1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
|
Network Working Group J. Korhonen, Ed.
Request for Comments: 5447 Nokia Siemens Networks
Category: Standards Track J. Bournelle
Orange Labs
H. Tschofenig
Nokia Siemens Networks
C. Perkins
WiChorus
K. Chowdhury
Starent Networks
February 2009
Diameter Mobile IPv6:
Support for Network Access Server to Diameter Server Interaction
Status of This Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (http://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document.
Abstract
A Mobile IPv6 node requires a home agent address, a home address, and
a security association with its home agent before it can start
utilizing Mobile IPv6. RFC 3775 requires that some or all of these
parameters be statically configured. Mobile IPv6 bootstrapping work
aims to make this information dynamically available to the mobile
node. An important aspect of the Mobile IPv6 bootstrapping solution
is to support interworking with existing Authentication,
Authorization, and Accounting (AAA) infrastructures. This document
describes MIPv6 bootstrapping using the Diameter Network Access
Server to home AAA server interface.
Korhonen, et al. Standards Track [Page 1]
^L
RFC 5447 Diameter MIPv6 NAS-to-HAAA Interaction February 2009
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology and Abbreviations . . . . . . . . . . . . . . . . 3
3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
4. Commands, Attribute-Value Pairs, and Advertising
Application Support . . . . . . . . . . . . . . . . . . . . . 6
4.1. Advertising Application Support . . . . . . . . . . . . . 6
4.2. Attribute-Value Pair Definitions . . . . . . . . . . . . . 6
4.2.1. MIP6-Agent-Info AVP . . . . . . . . . . . . . . . . . 6
4.2.2. MIP-Home-Agent-Address AVP . . . . . . . . . . . . . . 7
4.2.3. MIP-Home-Agent-Host AVP . . . . . . . . . . . . . . . 7
4.2.4. MIP6-Home-Link-Prefix AVP . . . . . . . . . . . . . . 8
4.2.5. MIP6-Feature-Vector AVP . . . . . . . . . . . . . . . 8
5. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
5.1. Home Agent Assignment by the NAS . . . . . . . . . . . . . 10
5.2. Home Agent Assignment by the Diameter Server . . . . . . . 11
5.3. Home Agent Assignment by the NAS or Diameter Server . . . 11
6. Attribute-Value Pair Occurrence Tables . . . . . . . . . . . . 12
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13
7.1. Registration of New AVPs . . . . . . . . . . . . . . . . . 13
7.2. New Registry: Mobility Capability . . . . . . . . . . . . 13
8. Security Considerations . . . . . . . . . . . . . . . . . . . 14
9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 14
10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 15
10.1. Normative References . . . . . . . . . . . . . . . . . . . 15
10.2. Informative References . . . . . . . . . . . . . . . . . . 15
Korhonen, et al. Standards Track [Page 2]
^L
RFC 5447 Diameter MIPv6 NAS-to-HAAA Interaction February 2009
1. Introduction
The Mobile IPv6 (MIPv6) specification [RFC3775] requires a mobile
node (MN) to perform registration with a home agent (HA) with
information about its current point of attachment (care-of address).
The HA creates and maintains the binding between the MN's home
address and the MN's care-of address.
In order to register with an HA, the MN needs to know some
information, such as the home link prefix, the HA address, the home
address(es), the home link prefix length, and security-association-
related information.
The aforementioned information may be statically configured.
However, static provisioning becomes an administrative burden for an
operator. Moreover, it does not address load balancing, failover,
opportunistic home link assignment, or assignment of local HAs in
close proximity to the MN. Also, the ability to react to sudden
environmental or topological changes is minimal. Static provisioning
may not be desirable, in light of these limitations.
Dynamic assignment of MIPv6 home registration information is a
desirable feature for ease of deployment and network maintenance.
For this purpose, the AAA infrastructure, which is used for access
authentication, can be leveraged to assign some or all of the
necessary parameters. The Diameter server in the Access Service
Provider's (ASP's) or Mobility Service Provider's (MSP's) network may
return these parameters to the AAA client. Regarding the
bootstrapping procedures, the AAA client might either be the Network
Access Server, in case of the integrated scenario, or the HA, in case
of the split scenario [RFC5026]. The terms "integrated" and "split"
are described in the following terminology section and were
introduced in [RFC4640] and [AAA].
