements apply to both home agents and mobile
nodes:
o Manual configuration of IPsec security associations MUST be
supported. The configuration of the keys is expected to take
place out-of-band, for instance at the time the mobile node is
configured to use its home agent.
o Automatic key management with IKE [4] MAY be supported. Only
IKEv1 is discussed in this document. Other automatic key
management mechanisms exist and will appear beyond IKEv1, but this
document does not address the issues related to them.
o ESP encapsulation of Binding Updates and Acknowledgements between
the mobile node and home agent MUST be supported and MUST be used.
o ESP encapsulation of the Home Test Init and Home Test messages
tunneled between the mobile node and home agent MUST be supported
and SHOULD be used.
o ESP encapsulation of the ICMPv6 messages related to prefix
discovery MUST be supported and SHOULD be used.
o ESP encapsulation of the payload packets tunneled between the
mobile node and home agent MAY be supported and used.
o If multicast group membership control protocols or stateful
address autoconfiguration protocols are supported, payload data
protection MUST be supported for those protocols.
4.2. Policy Requirements
The following requirements apply to both home agents and mobile
nodes:
o As required in the base specification [7], when a packet destined
to the receiving node is matched against IPsec security policy or
selectors of a security association, an address appearing in a
Home Address destination option is considered as the source
address of the packet.
Note that the home address option appears before IPsec headers.
Section 11.3.2 of the base specification describes one possible
implementation approach for this: The IPsec policy operations can
be performed at the time when the packet has not yet been modified
per Mobile IPv6 rules, or has been brought back to its normal form
Arkko, et al. Standards Track [Page 10]
^L
RFC 3776 Home Agent IPsec June 2004
after Mobile IPv6 processing. That is, the processing of the Home
Address option is seen as a fixed transformation of the packets
that does not affect IPsec processing.
o Similarly, a home address within a Type 2 Routing header destined
to the receiving node is considered as the destination address of
the packet, when a packet is matched against IPsec security policy
or selectors of a security association.
Similar implementation considers apply to the Routing header
processing as was described above for the Home Address destination
option.
o When IPsec is used to protect return routability signaling or
payload packets, this protection MUST only be applied to the
return routability packets entering the IPv6 encapsulated tunnel
interface between the mobile node and the home agent. This can be
achieved, for instance, by defining the security policy database
entries specifically for the tunnel interface. That is, the
policy entries are not generally applied on all traffic on the
physical interface(s) of the nodes, but rather only on traffic
that enters this tunnel.
o The authentication of mobile nodes MAY be based either on machine
or user credentials. Note that multi-user operating systems
typically allow all users of a node to use any of the IP addresses
assigned to the node. This limits the capability of the home
agent to restrict the use of a home address to a particular user
in such environment. Where user credentials are applied in a
multi-user environment, the configuration should authorize all
users of the node to control all home addresses assigned to the
node.
o When the mobile node returns home and de-registers with the Home
Agent, the tunnel between the home agent and the mobile node's
care-of address is torn down. The security policy entries, which
were used for protecting tunneled traffic between the mobile node
and the home agent MUST be made inactive (for instance, by
removing them and installing them back later through an API). The
corresponding security associations could be kept as they are or
deleted depending on how they were created. If the security
associations were created dynamically using IKE, they are
automatically deleted when they expire. If the security
associations were created through manual configuration, they MUST
be retained and used later when the mobile node moves away from
home again. The security associations protecting Binding Updates
and Acknowledgements, and prefix discovery SHOULD NOT be deleted
as they do not depend on care-of addresses and can be used again.
Arkko, et al. Standards Track [Page 11]
^L
RFC 3776 Home Agent IPsec June 2004
The following rules apply to mobile nodes:
o The mobile node MUST use the Home Address destination option in
Binding Updates and Mobile Prefix Solicitations, sent to the home
agent from a care-of address.
o When the mobile node receives a changed set of prefixes from the
home agent during prefix discovery, there is a need to configure
new security policy entries, and there may be a need to configure
new security associations. It is outside the scope of this
specification to discuss automatic methods for this.
The following rules apply to home agents:
o The home agent MUST use the Type 2 Routing header in Binding
Acknowledgements and Mobile Prefix Advertisements sent to the
mobile node, again due to the need to have the home address
visible when the policy checks are made.
o It is necessary to avoid the possibility that a mobile node could
use its security association to send a Binding Update on behalf of
another mobile node using the same home agent. In order to do
this, the security policy database entries MUST unequivocally
identify a single security association for protecting Binding
Updates between any given home address and home agent when
manually keyed IPsec security associations are used. When dynamic
keying is used, the security policy database entries MUST
unequivocally identify the IKE phase 1 credentials which can be
used to authorize the creation of security associations for
protecting Binding Updates for a particular home address. How
these mappings are maintained is outside the scope of this
specification, but they may be maintained, for instance, as a
locally administered table in the home agent. If the phase 1
identity is a Fully Qualified Domain Name (FQDN), secure forms of
DNS may also be used.
o When the set of prefixes advertised by the home agent changes,
there is a need to configure new security policy entries, and
there may be a need to configure new security associations. It is
outside the scope of this specification to discuss automatic
methods for this, if new home addresses are required.
Arkko, et al. Standards Track [Page 12]
^L
RFC 3776 Home Agent IPsec June 2004
4.3. IPsec Protocol Processing
The following requirements apply to both home agents and mobile
nodes:
o When securing Binding Updates, Binding Acknowledgements, and
prefix discovery, both the mobile nodes and the home agents MUST
support and SHOULD use the Encapsulating Security Payload (ESP)
[3] header in transport mode and MUST use a non-null payload
authentication algorithm to provide data origin authentication,
connectionless integrity and optional anti-replay protection.
Mandatory support for encryption and integrity protection
algorithms is as defined in RFC 2401 [2], RFC 2402 [8], and RFC
2406 [3]. Care is needed when selecting suitable encryption
algorithms for ESP, however. Currently available integrity
protection algorithms are in general considered to be secure. The
encryption algorithm, DES, mandated by the current IPsec standards
is not, however. This is particularly problematic when IPsec
security associations are configured manually, as the same key is
used for a long time.
o Tunnel mode IPsec ESP MUST be supported and SHOULD be used for the
protection of packets belonging to the return routability
procedure. A non-null encryption transform and a non-null
authentication algorithm MUST be applied.
