Internet DRAFT - draft-bharatia-aaa-opt-ha-assign
draft-bharatia-aaa-opt-ha-assign
AAA Working Group Jayshree Bharatia
Internet Draft Kuntal Chowdhury
Category: Standards Track Nortel Networks
Expires on May 2002
<draft-bharatia-aaa-opt-ha-assign-00.txt> November 2001
Optimized Dynamic Home Agent Assignment Using DIAMETER
Status of this Memo
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026. Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas,
and its working groups. Note that other groups may also distribute
working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet-Drafts as
reference material or to cite them other than as "work in progress".
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html
Abstract
The operation of determining dynamic Home Agent (HA) is currently
defined in [MIPBis] and a DIAMETER usage for Mobile IP application
is specified in [MIPApp]. This document enhances the DIAMETER usage
for Mobile IP application discussed in [MIPApp] and offers an
optimized solution for dynamically assigning a Home Agent. The
proposed solution:
- Reduces the number of AAA message exchanges between the Home AAA
(AAAH) and the Foreign AAA (AAAF) for dynamic home agent
assignment in the foreign network.
- Relieves the Foreign Agent (FA) and the AAAF of the burden of
processing AVPs that are based on the Home Agent (HA) address
received in a Registration Request (Reg-Request).
- Provides better scope of offering home network controlled services
by the network providers.
- Generalizes HA assignment operation between the AAAF and the AAAH.
- Also, it makes a better use of the AAAH policy for the HA
assignment operation.
Bharatia, Chowdhury [Page 1]
Internet Draft November 2001
1 Introduction
1.1 Glossary of Terms
AAA Authentication, Authorization and Accounting
AAAF AAA in foreign network
AAAH AAA in home network
FA Foreign Agent
HA Home Agent
AMR Mobile-Node-Request message
AMA Mobile-Node-Answer message
HAR Home-Agent-MIP-Request message
HAA Home-Agent-MIP-Answer message
1.2 Current Solution for Dynamic HA Assignment Using DIAMETER
The current solution proposed in [MIPApp] uses home agent address
received in Mobile IP Registration Request. The FA processes this
information and sends a MIP-Feature-Vector to the Foreign AAA (AAAF)
with Home-Agent-Requested flag set to one. The FA also sets the
Home-Address-Allocatable-Only-In-Home flag set to zero/one based on
the HA address specified in the Registration Request message i.e.
0.0.0.0/255.255.255.255 respectively.
If the AAAF determines that it is possible to assign the HA in the
foreign network and the MIP-Feature-Vector AVP set with appropriate
flags, it will set the Foreign-Home-Agent-Available flag to one in
MIP-Feature-Vector AVP. The AAAF sends this information to the AAAH.
At this point, the AAAH authenticates and determines whether its
local policy allows the user to have an HA in the foreign network.
Based on this policy, The AAAH may allow the AAAF to assign the HA
in the foreign network. Otherwise, the HAAA attempts to assign the
HA in the home network. In short, the AAAH has the ability to
supersede any specific dynamic HA assignment request based on local
policy.
If the AAAH allows the HA assignment in the foreign network, it
sends the Home-Agent-MIP-Request (HAR) message to the AAAF. Once the
assignment of an HA is completed in the foreign network, the AAAF
sends a HAA message to the AAAH. Upon receipt of the HAA message,
the AAAH sends an AMA response to the AAAF. The AAAF then relays the
AMA message to the FA. This confirms the completion of the
operation.
1.3 Proposed Solution for Dynamic HA Assignment Using DIAMETER
The proposed solution offers to treat HA information received in a
Registration Request transparently at the FA. Regardless of the
value that the HA address field contains in the received Mobile-
Node-Request (AMR) message from the mobile, FA relays the message
Bharatia, Chowdhury Expires May 2002 [Page 2]
Internet Draft November 2001
transparently to the AAAF. Upon receipt of the AMA message from the
FA, the AAAF sets Foreign-Home-Agent-Available flag to one if it is
possible to assign a HA in the foreign network and relays the AMA
message to the AAAH.
