Internet DRAFT - draft-guri-seamoby-lahap
draft-guri-seamoby-lahap
Seamoby Working Group S. Gurivireddy
Internet Draft B. Sarikaya
Document: draft-guri-seamoby-lahap-00.txt A. Krywaniuk
Category: Standards track Alcatel USA
September 2001
Layer-2 aided mobility independent dormant host alerting
protocol
Status of this Memo
This document is an Internet-Draft and is in full conformance
with all provisions of Section 10 of RFC 2026. This is an
individual draft for consideration by Seamoby Working Group.
Internet Drafts are working documents of the Internet
Engineering Task Force (IETF), its areas and its working groups.
Note that other groups may also distribute working documents as
Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other
documents at any time. It is inappropriate to use Internet-
Drafts as reference material or to cite them other than as "work
in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html
Convention used in this draft
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described
in RFC-2119.
Abstract
This document introduces a new paging protocol nick-named
"LAHAP", which makes use of layer 2 triggers to anticipate
events related to paging in layer 2. LAHAP uses the
architectural entities defined in RFC 3154 to support dormant
mode in hosts connected to the Internet. LAHAP is not dependent
on any mobility protocol. Tracking agent keeps track of the
paging area of the HOST using layer 2 triggers. Dormant
monitoring agent intercepts the traffic for the node and queries
tracking agent for the last registered paging area. Dormant
monitoring agent asks paging agent to page the host. The paging
is done in the paging areas if available and on the subnet. The
host deregisters its paging registration after entering into the
active mode.
Gurivireddy,Sarikaya,Krywaniuk 1
�
Lahap September 2001
Table of contents
1. Terminology
2. Protocol
2.1. When HOST enters dormant mode
2.2. Forwarding traffic to a dormant HOST
2.3. When HOST changes from dormant to active mode
2.4. Triggers for paging
2.4.1 Paging area trigger
2.4.2 New paging mode trigger
2.4.3 Dormant Host not reachable trigger
2.4.4 Dormant Host reachable trigger
2.5. Binding cache
2.6. Mapping between paging areas and IP subnets
2.6.1. When multiple paging areas are part of a single
subnet
2.6.2. When multiple subnets are part of a single paging
area
2.7. On-link paging
3. Message formats
3.1. Registration request from HOST to DMA
3.2. Registration reply from DMA to HOST
3.3. Tracking request from DMA to TA
3.4. Tracking reply from TA to DMA
3.5. Paging request from DMA to PA
3.6. Paging reply message from PA to DMA
3.7. On-link Paging message
4. Security Issues
5. References
6. Authors' addresses
1. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as
described in RFC-2119 [4].
DMA
The Dormant Monitoring Agent is an Internet node, which detects
the delivery of packets to a Host that is in Dormant Mode. Once
a routable connection to the Host is created, the Dormant
Monitoring Agent arranges for delivery of the packet to the
Host. [1]
TA
The Tracking Agent is responsible for tracking a Host's location
while it is in dormant mode or active mode, and for determining
when Host enters inactive mode. There is a one to one mapping
between a Host and a Tracking Agent.
Gurivireddy, Sarikaya, Krywaniuk Expires March 2002 2
�
Lahap September 2001
PA
The Paging Agent is responsible for alerting the Host when a
packet arrives and the Host is in dormant mode. [1]
HOST
HOST refers to IPv6 node, which supports dormant mode operation.
Paging area
Collection of radio access points that is signaled to locate a
dormant mode HOST. A paging area does not necessarily
correspond to an IP subnet. [3]
Paging Area Multicast Address
If Layer 3 paging areas are supported then the tracking agents
are organized in the form of paging areas. Each region may have
one or more paging areas indicated by PA1, PA2, ą, PAn. The
tracking agents in paging area i are members of the paging area
multicast address (PAMAi). A paging area multicast address is an
IPv6 multicast address which is permanently assigned and is of
global scope.
2. Protocol
This protocol is a network layer protocol for paging. Protocol
allows arbitrary mapping between paging areas and IP subnets.
Dormant monitoring agent (DMA) maintains binding cache required
to page and forward traffic to a dormant host (HOST). HOST sends
updates to tracking agent, which caches the paging area in which
the HOST is located.