Note that the return routability procedure involves two message
exchanges from the mobile node to the correspondent node. The
purpose of these exchanges is to assure that the mobile node is
live at the claimed home and care-of addresses. One of the
exchanges is sent directly to and from the correspondent node,
while another one is tunneled through the home agent. If an
attacker is on the mobile node's link and the mobile node's
current link is an unprotected wireless link, the attacker would
able to see both sets of messages, and launch attacks based on it
(these attacks are discussed further in Section 15.4 of the base
specification [7].) One can prevent the attack by making sure
that the packets tunneled through the home agent are encrypted.
Note that this specification concerns itself only with on-the-wire
formats, and does not dictate specific implementations mechanisms.
In the case of IPsec tunnel mode, the use of IP-in-IP
encapsulation followed by IPsec transport mode encapsulation may
also be possible.
Arkko, et al. Standards Track [Page 13]
^L
RFC 3776 Home Agent IPsec June 2004
The following rules apply to mobile nodes:
o When ESP is used to protect Binding Updates, there is no
protection for the care-of address which appears in the IPv6
header outside the area protected by ESP. It is important for the
home agent to verify that the care-of address has not been
tampered with. As a result, the attacker would have redirected
the mobile node's traffic to another address. In order to prevent
this, Mobile IPv6 implementations MUST use the Alternate Care-of
Address mobility option in Binding Updates sent by mobile nodes
while away from home. The exception to this is when the mobile
node returns home and sends a Binding Update to the home agent in
order to de-register. In this case no Alternate Care-of Address
option is needed, as described in Section 3.1.
When IPsec is used to protect return routability signaling or
payload packets, the mobile node MUST set the source address it
uses for the outgoing tunnel packets to the current primary care-
of address. The mobile node starts to use a new primary care-of
address immediately after sending a Binding Update to the home
agent to register this new address. Similarly, it starts to use
the new address as the required destination address of tunneled
packets received from the home agent.
The following rules apply to home agents:
o When IPsec is used to protect return routability signaling or
payload packets, IPsec security associations are needed to provide
this protection. When the care-of address for the mobile node
changes as a result of an accepted Binding Update, special
treatment is needed for the next packets sent using these security
associations. The home agent MUST set the new care-of address as
the destination address of these packets, as if the outer header
destination address in the security association had changed.
Similarly, the home agent starts to expect the new source address
in the tunnel packets received from the mobile node.
Such address changes can be implemented, for instance, through an
API from the Mobile IPv6 implementation to the IPsec
implementation. It should be noted that the use of such an API
and the address changes MUST only be done based on the Binding
Updates received by the home agent and protected by the use of
IPsec. Address modifications based on other sources, such as
Binding Updates to the correspondent nodes protected by return
routability, or open access to an API from any application may
result in security vulnerabilities.
Arkko, et al. Standards Track [Page 14]
^L
RFC 3776 Home Agent IPsec June 2004
4.4. Dynamic Keying
The following requirements apply to both home agents and mobile
nodes:
o If anti-replay protection is required, dynamic keying MUST be
used. IPsec can provide anti-replay protection only if dynamic
keying is used (which may not always be the case). IPsec also
does not guarantee correct ordering of packets, only that they
have not been replayed. Because of this, sequence numbers within
the Mobile IPv6 messages are used to ensure correct ordering.
However, if the 16 bit Mobile IPv6 sequence number space is cycled
through, or the home agent reboots and loses its state regarding
the sequence numbers, replay and reordering attacks become
possible. The use of dynamic keying, IPsec anti-replay
protection, and the Mobile IPv6 sequence numbers can together
prevent such attacks.
o If IKE version 1 is used with preshared secrets in main mode, it
determines the shared secret to use from the IP address of the
peer. With Mobile IPv6, however, this may be a care-of address
and does not indicate which mobile node attempts to contact the
home agent. Therefore, if preshared secret authentication is used
in IKEv1 between the mobile node and the home agent then
aggressive mode MUST be used. Note also that care needs to be
taken with phase 1 identity selection. Where the ID_IPV6_ADDR
Identity Payloads is used, unambiguous mapping of identities to
keys is not possible. (The next version of IKE may not have these
limitations.)
Note that the difficulties with main mode and preshared secrets in
IKE version 1 are well known for dynamic addresses. With static
addresses, there has not been a problem. With Mobile IPv6, however,
the use of the care-of addresses to run IKE to the home agent
presents a problem even when the home address stays stable. Further
discussion about the use of care-of addresses in this way appears in
Section 7.
The following rules apply to mobile nodes:
o In addition to the rules above, if dynamic keying is used, the key
management protocol MUST use the care-of address as the source
address in the protocol exchanges with the mobile node's home
agent.
Arkko, et al. Standards Track [Page 15]
^L
RFC 3776 Home Agent IPsec June 2004
o However, the IPsec security associations with the mobile node's
home agent use home addresses. That is, the IPsec security
associations MUST be requested from the key management protocol
using the home address of the mobile node as the client identity.
The security associations for protecting Binding Updates and
Acknowledgements are requested for the Mobility header protocol in
transport mode and for specific IP addresses as endpoints. No
other selectors are used. Similarly, the security associations
for protecting prefix discovery are requested for the ICMPv6
protocol and the specific IP addresses, again without other
selectors. Security associations for payload and return
routability protection are requested for a specific tunnel
interface and either the payload protocol or the Mobility header
protocol, in tunnel mode. In this case one requested endpoint is
an IP address and the other one is a wildcard, and there are no
other selectors.
o If the mobile node has used IKE version 1 to establish security
associations with its home agent, it should follow the procedures
discussed in Section 11.7.1 and 11.7.3 of the base specification
[7] to determine whether the IKE endpoints can be moved or if IKE
phase 1 has to be re-established.
