idnits 2.17.00 (12 Aug 2021) /tmp/idnits40749/draft-ietf-dmm-distributed-mobility-anchoring-15.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (March 7, 2020) is 798 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Outdated reference: A later version (-14) exists of draft-ietf-dmm-fpc-cpdp-12 == Outdated reference: draft-ietf-dmm-pmipv6-dlif has been published as RFC 8885 == Outdated reference: A later version (-17) exists of draft-ietf-rtgwg-atn-bgp-05 Summary: 0 errors (**), 0 flaws (~~), 4 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 DMM H. Chan, Ed. 3 Internet-Draft X. Wei 4 Intended status: Informational Huawei Technologies 5 Expires: September 8, 2020 J. Lee 6 Sangmyung University 7 S. Jeon 8 Sungkyunkwan University 9 CJ. Bernardos, Ed. 10 UC3M 11 March 7, 2020 13 Distributed Mobility Anchoring 14 draft-ietf-dmm-distributed-mobility-anchoring-15 16 Abstract 18 This document defines distributed mobility anchoring in terms of the 19 different configurations and functions to provide IP mobility 20 support. A network may be configured with distributed mobility 21 anchoring functions for both network-based or host-based mobility 22 support according to the needs of mobility support. In a distributed 23 mobility anchoring environment, multiple anchors are available for 24 mid-session switching of an IP prefix anchor. To start a new flow or 25 to handle a flow not requiring IP session continuity as a mobile node 26 moves to a new network, the flow can be started or re-started using 27 an IP address configured from the new IP prefix anchored to the new 28 network. If the flow needs to survive the change of network, there 29 are solutions that can be used to enable IP address mobility. This 30 document describes different anchoring approaches, depending on the 31 IP mobility needs, and how this IP address mobility is handled by the 32 network. 34 Status of This Memo 36 This Internet-Draft is submitted in full conformance with the 37 provisions of BCP 78 and BCP 79. 39 Internet-Drafts are working documents of the Internet Engineering 40 Task Force (IETF). Note that other groups may also distribute 41 working documents as Internet-Drafts. The list of current Internet- 42 Drafts is at https://datatracker.ietf.org/drafts/current/. 44 Internet-Drafts are draft documents valid for a maximum of six months 45 and may be updated, replaced, or obsoleted by other documents at any 46 time. It is inappropriate to use Internet-Drafts as reference 47 material or to cite them other than as "work in progress." 48 This Internet-Draft will expire on September 8, 2020. 50 Copyright Notice 52 Copyright (c) 2020 IETF Trust and the persons identified as the 53 document authors. All rights reserved. 55 This document is subject to BCP 78 and the IETF Trust's Legal 56 Provisions Relating to IETF Documents 57 (https://trustee.ietf.org/license-info) in effect on the date of 58 publication of this document. Please review these documents 59 carefully, as they describe your rights and restrictions with respect 60 to this document. Code Components extracted from this document must 61 include Simplified BSD License text as described in Section 4.e of 62 the Trust Legal Provisions and are provided without warranty as 63 described in the Simplified BSD License. 65 Table of Contents 67 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 68 2. Conventions and Terminology . . . . . . . . . . . . . . . . . 3 69 3. Distributed Mobility Anchoring . . . . . . . . . . . . . . . 6 70 3.1. Configurations for Different Networks . . . . . . . . . . 6 71 3.1.1. Network-based DMM . . . . . . . . . . . . . . . . . . 7 72 3.1.2. Client-based DMM . . . . . . . . . . . . . . . . . . 8 73 4. IP Mobility Handling in Distributed Anchoring Environments - 74 Mobility Support Only When Needed . . . . . . . . . . . . . . 9 75 4.1. Nomadic case (no need of IP mobility): Changing to new IP 76 prefix/address . . . . . . . . . . . . . . . . . . . . . 10 77 4.2. Mobility case, traffic redirection . . . . . . . . . . . 12 78 4.3. Mobility case, anchor relocation . . . . . . . . . . . . 15 79 5. Security Considerations . . . . . . . . . . . . . . . . . . . 16 80 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 17 81 7. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 17 82 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 18 83 8.1. Normative References . . . . . . . . . . . . . . . . . . 18 84 8.2. Informative References . . . . . . . . . . . . . . . . . 19 85 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 20 87 1. Introduction 89 A key requirement in distributed mobility management [RFC7333] is to 90 enable traffic to avoid traversing a single mobility anchor far from 91 an optimal route. This document defines different configurations, 92 functional operations and parameters for distributed mobility 93 anchoring and explains how to use them to avoid unnecessarily long 94 routes when a mobile node moves. 96 Companion distributed mobility management documents are already 97 addressing source address selection [RFC8653], and control-plane 98 data-plane signaling [I-D.ietf-dmm-fpc-cpdp]. A number of 99 distributed mobility solutions have also been proposed, for example, 100 in [I-D.seite-dmm-dma], [I-D.ietf-dmm-pmipv6-dlif], 101 [I-D.sarikaya-dmm-for-wifi], [I-D.yhkim-dmm-enhanced-anchoring], and 102 [I-D.matsushima-stateless-uplane-vepc]. 104 Distributed mobility anchoring employs multiple anchors in the data 105 plane. In general, control plane functions may be separated from 106 data plane functions and be centralized but may also be co-located 107 with the data plane functions at the distributed anchors. Different 108 configurations of distributed mobility anchoring are described in 109 Section 3.1. 111 As a Mobile Node (MN) attaches to an access router and establishes a 112 link between them, a /64 IPv6 prefix anchored to the router may be 113 assigned to the link for exclusive use by the MN [RFC6459]. The MN 114 may then configure a global IPv6 address from this prefix and use it 115 as the source IP address in a flow to communicate with its 116 Correspondent Node (CN). When there are multiple mobility anchors 117 assigned to the same MN, an address selection for a given flow is 118 first required before the flow is initiated. Using an anchor in a 119 MN's network of attachment has the advantage that the packets can 120 simply be forwarded according to the forwarding table. However, 121 after the flow has been initiated, the MN may later move to another 122 network which assigns a new mobility anchor to the MN. Since the new 123 anchor is located in a different network, the MN's assigned prefix 124 does not belong to the network where the MN is currently attached. 126 When the MN wants to continue using its assigned prefix to complete 127 ongoing data sessions after it has moved to a new network, the 128 network needs to provide support for the MN's IP address and session 129 continuity, since routing packets to the MN through the new network 130 deviates from applying default routes. The IP session continuity 131 needs of a flow (application) determines how the IP address used by 132 this flow has to be anchored. If the ongoing IP flow can cope with 133 an IP prefix/address change, the flow can be reinitiated with a new 134 IP address anchored in the new network. On the other hand, if the 135 ongoing IP flow cannot cope with such change, mobility support is 136 needed. A network supporting a mix of flows both requiring and not 137 requiring IP mobility support will need to distinguish these flows. 139 2. Conventions and Terminology 141 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 142 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 143 "OPTIONAL" in this document are to be interpreted as described in BCP 144 14 [RFC2119] [RFC8174] when, and only when, they appear in all 145 capitals, as shown here. 147 All general mobility-related terms and their acronyms used in this 148 document are to be interpreted as defined in the Mobile IPv6 (MIPv6) 149 base specification [RFC6275], the Proxy Mobile IPv6 (PMIPv6) 150 specification [RFC5213], the "Mobility Related Terminologies" 151 [RFC3753], and the DMM current practices and gap analysis [RFC7429]. 152 These include terms such as Mobile Node (MN), Correspondent Node 153 (CN), Home Agent (HA), Home Address (HoA), Care-of-Address (CoA), 154 Local Mobility Anchor (LMA), and Mobile Access Gateway (MAG). 156 In addition, this document uses the following terms and definitions: 158 IP session continuity: The ability to maintain an ongoing transport 159 interaction by keeping the same local endpoint IP address 160 throughout the lifetime of the IP socket despite the mobile host 161 changing its point of attachment within the IP network topology. 162 The IP address of the host may change after closing the IP socket 163 and before opening a new one, but that does not jeopardize the 164 ability of applications using these IP sockets to work flawlessly. 165 Session continuity is essential for mobile hosts to maintain 166 ongoing flows without any interruption [RFC8653]. 168 Higher layer session continuity: The ability to maintain an ongoing 169 transport or higher layer (e.g., application) interaction by 170 keeping the session indentifiers throughout the lifetime of the 171 session despite the mobile host changing its point of attachment 172 within the IP network topology. This can be achieved by using 173 mechanisms at the transport or higher layers. 175 IP address reachability: The ability to maintain the same IP address 176 for an extended period of time. The IP address stays the same 177 across independent sessions, even in the absence of any session. 