+-+-+ +-+-+-+-+-+-+-+-+ +-+-+-+
|DMA|------------| Internet |-----| PA |
+-+-+ +-+-+-+-+-+-+-+-+ +-+-+-+
|
+
|
+-+-+-+ +-+-+-+-+
| TA |---| AR | . . . (L3 Paging areas)
+-+-+-+ +-+-+-+-+
|
+
+-+-+-+-+-+-+
| | |
L2 L2 L2
Paging paging paging
area area area
Fig 1: Mapping between paging areas and subnets
Gurivireddy, Sarikaya, Krywaniuk Expires March 2002 3
�
Lahap September 2001
Whenever HOST enters dormant mode, it registers with DMA. HOST
registers paging area ID of its visited network with DMA.
The host gets the paging area ID from Layer 2 by way of triggers
(see Section 2.4). DMA intercepts traffic for HOST. As soon as
DMA detects traffic for HOST, DMA sends paging request to the
paging agent. The destination of paging request is paging agent.
Paging request contains HOST's home address. Dormant mode host
is paged. HOST comes back to active mode and sends dormant mode
deregistration message to DMA. Paging agent sends paging reply
to DMA. Paging reply contains the result of paging of HOST. HOST
MAY obtain IP address using address auto-configuration.
Whenever HOST changes paging area, the host and the tracking
agent are notified using layer 2 triggers. As long as HOST
remains in dormant mode, tracking agent has exact information
about the paging area in which the HOST is located. When DMA
detects traffic for HOST, DMA MAY send a tracking request
message, a datagram with destination options extension header,
to tracking agent. Tracking agent replies with the tracking
reply message which contains the identification of paging area
in which the host is located. DMA maps paging area ID with
paging agent's address to identify the paging agent and sends
paging request to the paging agent. Paging agent pages the HOST
by multicasting the paging request in paging area. HOST replies
to DMA by sending "dormant mode deregistration" message.
If HOST is not detected by paging, paging agent informs DMA in
the paging reply that HOST has not responded to paging. DMA
sends ICMP_HOST_UNREACHABLE message to the node, which is trying
to deliver datagrams to the host. Even if tracking agent doesn't
respond to "tracking request", DMA sends "ICMP HOST UNREACHABLE"
message to the node which is trying to deliver datagrams to the
host.
When HOST changes paging area, paging area trigger is sent up to
layer 3 at tracking agent. The trigger contains information
about the new paging area ID of the host. Tracking agent caches
the paging area ID supplied in the trigger.
Tracking agent is located on the subnet to which the host is
connected. The subnet also has a router marked as access router
(AR) in Figure 1. HOST is pre-configured with DMA's address.
2.1. When HOST enters dormant mode
The dormant mode host registers with DMA before entering dormant
mode. The host MUST send a dormant mode registration message to
DMA. Dormant mode registration message is an IPv6 datagram with
destination option extension header. The source address is
HOST's registered IPv6 address and the destination address is
DMA's IP address. The destination option contains the paging
area ID, lifetime of the registration, the hostĘs IPv6 address
Gurivireddy, Sarikaya, Krywaniuk Expires March 2002 4
�
Lahap September 2001
and dormant mode registration options. The options specify the
traffic intended to be received by HOST while in dormant mode.
Lifetime in the request specifies the time in seconds for which
HOST wants the registration to be valid. The lifetime field
specified in the reply may be equal to or less than that
specified in the request because of DMA's considerations. DMA
may limit lifetime due to various considerations like its
computing capability and current load. If lifetime field is set
to zero it indicates the registration has failed.
The messages defined here contain a header with type, code and
the sequence number. Sequence numbers for the requests start
from zero. Sequence numbers for subsequent requests are
incremented by one for each request. The sequence number in the
reply matches the one in the corresponding request. If no reply
is received within a timeout period then the host MUST
retransmit the registration request message.
2.2. Forwarding traffic to a dormant HOST
As soon as HOST registers with DMA, DMA starts intercepting the
traffic for HOST. DMA checks options specified by HOST in the
registrations. When DMA detects any traffic intended to be
received by HOST, DMA MAY send the tracking request message to
TA, if HOST has moved while in dormant mode. The tracking
request contains HOST's IP address. TA MUST reply with a
tracking reply message. Tracking reply contains HOST's last
registered paging area ID and the mode of the host. The source
address and destination addresses of tracking reply are TA and
DMA respectively. If TA replies that HOST is in inactive mode,
DMA sends ICMP_HOST_UNREACHABLE message to the node, which is
trying to communicate with HOST. Otherwise, DMA MUST send a
paging request message to paging agent.