Upon receiving the AMA message from AAAF, the AAAH performs
authentication and authorization functions. The AAAH also determines
whether a dynamic HA assignment is requested by examining the HA =
255.255.255.255 in the AMA message. If yes, the AAAH determines
whether local policy allows the user to have an HA in the foreign
network. Based on this policy, The AAAH may allow the AAAF to assign
an HA in the foreign network, when the AAAF has set the Foreign-
Home-Agent-Available flag to one. Otherwise, the AAAH shall attempt
to assign the HA in the home network.
If the AAAH allows the HA assignment in the foreign network, it
sends the Mobile-Node-Answer (AMA) response to the AAAF with the
result-code DIAMETER-LIMITED-SUCCESS. Upon receipt of this AMA
message from the AAAH, the AAAF assigns an HA in the foreign network
and sends an AMR with new HA address to the FA which completes the
operation.
If the HA assignment in the foreign network fails, then the AAAF
sends an AMR message to the AAAH with a new flag indicating request
to assign HA in the home network due to failure in assigning an HA
in the foreign network.
Compared to the solution discussed in section 1.2, this proposal
offers the following advantages:
- For a home agent assignment in the foreign network, the number of
AAA exchanges between the AAAH and the AAAF is reduced. The AAAH
only authorizes the AAAF to assign an HA in foreign network, and
it is not involved in the HA assignment operation in the foreign
network. In case of failure in assigning an HA in the foreign
network, the AAAF shall notify the AAAH by sending an AMR with a
new flag.
- It relieves the burden of processing AVPs at the FA, based on the
HA address received in the Registration Request message from the
mobile.
- It provides better scope of offering the home network controlled
services by the network providers.
- It generalizes the HA assignment operation between the AAAF and
AAAH.
- Also, it makes a better use of the AAAH policy for the HA
assignment operation since the solution relies on the policy
configured in the Home AAA (AAAH) rather than acting on the HA
address received from the MN.
2 Conventions used in this document
Bharatia, Chowdhury Expires May 2002 [Page 3]
Internet Draft November 2001
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in
this document are to be interpreted as described in RFC-2119.
3 Detailed Description of the Proposed Solution
For effective use of home IP address, the home AAA SHOULD be able to
select an HA for use with the newly assigned home address. In many
cases, the MN will already know the address of its HA, even if the
MN does not already have an existing home address. Regardless of
what is being requested by HA, it MUST be still up to the local
policy provisioned at the AAAH to decide which HA is appropriate to
use.
When the FA receives this request with the HA address =
255.255.255.255 or any other valid IP address, it simply forwards
the received HA address and other relevant informations (including
HA address) in a Mobile-Node-Request (AMR) message as mentioned in
[MIPApp], to the AAAF.
Upon receipt of the AMR message, the AAAF checks whether it is
possible to assign an HA in the foreign network. If it is possible,
then it MUST add a MIP-Feature-Vector AVP to Mobile-Node-Request
(AMR) with the Foreign-Home-Agent-Available flag set to one. Setting
up this flag basically indicates that AAAF is willing/able to assign
an HA in the foreign network.
When the AAAH receives the AMR message, it first
authenticates/authorizes data received in the AMR message. As per
the local policy, it MAY be possible to have an HA in the foreign
network for a particular user. In this case, it SHOULD follow a
procedure discussed in section 3.1 of this document. Otherwise, the
AAAH shall assign an HA in the home network by following the
procedure described in [MIPApp].
3.1 Home Agent in Foreign network
The message exchanges for successful dynamic HA assignment in a
foreign network is shown in Figure 1 and 2.
Visited Home
Network Network
+--------+ ------- AMR -------> +--------+
| AAAF | <------ AMA -------- | AAAH |
| | | |
+---->| server | | server |
| +--------+ +--------+
| ^ |
| | |
HAR/HAA | AMR | | AMA
v | v
Bharatia, Chowdhury Expires May 2002 [Page 4]
Internet Draft November 2001
+---------+ +---------+
| Home | | Foreign |
| Agent | | Agent |
+---------+ +---------+
^
+--------+ | Reg-Request/Reply
| Mobile |<----------+
| Node | Mobile IP
+--------+
Figure 1: Dynamic HA Assignment in Foreign Network
If the local policy at the AAAH allows an HA assignment in the
foreign network, the AAAH MUST set the result-code to DIAMETER-
LIMITED-SUCCESS in a Mobile-Node-Answer (AMA) message and send it to
the AAAF.