The following rules apply to home agents:
o If the home agent has used IKE version 1 to establish security
associations with the mobile node, it should follow the procedures
discussed in Section 10.3.1 and 10.3.2 of the base specification
[7] to determine whether the IKE endpoints can be moved or if IKE
phase 1 has to be re-established.
5. Example Configurations
In the following we describe the Security Policy Database (SPD) and
Security Association Database (SAD) entries necessary to protect
Binding Updates and Binding Acknowledgements exchanged between the
mobile node and the home agent.
Section 5.1 introduces the format we use in the description of the
SPD and the SAD. Section 5.2 describes how to configure manually
keyed IPsec security associations without dynamic keying, and Section
5.3 describes how to use dynamic keying.
Arkko, et al. Standards Track [Page 16]
^L
RFC 3776 Home Agent IPsec June 2004
5.1. Format
The format used in the examples is as follows. The SPD description
has the format
<node> "SPD OUT:"
"-" <spdentry>
"-" <spdentry>
...
"-" <spdentry>
<node> "SPD IN:"
"-" <spdentry>
"-" <spdentry>
...
"-" <spdentry>
Where <node> represents the name of the node, and <spdentry> has the
following format:
"IF" <condition> "THEN USE SA " <sa> |
"IF" <condition> "THEN USE SA " <pattern> |
Where <condition> is a boolean expression about the fields of the
IPv6 packet, <sa> is the name of a specific security association, and
<pattern> is a specification for a security association to be
negotiated via IKE [4]. The SAD description has the format
<node> "SAD:"
"-" <sadentry>
"-" <sadentry>
...
"-" <sadentry>
Where <node> represents the name of the node, and <sadentry> has the
following format:
<sa> "(" <dir> ","
<spi> ","
<destination> ","
<ipsec-proto> ","
<mode> ")" ":"
<rule>
Arkko, et al. Standards Track [Page 17]
^L
RFC 3776 Home Agent IPsec June 2004
Where <dir> is "IN" or "OUT", <spi> is the SPI of the security
association, <destination> is its destination, <ipsec-proto> is in
our case "ESP", <mode> is either "TUNNEL" or "TRANSPORT", and <rule>
is an expression which describes the IPsec selectors, i.e., which
fields of the IPv6 packet must have which values.
We will be using an example mobile node in this section with the home
address "home_address_1". The user's identity in this mobile node is
"user_1". The home agent's address is "home_agent_1".
5.2. Manual Configuration
5.2.1. Binding Updates and Acknowledgements
Here are the contents of the SPD and SAD for protecting Binding
Updates and Acknowledgements:
mobile node SPD OUT:
- IF source = home_address_1 & destination = home_agent_1 &
proto = MH
THEN USE SA SA1
mobile node SPD IN:
- IF source = home_agent_1 & destination = home_address_1 &
proto = MH
THEN USE SA SA2
mobile node SAD:
- SA1(OUT, spi_a, home_agent_1, ESP, TRANSPORT):
source = home_address_1 & destination = home_agent_1 &
proto = MH
- SA2(IN, spi_b, home_address_1, ESP, TRANSPORT):
source = home_agent_1 & destination = home_address_1 &
proto = MH
home agent SPD OUT:
- IF source = home_agent_1 & destination = home_address_1 &
proto = MH
THEN USE SA SA2
home agent SPD IN:
- IF source = home_address_1 & destination = home_agent_1 &
proto = MH
THEN USE SA SA1
home agent SAD:
- SA2(OUT, spi_b, home_address_1, ESP, TRANSPORT):
source = home_agent_1 & destination = home_address_1 &
Arkko, et al. Standards Track [Page 18]
^L
RFC 3776 Home Agent IPsec June 2004
proto = MH
- SA1(IN, spi_a, home_agent_1, ESP, TRANSPORT):
source = home_address_1 & destination = home_agent_1 &
proto = MH
In the above, "MH" refers to the protocol number for the Mobility
Header [7].
5.2.2. Return Routability Signaling
In the following we describe the necessary SPD and SAD entries to
protect return routability signaling between the mobile node and the
home agent. Note that the rules in the SPD are ordered, and the ones
in the previous section must take precedence over these ones. In
other words, the higher precedence entries must occur first in the
RFC 2401 [2] ordered list of SPD entries.
mobile node SPD OUT:
- IF interface = IPv6 IPv6 tunnel to home_agent_1 &
source = home_address_1 & destination = any &
proto = MH
THEN USE SA SA3
mobile node SPD IN:
- IF interface = IPv6 tunnel from home_agent_1 &
source = any & destination = home_address_1 &
proto = MH
THEN USE SA SA4
mobile node SAD:
- SA3(OUT, spi_c, home_agent_1, ESP, TUNNEL):
source = home_address_1 & destination = any & proto = MH
- SA4(IN, spi_d, care_of_address_1, ESP, TUNNEL):
source = any & destination = home_address_1 & proto = MH
home agent SPD OUT:
- IF interface = IPv6 tunnel to home_address_1 &
source = any & destination = home_address_1 &
proto = MH
THEN USE SA SA4
home agent SPD IN:
- IF interface = IPv6 tunnel from home_address_1 &
source = home_address_1 & destination = any &
proto = MH
THEN USE SA SA3
Arkko, et al. Standards Track [Page 19]
^L
RFC 3776 Home Agent IPsec June 2004
home agent SAD:
- SA4(OUT, spi_d, care_of_address_1, ESP, TUNNEL):
source = any & destination = home_address_1 & proto = MH
- SA3(IN, spi_c, home_agent_1, ESP, TUNNEL):
source = home_address_1 & destination = any & proto = MH
The security association from the home agent to the mobile node uses
the current care-of address as the destination. As discussed
earlier, this address is updated in the SAD as the mobile node moves.
It can be initialized to the home address before the mobile node has
registered.