Paging agent multicasts paging request to all routers multicast
address in its paging area. The host is paged using L2 paging
means or time-slot paging.
HOST replies to DMA with dormant mode deregistration message.
Deregistration message is a dormant mode registration message
with lifetime field set to zero. Also the host sends its new
IPv6 address in the visited network. DMA forwards the traffic to
HOST.
2.3. When HOST changes from dormant to active mode
When HOST comes back to active mode, HOST invalidates its
registration with DMA. HOST invalidates registration by sending
a new registration message with lifetime of zero. After the
registration is invalidated, DMA stops intercepting the packets
for HOST. All fields of registration and invalidation message
are the same except the lifetime field. The TA address field in
Gurivireddy, Sarikaya, Krywaniuk Expires March 2002 5
�
Lahap September 2001
the registration message is set to zero. In active mode, the
behavior of the protocol is the same as in the underlying
network protocol.
2.4. Triggers for paging
Some earlier Internet drafts defined triggers related to handoff
[2]. This protocol defines triggers related to dormant mode
operation of a host in Internet. This protocol takes advantage
of triggers from layer-2 at access router and HOST.
+-+-+-+-+-+-+-+-+-+-+--+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-++
| L2 trigger | When | To | Parameters |
+-------------+---------------------+--------+--------------+
| Paging | As soon as layer 2 | host,TA| New Paging |
| area | paging area of host| | area ID, |
| | changes | | host L2 |
| | | | address |
+-------------+---------------------+--------+--------------+
| New paging | As soon as host | host,TA| New mode |
| mode | changes its mode | | |
| | | | |
| | | | |
+-------------+---------------------+--------+--------------+
| Dormant host| When host is paged &| | L2 address of|
| not | no reply is received| PA | host |
| reachable | from Host | | |
+-------------+---------------------+--------+--------------+
| Dormant host| When host is paged &| | L2 address of|
| reachable | HOST responds to | PA | host |
| | paging request | | |
+-------------+---------------------+--------+--------------+
2.4.1. Paging area trigger
Whenever HOST changes layer 2 paging area, trigger paging area
is sent up to layer-3 at HOST. This trigger is also sent when
the host is powered on. The trigger contains the paging area ID.
The trigger is also available at TA. TA upon receiving this
trigger MUST update binding cache. This trigger helps tracking
agent to have updated information about the paging area of the
HOST.
2.4.2. New paging mode trigger
Whenever HOST changes mode from active to dormant, HOST performs
dormant mode registration with DMA. However this registration
would not be needed if new paging mode trigger could be used.
This trigger issued at DMA could serve as the reception of the
Gurivireddy, Sarikaya, Krywaniuk Expires March 2002 6
�
Lahap September 2001
paging registration request packet from the host. DMA replies
with dormant mode registration reply.
When host enters inactive mode the trigger is issued at TA. TA
MUST remove the host from its binding cache.
2.4.3. Dormant HOST not reachable trigger
When HOST is paged in a layer 2 paging area and HOST is not
found, this information is passed to the layer 3 at the paging
agent by using a trigger from layer 2. The PA MUST send paging
reply message back to DMA in which the result field is set to
zero and IP address is set to the hostĘs IPv6 address.
2.4.4. Dormant HOST reachable trigger
If HOST responds to paging, the trigger "Dormant HOST reachable"
is sent up to layer 3 at paging agent. This trigger helps paging
agent to determine whether HOST has responded to paging or not.
The paging agent MUST send paging reply message to DMA with
result field set to 1 and IP address is set to the hostĘs IPv6
address.
2.5. Binding cache maintained by agents
HOST and the agents need to maintain some state about the
dormant mode of the HOST. They need to remember the status of
HOST, number of messages sent to HOST. DMA needs to maintain in
its binding cache whether HOST is in dormant mode or in active
mode. DMA caches HOST's address, its tracking agent address, its
paging area ID and its paging options. Since multiple HOSTS may
share a single DMA, DMA needs to maintain a binding cache for
each HOST. Tracking agent caches HOST's IP address and its layer
2 paging area ID, if layer 2 paging is supported. All the
binding registrations have a lifetime, which specifies the time
in seconds after which the respective registration expires.