MN FA HA(Foreign Network) AAAF AAAH
-- -- -- ---- ----
----Reg-Request-->
---------------AMR----------------->
-----AMR---->
<----AMA-----
<------------------HAR----
------------------HAA---->
<----------------AMA-----------------
<----Reg-Reply----
Figure 2: Message Exchanges for Dynamic HA Assignment in Foreign
Network
Since the AAAF receives an AMA message result-code DIAMETER-LIMITED-
SUCCESS, it MUST assign an HA in the foreign network. Hence the AAAF
sends a Home-Agent-MIP-Request (HAR) message to a dynamically
assigned HA in the foreign network. Once a Home-Agent-MIP-Answer
(HAA) response is received from this new HA, the AAAF sends an AMA
message to the FA. This completes the successful assignment of an HA
in foreign network.
If the assignment of an HA fails in the foreign network after
receiving AMA from the AAAH, the AAAF MUST initiate an AMR to the
AAAH. At this time the AAAF adds MIP-Feature-Vector AVP to Mobile-
Node-Request (AMR) with the Home-Agent Assignment-in-Foreign-
Network-Failed flag set to one. The AAAF sends this AMR message to
AAAH for an HA assignment in the home network. Upon receipt of this
AMR message, the AAAH shall assign a HA in the home network if
permitted by the local policy. Otherwise, an error DIAMETER-ERROR-
HA-NOT-AVAILABLE is sent to AAAF, which subsequently forwards the
dynamic HA assignment failure to the MN in a Registration Reply
(Reg-Reply) message.
MN FA HA(Home Network) AAAF AAAH
-- -- -- ---- ----
Bharatia, Chowdhury Expires May 2002 [Page 5]
Internet Draft November 2001
----Reg-Request-->
---------------AMR----------------->
-----AMR---->
<------------------HAR----------------
------------------HAA---------------->
<----AMA---
<----------------AMA--------------
<----Reg-Reply----
Figure 3 Home Agent Assignment Failure in Foreign Network
4 IANA Considerations
New flag Home-Agent Assignment-in-Foreign-Network-Failed is defined
for existing AVP MIP-Feature-Vector whose namespace is already
assigned by [MIPApp].
5 Security Considerations
The solution proposed in this document is an optimized solution for
dynamically assignment of HA and it does not add new functionality.
Hence there may not be any new security requirements exist.
6 References
[MIPReq] "Mobile IP Authentication, Authorization and Accounting
Requirements", RFC 2977
[MIPApp] "DIAMETER Mobile IPv4 Application", draft-ietf-aaa-
diameter-mobileip-07.txt, Work in progress, July 2001
[3GAAAReq] "CDMA2000 Wireless Data Requirements for AAA", RFC 3141
[DIAMETER] _DIAMETER Base Protocol_ draft-ietf-aaa--07.txt, Work in
progress, July 2001
[MIPBis] _IP Mobility Support for IPv4, revised_ Work in
progress, September 2001
7 Acknowledgments
Authors like to thank Pete Wenzel, Glenn Morrow and Tony Saboorian
for their valuable input to this work.
8 Author's Address
Jayshree Bharatia
Nortel Networks
2221, Lakeside Blvd,
Richardson, TX-75082
Phone: 972-684-5767
jayshree@nortelnetworks.com
Kuntal Chowdhury
Nortel Networks
Bharatia, Chowdhury Expires May 2002 [Page 6]
Internet Draft November 2001
2221, Lakeside Blvd,
Richardson, TX-75082
Phone: 972-685-7788
chowdury@nortelnetworks.com
Bharatia, Chowdhury Expires May 2002 [Page 7]