2. Terminology and Abbreviations
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
General mobility terminology can be found in [RFC3753]. The
following additional terms are either borrowed from [RFC4640] or
[RFC5026] or are introduced in this document:
Access Service Authorizer (ASA):
A network operator that authenticates an MN and establishes the
MN's authorization to receive Internet service.
Korhonen, et al. Standards Track [Page 3]
^L
RFC 5447 Diameter MIPv6 NAS-to-HAAA Interaction February 2009
Access Service Provider (ASP):
A network operator that provides direct IP packet-forwarding to
and from the MN.
Mobility Service Authorizer (MSA):
A service provider that authorizes MIPv6 service.
Mobility Service Provider (MSP):
A service provider that provides MIPv6 service. In order to
obtain such service, the MN must be authenticated and authorized
to do so.
Split Scenario:
A scenario where the mobility service and the network access
service are authorized by different entities.
Integrated Scenario:
A scenario where the mobility service and the network access
service are authorized by the same entity.
Network Access Server (NAS):
A device that provides an access service for a user to a network.
Home AAA (HAAA):
An Authentication, Authorization, and Accounting server located in
the user's home network, i.e., in the home realm.
Local AAA (LAAA):
An Authentication, Authorization, and Accounting proxy located in
the local (ASP) network.
Visited AAA (VAAA):
An Authentication, Authorization, and Accounting proxy located in
a visited network, i.e., in the visited realm. In a roaming case,
the local Diameter proxy has the VAAA role (see Figure 1).
Korhonen, et al. Standards Track [Page 4]
^L
RFC 5447 Diameter MIPv6 NAS-to-HAAA Interaction February 2009
3. Overview
This document addresses the Authentication, Authorization, and
Accounting (AAA) functionality required for the MIPv6 bootstrapping
solutions outlined in [RFC4640], and focuses on the Diameter-based
AAA functionality for the NAS-to-HAAA (home AAA) server
communication.
In the integrated scenario, MIPv6 bootstrapping is provided as part
of the network access authentication procedure. Figure 1 shows the
participating entities.
+---------------------------+ +-----------------+
|Access Service Provider | |ASA/MSA/(MSP) |
|(Mobility Service Provider)| | |
| | | |
| +--------+ | | +--------+ |
| |Local | Diameter | | |Home | |
| |Diameter|<---------------------->|Diameter| |
| |Proxy | (*) | | |Server | |
| +--------+ | | +--------+ |
| ^ ^ | | ^ |
| | | | | |(+) |
| | | | | | |
| Diameter | | v |
| | |(+) +-------+ | | +-------+ |
| | | |Home | | | |Home | |
| | +-------->|Agent | | | |Agent | |
| (*)| |in ASP | | | |in MSP | |
| v +-------+ | | +-------+ |
+-------+ IEEE | +-----------+ +-------+ | +-----------------+
|Mobile | 802.1X | |NAS/Relay | |DHCPv6 | |
|Node |------------|Diameter |---|Server | |
| | PANA, | |Client |(+)| | |
+-------+ IKEv2, | +-----------+ +-------+ |
DHCP,... +---------------------------+
(+)
Legend:
(*): Functionality in scope of this specification.
(+): Extensions described in other documents.
Figure 1: Mobile IPv6 Bootstrapping in the Integrated Scenario
In a typical MIPv6 access scenario, an MN is attached to an ASP's
network. During the network attachment procedure, the MN interacts
with the NAS/Diameter client. Subsequently, the NAS/Diameter client
interacts with the Diameter server over the NAS-to-HAAA interface.
Korhonen, et al. Standards Track [Page 5]
^L
RFC 5447 Diameter MIPv6 NAS-to-HAAA Interaction February 2009
When the Diameter server performs the authentication and
authorization for network access, it also determines whether the user
is authorized for the MIPv6 service. Based on the MIPv6 service
authorization and the user's policy profile, the Diameter server may
return several MIPv6 bootstrapping-related parameters to the NAS.
The NAS-to-HAAA interface described in this document is not tied to
the Dynamic Host Configuration Protocol for IPv6 (DHCPv6) as the only
mechanism to convey MIPv6-related configuration parameters from the
NAS/Diameter client to the mobile node.
While this specification addresses the bootstrapping of MIPv6 HA
information and possibly the assignment of the home link prefix, it
does not address how the Security Association (SA) between the MN and
the HA for MIPv6 purposes is created. The creation or the use of the
SA between the MN and the HA takes places after the procedures
described in this specification, and therefore are out of scope.