2.6. Mapping between paging areas and IP subnets
This protocol allows arbitrary mapping between IP subnets and
paging areas.
2.6.1. When multiple paging areas are part of a single subnet
When multiple paging areas are part of a single IP subnet
i.e. layer 2 paging areas are supported, tracking agent will
request layer 2 entities in its area to start layer 2 paging.
When the HOST changes paging area, information is passed to
TA using the layer 2 trigger of paging area of Section 2.4.1.
So, tracking agent has exact information of which paging area
the HOST is located. When the HOST changes the subnet, it
selects new TA. HOST registers new TA's address with DMA.
Gurivireddy, Sarikaya, Krywaniuk Expires March 2002 7
�
Lahap September 2001
2.6.2. When multiple subnets are part of a single paging area
When multiple subnets are part of a single paging area i.e.
layer 3 paging areas are supported, a paging request message
is multicast to the paging area multicast address. All the
tracking agents in that paging area become members of the
multicast group. This paging request in turn will start layer
2 paging of the HOST in all the subnets, which are part of
that paging area. After the HOST replies to the layer 2
paging, a paging reply message is delivered to PA by each
tracking agent. HOST replies with dormant mode deregistration
message to DMA.
Paging agent receives paging reply messages from the tracking
agent(s). If at least of the replies has the result field
set to one then the paging has succeeded. Otherwise PA may
continue to page in other paging areas or MAY declare the
host inaccessible. Paging agent MUST send paging reply
message to DMA, reporting the result of paging.
2.7. Time slotted paging
If there is L2 support for paging then on-link paging is used
as described in Section 2.8. It is assumed that if there is
no L2 support for paging on the subnet, the underlying
network supports time slotted paging. In this case the
tracking agent takes care of the paging on the subnet. After
receiving the paging request message from the Paging Agent,
tracking agent pages the HOST by periodically sending router
advertisement messages. HOST then replies to the DMA with
dormant mode deregistration message.
2.8.On-link paging
L2 paging is triggered by sending an on-link paging message.
On-link paging message is an IPv6 datagram with destination
option extension header. The tracking agent sets the
destination address of the message to the HOST's link local
address. On-link paging message MUST be sent by the tracking
agent only once. This message will trigger L2 paging on the
link which will eventually wake up the host. Tracking agent
replies to paging agent by sending a paging reply message
with the result of paging.
HOST responds to on-link paging with dormant mode
deregistration message. The sequence number in dormant mode
deregistration is obtained by incrementing sequence number in
the on-link paging message.
Gurivireddy, Sarikaya, Krywaniuk Expires March 2002 8
�
Lahap September 2001
3. Message formats:
All the registration requests and replies are defined by IPv6
destination options. General format of the messages is
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence number | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
| |
+ Payload +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-Type: TBD
-Code: Each message type is identified with a unique code
0 - Dormant mode registration message
1 - Dormant mode registration reply
2 - Tracking request
3 - Tracking reply
4 - Paging request
5 - Paging reply
6 - On-link paging message
-Checksum: Calculated as XOR of all 16 bit blocks. If size is
not a multiple of 16, zeros are padded at the end.
-Sequence number is a 24-bit number, which is incremented
each time a message is exchanged. Sequence number starts from
zero when new binding cache is created.
Length of message can be calculated from code because each
message has a fixed length.
Gurivireddy, Sarikaya, Krywaniuk Expires March 2002 9
�
Lahap September 2001
3.1. Registration request from HOST to DMA
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence number | Options |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ HOST IP address +
| |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ TA IP address or +
| |
+ New host IP address +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Paging area ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Lifetime of registration |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- HOST IP address: HOST's home address registered with DMA.
i.e. The address for which it wants DMA to intercept the
traffic
- TA IP address: Address of tracking agent, with which HOST
has a valid registration. i.e. A registration whose lifetime
has not expired
- Lifetime specifies the time in seconds for which HOST wants
DMA to keep the binding cache intact
- Paging area ID is valid only when HOST is registering for
the first time. When HOST registers for the first time, TA IP
address field is invalid. In subsequent registrations, TA IP
address field is valid, but paging area ID field is not
valid.