5.2.3. Prefix Discovery
In the following we describe some additional SPD and SAD entries to
protect prefix discovery. Note that the SPDs described above protect
all ICMPv6 traffic between the mobile node and the home agent, as
IPsec may not have the ability to distinguish between different
ICMPv6 types.
mobile node SPD OUT:
- IF source = home_address_1 & destination = home_agent_1 &
proto = ICMPv6
THEN USE SA SA5.
mobile node SPD IN:
- IF source = home_agent_1 & destination = home_address_1 &
proto = ICMPv6
THEN USE SA SA6
mobile node SAD:
- SA5(OUT, spi_e, home_agent_1, ESP, TRANSPORT):
source = home_address_1 & destination = home_agent_1 &
proto = ICMPv6
- SA6(IN, spi_f, home_address_1, ESP, TRANSPORT):
source = home_agent_1 & destination = home_address_1 &
proto = ICMPv6
home agent SPD OUT:
- IF source = home_agent_1 & destination = home_address_1 &
proto = ICMPv6
THEN USE SA SA6
home agent SPD IN:
- IF source = home_address_1 & destination = home_agent_1 &
proto = ICMPv6
THEN USE SA SA5
Arkko, et al. Standards Track [Page 20]
^L
RFC 3776 Home Agent IPsec June 2004
home agent SAD:
- SA6(OUT, spi_f, home_address_1, ESP, TRANSPORT):
source = home_agent_1 & destination = home_address_1 &
proto = ICMPv6
- SA5(IN, spi_e, home_agent_1, ESP, TRANSPORT):
source = home_address_1 & destination = home_agent_1 &
proto = ICMPv6
5.2.4. Payload Packets
It is also possible to perform some additional, optional, protection
of tunneled payload packets. This protection takes place in a
similar manner to the return routability protection above, but
requires a different value for the protocol field. The necessary SPD
and SAD entries are shown below. It is assumed that the entries for
protecting Binding Updates and Acknowledgements, and the entries to
protect Home Test Init and Home Test messages take precedence over
these entries.
mobile node SPD OUT:
- IF interface = IPv6 tunnel to home_agent_1 &
source = home_address_1 & destination = any &
proto = X
THEN USE SA SA7
mobile node SPD IN:
- IF interface = IPv6 tunnel from home_agent_1 &
source = any & destination = home_address_1 &
proto = X
THEN USE SA SA8
mobile node SAD:
- SA7(OUT, spi_g, home_agent_1, ESP, TUNNEL):
source = home_address_1 & destination = any & proto = X
- SA8(IN, spi_h, care_of_address_1, ESP, TUNNEL):
source = any & destination = home_address_1 & proto = X
home agent SPD OUT:
- IF interface = IPv6 tunnel to home_address_1 &
source = any & destination = home_address_1 &
proto = X
THEN USE SA SA8
home agent SPD IN:
- IF interface = IPv6 tunnel from home_address_1 &
source = home_address_1 & destination = any &
proto = X
THEN USE SA SA7
Arkko, et al. Standards Track [Page 21]
^L
RFC 3776 Home Agent IPsec June 2004
home agent SAD:
- SA8(OUT, spi_h, care_of_address_1, ESP, TUNNEL):
source = any & destination = home_address_1 & proto = X
- SA7(IN, spi_g, home_agent_1, ESP, TUNNEL):
source = home_address_1 & destination = any & proto = X
If multicast group membership control protocols such as MLDv1 [9] or
MLDv2 [11] need to be protected, these packets may use a link-local
address rather than the home address of the mobile node. In this
case the source and destination can be left as a wildcard and the SPD
entries will work solely based on the used interface and the
protocol, which is ICMPv6 for both MLDv1 and MLDv2.
Similar problems are encountered when stateful address
autoconfiguration protocols such as DHCPv6 [10] are used. The same
approach is applicable for DHCPv6 as well. DHCPv6 uses the UDP
protocol.
Support for multiple layers of encapsulation (such as ESP
encapsulated in ESP) is not required by RFC 2401 [2] and is also
otherwise often problematic. It is therefore useful to avoid setting
the protocol X in the above entries to either AH or ESP.
5.3. Dynamic Keying
In this section we show an example configuration that uses IKE to
negotiate security associations.
5.3.1. Binding Updates and Acknowledgements
Here are the contents of the SPD for protecting Binding Updates and
Acknowledgements:
mobile node SPD OUT:
- IF source = home_address_1 & destination = home_agent_1 &
proto = MH
THEN USE SA ESP TRANSPORT: local phase 1 identity = user_1
mobile node SPD IN:
- IF source = home_agent_1 & destination = home_address_1 &
proto = MH
THEN USE SA ESP TRANSPORT: local phase 1 identity = user_1
home agent SPD OUT:
- IF source = home_agent_1 & destination = home_address_1 &
proto = MH
THEN USE SA ESP TRANSPORT: peer phase 1 identity = user_1
Arkko, et al. Standards Track [Page 22]
^L
RFC 3776 Home Agent IPsec June 2004
home agent SPD IN:
- IF source = home_address_1 & destination = home_agent_1 &
proto = MH
THEN USE SA ESP TRANSPORT: peer phase 1 identity = user_1
We have omitted details of the proposed transforms in the above, and
all details related to the particular authentication method such as
certificates beyond listing a specific identity that must be used.
We require IKE version 1 to be run using the care-of addresses but
still negotiate IPsec SAs that use home addresses. The extra
conditions set by the home agent SPD for the peer phase 1 identity to
be "user_1" must be verified by the home agent. The purpose of the
condition is to ensure that the IKE phase 2 negotiation for a given
user's home address can not be requested by another user. In the
mobile node, we simply set our local identity to be "user_1".
These checks also imply that the configuration of the home agent is
user-specific: every user or home address requires a specific
configuration entry. It would be possible to alleviate the
configuration tasks by using certificates that have home addresses in
the Subject AltName field. However, it is not clear if all IKE
implementations allow one address to be used for carrying the IKE
negotiations when another address is mentioned in the used
certificates. In any case, even this approach would have required
user-specific tasks in the certification authority.