178 The IP address may be published in a long-term registry (e.g., 179 DNS) and is made available for serving incoming (e.g., TCP) 180 connections. IP address reachability is essential for mobile 181 hosts to use specific/published IP addresses [RFC8653]. 183 IP mobility: Combination of IP address reachability and session 184 continuity. 186 Home network of a home address: the network that has assigned the 187 HoA used as the session identifier by the application running in 188 an MN. The MN may be running multiple application sessions, and 189 each of these sessions can have a different home network. 191 Anchoring (of an IP prefix/address): An IP prefix, i.e., Home 192 Network Prefix (HNP), or address, i.e., HoA, assigned for use by 193 an MN is topologically anchored to an anchor node when the anchor 194 node is able to advertise a route into the routing infrastructure 195 for the assigned IP prefix. The traffic using the assigned IP 196 address/prefix must traverse the anchor node. We can refer to the 197 function performed by IP anchor node as anchoring, which is a data 198 plane function. 200 Location Management (LM) function: control plane function that keeps 201 and manages the network location information of an MN. The 202 location information may be a binding of the advertised IP 203 address/prefix, e.g., HoA or HNP, to the IP routing address of the 204 MN or of a node that can forward packets destined to the MN. 206 When the MN is a Mobile Router (MR), the location information will 207 also include the Mobile Network Prefix (MNP), which is the 208 aggregate IP prefix delegated to the MR to assign IP prefixes for 209 use by the Mobile Network Nodes (MNNs) in the mobile network. 211 In a client-server protocol model, secure (i.e., authenticated and 212 authorized) location query and update messages may be exchanged 213 between a Location Management client (LMc) and a Location 214 Management server (LMs), where the location information can be 215 updated or queried from the LMc. Optionally, there may be a 216 Location Management proxy (LMp) between LMc and LMs. 218 With separation of control plane and data plane, the LM function 219 is in the control plane. It may be a logical function at the 220 control plane node, control plane anchor, or mobility controller. 222 It may be distributed or centralized. 224 Forwarding Management (FM) function: packet interception and 225 forwarding to/from the IP address/prefix assigned for use by the 226 MN, based on the internetwork location information, either to the 227 destination or to some other network element that knows how to 228 forward the packets to their destination. 230 This function may be used to achieve traffic indirection. With 231 separation of control plane and data plane, the FM function may 232 split into a FM function in the data plane (FM-DP) and a FM 233 function in the control plane (FM-CP). 235 FM-DP may be distributed with distributed mobility management. It 236 may be a function in a data plane anchor or data plane node. 238 FM-CP may be distributed or centralized. It may be a function in 239 a control plane node, control plane anchor or mobility controller. 241 Home Control-Plane Anchor (Home-CPA or H-CPA): The Home-CPA function 242 hosts the mobile node (MN)'s mobility session. There can be more 243 than one mobility session for a mobile node and those sessions may 244 be anchored on the same or different Home-CPA's. The home-CPA 245 will interface with the home-DPA for managing the forwarding 246 state. 248 Home Data Plane Anchor (Home-DPA or H-DPA): The Home-DPA is the 249 topological anchor for the MN's IP address/ prefix(es). The Home- 250 DPA is chosen by the Home-CPA on a session- basis. The Home-DPA 251 is in the forwarding path for all the mobile node's IP traffic. 253 Access Control Plane Node (Access-CPN or A-CPN): The Access-CPN is 254 responsible for interfacing with the mobile node's Home-CPA and 255 with the Access-DPN. The Access-CPN has a protocol interface to 256 the Home-CPA. 258 Access Data Plane Node (Access-DPN or A-DPN): The Access-DPN 259 function is hosted on the first-hop router where the mobile node 260 is attached. This function is not hosted on a layer-2 bridging 261 device such as a eNode(B) or Access Point. 263 3. Distributed Mobility Anchoring 265 3.1. Configurations for Different Networks 267 We next describe some configurations with multiple distributed 268 anchors. To cover the widest possible spectrum of scenarios, we 269 consider architectures in which the control and data planes are 270 separated. We analyze where LM and FM functions -- which are 271 specific sub-functions involved in mobility management -- can be 272 placed when looking at the different scenarios with distributed 273 anchors. 275 3.1.1. Network-based DMM 277 Figure 1 shows a general scenario for network-based distributed 278 mobility management. 