Status of this Memo

This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt.

The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html.

This Internet-Draft will expire on December 29, 2003.

Copyright Notice

Copyright (C) The Internet Society (2003). All Rights Reserved.

Abstract

This document specifies a protocol which allows nodes to remain reachable while moving around in the IPv6 Internet. Each mobile node is always identified by its home address, regardless of its current point of attachment to the Internet. While situated away from its home, a mobile node is also associated with a care-of address, which provides information about the mobile node's current location. IPv6 packets addressed to a mobile node's home address are transparently routed to its care-of address. The protocol enables IPv6 nodes to cache the binding of a mobile node's home address with its care-of address, and to then send any packets destined for the mobile node directly to it at this care-of address. To support this operation, Mobile IPv6 defines a new IPv6 protocol and a new destination option. All IPv6 nodes, whether mobile or stationary can communicate with mobile nodes.

Table of Contents

1. Introduction
2. Comparison with Mobile IP for IPv4
3. Terminology
     3.1 General Terms
     3.2 Mobile IPv6 Terms
4. Overview of Mobile IPv6
     4.1 Basic Operation
     4.2 New IPv6 Protocol
     4.3 New IPv6 Destination Option
     4.4 New IPv6 ICMP Messages
     4.5 Conceptual Data Structure Terminology
     4.6 Site-Local Addressability
5. Overview of Mobile IPv6 Security
     5.1 Binding Updates to Home Agents
     5.2 Binding Updates to Correspondent Nodes
            5.2.1 Node Keys
            5.2.2 Nonces
            5.2.3 Cookies and Tokens
            5.2.4 Cryptographic Functions
            5.2.5 Return Routability Procedure
            5.2.6 Authorizing Binding Management Messages
            5.2.7 Updating Node Keys and Nonces
            5.2.8 Preventing Replay Attacks
     5.3 Dynamic Home Agent Address Discovery
     5.4 Mobile Prefix Discovery
     5.5 Payload Packets
6. New IPv6 Protocol, Message Types, and Destination Option
     6.1 Mobility Header
            6.1.1 Format
            6.1.2 Binding Refresh Request Message
            6.1.3 Home Test Init Message
            6.1.4 Care-of Test Init Message
            6.1.5 Home Test Message
            6.1.6 Care-of Test Message
            6.1.7 Binding Update Message
            6.1.8 Binding Acknowledgement Message
            6.1.9 Binding Error Message
     6.2 Mobility Options
            6.2.1 Format
            6.2.2 Pad1
            6.2.3 PadN
            6.2.4 Binding Refresh Advice
            6.2.5 Alternate Care-of Address
            6.2.6 Nonce Indices
            6.2.7 Binding Authorization Data
     6.3 Home Address Option
     6.4 Type 2 Routing Header
            6.4.1 Format
     6.5 ICMP Home Agent Address Discovery Request Message
     6.6 ICMP Home Agent Address Discovery Reply Message
     6.7 ICMP Mobile Prefix Solicitation Message Format
     6.8 ICMP Mobile Prefix Advertisement Message Format
7. Modifications to IPv6 Neighbor Discovery
     7.1 Modified Router Advertisement Message Format
     7.2 Modified Prefix Information Option Format
     7.3 New Advertisement Interval Option Format
     7.4 New Home Agent Information Option Format
     7.5 Changes to Sending Router Advertisements
8. Requirements for Types of IPv6 Nodes
     8.1 All IPv6 Nodes
     8.2 IPv6 Nodes with Support for Route Optimization
     8.3 All IPv6 Routers
     8.4 IPv6 Home Agents
     8.5 IPv6 Mobile Nodes
9. Correspondent Node Operation
     9.1 Conceptual Data Structures
     9.2 Processing Mobility Headers
     9.3 Packet Processing
            9.3.1 Receiving Packets with Home Address Option
            9.3.2 Sending Packets to a Mobile Node
            9.3.3 Sending Binding Error Messages
            9.3.4 Receiving ICMP Error Messages
     9.4 Return Routability Procedure
            9.4.1 Receiving Home Test Init Messages
            9.4.2 Receiving Care-of Test Init Messages
            9.4.3 Sending Home Test Messages
            9.4.4 Sending Care-of Test Messages
     9.5 Processing Bindings
            9.5.1 Receiving Binding Updates
            9.5.2 Requests to Cache a Binding
            9.5.3 Requests to Delete a Binding
            9.5.4 Sending Binding Acknowledgements
            9.5.5 Sending Binding Refresh Requests
     9.6 Cache Replacement Policy
10. Home Agent Operation
     10.1 Conceptual Data Structures
     10.2 Processing Mobility Headers
     10.3 Processing Bindings
            10.3.1 Primary Care-of Address Registration
            10.3.2 Primary Care-of Address De-Registration
     10.4 Packet Processing
            10.4.1 Intercepting Packets for a Mobile Node
            10.4.2 Processing Intercepted Packets
            10.4.3 Multicast Membership Control
            10.4.4 Stateful Address Autoconfiguration
            10.4.5 Handling Reverse Tunneled Packets
            10.4.6 Protecting Return Routability Packets
     10.5 Dynamic Home Agent Address Discovery
            10.5.1 Receiving Router Advertisement Messages
     10.6 Sending Prefix Information to the Mobile Node
            10.6.1 List of Home Network Prefixes
            10.6.2 Scheduling Prefix Deliveries
            10.6.3 Sending Advertisements
            10.6.4 Lifetimes for Changed Prefixes
11. Mobile Node Operation
     11.1 Conceptual Data Structures
     11.2 Processing Mobility Headers
     11.3 Packet Processing
            11.3.1 Sending Packets While Away from Home
            11.3.2 Interaction with Outbound IPsec Processing
            11.3.3 Receiving Packets While Away from Home
            11.3.4 Routing Multicast Packets
            11.3.5 Receiving ICMP Error Messages
            11.3.6 Receiving Binding Error Messages
     11.4 Home Agent and Prefix Management
            11.4.1 Dynamic Home Agent Address Discovery
            11.4.2 Sending Mobile Prefix Solicitations
            11.4.3 Receiving Mobile Prefix Advertisements
     11.5 Movement
            11.5.1 Movement Detection
            11.5.2 Forming New Care-of Addresses
            11.5.3 Using Multiple Care-of Addresses
            11.5.4 Returning Home
     11.6 Return Routability Procedure
            11.6.1 Sending Test Init Messages
            11.6.2 Receiving Test Messages
            11.6.3 Protecting Return Routability Packets
     11.7 Processing Bindings
            11.7.1 Sending Binding Updates to the Home Agent
            11.7.2 Correspondent Registration
            11.7.3 Receiving Binding Acknowledgements
            11.7.4 Receiving Binding Refresh Requests
     11.8 Retransmissions and Rate Limiting
12. Protocol Constants
13. Protocol Configuration Variables
14. IANA Considerations
15. Security Considerations
     15.1 Threats
     15.2 Features
     15.3 Binding Updates to Home Agent
     15.4 Binding Updates to Correspondent Nodes
            15.4.1 Overview
            15.4.2 Achieved Security Properties
            15.4.3 Comparison to Regular IPv6 Communications
            15.4.4 Replay Attacks
            15.4.5 Denial-of-Service Attacks
            15.4.6 Key Lengths
     15.5 Dynamic Home Agent Address Discovery
     15.6 Mobile Prefix Discovery
     15.7 Tunneling via the Home Agent
     15.8 Home Address Option
     15.9 Type 2 Routing Header
16. Contributors
17. Acknowledgements
     § Normative References
     § Informative References
     § Authors' Addresses
A. Changes from Previous Version of the Draft
B. Future Extensions
     B.1 Piggybacking
     B.2 Triangular Routing
     B.3 New Authorization Methods
     B.4 Dynamically Generated Home Addresses
     B.5 Remote Home Address Configuration
     B.6 Neighbor Discovery Extensions
     § Intellectual Property and Copyright Statements

1. Introduction

This document specifies a protocol which allows nodes to remain reachable while moving around in the IPv6 Internet. Without specific support for mobility in IPv6[11], packets destined to a mobile node would not be able to reach it while the mobile node is away from its home link. In order to continue communication in spite of its movement, a mobile node could change its IP address each time it moves to a new link, but the mobile node would then not be able to maintain transport and higher-layer connections when it changes location. Mobility support in IPv6 is particularly important, as mobile computers are likely to account for a majority or at least a substantial fraction of the population of the Internet during the lifetime of IPv6.

