Mobile IPv6 Draft 17

1
Mobile IPv6 Draft 17
CNET ???
2
11. Mobile Node Operation
11.1 Conceptual Data Structures 11.2 Packet
Processing 11.3 Home Agent and Prefix
Management 11.4 Movement 11.5 Return
Routability Procedure 11.6 Processing
Binding 11.7 Receiving ICMP Error Message
3
11.1 Conceptual Data Structures
Each mobile node MUST maintain a Binding Update
List and Home Agents List. Each BUL entry
contains the following fields - the IP
address of node - the home address - the
care-of address - the initial value of the
Lifetime - the remaining lifetime of that
binding - maximum value of the Sequence
Number - the time at which a Binding Update
was last sent to this dest. - the state of any
retransmissions needed for this Binding Update
- flag
4
11.1 Conceptual Data Structures (cont.)
the BUL also contains data related to running
the return routability procedure. - the time
at which HoTI or CoTI message was last sent to
this dest. - the state of any retransmissions
- mobile cookie value - home and care-of
nonce indices - the time at which each of the
cookies was received from this CN
5
11.2 Packet Processing
11.2.1 Sending Packets While Away from Home
while mobile node is away from home, a mobile
node MAY choose among these in selecting the
source address - while mobile node SHOULD
user its home address ( if a binding exists,
the mobile node SHOULD send the packets
directly to the correspondent node
otherwise, the mobile node MUST use reverse
tunneling. ) - for short-term communication,
the mobile node MAY choose to directly use
one of its care-of addresses as the source
address ( not requireing the use of a Home
Address option )
6
11.2 Packet Processing (cont.)
For each other packet sent by the mobile node,
special Mobile IP processing of the packet is
required. direct delivery - using
the mobile nodes home address as the source
address. - insert a Home Address option
into the packet. - change the Source
Address field to one of the care-of addresses.
(to safely pass through any router
implementing ingress filtering) reverse
tunneling - sent to the home agent
using IPv6 encapsulation. - the Source
Address is the primary care-of address -
the Destination Address is the home agents
address - MAY be protected using a AH or
ESP header, depending on the security
polices used by the home agent
7
11.2 Packet Processing (cont.)
11.2.2 Interaction with Outbound Ipsec Processing
IPsec is being used in transport mode and that
the mobile node is using its home address as the
source address - the packet is created by
higher layer protocols and applications - the
packet is compared against the IPsec security
policy database to determine what processing
is required for the packet - the packet is
either mapped to an existing Security
Association, or a new SA - the mobile
node is either using reverse tunneling or route
optimization to reach the correspondent
node. the AH authentication data MUST be
calculated as if the following were true -
the source address is the mobile nodes home
address - the Home Address field of the Home
Address Destination option contains the new
care-of address
8
11.2 Packet Processing (cont.)
when using any automated key management
protocol - MUST use its care-of address as
the Source Address - MUST include an ISAKMP
Identification Payload
9
11.2 Packet Processing (cont.)
11.2.3 Receiving Packets While Away from Home
a mobile node will receive packets addressed to
its home address, by one of threed methods
- be intercepted by the home agent, encapsulated
using IPv6 encapsulation, and tunneld to
the care-of address - be sent by the
correspondent node using a type 2 Routing header
- sent by correspondent node that contains an
out-of-date care-of address, as descrived
above. received by either the first or last of
these three methods, the MN SHOULD send a
Binding Update to the sender. when it encounters
a Type 2 Routing header - the length field is
exactly 2 - the segment left field is either
0 or 1 - the Home Address field is one of the
nodes home addresses ( if the segments
left field was 1 )
10
11.2 Packet Processing (cont.)
11.2.4 Routing Multicast Packet
in order to receive packets sent to some
multicast group, a mobile node must join that
multicast group. the mobile node SHOULD use one
of its care-of addresses use the Home Address
destination option in the sent control message
a mobile node MAY join multicast groups via a
bi-directional tunnel to its home agent to
send packets to a multicast group - send
directly on the foreign link being visited -
send via a tunnel to its home agent ( MUST
use its home address as the source address )
11
11.3 Home Agent and Prefix Management
11.3.1 Receiving Local Router Advertisement
Message
on receipt of a valid Router Advertisement, the
mobile node performs the following steps -
if the Home Agent (H) bit is not set , the
sending node has an entry, delete the
corresponding entry. ( skip all of the following
step ) - extract the Source Address from the
IP header - determine the preference -
determine the lifetime - if the lifetime
value is zero, delete this entry - otherwise,
reset its lifetime and preference to the values
- if the link-local address is not already
present, create a new entry - determine any
global address of the home agent based on each
Prefix Information option ( the Router
Address (R) bit is set )
12
11.3 Home Agent and Prefix
Management(cont.)
11.3.2 Dynamic Home Agent Address Discovery
the mobile node sends an ICMP Home Agent Address
Discovery Request message to the anycast
address for its home subnet prefix when
receiving reply message, MAY then send its home
registration Binding Update mobile node MUST
attemp any new registration first with that home
agent INITIAL_DHAAD_TIMEOUT, DHAAD_RETRIES
13
11.3 Home Agent and Prefix
Management(cont.)
11.3.3 Sending Mobile Prefix Solicitations
mobile node sends a Mobile Prefix Solicitation
th its home agent in an attempt to acquire fresh
routing prefix information the mobile node
SHOULD send a Solicitation to the home agent
when its home address will become invalid within
MaxRtrAdvInterval seconds it MAY use its
care-of address, but there will not be a
security association
14
11.3 Home Agent and Prefix
Management(cont.)
11.3.4 Receiving Mobile Prefix Advertisements
it MUST validate it according to the follows
tests - the source address is the same as
the home agent address ( if one exists,it
SHOULD be the mobile nodes stored home agent
address. ) - the packet MUST be
protected by Ipsec, if a security association
exists the mobile node MUST process the
Prefix Information options. ( configuring a new
home address ) if the advertisement contains a
Binding Refresh option, the mobile node SHOULD
return a Binding Update. the mobile node MUST
set the Duplicate Address Dection (D) bit in
this Binding Update to its home agent.
15
11.4 Movement
11.4.1 Movement Detection
the primary mechanism uses IPv6 Neighbor
Discovery, including Router Discovery and
Neighbor Unreachability Detection. the mobile
node maintains an entry in its Default Router
List for each router and an entry in its Prefix
List for each subnet prefix. a mobile node MAY
also have associated additional care-of address,
using other subnet prefixes from its Prefix
List. to detect when its default router becomes
unreachable a mobile node SHOULD use Neighbor
Unreachability Detection. the mobile node will
have frequent opportunity to check if it is
still reachable from its default router
16
11.4 Movement (cont.)
the mobile node MAY use its Advertisement
Interval option field as an indication of the
frequency with which it SHOULD expect to
continue to receive future Advertisements from
that router. ( specifies the minimum rate )
promiscuous receive mode it is able to receive
all packets on the link (may be useful on very
low bandwidth links, consume additional energy)
all link-layer mobility indications from lower
layers do not necessarily indicate a movement of
the mobile node to a new link lower-layer
informations might also be useful to a mobile
node in deciding to switch its primary care-of
address
17
11.4 Movement (cont.)
11.4.2 Forming New Care-of Addresses
a mobile node SHOULD form a new primary care-of
address using one of the on-link subnet prefixes
advertised by the new router. ( MUST NOT do
so too frequently , MAX_UPDATE_RATE) after
discovering a new on-link subnet prefix, a mobile
node MAY form a new care-of address using that
subnet prefix. ( even when it has not
switched to a new default router ) a mobile
node MAY use either stateless or stateful Address
Autoconfiguration. ( MUST use an IPv6
link-local address ) a mobile node may already
know a IPv6 address that has be assigned.
18
11.4 Movement (cont.)
a mobile node MAY perform Duplicate Address
Detection on that new address to confirm its
uniqueness. (would cause a delay) a mobile
node SHOULD delay sending the initial Neighbor
Solicitation message of Duplicate Address
Detection by random delay between 0 and
MAX_RTR_SOLICITATION_DELAY.
19
11.4 Movement (cont.)
11.4.3 Using Multiple Care-of Addresses
a mobile node MAY use more than one care-of
address at a time. (e.g. with overlapping
wireless cells) to assist with smooth
handovers, a mobile node SHOULD retain its
previous primary care-of address as a care-of
address
20
11.5 Return Routability Procedure
11.5.1 Sending Home and Care-of Test Init Messages
a mobile node that initiates a return
routability procedure MUST send a Home Test
Init message and Care-of Test Init messages.
MUST record in its Binding Update List the
following fields - the IP address of the
node - the home address for which the binding
is desired. - the time at which each of these
message was sent. - the mobile cookie
21
11.5 Return Routability Procedure (cont.)
11.5.2 Receiving Return Routability Messages
Upon receiving HoT message, a mobile node MUST
validate the packet according to the following
tests - the Header Length field is greater
than or equal - the source address belongs to
a correspondent node - the Binding Update
List indicates that no home cookie - the
Destination Address is the home address of the
mobile node - the Mobile Cookie field matches
the value stored in the Binding Update
List. if the message satisfy all of these tests,
the mobile node MUST record the Home Nonce Index
and Home Cookie in the Binding Update List.
22
11.5 Return Routability Procedure (cont.)
Upon receiving a CoT message a mobile node MUST
validate the packet according to the following
tests - the Header Length field is greater
than of equal - the Source Address belongs to
a correspondent node - the Binding Update
List indicates that no care-of cookie has been
received yet. - the Destination Address
is the current care-of address - the Mobile
Cookie field matches the value stored in the
Binding Update List if the message
satisfy all of these tests, the mobile node MUST
record the Care-of Nonce Index and Care-of Cookie
in the Binding Update List. the Binding Update
List entry has both the Home and Care-of
Cookies, the return routability procedure is
complete. respond to HoTI and CoTI message with
an ICMP Parameter Problem code1
23
11.5 Return Routability Procedure (cont.)
11.5.3 Retransmitting in the Return Routability
Procedure
it should use the specified value of
INITIAL_BINDACK_TIMEOUT for this initial
retransmission timer. the retranmissions MUST
use an exponential back-off process the timeout
period is doubled upon each retransmission until
either the node receives valid response or the
timeout period reaches the value
MAX_BINDACK_TIMEOUT.
11.5.4 Rate Limiting for Return Routability
Procedure
MUST NOT send more often than MAX_UPDATE_RATE
seconds after sending MAX_FAST_UPDATE, reduce
its rate to SLOW_UPDATE_ RATE
24
11.6 Processing Binding
11.6.1 Sending Binding Updates to the Home Agent
the Binding Update message constructed as
follows - the Home Registration (H) bit
MUST be set - the Acknowledge (A) bit MUST be
set - MUST contain a Home Address destination
option - the care-of address MUST be used as
the Source Address - if the mobile node
desires that only a single home address, the s
bit can be set to 1 ( default behavior )
- the Lifetime SHOULD be less than of equal to
the remaining lifetime the mobile node MUST also
create or update the corresponding Binding
Update entry if the mobile node has additional
home addresses , then the mobile node SHOULD
send a Binding Update
25
11.6 Processing Binding (cont.)
if the lifetime for recent Binding Update has
not yet expired, the mobile node SHOULD NOT set
the D bit in the new Binding Update. the home
agent only perform DAD when the mobile node has
supplied a valid binding between its home
address and a care-of address
26
11.6 Processing Binding (cont.)
11.6.2 Correspondent Binding Procedure
when mobile node is assured that its home
address is valid, it MAY at any time initiate a
correspondent binding procedure. (e.g. by the
home agents use the Dbit of Binding Update )
a mobile node MAY also send a Binding Update to
such a correspondent node to instruct it to
delete amy existing the Binding Update
requests the correspondent node to create or
update an entry for the mobile node (the
lifetime should be set less than or equal to the
remaining lifetime) if the care-of address is
set to the home address, the Binding Update
requests to delete any existing Binding Cache
entry
27
11.6 Processin Binding (cont.)
the mobile node need not initiate these actions
immediately after configuring a new care-of
address (if the mobile node is not going to stay
long, this is useful) the mobile node SHOULD
initiate a return routability procedure that
meets all of the following tests - the
packet was tunneled using IPv6 encapsulation
- the Destination Address is equal to any of the
mobile nodes care-of address - the
Destination Address is equal to one of the mobile
nodes home addresses or previous care-of
addresses - the Source Address in the tunnel
(outer) IPv6 header differs from the Source
Address in the tunnel (inner) IPv6 header it is
not generally required to be acknowledge
28
11.6 Processin Binding (cont.)
the mobile node SHOULD NOT continue to retranmit
the Binding Update once the retranmission
timeout period has reached MAX_BINDACK_TIMEOUT.
the mobile node SHOULD create a Binding Update
message as follows - the Source Address
contain the current care-of address - the
Destination Address contain the correspondent
node address - the Mobility Header include
authenticator field which is calculated
based on the received Home and Care-of Cookies.
the last Sequence Number value is stored in its
Binding Update List entry for the destination.
the mobile node MUST NOT use the same Sequence
Number in two different Binding Updates.
29
11.6 Processin Binding (cont.)
11.6.3 Receiving Binding Acknowledgements
a mobile node MUST validate the packet according
to the following tests - underlying IPsec
protection is used. (sent by home agent) -
the authenticator field MUST be present and have
a valid value (sent by correspondent
node) - the Header Length is greater than of
equal - the Sequence Number field matches
the mobile node MUST examine the Status fields as
follows - if the Binding Update was accepted,
then the mobile node MUST stop
retransmitting the Binding Update. - the
Lifetime value max((L_remain
(L_update L_ack)), 0 ) - otherwise , the
mobile node MUST delete the entry
30
11.6 Processin Binding (cont.)
11.6.4 Receiving Binding Refresh Requests
when a mobile node recevies a packet containing
a Binding Refresh Request message, it MAY start
a return routability procedure. the mobile
node SHOULD NOT respond from unknown
correspondent nodes due to Denial-of-Service
concerns. the Lifetime field SHOULD be set to a
new lifetime. if the Binding Refresh Request
contains a Unique Identifier mobility option,
Update messages MUST include a Unique Identifier
option which is MUST be copied from Binding
Refresh Request message.
31
11.6 Processin Binding (cont.)
11.6.5 Receiving Binding Error Messages
it should first check if the mobile node has a
Binding Update List entry if the message
Status field was 1 - it MAY ignore the
message - it MUST remove the entry and route
further communication through home agent.
(no upper layer progress information) if the
message Status field was 2 - the mobile node
SHOULD ignore this message. - the mobile node
SHOULD cease the use of any extensions to this
specification.
32
11.6 Processin Binding (cont.)
11.6.6 Forwarding from a Previous Care-of Address
when a mobile node moves a new link, it sends a
Binding Update to any home agent on the link on
which the previous care-of address is located.
the mobile node utilizes the following specific
steps - the home address field in the Home
Address destination option MUST be set to
the previous care-of address - the care-of
address MUST be set to the new care-of address
(MAY instead include an Alternate Care-of
Address mobility option) - the Home
Registration (H) bit MUST be set all of the
procedures defined for home agent operation MUST
be followed by this home agent for this
registration
33
11.6 Processin Binding (cont.)
the Binding Update MUST be addressed to this
home agents global unicast address the
Binding Update packet MUST meet the
authentication requirements the mobile node
MUST use a Home Address destination option in
order to allow the IPsec polices. ( the home
address MUST be equal )
34
11.6 Processin Binding (cont.)
11.6.7 Returning Home
a mobile node detect that it has returned to its
home link, the mobile node SHOULD then send a
Binding Update to its home agent. the mobile
node MUST set the care-of address to the mobile
nodes own home address. the mobile node MUST
set the Acknowledge (A) bit and Home Home
registration (H) bits and SHOULD retransmit the
Binding Update until a matching Binding
Acknowledgement is recevied. a Neighbor
Solicitation from the mobile node using its home
address as the Source Address would be detected
by the home agent as a duplicate address.
35
11.6 Processin Binding (cont.)
the mobile node MUST unicast the packet that the
Source Address is set to the unspecified address
(00000000) by processing this Binding
Update, the home agent will cease defending the
mobile nodes home address for Duplicate Address
Detection and will no longer repond to Neighbor
Solicitations. mobile node MUST NOT perform
Duplicate Address Detection on its own home
address. if mobile node returns home after the
bindings for its care-of address have expired,
then SHOULD perform DAD. the Home Agent MUST
remove the Proxy Neighbor Cache entry and MAY
learn its link-layer address based on the
link-layer packet or cached information.
36
11.6 Processin Binding (cont.)
it SHOULD send a Neighbor Solicitation, and the
mobile node MUST then reply with a unicast
Neighbor Advertisement. the mobile node MUST
multicast onto the home link a Neighbor
Advertisement message. the mobile node MAY
retransmit these Neighbor Advertisement message
up to MAX_ADVERT_REXMIT timeto increase their
reliability.
37
11.6 Processin Binding (cont.)
11.6.8 Retransmitting Binding Updates
when the mobile node sends a Binding Update, it
has to determine a value for initial
retransmission timer. it should use the
specified value of INITIAL_BINDACK_TIMEOUT for
this initial retransmission timer. it SHOULD
use a value that is at least 1.5 times longer
than ( RetransTimer DupAddrDetectTransmits
) retransmitted Binding Update MUST use a
Squence Number value greater than the Sequence
Number of previous transmission. the
transmissions MUST use an exponential back-off
process. (timeout period is doubled until
either receives BA or reaches
MAX_BINDACK_TIMEOUT )
38
11.6 Processin Binding (cont.)
11.6.9 Rate Limiting Binding Updates
a mobile node MUST NOT send more often than once
per MAX_UPDATE_RATE seconds. after sending
MAX_FAST_UPDATE, reduce its rate to
SLOW_UPDATE_ RATE
39
11.7 Receiving ICMP Error Messages
any node receiving a Mobility header that does
not recognize the protocol SHOULD return an
ICMP Parameter Problem, Code 1. the node SHOULD
record in its Binding Update List that future
Binding Updates SHOULD NOT be sent to this
destination. if a mobile node receives an ICMP
Parameter Problem, Code 2, message from some
node indicating that it does not support the
Home Address option.