Options define the types of traffic for which DMA should
inform HOST. The bits of options field from left to right
(first to last) are defined as follows:
0 -> If bit number 0 =1, HOST wishes to receive traffic for
unicast address registered with HOST
1 -> If bit number 1 =1, HOST wishes to receive broadcast
traffic on the local subnet
Gurivireddy, Sarikaya, Krywaniuk Expires March 2002 10
�
Lahap September 2001
2 -> If bit number 2 =1, HOST wishes to receive multicast
traffic destined for the registered address
3,4,5,6,7 -> bits not used, may be used in future extensions
3.2. Registration reply from DMA to HOST
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence number | Options |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ TA IP address +
| |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| lifetime |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- Sequence number is incremented by one in the reply.
- Tracking agent's address from the request is copied into
the reply
- DMA decides the time after which HOST's registration will
expire. The time depends on factors like DMA's processing
power, and current load on DMA.
- Options field is copied from request. If DMA does not
support any option specified by HOST in the request, that bit
is turned off.
- Time for which the registration is valid
3.3. Tracking request from DMA to TA
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence number | Not used |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ HOST IP address +
| |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Gurivireddy, Sarikaya, Krywaniuk Expires March 2002 11
�
Lahap September 2001
3.4. Tracking reply from TA to DMA
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence number | HOST mode |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ Host IP address +
| |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Paging area ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- Sequence number is incremented by one in the reply.
- Paging area ID is a 64-bit ID used to identify layer-2
paging area.
-HOST mode
- HOST mode =0 for active mode
- HOST mode =1 for dormant mode
- HOST mode =2 for inactive mode
-
3.5. Paging request from DMA to PA
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence number | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ HOST IP address +
| |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Gurivireddy, Sarikaya, Krywaniuk Expires March 2002 12
�
Lahap September 2001
3.6. Paging reply from DMA to PA
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence number | Result |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ HOST IP address +
| |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-Result: 0 if HOST did not respond to paging
1 if HOST responded to paging
-HOST IP address: IP address of HOST, which was paged
3.7. On-link paging message
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ +
| Paged Host address |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Paged Host address: IP address of HOST being paged
Length : Length of Router advertisement option
Type : TBD
4. Security issues
Section 3.1 in [1] discusses denial of service amplification.
An attacker can exploit paging protocol by sending large
number of packets by using bogus correspondent nodes and
unnecessarily forcing HOST to enter active mode. Since the
filtering of incoming traffic is done at DMA in our protocol,
the problem of DoS generated by correspondent nodes in
Internet reduces to the problem of solving it for ordinary
Internet hosts. The problem of "bogus IP packets" can be
solved by any existing security architectures like ingress
filtering, IP spoofing and IPSec.
Gurivireddy, Sarikaya, Krywaniuk Expires March 2002 13
�
Lahap September 2001
[1] outlines a number of possible security vulnerabilities of
an IP paging protocol. The vast majority of these attacks are
prevented if all paging traffic is protected by an IPsec
security association (SA).
One category of attacks is DoS Amplification attack of
section 3.1 in [1], in which bogus paging requests are wide
casted across the network. This attack is prevented by taking
advantage of the source authentication which IPsec provides.
With IPsec, only authorized and authenticated nodes can
initiate paging. If an authenticated node misbehaves then it
can be removed from the list of authorized users. IPsec
source authentication also solves the Queue Overflow attack
of section 3.2 in [1].
The remaining problems are the Bogus Paging Area and Forced
Battery Consumption attacks described in section 3.3 of [1].
This protocol does not fully solve the Bogus Paging Area
problem because we believe that the problem is not solvable
without a large-scale PKI and extremely precise clock
synchronization. An attacker could simply take the paging
messages from one area and rebroadcast them in another area.
As for the Forced Battery Consumption attack, there are
several reasonable solutions to this problem:
1) On Demand Negotiation: SAs are negotiated on demand
(whenever the host is paged or when it crosses a paging area
boundary).
2) Perpetual Connectivity: Before a host enters dormant mode,
it ensures that it has an SA with the PA and/or the tracking
router.