280 The main characteristics of a network-based DMM solution are: 282 o There are multiple data plane anchors, each with a FM-DP function. 283 o The control plane may either be distributed (not shown in the 284 figure) or centralized (as shown in the figure). 285 o The control plane and the data plane (Control Plane Anchor -- CPA 286 -- and Data Plane Anchor -- DPA) may be co-located or not. If the 287 CPA is co-located with the distributed DPAs, then there are 288 multiple co-located CPA-DPA instances (not shown in the figure). 289 o An IP prefix/address IP1 (anchored to the DPA with IP address 290 IPa1) is assigned for use to a MN. The MN uses this IP1 address 291 to communicate with CNs (not shown in the figure). 292 o The location management (LM) function may be co-located or split 293 (as shown in the figure) into a separate server (LMs) and a client 294 (LMc). In this case, the LMs may be centralized whereas the LMc 295 may be distributed or centralized. 297 ____________ Network 298 ___/ \___________ 299 / +-----+ \___ 300 ( |LMs | Control \ 301 / +-.---+ plane \ 302 / +--------.---+ functions \ 303 ( |CPA: . | in the ) 304 ( |FM-CP, LMc | network ) 305 ( +------------+ \ 306 / . . \ 307 ( . . ) 308 ( . . ) 309 ( . . \ 310 \ +------------+ +------------+Distributed ) 311 ( |DPA(IPa1): | |DPA(IPa2): |DPAs ) 312 ( |anchors IP1 | |anchors IP2 | _/ 313 \ |FM-DP | |FM-DP | etc. / 314 \ +------------+ +------------+ / 315 \___ Data plane _____/ 316 \______ functions / 317 \__________________/ 319 +------------+ 320 |MN(IP1) | Mobile node attached 321 |flow(IP1,..)| to the network 322 +------------+ 324 Figure 1: Network-based DMM configuration 326 3.1.2. Client-based DMM 328 Figure 2 shows a general scenario for client-based distributed 329 mobility management. In this configuration, the mobile node performs 330 Control Plane Node (CPN) and Data Plane Node (DPN) mobility 331 functions, namely the forwarding management and location management 332 (client) roles. 334 +-----+ 335 |LMs | 336 +-.---+ 337 +--------.---+ 338 |CPA: . | 339 |FM-CP, LMp | 340 +------------+ 341 . . 342 . . 343 . . 344 . . 345 +------------+ +------------+ Distributed 346 |DPA(IPa1): | |DPA(IPa2): | DPAs 347 |anchors IP1 | |anchors IP2 | 348 |FM-DP | |FM-DP | etc. 349 +------------+ +------------+ 351 +------------+ 352 |MN(IP1) |Mobile node 353 |flow(IP1,..)|using IP1 354 |FM, LMc |anchored to 355 +------------+DPA(IPa1) 357 Figure 2: Client-based DMM configuration 359 4. IP Mobility Handling in Distributed Anchoring Environments - 360 Mobility Support Only When Needed 362 IP mobility support may be provided only when needed instead of being 363 provided by default. Three cases can be considered: 365 o Nomadic case: no address continuity is required. The IP address 366 used by the MN changes after a movement and traffic using the old 367 address is disrupted. If session continuity is required, then it 368 needs to be provided by a solution running at L4 or above. 369 o Mobility case, traffic redirection: address continuity is 370 required. When the MN moves, the previous anchor still anchors 371 the traffic using the old IP address, and forwards it to the new 372 MN's location. The MN obtains a new IP address anchored to the 373 new location, and preferably uses it for new communications, 374 established while connected at the new location. 375 o Mobility case, anchor relocation: address continuity is required. 376 In this case the route followed by the traffic is optimized, by 377 using some means for traffic indirection to deviate from default 378 routes. 380 A straightforward choice of mobility anchoring is the following: the 381 MN's chooses as source IP address for packets belonging to an IP 382 flow, an address allocated by the network the MN is attached to when 383 the flow was initiated. As such, traffic belonging to this flow 384 traverses the MN's mobility anchor [I-D.seite-dmm-dma] 385 [I-D.ietf-dmm-pmipv6-dlif]. 387 The IP prefix/address at the MN's side of a flow may be anchored to 388 the Access Router (AR) to which the MN is attached. For example, 389 when a MN attaches to a network (Net1) or moves to a new network 390 (Net2), an IP prefix from the attached network is assigned to the 391 MN's interface. In addition to configuring new link-local addresses, 392 the MN configures from this prefix an IP address which is typically a 393 dynamic IP address (meaning that this address is only used while the 394 MN is attached to this access router, and therefore the IP address 395 configured by the MN dynamically changes when attaching to a 396 different access network). It then uses this IP address when a flow 397 is initiated. Packets from this flow addressed to the MN are simply 398 forwarded according to the forwarding table. 