rfc8818xml2.original.xml   rfc8818.xml 
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE rfc SYSTEM "rfc2629-xhtml.ent">
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" number="8818" consensus="true"
category="info"
docName="draft-ietf-dmm-distributed-mobility-anchoring-15"
ipr="trust200902" obsoletes="" updates="" submissionType="IETF"
xml:lang="en" tocInclude="true" symRefs="true" sortRefs="true"
version="3">
<front>
<title abbrev="Distributed Mobility Anchoring">Distributed Mobility Anchorin
g</title>
<seriesInfo name="RFC" value="8818"/>
<author fullname="H. Anthony Chan" initials="H" surname="Chan" role="editor"
>
<organization abbrev="CIHE">Caritas Institute of Higher Education</organiz
ation>
<address>
<postal>
<street>2 Chui Ling Lane, Tseung Kwan O
</street>
<city>N.T.</city>
<country>Hong Kong</country>
</postal>
<email>h.a.chan@ieee.org</email>
</address>
</author>
<author fullname="Xinpeng Wei" initials="X" surname="Wei">
<organization>Huawei Technologies</organization>
<address>
<postal>
<street>Xin-Xi Rd. No. 3, Haidian District</street>
<city>Beijing, 100095</city>
<country>China</country>
</postal>
<email>weixinpeng@huawei.com</email>
</address>
</author>
<author fullname="Jong-Hyouk Lee" initials="J" surname="Lee">
<organization>Sejong University</organization>
<address>
<postal>
<street>209, Neungdong-ro, Gwangjin-gu</street>
<city>Seoul</city>
<code>05006
</code>
<country>Republic of Korea</country>
</postal>
<email>jonghyouk@sejong.ac.kr</email>
</address>
</author>
<author fullname="Seil Jeon" initials="S" surname="Jeon">
<organization>Sungkyunkwan University</organization>
<address>
<postal>
<street>2066 Seobu-ro, Jangan-gu</street>
<city>Suwon, Gyeonggi-do</city>
<country>Republic of Korea</country>
</postal>
<email>seiljeon.ietf@gmaiil.com</email>
</address>
</author>
<author fullname="Carlos J. Bernardos" initials="CJ." surname="Bernardos" ro
le="editor">
<organization abbrev="UC3M">
Universidad Carlos III de Madrid
</organization>
<address>
<postal>
<street>Av. Universidad, 30</street>
<city>Leganes, Madrid</city>
<code>28911</code>
<country>Spain</country>
</postal>
<phone>+34 91624 6236</phone>
<email>cjbc@it.uc3m.es</email>
<uri>http://www.it.uc3m.es/cjbc/</uri>
</address>
</author>
<date year="2020" month="August"/>
<area/>
<workgroup>DMM</workgroup>
<keyword>anchor</keyword>
<keyword>address continuity</keyword>
<keyword>reachability</keyword>
<keyword>continuity</keyword>
<keyword>PMIPv6</keyword>
<keyword>MIPv6</keyword>
<!-- [rfced] This questions is for author H. Anthony Chan. Would it be
appropriate to shorten your affiliation "Caritas Institute of Higher
Education" to "Caritas Institute" in the document header? The shortened
form fits a bit better in the txt and pdf outputs. The full form would
appear in the Authors' Addresses section. We are also okay with leaving
the long form in the document header. Please let us know your preference.
-->
<abstract>
<t>
This document defines distributed mobility anchoring in terms of the different
configurations and functions to provide IP mobility support. A network may be
configured with distributed mobility anchoring functions for both network-based
or host-based mobility support, depending on the network's needs. In a
distributed mobility anchoring environment, multiple anchors are available for
mid-session switching of an IP prefix anchor. To start a new flow or to handle a
flow not requiring IP session continuity as a mobile node moves to a new
network, the flow can be started or restarted using an IP address configured
from the new IP prefix anchored to the new network. If the flow needs to survive
the change of network, there are solutions that can be used to enable IP address
mobility. This document describes different anchoring approaches, depending on
the IP mobility needs, and how this IP address mobility is handled by the
network.