3) Signed Paging Messages: SAs are negotiated on demand, but
only upon reception of a cryptographically signed paging
request (signed with the DMA's public key).
4) A hybrid of the above methods.
In order to leverage the existing framework for negotiating
IPsec SAs, we use a hybrid of solutions 1 and 2. Since it is
difficult to prevent an attacker from spoofing bogus paging
requests or paging router advertisement messages, we allow
the attack to proceed, but we limit its effectiveness. Under
normal condition, the operation of the protocol is closer to
method 1; under conditions of DoS, the operation is closer to
method 2.
In general, a host can be paged with an unauthenticated layer
2 or layer 3 paging message. Upon reception of a page, the
HOST sets up an SA with the PA. If the wakeup message turns
Gurivireddy, Sarikaya, Krywaniuk Expires March 2002 14
�
Lahap September 2001
out to have been spoofed then the HOST goes into DoS
protection mode.
In DoS protection mode, the HOST sets up an SA with the TA.
Subsequent layer 3 paging requests, i.e. paging RAs from that
access router will be ignored unless they are authenticated
by the SA. Layer 2 paging cannot be used unless there is an
available layer 2 security mechanism with equivalent strength
to IPsec (and the key management protocol (KMP) for layer 2
has access to the same authentication infrastructure that is
used to create IPsec SAs).
When a HOST goes into the active mode and establishes layer 3
communication, it doesn't immediately send a dormant mode
deregistration to the DMA. First, it attempts to establish an
SA with the paging agent in the new paging area. If that
fails, the HOST assumes that the paging agent was spoofed and
it enters DoS protection mode.
In DoS protection mode, the HOST does not immediately respond
to paging messages. Before committing to the new area, HOST
allows sufficient time for the PA in the existing paging area
to send a competing paging messages. If HOST continues to
receive conflicting paging messages, then it MUST
periodically wake up and ping the paging agent with which it
currently has an SA. If the existing access router is
unreachable, then HOST should attempt to establish an SA with
any of the other paging agents for which it has received an
advertisement. If that fails, then MN should give up and
simply enter inactive mode.
Some notes on the use of IPsec: When IPsec is being used to
protect triggered wakeup messages, the anti-replay feature of
ESP/AH MUST be enabled. Also, IPsec SAs can be created by a
variety of KMPs, and these have different properties. An IP
paging protocol does not have a need for advanced security
features such as perfect forward secrecy. With some key
management protocols, such as KINK, once the initial SA has
been setup, subsequent SA negotiations with other hosts in
the domain can be very fast.
5. References
[1] RFC 3154, "Requirements and Functional Architecture for
an IP Host Alerting Protocol", August 2001
[2] James Kempf. et.al., "Requirements for Layer 2 Protocols
to Support Optimized Handover for IP Mobility", July 2001
[3] RFC 3132, "Dormant Mode Host Alerting ("IP Paging")
problem Statement", June 2001
Gurivireddy, Sarikaya, Krywaniuk Expires March 2002 15
�
Lahap September 2001
6. Author's addresses
The working group can be contacted via the current chair:
Pat R. Calhoun
Black Storm Networks
250 Cambridge Avenue
Suite 200
Palo Alto, CA 94306
USA
Tel. 1-650-617-2932
Email: pcalhoun@btormnetworks.com
Questions about the memo can be directed to
Sridhar Gurivireddy,
Network Strategic Group, Mobile Networking team
Alcatel USA
1201 E.Campbell Rd. M/S CT02
Richardson, TX 75081-1536 USA
E-mail: sridhar.gurivireddy@alcatel.com
Phone: (972) 996.2048
Behcet Sarikaya,
Network Strategic Group, Mobile Networking team
Alcatel USA
1201 E.Campbell Rd. M/S CT02
Richardson, TX 75081-1536 USA
E-mail: behcet.sarikaya@alcatel.com
Phone: (972) 996.5075
Andrew Krywaniuk
Alcatel Networks Corporation
600 March Road
Kanata, ON
Canada, K2K 2E6
+1 (613) 784-4237
E-mail: andrew.krywaniuk@alcatel.com
Gurivireddy, Sarikaya, Krywaniuk Expires March 2002 16
�
