1、 TIA-1117 October 2011Mobile IPv6 Enhancements NOTICE TIA Engineering Standards and Publications are designed to serve the public interest through eliminating misunderstandings between manufacturers and purchasers, facilitating interchangeability and improvement of products, and assisting the purcha
2、ser in selecting and obtaining with minimum delay the proper product for their particular need. The existence of such Standards and Publications shall not in any respect preclude any member or non-member of TIA from manufacturing or selling products not conforming to such Standards and Publications.
3、 Neither shall the existence of such Standards and Publications preclude their voluntary use by Non-TIA members, either domestically or internationally. Standards and Publications are adopted by TIA in accordance with the American National Standards Institute (ANSI) patent policy. By such action, TI
4、A does not assume any liability to any patent owner, nor does it assume any obligation whatever to parties adopting the Standard or Publication. This Standard does not purport to address all safety problems associated with its use or all applicable regulatory requirements. It is the responsibility o
5、f the user of this Standard to establish appropriate safety and health practices and to determine the applicability of regulatory limitations before its use. (From Project No. 3-0263-B, formulated under the cognizance of the TIA TR-45 Mobile (b) there is no assurance that the Document will be approv
6、ed by any Committee of TIA or any other body in its present or any other form; (c) the Document may be amended, modified or changed in the standards development or any editing process. The use or practice of contents of this Document may involve the use of intellectual property rights (“IPR”), inclu
7、ding pending or issued patents, or copyrights, owned by one or more parties. TIA makes no search or investigation for IPR. When IPR consisting of patents and published pending patent applications are claimed and called to TIAs attention, a statement from the holder thereof is requested, all in accor
8、dance with the Manual. TIA takes no position with reference to, and disclaims any obligation to investigate or inquire into, the scope or validity of any claims of IPR. TIA will neither be a party to discussions of any licensing terms or conditions, which are instead left to the parties involved, no
9、r will TIA opine or judge whether proposed licensing terms or conditions are reasonable or non-discriminatory. TIA does not warrant or represent that procedures or practices suggested or provided in the Manual have been complied with as respects the Document or its contents. If the Document contains
10、 one or more Normative References to a document published by another organization (“other SSO”) engaged in the formulation, development or publication of standards (whether designated as a standard, specification, recommendation or otherwise), whether such reference consists of mandatory, alternate
11、or optional elements (as defined in the TIA Engineering Manual, 4thedition) then (i) TIA disclaims any duty or obligation to search or investigate the records of any other SSO for IPR or letters of assurance relating to any such Normative Reference; (ii) TIAs policy of encouragement of voluntary dis
12、closure (see Engineering Manual Section 6.5.1) of Essential Patent(s) and published pending patent applications shall apply; and (iii) Information as to claims of IPR in the records or publications of the other SSO shall not constitute identification to TIA of a claim of Essential Patent(s) or publi