The protocol defined in this document, known as Mobile IPv6, allows a mobile node to move from one link to another without changing the mobile node's "home address". Packets may be routed to the mobile node using this address regardless of the mobile node's current point of attachment to the Internet. The mobile node may also continue to communicate with other nodes (stationary or mobile) after moving to a new link. The movement of a mobile node away from its home link is thus transparent to transport and higher-layer protocols and applications.

The Mobile IPv6 protocol is just as suitable for mobility across homogeneous media as for mobility across heterogeneous media. For example, Mobile IPv6 facilitates node movement from one Ethernet segment to another as well as it facilitates node movement from an Ethernet segment to a wireless LAN cell, with the mobile node's IP address remaining unchanged in spite of such movement.

One can think of the Mobile IPv6 protocol as solving the network-layer mobility management problem. Some mobility management applications -- for example, handover among wireless transceivers, each of which covers only a very small geographic area -- have been solved using link-layer techniques. For example, in many current wireless LAN products, link-layer mobility mechanisms allow a "handover" of a mobile node from one cell to another, re-establishing link-layer connectivity to the node in each new location.

Mobile IPv6 does not attempt to solve all general problems related to the use of mobile computers or wireless networks. In particular, this protocol does not attempt to solve:

• Handling links with unidirectional connectivity or partial reachability, such as the hidden terminal problem where a host is hidden from only some of the routers on the link.
• Access control on a link being visited by a mobile node.
• Local or hierarchical forms of mobility management (similar to many current link-layer mobility management solutions).
• Assistance for adaptive applications
• Mobile routers
• Service Discovery
• Distinguishing between packets lost due to bit errors vs. network congestion

2. Comparison with Mobile IP for IPv4

The design of Mobile IP support in IPv6 (Mobile IPv6) benefits both from the experiences gained from the development of Mobile IP support in IPv4 (Mobile IPv4)[22][23][24], and from the opportunities provided by IPv6. Mobile IPv6 thus shares many features with Mobile IPv4, but is integrated into IPv6 and offers many other improvements. This section summarizes the major differences between Mobile IPv4 and Mobile IPv6:

• There is no need to deploy special routers as "foreign agents", as in Mobile IPv4. Mobile IPv6 operates in any location without any special support required from the local router.
• Support for route optimization is a fundamental part of the protocol, rather than a nonstandard set of extensions.
• Mobile IPv6 route optimization can operate securely even without pre-arranged security associations. It is expected that route optimization can be deployed on a global scale between all mobile nodes and correspondent nodes.
• Support is also integrated into Mobile IPv6 for allowing route optimization to coexist efficiently with routers that perform "ingress filtering" [26].
• The IPv6 Neighbor Unreachability Detection assures symmetric reachability between the mobile node and its default router in the current location.
• Most packets sent to a mobile node while away from home in Mobile IPv6 are sent using an IPv6 routing header rather than IP encapsulation, reducing the amount of resulting overhead compared to Mobile IPv4.
• Mobile IPv6 is decoupled from any particular link layer, as it uses IPv6 Neighbor Discovery[12] instead of ARP. This also improves the robustness of the protocol.
• The use of IPv6 encapsulation (and the routing header) removes the need in Mobile IPv6 to manage "tunnel soft state".
• The dynamic home agent address discovery mechanism in Mobile IPv6 returns a single reply to the mobile node. The directed broadcast approach used in IPv4 returns separate replies from each home agent.

3. Terminology

The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119[2].

3.1 General Terms

IP

Internet Protocol Version 6 (IPv6).

node

A device that implements IP.

router

A node that forwards IP packets not explicitly addressed to itself.

unicast routable address

An identifier for a single interface such that a packet sent to it from another IPv6 subnet is delivered to the interface identified by that address. Accordingly, a unicast routable address must have either a global or site-local scope (but not link-local).

host

Any node that is not a router.

link

A communication facility or medium over which nodes can communicate at the link layer, such as an Ethernet (simple or bridged). A link is the layer immediately below IP.

interface

A node's attachment to a link.

subnet prefix

A bit string that consists of some number of initial bits of an IP address.

interface identifier

A number used to identify a node's interface on a link. The interface identifier is the remaining low-order bits in the node's IP address after the subnet prefix.

link-layer address

A link-layer identifier for an interface, such as IEEE 802 addresses on Ethernet links.

packet

An IP header plus payload.

security association

An IPsec security association is a cooperative relationship formed by the sharing of cryptographic keying material and associated context. Security associations are simplex. That is, two security associations are needed to protect bidirectional traffic between two nodes, one for each direction.

security policy database

A database that specifies what security services are to be offered to IP packets and in what fashion.

destination option

Destination options are carried by the IPv6 Destination Options extension header. Destination options include optional information that need be examined only by the IPv6 node given as the destination address in the IPv6 header, not by routers in between. Mobile IPv6 defines one new destination option, the Home Address destination option (see Home Address Option).

routing header

A routing header may be present as an IPv6 header extension, and indicates that the payload has to be delivered to a destination IPv6 address in some way that is different from what would be carried out by standard Internet routing. In this document, use of the term "routing header" typically refers to use of a type 2 routing header, as specified in Type 2 Routing Header.

'|' (concatenation)

Some formulas in this specification use the symbol '|' indicate bytewise concatenation, as in A | B. This concatenation requires that all of the octets of the datum A appear first in the result, followed by all of the octets of the datum B.

First (size, input)

Some formulas in this specification use a functional form "First (size, input)" to indicate truncation of the "input" data so that only the first "size" bits remain to be used.

3.2 Mobile IPv6 Terms

home address

A unicast routable address assigned to a mobile node, used as the permanent address of the mobile node. This address is within the mobile node's home link. Standard IP routing mechanisms will deliver packets destined for a mobile node's home address to its home link. Mobile nodes can have multiple home addresses, for instance when there are multiple home prefixes on the home link.

home subnet prefix

The IP subnet prefix corresponding to a mobile node's home address.

home link

The link on which a mobile node's home subnet prefix is defined.

mobile node

A node that can change its point of attachment from one link to another, while still being reachable via its home address.

movement

A change in a mobile node's point of attachment to the Internet such that it is no longer connected to the same link as it was previously. If a mobile node is not currently attached to its home link, the mobile node is said to be "away from home".

L2 handover

A process by which the mobile node changes from one link-layer connection to another. For example, a change of wireless access point is an L2 handover.