5.3.2. Return Routability Signaling
Protection for the return routability signaling can be configured in
a similar manner as above.
mobile node SPD OUT:
- IF interface = IPv6 tunnel to home_agent_1 &
source = home_address_1 & destination = any &
proto = MH
THEN USE SA ESP TUNNEL: outer destination = home_agent_1 &
local phase 1 identity = user_1
mobile node SPD IN:
- IF interface = IPv6 tunnel from home_agent_1 &
source = any & destination = home_address_1 &
proto = MH
THEN USE SA ESP TUNNEL: outer destination = home_agent_1 &
local phase 1 identity = user_1
Arkko, et al. Standards Track [Page 23]
^L
RFC 3776 Home Agent IPsec June 2004
home agent SPD OUT:
- IF interface = IPv6 tunnel to home_address_1 &
source = any & destination = home_address_1 &
proto = MH
THEN USE SA ESP TUNNEL: outer destination = home_address_1 &
peer phase 1 identity = user_1
home agent SPD IN:
- IF interface = IPv6 tunnel from home_address_1 &
source = home_address_1 & destination = any &
proto = MH
THEN USE SA ESP TUNNEL: outer destination = home_address_1 &
peer phase 1 identity = user_1
The security association from the home agent to the mobile node uses
the current care-of address as the destination. As discussed
earlier, this address is updated in the SAD as the mobile node moves.
The SPD entries can be written using the home address (as above), if
the care-of address update in the SAD is also done upon the creation
of security associations.
5.3.3. Prefix Discovery
In the following we describe some additional SPD entries to protect
prefix discovery with IKE. (Note that when actual new prefixes are
discovered, there may be a need to enter new manually configured SPD
entries to specify the authorization policy for the resulting new
home addresses.)
mobile node SPD OUT:
- IF source = home_address_1 & destination = home_agent_1 &
proto = ICMPv6
THEN USE SA ESP TRANSPORT: local phase 1 identity = user_1
mobile node SPD IN:
- IF source = home_agent_1 & destination = home_address_1 &
proto = ICMPv6
THEN USE SA ESP TRANSPORT: local phase 1 identity = user_1
home agent SPD OUT:
- IF source = home_agent_1 & destination = home_address_1 &
proto = ICMPv6
THEN USE SA ESP TRANSPORT: peer phase 1 identity = user_1
home agent SPD IN:
- IF source = home_address_1 & destination = home_agent_1 &
proto = ICMPv6
THEN USE SA ESP TRANSPORT: peer phase 1 identity = user_1
Arkko, et al. Standards Track [Page 24]
^L
RFC 3776 Home Agent IPsec June 2004
5.3.4. Payload Packets
Protection for the payload packets happens similarly to the
protection of return routability signaling. As in the manually keyed
case, these SPD entries have lower priority than the above ones.
mobile node SPD OUT:
- IF interface = IPv6 tunnel to home_agent_1 &
source = home_address_1 & destination = any &
proto = X
THEN USE SA ESP TUNNEL: outer destination = home_agent_1 &
local phase 1 identity = user_1
mobile node SPD IN:
- IF interface = IPv6 tunnel from home_agent_1 &
source = any & destination = home_address_1 &
proto = X
THEN USE SA ESP TUNNEL: outer destination = home_agent_1 &
local phase 1 identity = user_1
home agent SPD OUT:
- IF interface = IPv6 tunnel to home_address_1 &
source = any & destination = home_address_1 &
proto = X
THEN USE SA ESP TUNNEL: outer destination = home_address_1 &
peer phase 1 identity = user_1
home agent SPD IN:
- IF interface = IPv6 tunnel from home_address_1 &
source = home_address_1 & destination = any &
proto = X
THEN USE SA ESP TUNNEL: outer destination = home_address_1 &
peer phase 1 identity = user_1
6. Processing Steps within a Node
6.1. Binding Update to the Home Agent
Step 1. At the mobile node, Mobile IPv6 module first produces the
following packet:
IPv6 header (source = home address,
destination = home agent)
Mobility header
Binding Update
Step 2. This packet is matched against the IPsec SPD on the mobile
node and we make a note that IPsec must be applied.
Arkko, et al. Standards Track [Page 25]
^L
RFC 3776 Home Agent IPsec June 2004
Step 3. Then, we add the necessary Mobile IPv6 options but do not
change the addresses yet, as described in Section 11.3.2 of the base
specification [7]. This results in:
IPv6 header (source = home address,
destination = home agent)
Destination Options header
Home Address option (care-of address)
Mobility header
Binding Update
Step 4. Finally, IPsec headers are added and the necessary
authenticator values are calculated:
IPv6 header (source = home address,
destination = home agent)
Destination Options header
Home Address option (care-of address)
ESP header (SPI = spi_a)
Mobility header
Binding Update
Here spi_a is the SPI value that was either configured manually, or
agreed upon in an earlier IKE negotiation.
Step 5. Before sending the packet, the addresses in the IPv6 header
and the Destination Options header are changed:
IPv6 header (source = care-of address,
destination = home agent)
Destination Options header
Home Address option (home address)
ESP header (SPI = spi_a)
Mobility header
Binding Update
6.2. Binding Update from the Mobile Node
Step 1. The following packet is received at the home agent:
IPv6 header (source = care-of address,
destination = home agent)
Destination Options header
Home Address option (home address)
ESP header (SPI = spi_a)
Mobility header
Binding Update
Arkko, et al. Standards Track [Page 26]
^L
RFC 3776 Home Agent IPsec June 2004
Step 2. The home address option is processed first, which results in
IPv6 header (source = home address,
destination = home agent)
Destination Options header
Home Address option (care-of address)
ESP header (SPI = spi_a)
Mobility header
Binding Update
Step 3. ESP header is processed next, resulting in
IPv6 header (source = home address,
destination = home agent)
Destination Options header
Home Address option (care-of address)
Mobility header
Binding Update
Step 4. This packet matches the policy required for this security
association (source = home address, destination = home agent, proto =
MH).
Step 5. Mobile IPv6 processes the Binding Update. The Binding
Update is delivered to the Mobile IPv6 module.
Step 6. If there are any security associations in the security
association database for the protection of return routability or
payload packets for this mobile node, those security associations are
updated with the new care-of address.
6.3. Binding Acknowledgement to the Mobile Node
Step 1. Mobile IPv6 produces the following packet:
IPv6 header (source = home agent,
destination = home address)
Mobility header
Binding Acknowledgement
Step 2. This packet matches the IPsec policy entries, and we
remember that IPsec has to be applied.
Arkko, et al. Standards Track [Page 27]
^L
RFC 3776 Home Agent IPsec June 2004
Step 3. Then, we add the necessary Route Headers but do not change
the addresses yet, as described in Section 9.5.4 of the base
specification [7]. This results in:
IPv6 header (source = home agent,
destination = home address)
Routing header (type 2)
care-of address
Mobility header
Binding Acknowledgement
Step 4. We apply IPsec:
IPv6 header (source = home agent,
destination = home address)
Routing header (type 2)
care-of address
ESP header (SPI = spi_b)
Mobility header
Binding Acknowledgement
Step 5. Finally, before sending the packet out we change the
addresses in the IPv6 header and the Route header:
IPv6 header (source = home agent,
destination = care-of address)
Routing header (type 2)
home address
ESP header (SPI = spi_b)
Mobility header
Binding Acknowledgement
6.4. Binding Acknowledgement from the Home Agent
Step 1. The following packet is received at the mobile node
IPv6 header (source = home agent,
destination = care-of address)
Routing header (type 2)
home address
ESP header (SPI = spi_b)
Mobility header
Binding Acknowledgement
Arkko, et al. Standards Track [Page 28]
^L
RFC 3776 Home Agent IPsec June 2004
Step 2. After the routing header is processed the packet becomes
IPv6 header (source = home agent,
destination = home address)
Routing header (type 2)
care-of address
ESP header (SPI = spi_b)
Mobility header
Binding Acknowledgement
Step 3. ESP header is processed next, resulting in:
IPv6 header (source = home agent,
destination = home address)
Routing header (type 2)
care-of address
Mobility header
Binding Acknowledgement
Step 4. This packet matches the policy required for this security
association (source = home agent, destination = home address, proto =
MH).
Step 5. The Binding Acknowledgement is delivered to the Mobile IPv6
module.
6.5. Home Test Init to the Home Agent
Step 1. The mobile node constructs a Home Test Init message:
IPv6 header (source = home address,
destination = correspondent node)
Mobility header
Home Test Init
Step 2. Mobile IPv6 determines that this packet should go to the
tunnel to the home agent.
Step 3. The packet is matched against IPsec policy entries for the
interface, and we find that IPsec needs to be applied.
Step 4. IPsec tunnel mode headers are added. Note that we use a
care-of address as a source address for the tunnel packet.
IPv6 header (source = care-of address,
destination = home agent)
ESP header (SPI = spi_c)
IPv6 header (source = home address,
Arkko, et al. Standards Track [Page 29]
^L
RFC 3776 Home Agent IPsec June 2004
destination = correspondent node)
Mobility header
Home Test Init
Step 5. The packet is sent directly to the home agent using IPsec
encapsulation.
6.6. Home Test Init from the Mobile Node
Step 1. The home agent receives the following packet:
IPv6 header (source = care-of address,
destination = home agent)
ESP header (SPI = spi_c)
IPv6 header (source = home address,
destination = correspondent node)
Mobility Header
Home Test Init
Step 2. IPsec processing is performed, resulting in:
IPv6 header (source = home address,
destination = correspondent node)
Mobility Header
Home Test Init
Step 3. The resulting packet matches the policy required for this
security association and the packet can be processed further.
Step 4. The packet is then forwarded to the correspondent node.
6.7. Home Test to the Mobile Node
Step 1. The home agent receives a Home Test packet from the
correspondent node:
IPv6 header (source = correspondent node,
destination = home address)
Mobility Header
Home Test Init
Step 2. The home agent determines that this packet is destined to a
mobile node that is away from home, and decides to tunnel it.
Step 3. The packet matches the IPsec policy entries for the tunnel
interface, and we note that IPsec needs to be applied.
Arkko, et al. Standards Track [Page 30]
^L
RFC 3776 Home Agent IPsec June 2004
Step 4. IPsec is applied, resulting in a new packet. Note that the
home agent must keep track of the location of the mobile node, and
update the tunnel endpoint address in the security association(s)
accordingly.
IPv6 header (source = home agent,
destination = care-of address)
ESP header (SPI = spi_d)
IPv6 header (source = correspondent node,
destination = home address)
Mobility Header
Home Test Init
Step 5. The packet is sent directly to the care-of address using
IPsec encapsulation.
6.8. Home Test from the Home Agent
Step 1. The mobile node receives the following packet:
IPv6 header (source = home agent,
destination = care-of address)
ESP header (SPI = spi_d)
IPv6 header (source = correspondent node,
destination = home address)
Mobility Header
Home Test Init
Step 2. IPsec is processed, resulting in:
IPv6 header (source = correspondent node,
destination = home address)
Mobility Header
Home Test Init
Step 3. This matches the policy required for this security
association (source = any, destination = home address).
Step 4. The packet is given to Mobile IPv6 processing.
6.9. Prefix Solicitation Message to the Home Agent
This procedure is similar to the one presented in Section 6.1.
6.10. Prefix Solicitation Message from the Mobile Node
This procedure is similar to the one presented in Section 6.2.
Arkko, et al. Standards Track [Page 31]
^L
RFC 3776 Home Agent IPsec June 2004
6.11. Prefix Advertisement Message to the Mobile Node
This procedure is similar to the one presented in Section 6.3.
6.12. Prefix Advertisement Message from the Home Agent
This procedure is similar to the one presented in Section 6.4.
6.13. Payload Packet to the Home Agent
This procedure is similar to the one presented in Section 6.5.
6.14. Payload Packet from the Mobile Node
This procedure is similar to the one presented in Section 6.6.
6.15. Payload Packet to the Mobile Node
This procedure is similar to the one presented in Section 6.7.
6.16. Payload Packet from the Home Agent
This procedure is similar to the one presented in Section 6.8.
6.17. Establishing New Security Associations
Step 1. The mobile node wishes to send a Binding Update to the home
agent.
IPv6 header (source = home address,
destination = home agent)
Mobility header
Binding Update
Step 2. There is no existing security association to protect the
Binding Update, so the mobile node initiates IKE. The IKE packets
are sent as shown in the following examples. The first packet is an
example of an IKE packet sent from the mobile node, and the second
one is from the home agent. The examples shows also that the phase 1
identity used for the mobile node is a FQDN.