13、shed pending patent applications. TIA does not enforce or monitor compliance with the contents of the Document. TIA does not certify, inspect, test or otherwise investigate products, designs or services or any claims of compliance with the contents of the Document. ALL WARRANTIES, EXPRESS OR IMPLIED
14、, ARE DISCLAIMED, INCLUDING WITHOUT LIMITATION, ANY AND ALL WARRANTIES CONCERNING THE ACCURACY OF THE CONTENTS, ITS FITNESS OR APPROPRIATENESS FOR A PARTICULAR PURPOSE OR USE, ITS MERCHANTABILITY AND ITS NONINFRINGEMENT OF ANY THIRD PARTYS INTELLECTUAL PROPERTY RIGHTS. TIA EXPRESSLY DISCLAIMS ANY AN
15、D ALL RESPONSIBILITIES FOR THE ACCURACY OF THE CONTENTS AND MAKES NO REPRESENTATIONS OR WARRANTIES REGARDING THE CONTENTS COMPLIANCE WITH ANY APPLICABLE STATUTE, RULE OR REGULATION, OR THE SAFETY OR HEALTH EFFECTS OF THE CONTENTS OR ANY PRODUCT OR SERVICE REFERRED TO IN THE DOCUMENT OR PRODUCED OR R
16、ENDERED TO COMPLY WITH THE CONTENTS. TIA SHALL NOT BE LIABLE FOR ANY AND ALL DAMAGES, DIRECT OR INDIRECT, ARISING FROM OR RELATING TO ANY USE OF THE CONTENTS CONTAINED HEREIN, INCLUDING WITHOUT LIMITATION ANY AND ALL INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES (INCLUDING DAMAGES FOR LOSS
17、OF BUSINESS, LOSS OF PROFITS, LITIGATION, OR THE LIKE), WHETHER BASED UPON BREACH OF CONTRACT, BREACH OF WARRANTY, TORT (INCLUDING NEGLIGENCE), PRODUCT LIABILITY OR OTHERWISE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE FOREGOING NEGATION OF DAMAGES IS A FUNDAMENTAL ELEMENT OF THE USE OF
18、 THE CONTENTS HEREOF, AND THESE CONTENTS WOULD NOT BE PUBLISHED BY TIA WITHOUT SUCH LIMITATIONS. Mobile IPv6 Enhancements X.S0047-0 v1.0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 5
19、8 59 60 i 0BContents Document Title: Mobile IPv6 Enhancements CONTENTS 1 Introduction1 2 References2 2.1 Normative References2 2.2 Informative References3 3 Definitions, Symbols and Abbreviations4 3.1 Definitions .4 3.2 Symbols .4 3.3 Abbreviations.4 4 MIP6 Enhancement5 4.1 HA Assignment5 4.1.1 MS R
20、equirements 5 4.1.2 PDSN Requirements5 4.1.3 HAAA Requirements 6 4.1.4 VAAA Requirements 6 4.2 Home Address and Home Link Prefix Assignment .7 4.2.1 MS Requirements 7 4.2.2 HA Requirements 7 4.3 MIPv6 Registration7 4.3.1 MS Requirements 7 4.3.2 HA Requirements 7 5 MIP6 Security Enhancement8 5.1 IKEv
21、2 PSK Key Generation 8 5.2 MS Requirements 8 5.2.1 IKEv2 Pre-Shared Key Method.8 5.2.2 IKEv2 EAP Method.9 5.3 HA Requirements 9 5.3.1 IKEv2 Pre-Shared Key Method.10 5.3.2 IKEv2 EAP Method.10 5.4 HAAA Requirements.11 5.4.1 IKEv2 Pre-Shared Key Method.11 5.4.2 IKEv2 EAP Method.11 5.5 RADIUS and Diamet
22、er Support 11 5.5.1 Diameter Application and Commands.11 5.5.2 RADIUS Vendor Specific Attributes (VSAs) .15 6 MIP6 Route Optimization 17 6.1 MS Requirements 17 6.2 HA Requirements 17 X.S0047-0 v1.0 Mobile IPv6 Enhancements 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29
23、 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 0BContents ii 7 Call Flows 18 7.1 MIP6 Bootstrap and PSK based IKE Authentication used Diameter MIP6 IKE PSK Authentication (MIP6P) specified in this document. X.S0047-0 v1.0 Mobile IPv6 Enhancements 1 2 3
24、4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 5 MIP6 Security Enhancement 12 5.5 RADIUS and Diameter Support An HA supporting either these two MIP6 Authentication schemes shall adve