L3 handover

Subsequent to an L2 handover, a mobile node detects a change in an on-link subnet prefix that would require a change in the primary care-of address. For example, a change of access router subsequent to a change of wireless access point typically results in an L3 handover.

correspondent node

A peer node with which a mobile node is communicating. The correspondent node may be either mobile or stationary.

foreign subnet prefix

Any IP subnet prefix other than the mobile node's home subnet prefix.

foreign link

Any link other than the mobile node's home link.

care-of address

A unicast routable address associated with a mobile node while visiting a foreign link; the subnet prefix of this IP address is a foreign subnet prefix. Among the multiple care-of addresses that a mobile node may have at any given time (e.g., with different subnet prefixes), the one registered with the mobile node's home agent for a given home address is called its "primary" care-of address.

home agent

A router on a mobile node's home link with which the mobile node has registered its current care-of address. While the mobile node is away from home, the home agent intercepts packets on the home link destined to the mobile node's home address, encapsulates them, and tunnels them to the mobile node's registered care-of address.

binding

The association of the home address of a mobile node with a care-of address for that mobile node, along with the remaining lifetime of that association.

registration

The process during which a mobile node sends a Binding Update to its home agent or a correspondent node, causing a binding for the mobile node to be registered.

mobility message

A message containing a Mobility Header (see Mobility Header).

binding authorization

Correspondent registration needs to be authorized to allow the recipient to believe that the sender has the right to specify a new binding.

return routability procedure

The return routability procedure authorizes registrations by the use of a cryptographic token exchange.

correspondent registration

A return routability procedure followed by a registration, run between the mobile node and a correspondent node.

home registration

A registration between the mobile node and its home agent, authorized by the use of IPsec.

nonce

Nonces are random numbers used internally by the correspondent node in the creation of keygen tokens related to the return routability procedure. The nonces are not specific to a mobile node, and are kept secret within the correspondent node.

nonce index

A nonce index is used to indicate which nonces have been used when creating keygen token values, without revealing the nonces themselves.

cookie

A cookie is a random number used by a mobile nodes to prevent spoofing by a bogus correspondent node in the return routability procedure.

care-of init cookie

A cookie sent to the correspondent node in the Care-of Test Init message, to be returned in the Care-of Test message.

home init cookie

A cookie sent to the correspondent node in the Home Test Init message, to be returned in the Home Test message.

keygen token

A keygen token is a number supplied by a correspondent node in the return routability procedure to enable the mobile node to compute the necessary binding management key for authorizing a Binding Update.

care-of keygen token

A keygen token sent by the correspondent node in the Care-of Test message.

home keygen token

A keygen token sent by the correspondent node in the Home Test message.

binding management key (Kbm)

A binding management key (Kbm) is a key used for authorizing a binding cache management message (e.g., Binding Update or Binding Acknowledgement). Return routability provides a way to create a binding management key.

4. Overview of Mobile IPv6

4.1 Basic Operation

A mobile node is always expected to be addressable at its home address, whether it is currently attached to its home link or is away from home. The "home address" is an IP address assigned to the mobile node within its home subnet prefix on its home link. While a mobile node is at home, packets addressed to its home address are routed to the mobile node's home link, using conventional Internet routing mechanisms.

While a mobile node is attached to some foreign link away from home, it is also addressable at one or more care-of addresses. A care-of address is an IP address associated with a mobile node that has the subnet prefix of a particular foreign link. The mobile node can acquire its care-of address through conventional IPv6 mechanisms, such as stateless or stateful auto-configuration. As long as the mobile node stays in this location, packets addressed to this care-of address will be routed to the mobile node. The mobile node may also accept packets from several care-of addresses, such as when it is moving but still reachable at the previous link.

The association between a mobile node's home address and care-of address is known as a "binding" for the mobile node. While away from home, a mobile node registers its primary care-of address with a router on its home link, requesting this router to function as the "home agent" for the mobile node. The mobile node performs this binding registration by sending a "Binding Update" message to the home agent. The home agent replies to the mobile node by returning a "Binding Acknowledgement" message. The operation of the mobile node is specified in Mobile Node Operation, and the operation of the home agent is specified in Home Agent Operation.

Any node communicating with a mobile node is referred to in this document as a "correspondent node" of the mobile node, and may itself be either a stationary node or a mobile node. Mobile nodes can provide information about their current location to correspondent nodes. This happens through the correspondent registration. As a part of this procedure, a return routability test is performed in order to authorize the establishment of the binding. The operation of the correspondent node is specified in Correspondent Node Operation.

There are two possible modes for communications between the mobile node and a correspondent node. The first mode, bidirectional tunneling, does not require Mobile IPv6 support from the correspondent node and is available even if the mobile node has not registered its current binding with the correspondent node. Packets from the correspondent node are routed to the home agent and then tunneled to the mobile node. Packets to the correspondent node are tunneled from the mobile node to the home agent ("reverse tunneled") and then routed normally from the home network to the correspondent node. In this mode, the home agent uses proxy Neighbor Discovery to intercept any IPv6 packets addressed to the mobile node's home address (or home addresses) on the home link. Each intercepted packet is tunneled to the mobile node's primary care-of address. This tunneling is performed using IPv6 encapsulation[15].

The second mode, "route optimization", requires the mobile node to register its current binding at the correspondent node. Packets from the correspondent node can be routed directly to the care-of address of the mobile node. When sending a packet to any IPv6 destination, the correspondent node checks its cached bindings for an entry for the packet's destination address. If a cached binding for this destination address is found, the node uses a new type of IPv6 routing header[11] (see Type 2 Routing Header) to route the packet to the mobile node by way of the care-of address indicated in this binding.

Routing packets directly to the mobile node's care-of address allows the shortest communications path to be used. It also eliminates congestion at the mobile node's home agent and home link. In addition, the impact of any possible failure of the home agent or networks on the path to or from it is reduced.

When routing packets directly to the mobile node, the correspondent node sets the Destination Address in the IPv6 header to the care-of address of the mobile node. A new type of IPv6 routing header (see Type 2 Routing Header) is also added to the packet to carry the desired home address. Similarly, the mobile node sets the Source Address in the packet's IPv6 header to its current care-of addresses. The mobile node adds a new IPv6 "Home Address" destination option (see Home Address Option) to carry its home address. The inclusion of home addresses in these packets makes the use of the care-of address transparent above the network layer (e.g., at the transport layer).

Mobile IPv6 also provides support for multiple home agents, and a limited support for the reconfiguration of the home network. In these cases, the mobile node may not know the IP address of its own home agent, and even the home subnet prefixes may change over time. A mechanism, known as "dynamic home agent address discovery" allows a mobile node to dynamically discover the IP address of a home agent on its home link, even when the mobile node is away from home. Mobile nodes can also learn new information about home subnet prefixes through the "mobile prefix discovery" mechanism. These mechanisms are described starting from ICMP Home Agent Address Discovery Request Message.

4.2 New IPv6 Protocol

Mobile IPv6 defines a new IPv6 protocol, using the Mobility Header (see Mobility Header). This Header is used to carry the following messages:

Home Test Init

Home Test

Care-of Test Init

Care-of Test

These four messages are used to perform the return routability procedure from the mobile node to a correspondent node. This ensures authorization of subsequent Binding Updates, as described in Return Routability Procedure.

Binding Update

A Binding Update is used by a mobile node to notify a correspondent node or the mobile node's home agent of its current binding. The Binding Update sent to the mobile node's home agent to register its primary care-of address is marked as a "home registration".

Binding Acknowledgement

A Binding Acknowledgement is used to acknowledge receipt of a Binding Update, if an acknowledgement was requested in the Binding Update, the binding update was sent to a home agent, or an error occurred.

Binding Refresh Request

A Binding Refresh Request is used by a correspondent node to request a mobile node to re-establish its binding with the correspondent node. This message is typically used when the cached binding is in active use but the binding's lifetime is close to expiration. The correspondent node may use, for instance, recent traffic and open transport layer connections as an indication of active use.

Binding Error

The Binding Error is used by the correspondent node to signal an error related to mobility, such as an inappropriate attempt to use the Home Address destination option without an existing binding.

4.3 New IPv6 Destination Option

Mobile IPv6 defines a new IPv6 destination option, the Home Address destination option. This option is described in detail in Home Address Option.

4.4 New IPv6 ICMP Messages

Mobile IPv6 also introduces four new ICMP message types, two for use in the dynamic home agent address discovery mechanism, and two for renumbering and mobile configuration mechanisms. As described in Dynamic Home Agent Address Discovery and Dynamic Home Agent Address Discovery, the following two new ICMP message types are used for home agent address discovery:

• Home Agent Address Discovery Request, described in ICMP Home Agent Address Discovery Request Message.
• Home Agent Address Discovery Reply, described in ICMP Home Agent Address Discovery Reply Message.

The next two message types are used for network renumbering and address configuration on the mobile node, as described in Sending Prefix Information to the Mobile Node:

• Mobile Prefix Solicitation, described in ICMP Mobile Prefix Solicitation Message Format.
• Mobile Prefix Advertisement, described in ICMP Mobile Prefix Advertisement Message Format.