IPv6 header (source = care-of address,
destination = home agent)
UDP
IKE
... IDii = ID_FQDN mn123.ha.net ...
Arkko, et al. Standards Track [Page 32]
^L
RFC 3776 Home Agent IPsec June 2004
IPv6 header (source = home agent
destination = care-of address)
UDP
IKE
... IDir = ID_FQDN ha.net ...
Step 3. IKE phase 1 completes, and phase 2 is initiated to request
security associations for protecting traffic between the mobile
node's home address and the home agent. These addresses will be used
as selectors. This involves sending and receiving additional IKE
packets. The below example shows again one packet sent by the mobile
node and another sent by the home agent. The example shows also that
the phase 2 identity used for the mobile node is the mobile node's
home address.
IPv6 header (source = care-of address,
destination = home agent)
UDP
IKE
... IDci = ID_IPV6_ADDR home address ...
IPv6 header (source = home agent,
destination = care-of address)
UDP
IKE
... IDcr = ID_IPV6_ADDR home agent ...
Step 4. The remaining steps are as shown in Section 6.1.
6.18. Rekeying Security Associations
Step 1. The mobile node and the home agent have existing security
associations. Either side may decide at any time that the security
associations need to be rekeyed, for instance, because the specified
lifetime is approaching.
Step 2. Mobility header packets sent during rekey may be protected
by the existing security associations.
Step 3. When the rekeying is finished, new security associations are
established. In practice there is a time interval during which an
old, about-to-expire security association and newly established
security association will both exist. The new ones should be used as
soon as they become available.
Step 4. A notification of the deletion of the old security
associations is received. After this, only the new security
associations can be used.
Arkko, et al. Standards Track [Page 33]
^L
RFC 3776 Home Agent IPsec June 2004
Note that there is no requirement that the existence of the IPsec and
IKE security associations is tied to the existence of bindings. It
is not necessary to delete a security association if a binding is
removed, as a new binding may soon be established after this.
Since cryptographic acceleration hardware may only be able to handle
a limited number of active security associations, security
associations may be deleted via IKE in order to keep the number of
active cryptographic contexts to a minimum. Such deletions should
not be interpreted as a sign of losing a contact to the peer or as a
reason to remove a binding. Rather, if additional traffic needs to
be sent, it is preferable to bring up another security association to
protect it.
6.19. Movements and Dynamic Keying
In this section we describe the sequence of events that relate to
movement with IKE-based security associations. In the initial state,
the mobile node is not registered in any location and has no security
associations with the home agent. Depending on whether the peers
will be able to move IKE endpoints to new care-of addresses, the
actions taken in Step 9 and 10 are different.
Step 1. Mobile node with the home address A moves to care-of address
B.
Step 2. Mobile node runs IKE from care-of address B to the home
agent, establishing a phase 1. The home agent can only act as the
responder before it knows the current location of the mobile node.
Step 3. Protected by this phase 1, mobile node establishes a pair of
security associations for protecting Mobility Header traffic to and
from the home address A.
Step 4. Mobile node sends a Binding Update and receives a Binding
Acknowledgement using the security associations created in Step 3.
Step 5. Mobile node establishes a pair of security associations for
protecting return routability packets. These security associations
are in tunnel mode and their endpoint in the mobile node side is
care-of address B. For the purposes of our example, this step uses
the phase 1 connection established in Step 2. Multiple phase 1
connections are also possible.
Step 6. The mobile node uses the security associations created in
Step 5 to run return routability.
Arkko, et al. Standards Track [Page 34]
^L
RFC 3776 Home Agent IPsec June 2004
Step 7. The mobile node moves to a new location and adopts a new
care-of address C.
Step 8. Mobile node sends a Binding Update and receives a Binding
Acknowledgement using the security associations created in Step 3.
The home agent ensures that the next packets sent using the security
associations created in Step 5 will have the new care-of address as
their destination address, as if the outer header destination address
in the security association had changed.
Step 9. If the mobile node and the HA have the capability to change
the IKE endpoints, they change the address to C. If they do not have
the capability, both nodes remove their phase 1 connections created
on top of the care-of address B and will establish a new IKE phase 1
on top of the care-of address C. This capability to change the IKE
phase 1 end points is indicated through setting the Key Management
Mobility Capability (K) flag [7] in the Binding Update and Binding
Acknowledgement messages.
Step 10. If a new IKE phase 1 connection was setup after movement,
the MN will not be able to receive any notifications delivered on top
of the old IKE phase 1 security association. Notifications delivered
on top of the new security association are received and processed
normally. If the mobile node and HA were able to update the IKE
endpoints, they can continue using the same IKE phase 1 connection.
7. Implementation Considerations
7.1. IPsec
Note that packet formats and header ordering discussed in Section 3
must be supported, but implementations may also support other
formats. In general, the use of formats not required here may lead
to incorrect processing of the packets by the peer (such as silently
discarding them), unless support for these formats has been verified
off-line. Such verification can take place at the same time the
parameters of the security associations are agreed upon. In some
cases, however, basic IPv6 specifications call for support of options
not discussed here. In these cases, such a verification step might
be unnecessary as long as the peer fully supports the relevant IPv6
specifications. However, no claims are made in this document about
the validity of these other formats in the context of Mobile IPv6.
It is also likely that systems that support Mobile IPv6 have been
tested more extensively with the required formats.
We have chosen to require an encapsulation format for return
routability and payload packet protection which can only be realized
if the destination of the IPsec packets sent from the home agent can
Arkko, et al. Standards Track [Page 35]
^L
RFC 3776 Home Agent IPsec June 2004
be changed as the mobile node moves. One of the main reasons for
choosing such a format is that it removes the overhead of twenty four
bytes when a home address option or routing header is added to the
tunneled packet. Such an overhead would not be significant for the
protection of the return routability packets, but would create an
additional overhead if IPsec is used to protect the tunneling of
payload packets to the home agent. This overhead may be significant
for real-time traffic. Given that the use of the shorter packet
formats for any traffic requires the existence of suitable APIs, we
have chosen to require support for the shorter packet formats both
for payload and return routability packets.