25、rtise support by including these Application IDs in the Diameter capability exchange procedure define by Diameter base 19. 5.5.1.1 Command Codes for Diameter MIP6 Authenticaiton with EAP based IKEv2 The command codes used with EAP based IKEv2 authentication are defined in 9. 5.5.1.2 Command Codes fo
26、r Diameter MIP6 Authentication using PSK based IKEv2 The PSK based IKEV2 MIP6 Authentication Application supports the following command codes: Table 1 Diameter Command Codes for PSK based IKEv2 Command-Name Abbreviation Code Reference IKEv2-PSK-Request IPR TBD This specification IKEv2-PSK-Answer IPA
27、 TBD This specification Session-Termination-Request STR 275 19 Session-Termination-Answer STA 275 19 Abort Session Request ASR 274 19 Abort Session Answer ASA 274 19 Commands IPR/IPA are defined below and are used by the HA to retrieve the Preshared Key needed to authenticate the MIP6 BU. The IKEv2-
28、PSK-Request /Answer commands (Table 1) are exchanged between the HA and the HAAA. The commands are exchanged in order to provide the HA with keys necessary to validate the AUTH message of the IKEv2 exchange. STR is used by the HA to inform the HAAA when the BU session has terminated. The HAAA acknow
29、ledge reception of the STR with an STA. These commands are used as per 19. ASR is used by the HAAA to terminate a MIP6 session and is used as per 19. ASA is used by the HA to acknowledge receipt of the ASR. Subsequently the HA shall take further actions to terminate the corresponding MIP6 binding. 5
30、.5.1.3 IKEv2-PSK-Request/Answer Command 5.5.1.3.1 IKEv2-PSK-Request The IKEv2-PSK-Request message, indicated with the Command-Code set to TBD is sent from the HA to the HAAA to initiate IKEv2 PSK authorization. The Application-ID field of the Diameter Header shall be set to the Diameter MIP6 Authori
31、zation Application ID (value of TBD). := Mobile IPv6 Enhancements X.S0047-0 v1.0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 5.5 RADIUS and Diameter Support 13 5 MIP6 Security Enh
32、ancement 39 40 5.5 Auth-Application-Id Origin-Host Origin-Realm Destination-Realm Auth-Request-Type Auth-Request-Type value MUST be set to AUTHORIZE_ONLY (2) as defined in RFC3588 16 User-Name Session-Key-Nonces Contains nonces used for MIP6-IKEv2-Key generation. Destination-Host Origin-State-Id Aut
33、h-Session-State NAS-IP-Address NAS-IPv6-Address NAS-Port-Type NAS-Identifier MIP-Mobile-Node-Address MIP-Home-Agent-Address MIP-Home-Agent-Address *Proxy-Info *Route-Record *AVP.1.3.2 IKEv2-PSK-Answer The IKEv2-PSK-Answer message, indicated by the Command-Code field set to TBD, is sent by the AAA to
34、 the HA in response to the IPR command. If the Mobile IPv6 authorization procedure was successful then the response shall include Master-Security-Association. The Application-ID field in the Diameter header shall be set to the Diameter MIP6 Authorization Application-ID (value of TBD). The following
35、specifies the allowed AVPs in the command: := Auth-Application-Id Result-Code Origin-Host Origin-Realm X.S0047-0 v1.0 Mobile IPv6 Enhancements 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 5
36、6 57 58 59 60 5 MIP6 Security Enhancement 14 5.5 RADIUS and Diameter Support Master-Security-Association Grouped AVP that contains the MIP6-IKEv2-Key that corresponds to the NAI that was requested in the IPR command. MUST be returned unless there is a failure. User-Name Origin-State-Id Error-Message
37、 Error-Reporting-Host * Failed-AVP Re-Auth-Request-Type * Redirected-Host Redirected-Host-Usage Redirected-Max-Cache-Time *Proxy-Info *Route-Record * AVP 5.5.1.4 Diameter AVPs Table 2 shows the meaning of the Diameter AVPs defined in columns of Table 3. Table 2 Meaning of the Request, Answer columns