4.5 Conceptual Data Structure Terminology

This document describes the Mobile IPv6 protocol in terms of the following conceptual data structures:

Binding Cache

A cache of bindings for other nodes. This cache is maintained by home agents and correspondent nodes. The cache contains both "correspondent registration" entries (see Conceptual Data Structures) and "home registration" entries (see Conceptual Data Structures).

Binding Update List

This list is maintained by each mobile node. The list has an item for every binding that the mobile node has or is trying to establish with a specific other node. Both correspondent and home registrations are included in this list. Entries from the list are deleted as the lifetime of the binding expires. See Conceptual Data Structures.

Home Agents List

Home agents need to know which other home agents are on the same link. This information is stored in the Home Agents List, as described in more detail in Conceptual Data Structures. The list is used for informing mobile nodes during dynamic home agent address discovery.

4.6 Site-Local Addressability

This specification requires that home and care-of addresses MUST be unicast routable addresses. Site-local addresses may be usable on networks that are not connected to the Internet, but this specification does not define when such usage is safe and when not. Mobile nodes may not be aware of which site they are currently in, it is hard to prevent accidental attachment to other sites, and ambiguity of site-local addresses can cause problems if the home and visited networks use the same addresses. Therefore, site-local addresses SHOULD NOT be used as home or care-of addresses.

5. Overview of Mobile IPv6 Security

This specification provides a number of security features. These include the protection of Binding Updates both to home agents and correspondent nodes, the protection of mobile prefix discovery, and the protection of the mechanisms that Mobile IPv6 uses for transporting data packets.

Binding Updates are protected by the use of IPsec extension headers, or by the use of the Binding Authorization Data option. This option employs a binding management key, Kbm, which can be established through the return routability procedure. Mobile prefix discovery is protected through the use of IPsec extension headers. Mechanisms related to transporting payload packets - such as the Home Address destination option and type 2 routing header - have been specified in a manner which restricts their use in attacks.

5.1 Binding Updates to Home Agents

The mobile node and the home agent MUST use an IPsec security association to protect the integrity and authenticity of the Binding Updates and Acknowledgements. Both the mobile nodes and the home agents MUST support and SHOULD use the Encapsulating Security Payload (ESP)[6] header in transport mode and MUST use a non-NULL payload authentication algorithm to provide data origin authentication, connectionless integrity and optional anti-replay protection. Note that Authentication Header (AH)[5] is also possible but for brevity not discussed in this specification.

In order to protect messages exchanged between the mobile node and the home agent with IPsec, appropriate security policy database entries must be created. A mobile node must be prevented from using its security association to send a Binding Update on behalf of another mobile node using the same home agent. This MUST be achieved by having the home agent check that the given home address has been used with the right security association. Such a check is provided in the IPsec processing, by having the security policy database entries unequivocally identify a single security association for protecting Binding Updates between any given home address and home agent. In order to make this possible, it is necessary that the home address of the mobile node is visible in the Binding Updates and Acknowledgements. The home address is used in these packets as a source or destination, or in the Home Address Destination option or the type 2 routing header.

As with all IPsec security associations in this specification, manual configuration of security associations MUST be supported. The used shared secrets MUST be random and unique for different mobile nodes, and MUST be distributed off-line to the mobile nodes.

Automatic key management with IKE[9] MAY be supported. When IKE is used, either the security policy database entries or the MIPv6 processing MUST unequivocally identify the IKE phase 1 credentials which can be used to authorize the creation of security associations for protecting Binding Updates for a particular home address. How these mappings are maintained is outside the scope of this specification, but they may be maintained, for instance, as a locally administered table in the home agent. If the phase 1 identity is a Fully Qualified Domain Name (FQDN), secure forms of DNS may also be used.

Interaction with Outbound IPsec Processing discusses how IKE connections to the home agent need a careful treatment of the addresses used for transporting IKE. This is necessary to ensure that a Binding Update is not needed before the IKE exchange which is needed for securing the Binding Update.

When IKE version 1 is used with preshared secret authentication between the mobile node and the home agent, aggressive mode MUST be used. Similarly, the ID_IPV6_ADDR Identity Payload MUST NOT be used in IKEv1 phase 1.

Reference[21] contains a more detailed description and examples on using IPsec to protect the communications between the mobile node and the home agent.

5.2 Binding Updates to Correspondent Nodes

The protection of Binding Updates sent to correspondent nodes does not require the configuration of security associations or the existence of an authentication infrastructure between the mobile nodes and correspondent nodes. Instead, a method called the return routability procedure is used to assure that the right mobile node is sending the message. This method does not protect against attackers who are on the path between the home network and the correspondent node. However, attackers in such a location are capable of performing the same attacks even without Mobile IPv6. The main advantage of the return routability procedure is that it limits the potential attackers to those having an access to one specific path in the Internet, and avoids forged Binding Updates from anywhere else in the Internet. For a more in depth explanation of the security properties of the return routability procedure, see Security Considerations.

The integrity and authenticity of the Binding Updates messages to correspondent nodes is protected by using a keyed-hash algorithm. The binding management key, Kbm, is used to key the hash algorithm for this purpose. Kbm is established using data exchanged during the return routability procedure. The data exchange is accomplished by use of node keys, nonces, cookies, tokens, and certain cryptographic functions. Return Routability Procedure outlines the basic return routability procedure. Authorizing Binding Management Messages shows how the results of this procedure are used to authorize a Binding Update to a correspondent node.

5.2.1 Node Keys

Each correspondent node has a secret key, Kcn, called the "node key", which it uses to produce the keygen tokens sent to the mobile nodes. The node key MUST be a random number, 20 octets in length. The node key allows the correspondent node to verify that the keygen tokens used by the mobile node in authorizing a Binding Update are indeed its own. This key MUST NOT be shared with any other entity.

A correspondent node MAY generate a fresh node key at any time; this avoids the need for secure persistent key storage. Procedures for optionally updating the node key are discussed later in Updating Node Keys and Nonces.

5.2.2 Nonces

Each correspondent node also generates nonces at regular intervals. The nonces should be generated by using a random number generator that is known to have good randomness properties[1]. A correspondent node may use the same Kcn and nonce with all the mobiles it is in communication with.

Each nonce is identified by a nonce index. When a new nonce is generated, it must be associated with a new nonce index; this may be done, for example, by incrementing the value of the previous nonce index, if the nonce index is used as an array pointer into a linear array of nonces. However, there is no requirement that nonces be stored that way, or that the values of subsequent nonce indices have any particular relationship to each other. The index value is communicated in the protocol, so that if a nonce is replaced by new nonce during the run of a protocol, the correspondent node can distinguish messages that should be checked against the old nonce from messages that should be checked against the new nonce. Strictly speaking, indices are not necessary in the authentication, but allow the correspondent node to efficiently find the nonce value that it used in creating a keygen token.

Correspondent nodes keep both the current nonce and a small set of valid previous nonces whose lifetime has not yet expired. Expired values MUST be discarded, and messages using stale or unknown indices will be rejected.

The specific nonce index values cannot be used by mobile nodes to determine the validity of the nonce. Expected validity times for the nonces values and the procedures for updating them are discussed later in Updating Node Keys and Nonces.

A nonce is an octet string of any length. The recommended length is 64 bits.

5.2.3 Cookies and Tokens

The return routability address test procedure uses cookies and keygen tokens as opaque values within the test init and test messages, respectively.

• The "home init cookie" and "care-of init cookie" are 64 bit values sent to the correspondent node from the mobile node, and later returned to the mobile node. The home init cookie is sent in the Home Test Init message, and returned in the Home Test message. The care-of init cookie is sent in the Care-of Test Init message, and returned in the Care-of Test message.
• The "home keygen token" and "care-of keygen token" are 64-bit values sent by the correspondent node to the mobile node via the home agent (via the Home Test message) and the care-of address (by the Care-of Test message), respectively.