</t>
</abstract>
</front>
<middle>
<section anchor="intro" numbered="true" toc="default">
<name>Introduction</name>
<t>
A key requirement in distributed mobility management (DMM) <xref target="RFC7333
" format="default"/> is
to enable traffic to avoid traversing a single mobility anchor far from an
optimal route. This document defines different configurations, functional
operations, and parameters for distributed mobility anchoring and explains how t
o
use them to avoid unnecessarily long routes when a mobile node moves.
</t>
<t>
Other distributed mobility management documents already address
source address selection <xref target="RFC8653" format="default"/> and
control-plane and data-plane signaling <xref target="I-D.ietf-dmm-fpc-cpdp" form
at="default"/>. A
number of distributed mobility solutions have also been proposed, for example,
in <xref target="I-D.seite-dmm-dma" format="default"/>, <xref target="I-D.ietf-d
mm-pmipv6-dlif" format="default"/>, <xref target="I-D.sarikaya-dmm-for-wifi" for
mat="default"/>, <xref target="I-D.yhkim-dmm-enhanced-anchoring" format="default
"/>, and <xref target="I-D.matsushima-stateless-uplane-vepc" format="default"/>.
</t>
<t>
Distributed mobility anchoring employs multiple anchors in the data plane. In
general, control-plane functions may be separated from data-plane functions and
be centralized but may also be co-located with the data-plane functions at the
distributed anchors. Different configurations of distributed mobility anchoring
are described in <xref target="sec_distributed-anchoring-configurations" format=
"default"/>.
</t>
<t>
As a Mobile Node (MN) attaches to an access router and establishes a link
between them, a /64 IPv6 prefix anchored to the router may be assigned to the
link for exclusive use by the MN <xref target="RFC6459" format="default"/>. The
MN may then
configure a global IPv6 address from this prefix and use it as the source IP
address in a flow to communicate with its Correspondent Node (CN). When there
are multiple mobility anchors assigned to the same MN, an address selection for
a given flow is first required before the flow is initiated. Using an anchor in
an MN's network of attachment has the advantage that the packets can simply be
forwarded according to the forwarding table. However, after the flow has been
initiated, the MN may later move to another network that assigns a new mobility
anchor to the MN. Since the new anchor is located in a different network, the
MN's assigned prefix does not belong to the network where the MN is currently
attached.
</t>
<t>
When the MN wants to continue using its assigned prefix to complete ongoing data
sessions after it has moved to a new network, the network needs to provide
support for the MN's IP address and session continuity, since routing packets
to the MN through the new network deviates from applying default routes. The IP
session continuity needs of a flow (application) determine how the IP address
used by this flow has to be anchored. If the ongoing IP flow can cope with an IP
prefix/address change, the flow can be reinitiated with a new IP address
anchored in the new network. On the other hand, if the ongoing IP flow cannot
cope with such change, mobility support is needed. A network supporting a mix of
flows both requiring and not requiring IP mobility support will need to
distinguish these flows.
</t>
</section>
<section anchor="sec_definitions" numbered="true" toc="default">
<name>Conventions and Terminology</name>
<t>
The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>",
"<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>",
"<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are
to be interpreted as described in BCP&nbsp;14 <xref target="RFC2119"/>
<xref target="RFC8174"/> when, and only when, they appear in all capitals,
as shown here.
</t>
<t>
All general mobility-related terms and their acronyms used in this document
are to be interpreted as defined in the Mobile IPv6 (MIPv6) base specification
<xref target="RFC6275" format="default"/>, the Proxy Mobile IPv6 (PMIPv6)
specification <xref target="RFC5213" format="default"/>, the Mobility
Terminology document <xref target="RFC3753" format="default"/>, and the DMM
Current Practices and Gap Analysis document <xref target="RFC7429" format="defau
lt"/>.
These include terms such as Mobile Node (MN), Correspondent Node (CN), Home
Agent (HA), Home Address (HoA), Care-of-Address (CoA), Local Mobility Anchor
(LMA), and Mobile Access Gateway (MAG).
</t>
<t>In addition, this document uses the following terms and definitions:</t
>
<dl newline="false" spacing="normal">
<dt>IP session continuity:</dt>
<dd>
<t>
The ability to maintain an ongoing transport interaction by keeping the same
local endpoint IP address throughout the lifetime of the IP socket despite the
mobile host changing its point of attachment within the IP network topology. The
IP address of the host may change after closing the IP socket and before opening
a new one, but that does not jeopardize the ability of applications using these
IP sockets to work flawlessly. Session continuity is essential for mobile hosts
to maintain ongoing flows without any interruption <xref target="RFC8653" format
="default"/>.