4. Commands, Attribute-Value Pairs, and Advertising Application Support
4.1. Advertising Application Support
This document does not define a new application. On the other hand,
it defines a number of attribute-value pairs (AVPs) used in the
interface between NAS to HAAA for the integrated scenario of MIPv6
bootstrapping. These AVPs can be used with any present and future
Diameter applications, where permitted by the command ABNF. The
examples using existing applications and their commands in the
following sections are for informational purposes only. The examples
in this document reuse the Extensible Authentication Protocol (EAP)
[RFC4072] application and its respective commands.
4.2. Attribute-Value Pair Definitions
4.2.1. MIP6-Agent-Info AVP
The MIP6-Agent-Info AVP (AVP code 486) is of type Grouped and
contains necessary information to assign an HA to the MN. When the
MIP6-Agent-Info AVP is present in a message, it MUST contain either
the MIP-Home-Agent-Address AVP, the MIP-Home-Agent-Host AVP, or both
AVPs. The grouped AVP has the following modified ABNF (as defined in
[RFC3588]):
MIP6-Agent-Info ::= < AVP-Header: 486 >
*2[ MIP-Home-Agent-Address ]
[ MIP-Home-Agent-Host ]
[ MIP6-Home-Link-Prefix ]
* [ AVP ]
Korhonen, et al. Standards Track [Page 6]
^L
RFC 5447 Diameter MIPv6 NAS-to-HAAA Interaction February 2009
If both the MIP-Home-Agent-Address and MIP-Home-Agent-Host APVs are
present in the MIP6-Agent-Info, the MIP-Home-Agent-Address SHOULD
have a precedence over the MIP-Home-Agent-Host. The reason for this
recommendation is that the MIP-Home-Agent-Address points to a
specific home agent, whereas the MIP-Home-Agent-Host may point to a
group of HAs located within the same realm. A Diameter client or
agent may use the MIP-Home-Agent-Host AVP, for instance, to find out
in which realm the HA is located.
The ABNF allows returning up to two MIPv6 HA addresses. This is a
useful feature for deployments where the HA has both IPv6 and IPv4
addresses, and particularly addresses Dual Stack Mobile IPv6
(DSMIPv6) deployment scenarios [DSMIPv6].
The MIP6-Agent-Info AVP MAY also be attached by the NAS or by the
intermediating Diameter proxies in a request message when sent to the
Diameter server as a hint of a locally assigned HA. This AVP MAY
also be attached by the intermediating Diameter proxies in a reply
message from the Diameter server, if locally assigned HAs are
authorized by the Diameter server. There MAY be multiple instances
of the MIP6-Agent-Info AVP in Diameter messages, for example, in
cases where the NAS receives HA information from an MN's home network
and locally allocated HA information from the visited network. See
Section 4.2.5 for further discussion on possible scenarios.
4.2.2. MIP-Home-Agent-Address AVP
The MIP-Home-Agent-Address AVP (AVP Code 334 [RFC4004]) is of type
Address and contains the IPv6 or IPv4 address of the MIPv6 HA. The
Diameter server MAY decide to assign an HA to the MN that is in close
proximity to the point of attachment (e.g., determined by the NAS-
Identifier AVP). There may be other reasons for dynamically
assigning HAs to the MN, for example, to share the traffic load.
4.2.3. MIP-Home-Agent-Host AVP
The MIP-Home-Agent-Host AVP (AVP Code 348 [RFC4004]) is of type
Grouped and contains the identity of the assigned MIPv6 HA. Both the
Destination-Realm and the Destination-Host AVPs of the HA are
included in the grouped AVP. The usage of the MIP-Home-Agent-Host
AVP is equivalent to the MIP-Home-Agent-Address AVP but offers an
additional level of indirection by using the DNS infrastructure. The
Destination-Host AVP is used to identify an HA, and the Destination-
Realm AVP is used to identify the realm where the HA is located.
Depending on the actual deployment and DNS configuration, the
Destination-Host AVP MAY represent one or more home agents. It is
RECOMMENDED that the Destination-Host AVP identifies exactly one HA.
Korhonen, et al. Standards Track [Page 7]
^L
RFC 5447 Diameter MIPv6 NAS-to-HAAA Interaction February 2009
It is RECOMMENDED that the MIP-Home-Agent-Host AVP is always included
in the MIP6-Agent-Info AVP. In this way, the HA can be associated
with the corresponding realm of the Diameter entity that added the
MIP6-Agent-Info AVP using the Destination-Realm AVP, which is
included in the MIP-Home-Agent-Host AVP.
4.2.4. MIP6-Home-Link-Prefix AVP
The MIP6-Home-Link-Prefix AVP (AVP Code 125) is of type OctetString
and contains the Mobile IPv6 home network prefix information in a
network byte order. The home network prefix MUST be encoded as the
8-bit prefix length information (one octet) followed by the 128-bit
field (16 octets) for the available home network prefix. The
trailing bits of the IPv6 prefix after the prefix length bits MUST be
set to zero (e.g., if the prefix length is 60, then the remaining 68
bits MUST be set to zero).
The HAAA MAY act as a central entity managing prefixes for MNs. In
this case, the HAAA returns to the NAS the prefix allocated to the
MN. The NAS/ASP then delivers the home link prefix to the MN using,
e.g., mechanisms described in [INTEGRATED]. The NAS/ASP MAY propose
to the HAAA a specific prefix to allocate to the MN by including the
MIP6-Home-Link-Prefix AVP in the request message. However, the HAAA
MAY override the prefix allocation hint proposed by the NAS/ASP and
return a different prefix in the response message.
4.2.5. MIP6-Feature-Vector AVP
The MIP6-Feature-Vector AVP (AVP Code 124) is of type Unsigned64 and
contains a 64-bit flags field of supported capabilities of the NAS/
ASP. Sending and receiving the MIP6-Feature-Vector AVP with value 0
MUST be supported, although that does not provide much guidance about
specific needs of bootstrapping.
The NAS MAY include this AVP to indicate capabilities of the NAS/ASP
to the Diameter server. For example, the NAS may indicate that a
local HA can be provided. Similarly, the Diameter server MAY include
this AVP to inform the NAS/ASP about which of the NAS/ASP indicated
capabilities are supported or authorized by the ASA/MSA(/MSP).
The following capabilities are defined in this document:
Korhonen, et al. Standards Track [Page 8]
^L
RFC 5447 Diameter MIPv6 NAS-to-HAAA Interaction February 2009
MIP6_INTEGRATED (0x0000000000000001)
When this flag is set by the NAS, it means that the Mobile IPv6
integrated scenario bootstrapping functionality is supported by
the NAS. When this flag is set by the Diameter server, then the
Mobile IPv6 integrated scenario bootstrapping is supported by the
Diameter server.
LOCAL_HOME_AGENT_ASSIGNMENT (0x0000000000000002)
When this flag is set in the request message, a local home agent
outside the home realm is requested and may be assigned to the MN.
When this flag is set by the Diameter server in the answer
message, then the assignment of local HAs is authorized by the
Diameter server.
A local HA may be assigned by the NAS, LAAA, or VAAA depending on
the network architecture and the deployment.
The following examples show how the LOCAL_HOME_AGENT_ASSIGNMENT
(referred to as LOCAL-bit in the examples) capability and the MIP-
Agent-Info AVP (referred to as HA-Info in the examples) are used to
assign HAs -- either a local HA (L-HA) or a home network HA (H-HA).
Below are examples of request message combinations as seen by the
HAAA:
LOCAL-bit HA-Info Meaning
0 - ASP or [LV]AAA is not able to assign an L-HA.
0 L-HA Same as above. HA-Info must be ignored.
1 - ASP or [LV]AAA can/wishes to assign an L-HA.
1 L-HA Same as above but the ASP or [LV]AAA also
provides a hint of the assigned L-HA.
The same as above but for answer message combinations as seen by the
NAS:
LOCAL-bit HA-Info Meaning
0 - No HA assignment allowed for HAAA or [LV]AAA.
0 H-HA L-HA is not allowed. HAAA assigns an H-HA.
1 - L-HA is allowed. No HAAA- or [LV]AAA-assigned HA.
1 L-HA L-HA is allowed. [LV]AAA also assigns an L-HA.
1 H-HA L-HA is allowed. HAAA also assigns an HA.
1 H-HA L-HA is allowed. HAAA assigns an H-HA and
+ L-HA [LV]AAA also assigns an L-HA.
An NAS should expect to receive multiple MIP6-Agent-Info AVPs.
Korhonen, et al. Standards Track [Page 9]
^L
RFC 5447 Diameter MIPv6 NAS-to-HAAA Interaction February 2009
5. Examples
5.1. Home Agent Assignment by the NAS
In this scenario, we consider the case where the NAS wishes to
allocate a local HA to the MN. The NAS will also inform the Diameter
server about the HA address it has assigned to the visiting MN (e.g.,
2001:db8:1:c020::1). The Diameter-EAP-Request message, therefore,
has the MIP6-Feature-Vector with the LOCAL_HOME_AGENT_ASSIGNMENT and
the MIP6_INTEGRATED set. The MIP6-Agent-Info AVP contains the MIP-
Home-Agent-Address AVP with the address of the proposed HA.
Diameter
NAS/VAAA Server
| |
| Diameter-EAP-Request |
| MIP6-Feature-Vector=(LOCAL_HOME_AGENT_ASSIGNMENT |
| | MIP6_INTEGRATED) |
| MIP6-Agent-Info{ |
| MIP-Home-Agent-Address(2001:db8:1:c020::1)} |
| } |
| Auth-Request-Type=AUTHORIZE_AUTHENTICATE |
| EAP-Payload(EAP Start) |
|---------------------------------------------------------------->|
| |
| |
: ...more EAP Request/Response pairs... :
| |
| |
| Diameter-EAP-Answer |
| MIP6-Feature-Vector=(LOCAL_HOME_AGENT_ASSIGNMENT |
| | MIP6_INTEGRATED) |
| Result-Code=DIAMETER_SUCCESS |
| EAP-Payload(EAP Success) |
| EAP-Master-Session-Key |
| (authorization AVPs) |
| ... |
|<----------------------------------------------------------------|
| |
Figure 2: Home Agent Assignment by the NAS
Depending on the Diameter server's configuration and the user's
subscription profile, the Diameter server either accepts or rejects
the local HA allocated by the NAS. In our example, the Diameter
server accepts the proposal, and the MIP6-Feature-Vector AVP with
LOCAL_HOME_AGENT_ASSIGNMENT flag (together with the MIP6_INTEGRATED
flag) is set and returned to the NAS.
Korhonen, et al. Standards Track [Page 10]
^L
RFC 5447 Diameter MIPv6 NAS-to-HAAA Interaction February 2009
5.2. Home Agent Assignment by the Diameter Server
In this scenario, we consider the case where the NAS supports the
Diameter MIPv6 integrated scenario as defined in this document, but
does not offer local HA assignment. Hence, the MIP6-Feature-Vector
AVP only has the MIP6_INTEGRATED flag set. The Diameter server
allocates an HA to the mobile node and conveys the address in the
MIP-Home-Agent-Address AVP that is encapsulated in the MIP6-Agent-
Info AVP. Additionally, the MIP6-Feature-Vector AVP has the
MIP6_INTEGRATED flag set.
Diameter
NAS Server
| |
| Diameter-EAP-Request |
| MIP6-Feature-Vector=(MIP6_INTEGRATED) |
| Auth-Request-Type=AUTHORIZE_AUTHENTICATE |
| EAP-Payload(EAP Start) |
|---------------------------------------------------------------->|
| |
| |
: ...more EAP Request/Response pairs... :
| |
| |
| Diameter-EAP-Answer |
| MIP6-Agent-Info{ |
| MIP-Home-Agent-Address(2001:db8:6000:302::1) |
| } |
| MIP6-Feature-Vector=(MIP6_INTEGRATED) |
| Result-Code=DIAMETER_SUCCESS |
| EAP-Payload(EAP Success) |
| EAP-Master-Session-Key |
| (authorization AVPs) |
| ... |
|<----------------------------------------------------------------|
| |
Figure 3: Home Agent Assignment by the Diameter Server
5.3. Home Agent Assignment by the NAS or Diameter Server
This section shows another message flow for the MIPv6 integrated
scenario bootstrapping where the NAS informs the Diameter server that
it is able to locally assign an HA to the MN. The Diameter server is
able to provide an HA to the MN but also authorizes the assignment of
the local HA. The Diameter server then replies to the NAS with
HA-related bootstrapping information.
Korhonen, et al. Standards Track [Page 11]
^L
RFC 5447 Diameter MIPv6 NAS-to-HAAA Interaction February 2009
Whether the NAS/ASP then offers a locally assigned HA or the
Diameter-server-assigned HA to the MN is, in this example, based on
the local ASP policy.
Diameter
NAS/VAAA Server
| |
| Diameter-EAP-Request |
| MIP6-Feature-Vector=(LOCAL_HOME_AGENT_ASSIGNMENT |
| | MIP6_INTEGRATED) |
| MIP6-Agent-Info{ |
| MIP-Home-Agent-Address(2001:db8:1:c020::1)} |
| } |
| Auth-Request-Type=AUTHORIZE_AUTHENTICATE |
| EAP-Payload(EAP Start) |
|---------------------------------------------------------------->|
| |
| |
: ...more EAP Request/Response pairs... :
| |
| |
| Diameter-EAP-Answer |
| MIP6-Agent-Info{ |
| MIP-Home-Agent-Address(2001:db8:6000:302::1)} |
| MIP6-Feature-Vector=(LOCAL_HOME_AGENT_ASSIGNMENT |
| | MIP6_INTEGRATED) |
| Result-Code=DIAMETER_SUCCESS |
| EAP-Payload(EAP Success) |
| EAP-Master-Session-Key |
| (authorization AVPs) |
| ... |
|<----------------------------------------------------------------|
| |
Figure 4: Home Agent Assignment by the NAS or Diameter Server
If the Diameter server does not allow the MN to use a locally
assigned HA, the Diameter server returns to the MN the MIP6-Feature-
Vector AVP with the LOCAL_HOME_AGENT_ASSIGNMENT bit unset and the HA
address it allocated.
6. Attribute-Value Pair Occurrence Tables
Figure 5 lists the MIPv6 bootstrapping NAS-to-HAAA interface AVPs
along with a specification determining how many of each new AVP may
be included in a Diameter command. They may be present in any
Diameter application request and answer commands, where permitted by
the command ABNF.
Korhonen, et al. Standards Track [Page 12]
^L
RFC 5447 Diameter MIPv6 NAS-to-HAAA Interaction February 2009
+-----------+
| Command |
|-----+-----+
Attribute Name | Req | Ans |
-------------------------------|-----+-----|
MIP6-Agent-Info | 0+ | 0+ |
MIP6-Feature-Vector | 0-1 | 0-1 |
+-----+-----+
Figure 5: Generic Request and Answer Commands AVP Table
7. IANA Considerations
7.1. Registration of New AVPs
This specification defines the following AVPs that have been
allocated from a normal Diameter AVP Code space (values >= 256):
MIP6-Agent-Info is set to 486
The following new AVPs are to be allocated from RADIUS Attribute Type
space [RFC2865] so that they are RADIUS backward-compatible (AVP Code
values between 0-255):
MIP6-Feature-Vector is set to 124
MIP6-Home-Link-Prefix is set to 125
7.2. New Registry: Mobility Capability
IANA has created a new registry for the Mobility Capability as
described in Section 4.2.5.
Token | Value | Description
----------------------------------+---------------------+------------
MIP6_INTEGRATED | 0x0000000000000001 | [RFC5447]
LOCAL_HOME_AGENT_ASSIGNMENT | 0x0000000000000002 | [RFC5447]
Available for Assignment via IANA | 2^x |
Allocation rule: Only numeric values that are 2^x (power of two,
where x >= 2) are allowed, based on the allocation policy described
below.
Following the example policies described in [RFC5226], new values for
the Mobility Capability Registry will be assigned based on the
"Specification Required" policy. No mechanism to mark entries as
"deprecated" is envisioned.
Korhonen, et al. Standards Track [Page 13]
^L
RFC 5447 Diameter MIPv6 NAS-to-HAAA Interaction February 2009
8. Security Considerations
The security considerations for the Diameter interaction required to
accomplish the integrated scenario are described in [INTEGRATED].
Additionally, the security considerations for the Diameter base
protocol [RFC3588], the Diameter NASREQ application [RFC4005], and
the Diameter EAP application (with respect to network access
authentication and the transport of keying material) [RFC4072] are
applicable to this document. Developers should insure that special
attention is paid to configuring the security associations protecting
the messages that enable the global positioning and allocation of
home agents, for instance, as outlined in Section 5.
Furthermore, the Diameter messages may be transported between the NAS
and the Diameter server via one or more AAA brokers or Diameter
agents (such as proxies). In this case, the AAA communication from
the NAS to the Diameter server relies on the security properties of
the intermediate AAA brokers and Diameter agents.
9. Acknowledgments
This document is heavily based on the ongoing work for RADIUS MIPv6
interaction. Hence, credits go to respective authors for their work
with "RADIUS Mobile IPv6 Support" (November 2008). Furthermore, the
authors of this document would like to thank the authors of "Diameter
Mobile IPv6 Application" (November 2004) -- Franck Le, Basavaraj
Patil, Charles E. Perkins, and Stefano Faccin -- for their work in
the context of MIPv6 Diameter interworking. Their work influenced
this document. Jouni Korhonen would like to thank the Academy of
Finland and TEKES MERCoNe Project for providing funding to work on
this document while he was with TeliaSonera. Julien Bournelle would
like to thank GET/INT since he began to work on this document while
he was in their employ. Authors would also like to acknowledge
Raymond Hsu for his valuable feedback on local HA assignment and
Wolfgang Fritsche for his thorough review. Additionally, we would
like to Domagoj Premec for his review comments.
Finally, we would like to thank Alper Yegin, Robert Marks, and David
Frascone for their comments at the second WG Last Call.
Korhonen, et al. Standards Track [Page 14]
^L
RFC 5447 Diameter MIPv6 NAS-to-HAAA Interaction February 2009
10. References
10.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson,
"Remote Authentication Dial In User Service (RADIUS)",
RFC 2865, June 2000.
[RFC3588] Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and
J. Arkko, "Diameter Base Protocol", RFC 3588,
September 2003.
[RFC3775] Johnson, D., Perkins, C., and J. Arkko, "Mobility
Support in IPv6", RFC 3775, June 2004.
[RFC4004] Calhoun, P., Johansson, T., Perkins, C., Hiller, T.,
and P. McCann, "Diameter Mobile IPv4 Application",
RFC 4004, August 2005.
[RFC4005] Calhoun, P., Zorn, G., Spence, D., and D. Mitton,
"Diameter Network Access Server Application", RFC 4005,
August 2005.
[RFC4072] Eronen, P., Hiller, T., and G. Zorn, "Diameter
Extensible Authentication Protocol (EAP) Application",
RFC 4072, August 2005.
10.2. Informative References
[AAA] Giaretta, G., Guardini, I., Demaria, E., Bournelle, J.,
and R. Lopez, "AAA Goals for Mobile IPv6", Work
in Progress, May 2008.
[DSMIPv6] Solimand, H., "Mobile IPv6 Support for Dual Stack Hosts
and Routers (DSMIPv6)", Work in Progress,
December 2008.
[INTEGRATED] Chowdhury, K. and A. Yegin, "MIP6-bootstrapping for the
Integrated Scenario", Work in Progress, April 2008.
[RFC3753] Manner, J. and M. Kojo, "Mobility Related Terminology",
RFC 3753, June 2004.
Korhonen, et al. Standards Track [Page 15]
^L
RFC 5447 Diameter MIPv6 NAS-to-HAAA Interaction February 2009
[RFC4640] Patel, A. and G. Giaretta, "Problem Statement for
bootstrapping Mobile IPv6 (MIPv6)", RFC 4640,
September 2006.
[RFC5026] Giaretta, G., Kempf, J., and V. Devarapalli, "Mobile
IPv6 Bootstrapping in Split Scenario", RFC 5026,
October 2007.
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing
an IANA Considerations Section in RFCs", BCP 26,
RFC 5226, May 2008.
Korhonen, et al. Standards Track [Page 16]
^L
RFC 5447 Diameter MIPv6 NAS-to-HAAA Interaction February 2009
Authors' Addresses
Jouni Korhonen (editor)
Nokia Siemens Networks
Linnoitustie 6
Espoo FIN-02600
Finland
EMail: jouni.nospam@gmail.com
Julien Bournelle
Orange Labs
38-4O rue du general Leclerc
Issy-Les-Moulineaux 92794
France
EMail: julien.bournelle@orange-ftgroup.com
Hannes Tschofenig
Nokia Siemens Networks
Linnoitustie 6
Espoo 02600
Finland
EMail: Hannes.Tschofenig@nsn.com
URI: http://www.tschofenig.priv.at
Charles E. Perkins
WiChorus Inc.
3590 North First St., Suite 300
San Jose, CA 95134
US
EMail: charliep@wichorus.com
Kuntal Chowdhury
Starent Networks
30 International Place
Tewksbury, MA 01876
US
EMail: kchowdhury@starentnetworks.com
Korhonen, et al. Standards Track [Page 17]
^L
|