The mobile node should set the home init or care-of init cookie to a newly generated random number in every Home or Care-of Test Init message it sends. The cookies are used to verify that the Home Test or Care-of Test message matches the Home Test Init or Care-of Test Init message, respectively. These cookies also serve to ensure that parties who have not seen the request cannot spoof responses.

Home and care-of keygen tokens are produced by the correspondent node based on its currently active secret key (Kcn) and nonces, as well as the home or care-of address (respectively). A keygen token is valid as long as both the secret key (Kcn) and the nonce used to create it are valid.

5.2.4 Cryptographic Functions

In this specification, the function used to compute hash values is SHA1[20]. Message Authentication Codes (MACs) are computed using HMAC_SHA1[25][20]. HMAC_SHA1(K,m) denotes such a MAC computed on message m with key K.

5.2.5 Return Routability Procedure

The Return Routability Procedure enables the correspondent node to obtain some reasonable assurance that the mobile node is in fact addressable at its claimed care-of address as well as at its home address. Only with this assurance is the correspondent node able to accept Binding Updates from the mobile node which would then instruct the correspondent node to direct that mobile node's data traffic to its claimed care-of address.

This is done by testing whether packets addressed to the two claimed addresses are routed to the mobile node. The mobile node can pass the test only if it is able to supply proof that it received certain data (the "keygen tokens") which the correspondent node sends to those addresses. These data are combined by the mobile node into a binding management key, denoted Kbm.

The below figure shows the message flow for the return routability procedure.

The Home and Care-of Test Init messages are sent at the same time. The procedure requires very little processing at the correspondent node, and the Home and Care-of Test messages can be returned quickly, perhaps nearly simultaneously. These four messages form the return routability procedure.

A Binding Update may also be used to delete a previously established binding (Binding Update Message). In this case, the care-of keygen token is not used. Instead, the binding management key is generated as follows:

Note that the correspondent node does not create any state specific to the mobile node, until it receives the Binding Update from that mobile node. The correspondent node does not maintain the value for the binding management key Kbm; it creates Kbm when given the nonce indices and the mobile node's addresses.

5.2.6 Authorizing Binding Management Messages

After the mobile node has created the binding management key (Kbm), it can supply a verifiable Binding Update to the correspondent node. This section provides an overview of this registration. The below figure shows the message flow.

Binding Update

To authorize a Binding Update, the mobile node creates a binding management key Kbm from the keygen tokens as described in the previous section. The contents of the Binding Update include the following:

• Source Address = care-of address
• Destination Address = correspondent
• Parameters:
  • home address (within the Home Address destination option if different from the Source Address)
  • sequence number (within the Binding Update message header)
  • home nonce index (within the Nonce Indices option)
  • care-of nonce index (within the Nonce Indices option)
  • First (96, HMAC_SHA1 (Kbm, (care-of address | correspondent | BU)))

The Binding Update contains a Nonce Indices option, indicating to the correspondent node which home and care-of nonces to use to recompute Kbm, the binding management key. The MAC is computed as described in Binding Authorization Data, using the correspondent node's address as the destination address and the Binding Update message itself ("BU" above) as the MH Data.

Once the correspondent node has verified the MAC, it can create a Binding Cache entry for the mobile.

Binding Acknowledgement

The Binding Update is in some cases acknowledged by the correspondent node. The contents of the message are as follows:

• Source Address = correspondent
• Destination Address = care-of address
• Parameters:
  • sequence number (within the Binding Update message header)
  • First (96, HMAC_SHA1 (Kbm, (care-of address | correspondent | BA)))

The Binding Acknowledgement contains the same sequence number as the Binding Update. The MAC is computed as described in Binding Authorization Data, using the correspondent node's address as the destination address and the message itself ("BA" above) as the MH Data.

Bindings established with correspondent nodes using keys created by way of the return routability procedure MUST NOT exceed MAX_RR_BINDING_LIFETIME seconds (see Protocol Constants).

The value in the Source Address field in the IPv6 header carrying the Binding Update is normally also the care-of address which is used in the binding. However, a different care-of address MAY be specified by including an Alternate Care-of Address mobility option in the Binding Update (see Alternate Care-of Address). When such a message is sent to the correspondent node and the return routability procedure is used as the authorization method, the Care-of Test Init and Care-of Test messages MUST have been performed for the address in the Alternate Care-of Address option (not the Source Address). The nonce indices and MAC value MUST be based on information gained in this test.

Binding Updates may also be sent to delete a previously established binding. In this case, generation of the binding management key depends exclusively on the home keygen token and the care-of nonce index is ignored.

5.2.7 Updating Node Keys and Nonces

Correspondent nodes generate nonces at regular intervals. It is recommended to keep each nonce (identified by a nonce index) acceptable for at least MAX_TOKEN_LIFETIME seconds (see Protocol Constants) after it has been first used in constructing a return routability message response. However, the correspondent node MUST NOT accept nonces beyond MAX_NONCE_LIFETIME seconds (see Protocol Constants) after the first use. As the difference between these two constants is 30 seconds, a convenient way to enforce the above lifetimes is to generate a new nonce every 30 seconds. The node can then continue to accept tokens that have been based on the last 8 (MAX_NONCE_LIFETIME / 30) nonces. This results in tokens being acceptable MAX_TOKEN_LIFETIME to MAX_NONCE_LIFETIME seconds after they have been sent to the mobile node, depending on whether the token was sent at the beginning or end of the first 30 second period. Note that the correspondent node may also attempt to generate new nonces on demand, or only if the old nonces have been used. This is possible, as long as the correspondent node keeps track of how long a time ago the nonces were used for the first time, and does not generate new nonces on every return routability request.

Due to resource limitations, rapid deletion of bindings, or reboots the correspondent node may not in all cases recognize the nonces that the tokens were based on. If a nonce index is unrecognized, the correspondent node replies with an an error code in the Binding Acknowledgement (either 136, 137, or 138 as discussed in Binding Acknowledgement Message). The mobile node can then retry the return routability procedure.

An update of Kcn SHOULD be done at the same time as an update of a nonce, so that nonce indices can identify both the nonce and the key. Old Kcn values have to be therefore remembered as long as old nonce values.

Given that the tokens are normally expected to be usable for MAX_TOKEN_LIFETIME seconds, the mobile node MAY use them beyond a single run of the return routability procedure until MAX_TOKEN_LIFETIME expires. After this the mobile node SHOULD NOT use the tokens. A fast moving mobile node MAY reuse a recent home keygen token from a correspondent node when moving to a new location, and just acquire a new care-of keygen token to show routability in the new location.

While this does not save the number of round-trips due to the simultaneous processing of home and care-of return routability tests, there are fewer messages being exchanged, and a potentially long round-trip through the home agent is avoided. Consequently, this optimization is often useful. A mobile node that has multiple home addresses, MAY also use the same care-of keygen token for Binding Updates concerning all of these addresses.

5.2.8 Preventing Replay Attacks

The return routability procedure also protects the participants against replayed Binding Updates through the use of the sequence number and a MAC. Care must be taken when removing bindings at the correspondent node, however. Correspondent nodes must retain bindings and the associated sequence number information at least as long as the nonces used in the authorization of the binding are still valid. Alternatively, if memory is very constrained, the correspondent node MAY invalidate the nonces that were used for the binding being deleted (or some larger group of nonces that they belong to). This may, however, impact the ability to accept Binding Updates from mobile nodes that have recently received keygen tokens. This alternative is therefore recommended only as a last measure.

5.3 Dynamic Home Agent Address Discovery

No security is required for dynamic home agent address discovery.

5.4 Mobile Prefix Discovery

The mobile node and the home agent SHOULD use an IPsec security association to protect the integrity and authenticity of the Mobile Prefix Solicitations and Advertisements. Both the mobile nodes and the home agents MUST support and SHOULD use the Encapsulating Security Payload (ESP) header in transport mode with a non-NULL payload authentication algorithm to provide data origin authentication, connectionless integrity and optional anti-replay protection.