</t>
</dd>
<dt>Higher-layer session continuity:</dt>
<dd>
<t>
The ability to maintain an ongoing transport- or higher-layer (e.g., application
)
interaction by keeping the session identifiers throughout the lifetime of the
session despite the mobile host changing its point of attachment within the IP
network topology. This can be achieved by using mechanisms at the transport or
higher layers.
</t>
</dd>
<dt>IP address reachability:</dt>
<dd>
<t>
The ability to maintain the same IP address for an extended period of time. The
IP address stays the same across independent sessions, even in the absence of
any session. The IP address may be published in a long-term registry (e.g., DNS)
and is made available for serving incoming (e.g., TCP) connections. IP address
reachability is essential for mobile hosts to use specific/published IP
addresses <xref target="RFC8653" format="default"/>.
</t>
</dd>
<dt>IP mobility:</dt>
<dd>
<t>
The combination of IP address reachability and session continuity.
</t>
</dd>
<dt>Anchoring (of an IP prefix/address):</dt>
<dd>
<t>
An IP prefix (i.e., Home Network Prefix (HNP)) or address (i.e., HoA) assigned
for use by an MN is topologically anchored to an anchor node when the anchor
node is able to advertise a route into the routing infrastructure for the
assigned IP prefix. The traffic using the assigned IP address/prefix must
traverse the anchor node. We can refer to the function performed by the IP ancho
r
node as anchoring, which is a data-plane function.
</t>
</dd>
<dt>Location Management (LM) function:</dt>
<dd>
<t>
A control-plane function that keeps and manages the network location information
of an MN. The location information may be a binding of the advertised IP
address/prefix (e.g., HoA or HNP) to the IP routing address of the MN or of a
node that can forward packets destined to the MN.
</t>
<t>
When the MN is a Mobile Router (MR), the location information will also include
the Mobile Network Prefix (MNP), which is the aggregate IP prefix delegated to
the MR to assign IP prefixes for use by the Mobile Network Nodes (MNNs) in the
mobile network. </t>
<t>
In a client-server protocol model, secure (i.e., authenticated and authorized) l
ocation query and update messages may be
exchanged between a Location Management client (LMc) and a Location Management
server (LMs), where the location information can be updated or queried from
the LMc.
Optionally, there may be a Location Management proxy (LMp) between LMc and LMs.
</t>
<t>
With separation of control plane and data plane, the LM function is in the
control plane. It may be a logical function at the control-plane node, control-p
lane anchor, or mobility controller.
</t>
<t>
It may be distributed or centralized.
</t>
</dd>
<dt>Forwarding Management (FM) function:</dt>
<dd>
<t>
Packet interception and forwarding to/from the IP address/prefix
assigned for use by the MN, based on the internetwork location information,
either to the destination or to some other network element
that knows how to forward the packets to their destination.
</t>
<t>
This function may be used to achieve traffic indirection.
With separation of control plane and data plane,
the FM function may split into an FM function in the data plane (FM-DP)
and an FM function in the control plane (FM-CP).
</t>
<t>
FM-DP may be distributed with distributed mobility management.
It may be a function in a data-plane anchor or data-plane node.
</t>
<t>
FM-CP may be distributed or centralized.
It may be a function in a control-plane node,
control-plane anchor, or mobility controller.
</t>
</dd>
<dt>Home Control-Plane Anchor (Home-CPA or H-CPA):</dt>
<dd>
<t>
The Home-CPA function hosts the MN's mobility
session. There can be more than one mobility session for a mobile
node, and those sessions may be anchored on the same or different
Home-CPA's. The Home-CPA will interface with the Home-DPA for
managing the forwarding state.
</t>
</dd>
<dt>Home Data-Plane Anchor (Home-DPA or H-DPA):</dt>
<dd>
<t>
The Home-DPA is the topological anchor for the MN's IP address/prefix(es).
The Home-DPA is chosen by the Home-CPA on a session basis. The Home-DPA is
in the forwarding path for all the mobile node's IP traffic.