400 There may be multiple IP prefixes/addresses that an MN can select 401 when initiating a flow. They may be from the same access network or 402 different access networks. The network may advertise these prefixes 403 with cost options [I-D.mccann-dmm-prefixcost] so that the mobile node 404 may choose the one with the least cost. In addition, the IP 405 prefixes/addresses provided by the network may be of different types 406 regarding whether mobility support is supported [RFC8653]. A MN will 407 need to choose which IP prefix/address to use for each flow according 408 to whether it needs IP mobility support or not, using for example the 409 mechanisms described in [RFC8653]. 411 4.1. Nomadic case (no need of IP mobility): Changing to new IP prefix/ 412 address 414 When IP mobility support is not needed for a flow, the LM and FM 415 functions are not utilized so that the configurations in Section 3.1 416 are simplified as shown in Figure 3. 418 Net1 Net2 420 +---------------+ +---------------+ 421 |AR1 | AR is changed |AR2 | 422 +---------------+ -------> +---------------+ 423 |CPA: | |CPA: | 424 |---------------| |---------------| 425 |DPA(IPa1): | |DPA(IPa2): | 426 |anchors IP1 | |anchors IP2 | 427 +---------------+ +---------------+ 429 +...............+ +---------------+ 430 .MN(IP1) . MN moves |MN(IP2) | 431 .flow(IP1,...) . =======> |flow(IP2,...) | 432 +...............+ +---------------+ 434 Figure 3: Changing to a new IP address/prefix 436 When there is no need to provide IP mobility to a flow, the flow may 437 use a new IP address acquired from a new network as the MN moves to 438 the new network. 440 Regardless of whether IP mobility is needed, if the flow has not 441 terminated before the MN moves to a new network, the flow may 442 subsequently restart using the new IP address assigned from the new 443 network. 445 When IP session continuity is needed, even if an application flow is 446 ongoing as the MN moves, it may still be desirable for the 447 application flow to change to using the new IP prefix configured in 448 the new network. The application flow may then be closed at IP level 449 and then be restarted using a new IP address configured in the new 450 network. Such a change in the IP address used by the application 451 flow may be enabled using a higher layer mobility support which is 452 not in the scope of this document. 454 In Figure 3, a flow initiated while the MN was using the IP prefix 455 IP1 -- anchored to a previous access router AR1 in network Net1 -- 456 has terminated before the MN moves to a new network Net2. After 457 moving to Net2, the MN uses the new IP prefix IP2 -- anchored to a 458 new access router AR2 in network Net2 -- to start a new flow. 459 Packets may then be forwarded without requiring IP layer mobility 460 support. 462 An example call flow is outlined in Figure 4. A MN attaches to AR1, 463 which sends a router advertisement (RA) including information about 464 the prefix assigned to MN, from which MN configures an IP address 465 (IP1). This address is used for new communications, for example with 466 a correspondent node (CN). If the MN moves to a new network and 467 attaches to AR2, the process is repeated (MN obtains a new IP 468 address, IP2, from AR2). Since the IP address (IP1) configured at 469 the previously visited network is not valid at the current attachment 470 point, and any existing flows have to be reestablished using IP2. 472 Note that in these scenarios, if there is no mobility support 473 provided by L4 or above, application traffic would stop. 475 MN AR1 AR2 CN 476 |MN attaches to AR1: | | | 477 |acquires MN-ID and profile | | 478 |--RS---------------->| | | 479 | | | | 480 |<----------RA(IP1)---| | | 481 | | | | 482 Assigned prefix IP1 | | | 483 IP1 address configuration | | 484 | | | | 485 |<-Flow(IP1,IPcn,...)-+------------------------------------------>| 486 | | | | 487 |MN detaches from AR1 | | | 488 |MN attaches to AR2 | | | 489 | | | | 490 |--RS------------------------------>| | 491 | | | | 492 |<--------------RA(IP2)-------------| | 493 | | | | 494 Assigned prefix IP2 | | | 495 IP2 address configuration | | 496 | | | | 497 |<-new Flow(IP2,IPcn,...)-----------+---------------------------->| 498 | | | | 500 Figure 4: Re-starting a flow with new IP prefix/address 502 4.2. Mobility case, traffic redirection 504 When IP mobility is needed for a flow, the LM and FM functions in 505 Section 3.1 are utilized. There are two possible cases: (i) the 506 mobility anchor remains playing that role and forwards traffic to a 507 new locator in the new network, and (ii) the mobility anchor (data 508 plane function) is changed but binds the MN's transferred IP address/ 509 prefix. The latter enables optimized routes but requires some data 510 plane node that enforces traffic indirection. Next, we focus on the 511 first case. The second one is addressed in Section 4.3. 513 Mobility support can be provided by using mobility management 514 methods, such as the several approaches surveyed in the academic 515 papers ([Paper-Distributed.Mobility], 516 [Paper-Distributed.Mobility.PMIP] and 517 [Paper-Distributed.Mobility.Review]). After moving, a certain MN's 518 traffic flow may continue using the IP prefix from the prior network 519 of attachment. Yet, some time later, the application generating this 520 traffic flow may be closed. If the application is started again, the 521 new flow may not need to use the prior network's IP address to avoid 522 having to invoke IP mobility support. This may be the case where a 523 dynamic IP prefix/address, rather than a permanent one, is used. 524 Packets belonging to this flow may then use the new IP prefix (the 525 one allocated in the network where the flow is being initiated). 526 Routing is again kept simpler without employing IP mobility and will 527 remain so as long as the MN which is now in the new network does not 528 move again to another network. 530 MN AR1 AR2 CN 531 |MN attaches to AR1: | | | 532 |acquires MN-ID and profile | | 533 |--RS---------------->| | | 534 | | | | 535 |<----------RA(IP1)---| | | 536 | | | | 537 Assigned prefix IP1 | | | 538 IP1 address configuration | | 539 | | | | 540 |<-Flow(IP1,IPcn,...)-+------------------------------------------>| 541 | | | | 542 |MN detaches from AR1 | | | 543 |MN attaches to AR2 | | | 544 | | | | 545 |--RS------------------------------>| | 546 (some IP mobility support solution) 547 |<--------------RA(IP2,IP1)---------| | 548 | | | | 549 | +<-Flow(IP1,IPcn,...)---------------------->| 550 | +<===========>+ | 551 |<-Flow(IP1,IPcn,...)-------------->+ | 552 | | | | 553 Assigned prefix IP2 | | | 554 IP2 address configuration | | 555 | | | | 556 Flow(IP1,IPcn) terminates | | 557 | | | | 558 |<-new Flow(IP2,IPcn,...)-----------+---------------------------->| 559 | | | | 561 Figure 5: A flow continues to use the IP prefix from its home network 562 after MN has moved to a new network 564 An example call flow in this case is outlined in Figure 5. In this 565 example, the AR1 plays the role of FM-DP entity and redirects the 566 traffic (e.g., using an IP tunnel) to AR2. Another solution could be 567 to place an FM-DP entity closer to the CN network to perform traffic 568 steering to deviate from default routes (which will bring the packet 569 to AR1 per default routing). The LM and FM functions are implemented 570 as shown in Figure 6. 572 Net1 Net2 574 +---------------+ +---------------+ 575 |AR1 | |AR2 | 576 +---------------+ +---------------+ 577 |CPA: | |CPA: | 578 | | |LM:IP1 at IPa1 | 579 |---------------| IP1 (anchored to Net1) |---------------| 580 |DPA(IPa1): | is redirected to Net2 |DPA(IPa2): | 581 |anchors IP1 | =======> |anchors IP2 | 582 |FM:IP1 via IPa2| |FM:IP1 via IPa1| 583 +---------------+ +---------------+ 585 +...............+ +---------------+ 586 .MN(IP1) . MN moves |MN(IP2,IP1) | 587 .flow(IP1,...) . =======> |flow(IP1,...) | 588 . . |flow(IP2,...) | 589 +...............+ +---------------+ 591 Figure 6: Anchor redirection 593 Multiple instances of DPAs (at access routers), which are providing 594 IP prefixes to the MNs, are needed to provide distributed mobility 595 anchoring in an appropriate configuration such as those described in 596 Figure 1 (Section 3.1.1) for network-based distributed mobility or in 597 Figure 2 (Section 3.1.2) for client-based distributed mobility. 599 4.3. Mobility case, anchor relocation 601 We focus next on the case where the mobility anchor (data plane 602 function) is changed but binds the MN's transferred IP address/ 603 prefix. This enables optimized routes but requires some data plane 604 node that enforces traffic indirection. 606 IP mobility is invoked to enable IP session continuity for an ongoing 607 flow as the MN moves to a new network. The anchoring of the IP 608 address of the flow is in the home network of the flow (i.e., 609 different from the current network of attachment). A centralized 610 mobility management mechanism may employ indirection from the anchor 611 in the home network to the current network of attachment. Yet it may 612 be difficult to avoid using an unnecessarily long route (when the 613 route between the MN and the CN via the anchor in the home network is 614 significantly longer than the direct route between them). An 615 alternative is to move the IP prefix/address anchoring to the new 616 network. 618 The IP prefix/address anchoring may move without changing the IP 619 prefix/address of the flow. The LM function in Figure 1 in 620 Section 3.1.1 is implemented as shown in Figure 7. 622 Net1 Net2 624 +---------------+ +---------------+ 625 |AR1 | |AR2 | 626 +---------------+ +---------------+ 627 |CPA: | |CPA: | 628 |LM:IP1 at IPa1 | |LM:IP1 at IPa2 | 629 | changes to | | | 630 | IP1 at IPa2 | | | 631 |---------------| |---------------| 632 |DPA(IPa1): | IP1 anchoring effectively moved |DPA(IPa2): | 633 |anchored IP1 | =======> |anchors IP2,IP1| 634 +---------------+ +---------------+ 636 +...............+ +---------------+ 637 .MN(IP1) . MN moves |MN(IP2,IP1) | 638 .flow(IP1,...) . =======> |flow(IP1,...) | 639 +...............+ +---------------+ 641 Figure 7: Anchor relocation 643 As an MN with an ongoing session moves to a new network, the flow may 644 preserve IP session continuity by moving the anchoring of the 645 original IP prefix/address of the flow to the new network. 647 One way to accomplish such a move is to use a centralized routing 648 protocol, but such a solution may present some scalability concerns 649 and its applicability is typically limited to small networks. One 650 example of this type of solution is described in 651 [I-D.ietf-rtgwg-atn-bgp]. When a MN associates with an anchor the 652 anchor injects the mobile's prefix into the global routing system. 653 If the MN moves to a new anchor, the old anchor withdraws the /64 and 654 the new anchor injects it instead. 656 5. Security Considerations 658 As stated in [RFC7333], "a DMM solution MUST support any security 659 protocols and mechanisms needed to secure the network and to make 660 continuous security improvements". It "MUST NOT introduce new 661 security risks". 663 There are different potential deployment models of a DMM solution. 664 The present document has presented 3 different scenarios for 665 distributed anchoring: (i) nomadic case, (ii) mobility case with 666 traffic redirection, and (iii) mobility case with anchor relocation. 667 Each of them has different security requirements, and the actual 668 security mechanisms would depend on the specifics of each solution/ 669 scenario. 671 As general rules, for the first distributed anchoring scenario 672 (nomadic case), no additional security consideration is needed, as 673 this does not involve any additional mechanism at L3. If session 674 connectivity is required, the L4 or above solution used to provide it 675 MUST also provide the required authentication and security. 677 The second and third distributed anchoring scenarios (mobility case) 678 involve mobility signalling among the mobile node and the control and 679 data plane anchors. The control-plane messages exchanged between 680 these entitites MUST be protected using end-to-end security 681 associations with data-integrity and data-origination capabilities. 682 IPsec [RFC8221] ESP in transport mode with mandatory integrity 683 protection SHOULD be used for protecting the signaling messages. 684 IKEv2 [RFC8247] SHOULD be used to set up security associations 685 between the data and control plane anchors. Note that in scenarios 686 in which traffic indirection mechanisms are used to relocate an 687 anchor, authentication and authorization mechanisms MUST be used. 689 Control-plane functionality MUST apply authorization checks to any 690 commands or updates that are made by the control-plane protocol. 692 6. IANA Considerations 694 This document presents no IANA considerations. 696 7. Contributors 698 Alexandre Petrescu and Fred Templin had contributed to earlier 699 versions of this document regarding distributed anchoring for 700 hierarchical network and for network mobility, although these 701 extensions were removed to keep the document within reasonable 702 length. 704 This document has benefited from other work on mobility support in 705 SDN network, on providing mobility support only when needed, and on 706 mobility support in enterprise network. These works have been 707 referenced. While some of these authors have taken the work to 708 jointly write this document, others have contributed at least 709 indirectly by writing these drafts. The latter include Philippe 710 Bertin, Dapeng Liu, Satoru Matushima, Pierrick Seite, Jouni Korhonen, 711 and Sri Gundavelli. 713 Some terminology has been incorporated for completeness from draft- 714 ietf-dmm-deployment-models-04 document. 716 Valuable comments have been received from John Kaippallimalil, 717 ChunShan Xiong, Dapeng Liu, Fred Templin, Paul Kyzivat, Joseph 718 Salowey, Yoshifumi Nishida, Carlos Pignataro, Mirja Kuehlewind, Eric 719 Vyncke, Qin Wu, Warren Kumari, Benjamin Kaduk, Roman Danyliw and 720 Barry Leiba. Dirk von Hugo, Byju Pularikkal, Pierrick Seite have 721 generously provided careful review with helpful corrections and 722 suggestions. Marco Liebsch and Lyle Bertz also performed very 723 detailed and helpful reviews of this document. 725 8. References 727 8.1. Normative References 729 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 730 Requirement Levels", BCP 14, RFC 2119, 731 DOI 10.17487/RFC2119, March 1997, 732 . 734 [RFC3753] Manner, J., Ed. and M. Kojo, Ed., "Mobility Related 735 Terminology", RFC 3753, DOI 10.17487/RFC3753, June 2004, 736 . 738 [RFC5213] Gundavelli, S., Ed., Leung, K., Devarapalli, V., 739 Chowdhury, K., and B. Patil, "Proxy Mobile IPv6", 740 RFC 5213, DOI 10.17487/RFC5213, August 2008, 741 . 743 [RFC6275] Perkins, C., Ed., Johnson, D., and J. Arkko, "Mobility 744 Support in IPv6", RFC 6275, DOI 10.17487/RFC6275, July 745 2011, . 747 [RFC7333] Chan, H., Ed., Liu, D., Seite, P., Yokota, H., and J. 748 Korhonen, "Requirements for Distributed Mobility 749 Management", RFC 7333, DOI 10.17487/RFC7333, August 2014, 750 . 752 [RFC7429] Liu, D., Ed., Zuniga, JC., Ed., Seite, P., Chan, H., and 753 CJ. Bernardos, "Distributed Mobility Management: Current 754 Practices and Gap Analysis", RFC 7429, 755 DOI 10.17487/RFC7429, January 2015, 756 . 758 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 759 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 760 May 2017, . 762 [RFC8221] Wouters, P., Migault, D., Mattsson, J., Nir, Y., and T. 763 Kivinen, "Cryptographic Algorithm Implementation 764 Requirements and Usage Guidance for Encapsulating Security 765 Payload (ESP) and Authentication Header (AH)", RFC 8221, 766 DOI 10.17487/RFC8221, October 2017, 767 . 769 [RFC8247] Nir, Y., Kivinen, T., Wouters, P., and D. Migault, 770 "Algorithm Implementation Requirements and Usage Guidance 771 for the Internet Key Exchange Protocol Version 2 (IKEv2)", 772 RFC 8247, DOI 10.17487/RFC8247, September 2017, 773 . 775 8.2. Informative References 777 [I-D.ietf-dmm-fpc-cpdp] 778 Matsushima, S., Bertz, L., Liebsch, M., Gundavelli, S., 779 Moses, D., and C. Perkins, "Protocol for Forwarding Policy 780 Configuration (FPC) in DMM", draft-ietf-dmm-fpc-cpdp-12 781 (work in progress), June 2018. 783 [I-D.ietf-dmm-pmipv6-dlif] 784 Bernardos, C., Oliva, A., Giust, F., Zuniga, J., and A. 785 Mourad, "Proxy Mobile IPv6 extensions for Distributed 786 Mobility Management", draft-ietf-dmm-pmipv6-dlif-05 (work 787 in progress), November 2019. 789 [I-D.ietf-rtgwg-atn-bgp] 790 Templin, F., Saccone, G., Dawra, G., Lindem, A., and V. 791 Moreno, "A Simple BGP-based Mobile Routing System for the 792 Aeronautical Telecommunications Network", draft-ietf- 793 rtgwg-atn-bgp-05 (work in progress), January 2020. 795 [I-D.matsushima-stateless-uplane-vepc] 796 Matsushima, S. and R. Wakikawa, "Stateless user-plane 797 architecture for virtualized EPC (vEPC)", draft- 798 matsushima-stateless-uplane-vepc-06 (work in progress), 799 March 2016. 801 [I-D.mccann-dmm-prefixcost] 802 McCann, P. and J. Kaippallimalil, "Communicating Prefix 803 Cost to Mobile Nodes", draft-mccann-dmm-prefixcost-03 804 (work in progress), April 2016. 806 [I-D.sarikaya-dmm-for-wifi] 807 Sarikaya, B. and L. Li, "Distributed Mobility Management 808 Protocol for WiFi Users in Fixed Network", draft-sarikaya- 809 dmm-for-wifi-05 (work in progress), October 2017. 811 [I-D.seite-dmm-dma] 812 Seite, P., Bertin, P., and J. Lee, "Distributed Mobility 813 Anchoring", draft-seite-dmm-dma-07 (work in progress), 814 February 2014. 816 [I-D.yhkim-dmm-enhanced-anchoring] 817 Kim, Y. and S. Jeon, "Enhanced Mobility Anchoring in 818 Distributed Mobility Management", draft-yhkim-dmm- 819 enhanced-anchoring-05 (work in progress), July 2016. 821 [Paper-Distributed.Mobility] 822 Lee, J., Bonnin, J., Seite, P., and H. Chan, "Distributed 823 IP Mobility Management from the Perspective of the IETF: 824 Motivations, Requirements, Approaches, Comparison, and 825 Challenges", IEEE Wireless Communications, October 2013. 827 [Paper-Distributed.Mobility.PMIP] 828 Chan, H., "Proxy Mobile IP with Distributed Mobility 829 Anchors", Proceedings of GlobeCom Workshop on Seamless 830 Wireless Mobility, December 2010. 832 [Paper-Distributed.Mobility.Review] 833 Chan, H., Yokota, H., Xie, J., Seite, P., and D. Liu, 834 "Distributed and Dynamic Mobility Management in Mobile 835 Internet: Current Approaches and Issues", February 2011. 837 [RFC6459] Korhonen, J., Ed., Soininen, J., Patil, B., Savolainen, 838 T., Bajko, G., and K. Iisakkila, "IPv6 in 3rd Generation 839 Partnership Project (3GPP) Evolved Packet System (EPS)", 840 RFC 6459, DOI 10.17487/RFC6459, January 2012, 841 . 843 [RFC8653] Yegin, A., Moses, D., and S. Jeon, "On-Demand Mobility 844 Management", RFC 8653, DOI 10.17487/RFC8653, October 2019, 845 . 847 Authors' Addresses 849 H. Anthony Chan (editor) 850 Huawei Technologies 851 5340 Legacy Dr. Building 3 852 Plano, TX 75024 853 USA 855 Email: h.a.chan@ieee.org 856 Xinpeng Wei 857 Huawei Technologies 858 Xin-Xi Rd. No. 3, Haidian District 859 Beijing, 100095 860 P. R. China 862 Email: weixinpeng@huawei.com 864 Jong-Hyouk Lee 865 Sangmyung University 866 31, Sangmyeongdae-gil, Dongnam-gu 867 Cheonan 31066 868 Republic of Korea 870 Email: jonghyouk@smu.ac.kr 872 Seil Jeon 873 Sungkyunkwan University 874 2066 Seobu-ro, Jangan-gu 875 Suwon, Gyeonggi-do 876 Republic of Korea 878 Email: seiljeon@skku.edu 880 Carlos J. Bernardos (editor) 881 Universidad Carlos III de Madrid 882 Av. Universidad, 30 883 Leganes, Madrid 28911 884 Spain 886 Phone: +34 91624 6236 887 Email: cjbc@it.uc3m.es 888 URI: http://www.it.uc3m.es/cjbc/