5.5 Payload Packets

Payload packets exchanged with mobile nodes can be protected in the usual manner, in the same way as stationary hosts can protect them. However, Mobile IPv6 introduces the Home Address destination option, a routing header, and tunneling headers in the payload packets. In the following we define the security measures taken to protect these, and to prevent their use in attacks against other parties.

This specification limits the use of the Home Address destination option to the situation where the correspondent node already has a Binding Cache entry for the given home address. This avoids the use of the Home Address option in attacks described in Threats.

Mobile IPv6 uses a Mobile IPv6 specific type of a routing header. This type provides the necessary functionality but does not open vulnerabilities discussed in Threats.

Tunnels between the mobile node and the home agent are protected by ensuring proper use of source addresses, and optional cryptographic protection. The mobile node verifies that the outer IP address corresponds to its home agent. The home agent verifies that the outer IP address corresponds to the current location of the mobile node (Binding Updates sent to the home agents are secure). The home agent identifies the mobile node through the source address of the inner packet. (Typically, this is the home address of the mobile node, but it can also be a link-local address, as discussed in Processing Intercepted Packets. To recognize the latter type of addresses, the home agent requires that the Link-Local Address Compatibility (L) was set in the Binding Update.) These measures protect the tunnels against vulnerabilities discussed in Threats.

For traffic tunneled via the home agent, additional IPsec ESP encapsulation MAY be supported and used. If multicast group membership control protocols or stateful address autoconfiguration protocols are supported, payload data protection MUST be supported.

6. New IPv6 Protocol, Message Types, and Destination Option

6.1 Mobility Header

The Mobility Header is an extension header used by mobile nodes, correspondent nodes, and home agents in all messaging related to the creation and management of bindings. The subsections within this section describe the message types that may be sent using the Mobility Header.

Mobility Header messages MUST NOT be sent with a type 2 routing header, except as described in Sending Binding Acknowledgements for Binding Acknowledgement. Mobility Header messages also MUST NOT be used with a Home Address destination option, except as described in Sending Binding Updates to the Home Agent and Correspondent Registration for Binding Update. Binding Update List or Binding Cache information (when present) for the destination MUST NOT be used in sending Mobility Header messages. That is, Mobility Header messages bypass both the Binding Cache check described in Sending Packets to a Mobile Node and the Binding Update List check described in Sending Packets While Away from Home which are normally performed for all packets. This applies even to messages sent to or from a correspondent node which is itself a mobile node.

6.1.1 Format

The Mobility Header is identified by a Next Header value of TBD <To be assigned by IANA> in the immediately preceding header, and has the following format:

Payload Proto

8-bit selector. Identifies the type of header immediately following the Mobility Header. Uses the same values as the IPv6 Next Header field[11].

This field is intended to be used by a future extension (see Piggybacking).

Implementations conforming to this specification SHOULD set the payload protocol type to IPPROTO_NONE (59 decimal).

Header Len

8-bit unsigned integer, representing the length of the Mobility Header in units of 8 octets, excluding the first 8 octets.

The length of the Mobility Header MUST be a multiple of 8 octets.

MH Type

8-bit selector. Identifies the particular mobility message in question. Current values are specified in Binding Refresh Request Message and onward. An unrecognized MH Type field causes an error indication to be sent.

Reserved

8-bit field reserved for future use. The value MUST be initialized to zero by the sender, and MUST be ignored by the receiver.

Checksum

16-bit unsigned integer. This field contains the checksum of the Mobility Header. The checksum is calculated from the octet string consisting of a "pseudo-header" followed by the entire Mobility Header starting with the Payload Proto field. The checksum is the 16-bit one's complement of the one's complement sum of this string.

The pseudo-header contains IPv6 header fields, as specified in Section 8.1 of RFC 2460[11]. The Next Header value used in the pseudo-header is TBD <To be assigned by IANA>. The addresses used in the pseudo-header are the addresses that appear in the Source and Destination Address fields in the IPv6 packet carrying the Mobility Header.

Note that the procedures of calculating upper layer checksums while away from home described in Sending Packets While Away from Home apply even for the Mobility Header. If a mobility message has a Home Address destination option, then the checksum calculation uses the home address in this option as the value of the IPv6 Source Address field. The type 2 routing header is treated as explained in [11].

The Mobility Header is considered as the upper layer protocol for the purposes of calculating the pseudo-header. The Upper-Layer Packet Length field in the pseudo-header MUST be set to the total length of the Mobility Header.

For computing the checksum, the checksum field is set to zero.

Message Data

A variable length field containing the data specific to the indicated Mobility Header type.

Mobile IPv6 also defines a number of "mobility options" for use within these messages; if included, any options MUST appear after the fixed portion of the message data specified in this document. The presence of such options will be indicated by the Header Len field within the message. When the Header Len value is greater than the length required for the message specified here, the remaining octets are interpreted as mobility options. These options include padding options that can be used to ensure that other options are aligned properly, and that the total length of the message is divisible by 8. The encoding and format of defined options are described in Mobility Options.

Alignment requirements for the Mobility Header are the same as for any IPv6 protocol Header. That is, they MUST be aligned on an 8-octet boundary.

6.1.2 Binding Refresh Request Message

The Binding Refresh Request (BRR) message requests a mobile node to update its mobility binding. This message is sent by correspondent nodes according to the rules in Sending Binding Refresh Requests. When a mobile node receives a packet containing a Binding Refresh Request message it processes the message according to the rules in Receiving Binding Refresh Requests.

The Binding Refresh Request message uses the MH Type value 0. When this value is indicated in the MH Type field, the format of the Message Data field in the Mobility Header is as follows:

Reserved

16-bit field reserved for future use. The value MUST be initialized to zero by the sender, and MUST be ignored by the receiver.

Mobility Options

Variable-length field of such length that the complete Mobility Header is an integer multiple of 8 octets long. This field contains zero or more TLV-encoded mobility options. The encoding and format of defined options are described in Mobility Options. The receiver MUST ignore and skip any options which it does not understand.

There MAY be additional information, associated with this Binding Refresh Request message that need not be present in all Binding Refresh Request messages sent. Mobility options allow future extensions to the format of the Binding Refresh Request message to be defined. This specification does not define any options valid for the Binding Refresh Request message.

If no actual options are present in this message, no padding is necessary and the Header Len field will be set to 0.

6.1.3 Home Test Init Message

A mobile node uses the Home Test Init (HoTI) message to initiate the return routability procedure and request a home keygen token from a correspondent node (see Sending Test Init Messages). The Home Test Init message uses the MH Type value 1. When this value is indicated in the MH Type field, the format of the Message Data field in the Mobility Header is as follows:

Reserved

16-bit field reserved for future use. This value MUST be initialized to zero by the sender, and MUST be ignored by the receiver.

Home Init Cookie

64-bit field which contains a random value, the home init cookie.

Mobility Options

Variable-length field of such length that the complete Mobility Header is an integer multiple of 8 octets long. This field contains zero or more TLV-encoded mobility options. The receiver MUST ignore and skip any options which it does not understand. This specification does not define any options valid for the Home Test Init message.

If no actual options are present in this message, no padding is necessary and the Header Len field will be set to 1.

This message is tunneled through the home agent when the mobile node is away from home. Such tunneling SHOULD employ IPsec ESP in tunnel mode between the home agent and the mobile node. This protection is indicated by the IPsec security policy database. The protection of Home Test Init messages is unrelated to the requirement to protect regular payload traffic, which MAY use such tunnels as well.

6.1.4 Care-of Test Init Message

A mobile node uses the Care-of Test Init (CoTI) message to initiate the return routability procedure and request a care-of keygen token from a correspondent node (see Sending Test Init Messages). The Care-of Test Init message uses the MH Type value 2. When this value is indicated in the MH Type field, the format of the Message Data field in the Mobility Header is as follows:

Reserved

16-bit field reserved for future use. The value MUST be initialized to zero by the sender, and MUST be ignored by the receiver.

Care-of Init Cookie

64-bit field which contains a random value, the care-of init cookie.