38、 of Table 3. Coding Meaning 0 This attribute shall not be present. 0+ Zero or more instances of this attribute may be present. 0-1 Zero or one instance of this attribute may be present. 1 Exactly one instance of this attribute shall be present. Table 3 lists the Diameter AVPs used in the Diameter co
39、mmands exchanged between the HA and the AAA. Table 3 Diameter AVP exchanged between the HA and the AAA Attribute AVP Code Value Type Request Answer Comments User-Name 1 UTF8String 1 0-1 Users NAI, Case Sensitive. 19 NAS-IP-Address 4 OctetString 0-1 0 IP Addr of NAS in HA 20 Session-Timeout 27 Unsign
40、ed32 0 0-1 Seconds until forced session termination and re-authentication required. 19 Idle-Timeout 28 Unsigned32 0 0-1 Seconds of idle time before Mobile IPv6 Enhancements X.S0047-0 v1.0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 32 33 34 35 36 37 38 39 40 41 42 4
41、3 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 5.5 RADIUS and Diameter Support 15 5 MIP6 Security Enhancement 30 31 auto-termination of session. 19Authorization-Lifetime 291 Unsigned32 0-1 0-1 0-Immediate re-authentication. 19 NAS-Identifier 32 UTF8String 0-1 0 Alternative to NAS-IP_Address to
42、 identify NAS. 20 NAS-Port-Type 61 Enumerated 0-1 0 5 = virtual. 20 NAS-IPv6-Address 95 OctetString 0-1 0 IPv6 Addr of NAS in HA. 20 MIP-Mobile-Node-Address 333 Address 0-1 0 Home Address of the mobile. 21 MIP-Home-Agent-Address 334 Address 0-1 0 Home Agent IP address. 21 Master-Security-Association
43、 5535/49 Grouped 0 0-1 Grouped AVP that includes session key related information. Session-Key-Nonces 5535/46 Grouped 0-1 0 Grouped AVP that describes Ni and Nr nonces exchanged between MS and HA, and sent from HA to AAA for MIP6-IKEv2-Key generation. Ni 5535/47 Unsigned32 0-1 0 The IKEv2 Initiators
44、nonce. Nr 5535/48 Unsigned32 0- The IKEv2 Responders nonce. 5.5.2 RADIUS Vendor Specific Attributes (VSAs) Table 4 shows the meaning of the Radius message columns in columns of Table 5. Table 4 Meaning of the the Request, Accept, Reject, Challenge columns of Table 2. Coding Meaning 0 This attribute
45、shall not be present. 0+ Zero or more instances of this attribute may be present. 0-1 Zero or one instance of this attribute may be present. 1 Exactly one instance of this attribute shall be present. Table 5 summarizes the RADIUS attributes in the Radius commands exchanged between the HA and the AAA
46、. Table 5 RADIUS Attributes exchanged between the HA and the HAAA Attribute Type Value Type Request Accept Reject Challenge Comments User-Name 1 String 1 0-1 0 0 Users NAI, Case Sensitive. 22 MS-MPEE-Send-Key 26/*/16 (Vendor Type = String 0 0-1 0 0 Contains MIP6-IKEv2-Key. 11 X.S0047-0 v1.0 Mobile I
47、Pv6 Enhancements 1 2 3 4 5 6 7 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 5 MIP6 Security Enhancement 16 5.5 RADIUS and Diameter Support 8 311) Session-Timeout 27 Integer 0 0-1 0 0 22 Sess
48、ion-Key-Nonces 26/212 String 0-1 0 0 0 Nonces exchanged between MS/AT and HA, and sent from HA to AAA for Key generation. Session-Key-Method 26/213 Integer 0-1 0 0 0 Indication that authorization for MIP6 IKEv2 PSK is needed. Mobile IPv6 Enhancements X.S0047-0 v1.0 3 6 7 8 9 10 11 12 13 14 15 18 19
49、20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 6.1 MS Requirements 17 6 MIP6 Route Optimization 1 2 6 MIP6 Route Optimization 4 5 16 17 6.1 MS Requirements The MS may support the return routability procedure, binding update procedure, and packet processing for the Mobile Node Operation and Correspondent Node Operation, according