In order to support the care-of address as the destination address on
the mobile node side, the home agent must act as if the outer header
destination address in the security association to the mobile node
would have changed upon movements. Implementations are free to
choose any particular method to make this change, such as using an
API to the IPsec implementation to change the parameters of the
security association, removing the security association and
installing a new one, or modification of the packet after it has gone
through IPsec processing. The only requirement is that after
registering a new binding at the home agent, the next IPsec packets
sent on this security association will be addressed to the new
care-of address.
We have chosen to require policy entries that are specific to a
tunnel interface. This means that implementations have to regard the
Home Agent - Mobile Node tunnel as a separate interface on which
IPsec SPDs can be based. A further complication of the IPsec
processing on a tunnel interface is that this requires access to the
BITS implementation before the packet actually goes out.
7.2. IKE
We have chosen to require that a dynamic key management protocol must
be able to make an authorization decision for IPsec security
association creation with different addresses than with what the key
management protocol is run. We expect this to be done typically by
configuring the allowed combinations of phase 1 user identities and
home addresses.
When certificate authentication is used, IKE fragmentation can be
encountered. This can occur when certificate chains are used, or
even with single certificates if they are large. Many firewalls do
not handle fragments properly, and may drop them. Routers in the
path may also discard fragments after the initial one, since they
Arkko, et al. Standards Track [Page 36]
^L
RFC 3776 Home Agent IPsec June 2004
typically will not contain full IP headers that can be compared
against an access list. Where fragmentation occurs, the endpoints
will not always be able to establish a security association.
Fortunately, typical Mobile IPv6 deployment uses short certificate
chains, as the mobile node is communicating directly with its home
network. Where the problem appears, it may be difficult (at least
away from home) to replace the firewalls or routers with equipment
that can properly support fragments. It may help to store the peer
certificates locally, or to obtain them through other means.
7.3. Bump-in-the-Stack
Mobile IPv6 sets high requirements for a so-called Bump-In-The-Stack
(BITS) implementation model of IPsec. As Mobile IPv6 specific
modifications of the packets are required before or after IPsec
processing, the BITS implementation has to perform also some tasks
related to mobility. This may increase the complexity of the
implementation, even if it already performs some tasks of the IP
layer (such as fragmentation).
Specifically, Bump-in-the-Stack implementations may have to deal with
the following issues:
o Processing the Home Address destination option and Routing header
type 2 to a form suitable for IPsec processing to take place.
This is needed, among other things, for the security association
and policy lookups. While relatively straightforward, the
required processing may have a hardware effect in BITS
implementations, if they use hardware support beyond the
cryptographic operations.
o Detecting packets sent between the mobile node and its home agent
using IPv6 encapsulation.
o Offering the necessary APIs for updating the IPsec and IKE
security association endpoints.
8. IANA Considerations
No IANA actions are necessary based on this document. IANA actions
for the Mobile IPv6 protocol itself have been covered in [7].
9. Security Considerations
The Mobile IPv6 base specification [7] requires strong security
between the mobile node and the home agent. This memo discusses how
that security can be arranged in practice, using IPsec. The security
Arkko, et al. Standards Track [Page 37]
^L
RFC 3776 Home Agent IPsec June 2004
considerations related to this are documented in the base
specification, including a discussion of the implications of using
either manual or dynamic keying.
10. References
10.1. Normative References
[1] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, March 1997.
[2] Kent, S. and R. Atkinson, "Security Architecture for the
Internet Protocol", RFC 2401, November 1998.
[3] Kent, S. and R. Atkinson, "IP Encapsulating Security Payload
(ESP)", RFC 2406, November 1998.
[4] Harkins, D. and D. Carrel, "The Internet Key Exchange (IKE)",
RFC 2409, November 1998.
[5] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6)
Specification", RFC 2460, December 1998.
[6] Conta, A. and S. Deering, "Generic Packet Tunneling in IPv6
Specification", RFC 2473, December 1998.
[7] Johnson, D., Perkins, C. and J. Arkko, "Mobility Support in
IPv6", RFC 3775, June 2004.
10.2. Informative References
[8] Kent, S. and R. Atkinson, "IP Authentication Header", RFC 2402,
November 1998.
[9] Deering, S., Fenner, W. and B. Haberman, "Multicast Listener
Discovery (MLD) for IPv6", RFC 2710, October 1999.
[10] Droms, R., Ed., Bound, J., Volz, B., Lemon, T., Perkins, C. and
M. Carney, "Dynamic Host Configuration Protocol for IPv6
(DHCPv6)", RFC 3315, July 2003.
[11] Vida, R. and L. Costa, Eds., "Multicast Listener Discovery
Version 2 (MLDv2) for IPv6", RFC 3810, June 2004.
Arkko, et al. Standards Track [Page 38]
^L
RFC 3776 Home Agent IPsec June 2004
11. Acknowledgements
The authors would like to thank Greg O'Shea, Michael Thomas, Kevin
Miles, Cheryl Madson, Bernard Aboba, Erik Nordmark, Gabriel
Montenegro, Steven Kent, and Santeri Paavolainen for interesting
discussions in this problem space.
12. Authors' Addresses
Jari Arkko
Ericsson
02420 Jorvas
Finland
EMail: jari.arkko@ericsson.com
Vijay Devarapalli
Nokia Research Center
313 Fairchild Drive
Mountain View CA 94043
USA
EMail: vijayd@iprg.nokia.com
Francis Dupont
ENST Bretagne
Campus de Rennes
2, rue de la Chataigneraie
CS 17607
35576 Cesson-Sevigne Cedex
France
EMail: Francis.Dupont@enst-bretagne.fr
Arkko, et al. Standards Track [Page 39]
^L
RFC 3776 Home Agent IPsec June 2004
13. Full Copyright Statement
Copyright (C) The Internet Society (2004). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at ietf-
ipr@ietf.org.
Acknowledgement
Funding for the RFC Editor function is currently provided by the
Internet Society.
Arkko, et al. Standards Track [Page 40]
^L
|