Mobility Options

Variable-length field of such length that the complete Mobility Header is an integer multiple of 8 octets long. This field contains zero or more TLV-encoded mobility options. The receiver MUST ignore and skip any options which it does not understand. This specification does not define any options valid for the Care-of Test Init message.

If no actual options are present in this message, no padding is necessary and the Header Len field will be set to 1.

6.1.5 Home Test Message

The Home Test (HoT) message is a response to the Home Test Init message, and is sent from the correspondent node to the mobile node (see Return Routability Procedure). The Home Test message uses the MH Type value 3. When this value is indicated in the MH Type field, the format of the Message Data field in the Mobility Header is as follows:

Home Nonce Index

This field will be echoed back by the mobile node to the correspondent node in a subsequent Binding Update.

Home Init Cookie

64-bit field which contains the home init cookie.

Home Keygen Token

This field contains the 64 bit home keygen token used in the return routability procedure.

Mobility Options

Variable-length field of such length that the complete Mobility Header is an integer multiple of 8 octets long. This field contains zero or more TLV-encoded mobility options. The receiver MUST ignore and skip any options which it does not understand. This specification does not define any options valid for the Home Test message.

If no actual options are present in this message, no padding is necessary and the Header Len field will be set to 2.

6.1.6 Care-of Test Message

The Care-of Test (CoT) message is a response to the Care-of Test Init message, and is sent from the correspondent node to the mobile node (see Receiving Test Messages). The Care-of Test message uses the MH Type value 4. When this value is indicated in the MH Type field, the format of the Message Data field in the Mobility Header is as follows:

Care-of Nonce Index

This value will be echoed back by the mobile node to the correspondent node in a subsequent Binding Update.

Care-of Init Cookie

64-bit field which contains the care-of init cookie.

Care-of Keygen Token

This field contains the 64 bit care-of keygen token used in the return routability procedure.

Mobility Options

Variable-length field of such length that the complete Mobility Header is an integer multiple of 8 octets long. This field contains zero or more TLV-encoded mobility options. The receiver MUST ignore and skip any options which it does not understand. This specification does not define any options valid for the Care-of Test message.

If no actual options are present in this message, no padding is necessary and the Header Len field will be set to 2.

6.1.7 Binding Update Message

The Binding Update (BU) message is used by a mobile node to notify other nodes of a new care-of address for itself. Binding Updates are sent as described in Sending Binding Updates to the Home Agent and Correspondent Registration.

The Binding Update uses the MH Type value 5. When this value is indicated in the MH Type field, the format of the Message Data field in the Mobility Header is as follows:

Acknowledge (A)

The Acknowledge (A) bit is set by the sending mobile node to request a Binding Acknowledgement (Binding Acknowledgement Message) be returned upon receipt of the Binding Update.

Home Registration (H)

The Home Registration (H) bit is set by the sending mobile node to request that the receiving node should act as this node's home agent. The destination of the packet carrying this message MUST be that of a router sharing the same subnet prefix as the home address of the mobile node in the binding.

Link-Local Address Compatibility (L)

The Link-Local Address Compatibility (L) bit is set when the home address reported by the mobile node has the same interface identifier as the mobile node's link-local address.

Key Management Mobility Capability (K)

If this bit is cleared, the protocol used for establishing the IPsec security associations between the mobile node and the home agent does not survive movements. It may then have to be rerun. (Note that the IPsec security associations themselves are expected to survive movements.) If manual IPsec configuration is used, the bit MUST be cleared.

This bit is valid only in Binding Updates sent to the home agent, and MUST be cleared in other Binding Updates. Correspondent nodes MUST ignore this bit.

Reserved

These fields are unused. They MUST be initialized to zero by the sender and MUST be ignored by the receiver.

Sequence #

A 16-bit unsigned integer used by the receiving node to sequence Binding Updates and by the sending node to match a returned Binding Acknowledgement with this Binding Update.

Lifetime

16-bit unsigned integer. The number of time units remaining before the binding MUST be considered expired. A value of zero indicates that the Binding Cache entry for the mobile node MUST be deleted. (In this case the specified care-of address MUST also be set equal to the home address.) One time unit is 4 seconds.

Mobility Options

Variable-length field of such length that the complete Mobility Header is an integer multiple of 8 octets long. This field contains zero or more TLV-encoded mobility options. The encoding and format of defined options are described in Mobility Options. The receiver MUST ignore and skip any options which it does not understand.

The following options are valid in a Binding Update:

• Binding Authorization Data option (this option is mandatory in Binding Updates sent to a correspondent node)
• Nonce Indices option.
• Alternate Care-of Address option

If no options are present in this message, 4 octets of padding is necessary and the Header Len field will be set to 1.

The care-of address is specified either by the Source Address field in the IPv6 header or by the Alternate Care-of Address option, if present. The care-of address MUST be a unicast routable address. IPv6 Source Address MUST be a topologically correct source address. Binding Updates for a care-of address which is not a unicast routable address MUST be silently discarded. Similarly, the Binding Update MUST be silently discarded if the care-of address appears as a home address in an existing Binding Cache entry, with its current location creating a circular reference back to the home address specified in the Binding Update (possibly through additional entries).

The deletion of a binding can be indicated by setting the Lifetime field to 0 and by setting the care-of address equal to the home address. In deletion, the generation of the binding management key depends exclusively on the home keygen token, as explained in Return Routability Procedure. (Note that while the senders are required to set both the Lifetime field to 0 and the care-of address equal to the home address, Receiving Binding Updates rules for receivers are more liberal, and interpret either condition as a deletion.)

Correspondent nodes SHOULD NOT expire the Binding Cache entry before the lifetime expires, if any application hosted by the correspondent node is still likely to require communication with the mobile node. A Binding Cache entry that is deallocated prematurely might cause subsequent packets to be dropped from the mobile node, if they contain the Home Address destination option. This situation is recoverable, since an Binding Error message is sent to the mobile node (see Binding Error Message); however, it causes unnecessary delay in the communications.

6.1.8 Binding Acknowledgement Message

The Binding Acknowledgement is used to acknowledge receipt of a Binding Update (Binding Update Message). This packet is sent as described in Sending Binding Acknowledgements and Primary Care-of Address Registration.

The Binding Acknowledgement has the MH Type value 6. When this value is indicated in the MH Type field, the format of the Message Data field in the Mobility Header is as follows:

Key Management Mobility Capability (K)

If this bit is cleared, the protocol used by the home agent for establishing the IPsec security associations between the mobile node and the home agent does not survive movements. It may then have to be rerun. (Note that the IPsec security associations themselves are expected to survive movements.)

Correspondent nodes MUST set the K bit to 0.

Reserved

These fields are unused. They MUST be initialized to zero by the sender and MUST be ignored by the receiver.

Status

8-bit unsigned integer indicating the disposition of the Binding Update. Values of the Status field less than 128 indicate that the Binding Update was accepted by the receiving node. Values greater than or equal to 128 indicate that the Binding Update was rejected by the receiving node. The following Status values are currently defined:

0

Binding Update accepted

1

Accepted but prefix discovery necessary

128

Reason unspecified

129

Administratively prohibited

130

Insufficient resources

131

Home registration not supported

132

Not home subnet

133

Not home agent for this mobile node

134

Duplicate Address Detection failed

135

Sequence number out of window

136

Expired home nonce index

137

Expired care-of nonce index

138

Expired nonces

139

Registration type change disallowed

Up-to-date values of the Status field are to be specified in the IANA registry of assigned numbers[19].

Sequence #

The Sequence Number in the Binding Acknowledgement is copied from the Sequence Number field in the Binding Update. It is used by the mobile node in matching this Binding Acknowledgement with an outstanding Binding Update.

Lifetime

The granted lifetime, in time units of 4 seconds, for which this node SHOULD retain the entry for this mobile node in its Binding Cache.

The value of this field is undefined if the Status field indicates that the Binding Update was rejected.

Mobility Options

Variable-length field of such length that the complete Mobility Header is an integer multiple of 8 octets long. This field contains zero or more TLV-encoded mobility options. The encoding and format of defined options are described in Mobility Options. The receiver MUST ignore and skip any options which it does not understand.

There MAY be additional information, associated with this Binding Acknowledgement that need not be present in all Binding Acknowledgements sent. Mobility options allow future extensions to the format of the Binding Acknowledgement to be defined. The following options are valid for the Binding Acknowledgement:

• Binding Authorization Data option (this option is mandatory in Binding Acknowledgements sent by a correspondent node, except where otherwise noted in Sending Binding Acknowledgements)
• Binding Refresh Advice option

If no options are present in this message, 4 octets of padding is necessary and the Header Len field will be set to 1.

6.1.9 Binding Error Message

The Binding Error (BE) message is used by the correspondent node to signal an error related to mobility, such as an inappropriate attempt to use the Home Address destination option without an existing binding; see Sending Binding Error Messages for details.

The Binding Error message uses the MH Type value 7. When this value is indicated in the MH Type field, the format of the Message Data field in the Mobility Header is as follows:

Status

8-bit unsigned integer indicating the reason for this message. The following values are currently defined:

1

Unknown binding for Home Address destination option

2

Unrecognized MH Type value

Reserved

A 8-bit field reserved for future use. The value MUST be initialized to zero by the sender, and MUST be ignored by the receiver.

Home Address

The home address that was contained in the Home Address destination option. The mobile node uses this information to determine which binding does not exist, in cases where the mobile node has several home addresses.

Mobility Options

Variable-length field of such length that the complete Mobility Header is an integer multiple of 8 octets long. This field contains zero or more TLV-encoded mobility options. The receiver MUST ignore and skip any options which it does not understand.

There MAY be additional information, associated with this Binding Error message that need not be present in all Binding Error messages sent. Mobility options allow future extensions to the format of the format of the Binding Error message to be defined. The encoding and format of defined options are described in Mobility Options. This specification does not define any options valid for the Binding Error message.

If no actual options are present in this message, no padding is necessary and the Header Len field will be set to 2.

6.2 Mobility Options

Mobility messages can include zero or more mobility options. This allows optional fields that may not be needed in every use of a particular Mobility Header, as well as future extensions to the format of the messages. Such options are included in the Message Data field of the message itself, after the fixed portion of the message data specified in the message subsections of Mobility Header.

The presence of such options will be indicated by the Header Len of the Mobility Header. If included, the Binding Authorization Data option (Binding Authorization Data) MUST be the last option and MUST NOT have trailing padding. Otherwise, options can be placed in any order.

6.2.1 Format

Mobility options are encoded within the remaining space of the Message Data field of a mobility message, using a type-length-value (TLV) format as follows:

Option Type

8-bit identifier of the type of mobility option. When processing a Mobility Header containing an option for which the Option Type value is not recognized by the receiver, the receiver MUST quietly ignore and skip over the option, correctly handling any remaining options in the message.

Option Length

8-bit unsigned integer, representing the length in octets of the mobility option, not including the Option Type and Option Length fields.

Option Data

A variable length field that contains data specific to the option.

The following subsections specify the Option types which are currently defined for use in the Mobility Header.

Implementations MUST silently ignore any mobility options that they do not understand.

Mobility options may have alignment requirements. Following the convention in IPv6, these options are aligned in a packet so that multi-octet values within the Option Data field of each option fall on natural boundaries (i.e., fields of width n octets are placed at an integer multiple of n octets from the start of the header, for n = 1, 2, 4, or 8) [11].

6.2.2 Pad1

The Pad1 option does not have any alignment requirements. Its format is as follows:

NOTE! the format of the Pad1 option is a special case - it has neither Option Length nor Option Data fields.

The Pad1 option is used to insert one octet of padding in the Mobility Options area of a Mobility Header. If more than one octet of padding is required, the PadN option, described next, should be used rather than multiple Pad1 options.

6.2.3 PadN

The PadN option does not have any alignment requirements. Its format is as follows:

The PadN option is used to insert two or more octets of padding in the Mobility Options area of a mobility message. For N octets of padding, the Option Length field contains the value N-2, and the Option Data consists of N-2 zero-valued octets. PadN Option data MUST be ignored by the receiver.

6.2.4 Binding Refresh Advice

The Binding Refresh Advice option has an alignment requirement of 2n. Its format is as follows:

The Binding Refresh Advice option is only valid in the Binding Acknowledgement, and only on Binding Acknowledgements sent from the mobile node's home agent in reply to a home registration. The Refresh Interval is measured in units of four seconds, and indicates how long before the mobile node SHOULD send a new home registration to the home agent. The Refresh Interval MUST be set to indicate a smaller time interval than the Lifetime value of the Binding Acknowledgement.

6.2.5 Alternate Care-of Address

The Alternate Care-of Address option has an alignment requirement of 8n+6. Its format is as follows:

Normally, a Binding Update specifies the desired care-of address in the Source Address field of the IPv6 header. However, this is not possible in some cases, such as when the mobile node wishes to indicate a care-of address which it cannot use as a topologically correct source address (Binding Update Message and Correspondent Registration) or when the used security mechanism does not protect the IPv6 header (Sending Binding Updates to the Home Agent).

The Alternate Care-of Address option is provided for these situations. This option is valid only in Binding Update. The Alternate Care-of Address field contains an address to use as the care-of address for the binding, rather than using the Source Address of the packet as the care-of address.

6.2.6 Nonce Indices

The Nonce Indices option has an alignment requirement of 2n. Its format is as follows:

The Nonce Indices option is valid only in the Binding Update message sent to a correspondent node, and only when present together with a Binding Authorization Data option. When the correspondent node authorizes the Binding Update, it needs to produce home and care-of keygen tokens from its stored random nonce values.

The Home Nonce Index field tells the correspondent node which nonce value to use when producing the home keygen token.

The Care-of Nonce Index field is ignored in requests to delete a binding. Otherwise, it tells the correspondent node which nonce value to use when producing the care-of keygen token.

6.2.7 Binding Authorization Data

The Binding Authorization Data option does not have alignment requirements as such. However, since this option must be the last mobility option, an implicit alignment requirement is 8n + 2. The format of this option is as follows:

The Binding Authorization Data option is valid in the Binding Update and Binding Acknowledgement.

The Option Length field contains the length of the authenticator in octets.

The Authenticator field contains a cryptographic value which can be used to determine that the message in question comes from the right authority. Rules for calculating this value depend on the used authorization procedure.

For the return routability procedure, this option can appear in the Binding Update and Binding Acknowledgements. Rules for calculating the Authenticator value are the following:

Where | denotes concatenation and "correspondent" is the IPv6 address of the correspondent node. Note that, if the message is sent to a destination which is itself mobile, the "correspondent" address may not be the address found in the Destination Address field of the IPv6 header; instead the home address from the type 2 Routing header should be used.

"MH Data" is the content of the Mobility Header, excluding the Authenticator field itself. The Authenticator value is calculated as if the Checksum field in the Mobility Header was zero. The Checksum in the transmitted packet is still calculated in the usual manner, with the calculated Authenticator being a part of the packet protected by the Checksum. Kbm is the binding management key, which is typically created using nonces provided by the correspondent node (see Return Routability Procedure). Note that while the contents of a potential Home Address destination option are not covered in this formula, the rules for the calculation of the Kbm do take the home address in account. This ensures that the MAC will be different for different home addresses.

The first 96 bits from the MAC result are used as the Authenticator field.

6.3 Home Address Option

The Home Address option is carried by the Destination Option extension header (Next Header value = 60). It is used in a packet sent by a mobile node while away from home, to inform the recipient of the mobile node's home address.

The Home Address option is encoded in type-length-value (TLV) format as follows:

Option Type

201 = 0xC9

Option Length

8-bit unsigned integer. Length of the option, in octets, excluding the Option Type and Option Length fields. This field MUST be set to 16.

Home Address

The home address of the mobile node sending the packet. This address MUST be a unicast routable address.

The