</t>
</dd>
<dt>Access Control-Plane Node (Access-CPN or A-CPN):</dt>
<dd>
<t>
The Access-CPN is responsible for interfacing with the mobile
node's Home-CPA and with the Access-DPN. The Access-CPN has a
protocol interface to the Home-CPA.
</t>
</dd>
<dt>Access Data-Plane Node (Access-DPN or A-DPN):</dt>
<dd>
<t>
The Access-DPN function is hosted on the first-hop router where
the mobile node is attached. This function is not hosted on a
Layer 2 bridging device such as an eNode(B) or Access Point.
</t>
</dd>
</dl>
</section>
<section anchor="sec_distributed-anchoring" numbered="true" toc="default">
<name>Distributed Mobility Anchoring</name>
<section anchor="sec_distributed-anchoring-configurations" numbered="true" toc="
default">
<name>Configurations for Different Networks</name>
<t>
We next describe some configurations with multiple distributed anchors. To
cover the widest possible spectrum of scenarios, we consider architectures in
which the control and data planes are separated. We analyze where LM and FM
functions, which are specific sub-functions involved in mobility management,
can be placed when looking at the different scenarios with distributed
anchors.
</t>
<section anchor="sec_distributed-anchoring-network-based" numbered="true" toc="d
efault">
<name>Network-Based DMM</name>
<t>
<xref target="fig_dmm_net-based" format="default"/> shows a general scenario for
network-based
distributed mobility management.
</t>
<t>
The main characteristics of a network-based DMM solution are:
</t>
<ul spacing="normal">
<li>
There are multiple data-plane anchors, each with an FM-DP function.
</li>
<li>
The control plane may either be distributed (not shown in the figure) or
centralized (as shown in the figure).
</li>
<li>
The Control-Plane Anchor (CPA) and the Data Plane Anchor (DPA) may or may not
be co-located. If the CPA is co-located with the distributed DPAs, then
there are multiple co-located CPA-DPA instances (not shown in the figure).
</li>
<li>
An IP prefix/address IP1 (anchored to the DPA with IP address IPa1) is assigned
for use to an MN. The MN uses this IP1 address to communicate with CNs (not
shown in the figure).
</li>
<li>
The location management (LM) function may be co-located or split (as shown in
the figure) into a separate server (LMs) and a client (LMc). In this case, the
LMs may be centralized whereas the LMc may be distributed or centralized.
</li>
</ul>
<figure anchor="fig_dmm_net-based">
<name>Network-Based DMM Configuration</name>
<artwork name="" type="" align="left" alt=""><![CDATA[
____________ Network
___/ \___________
/ +-----+ \___
( |LMs | Control- \
/ +-.---+ plane \
/ +--------.---+ functions \
( |CPA: . | in the )
( |FM-CP, LMc | network )
( +------------+ \
/ . . \
( . . )
( . . )
( . . \
\ +------------+ +------------+Distributed )
( |DPA(IPa1): | |DPA(IPa2): |DPAs )
( |anchors IP1 | |anchors IP2 | _/
\ |FM-DP | |FM-DP | etc. /
\ +------------+ +------------+ /
\___ Data-plane _____/
\______ functions /
\__________________/
+------------+
|MN(IP1) | Mobile node attached
|flow(IP1,..)| to the network
+------------+
]]></artwork>
</figure>
</section>
<section anchor="sec_distributed-anchoring-host-based" numbered="true" toc="defa
ult">
<name>Client-Based DMM</name>
<t>
<xref target="fig_dmm_client-based" format="default"/> shows a general scenario
for client-based
distributed mobility management. In this configuration, the mobile node performs
Control-Plane Node (CPN) and Data-Plane Node (DPN) mobility functions, namely
the forwarding management and location management (client) roles.
</t>
<figure anchor="fig_dmm_client-based">
<name>Client-Based DMM Configuration</name>
<artwork name="" type="" align="left" alt=""><![CDATA[
+-----+
|LMs |
+-.---+
+--------.---+
|CPA: . |
|FM-CP, LMp |
+------------+
. .
. .
. .
. .
+------------+ +------------+ Distributed
|DPA(IPa1): | |DPA(IPa2): | DPAs
|anchors IP1 | |anchors IP2 |
|FM-DP | |FM-DP | etc.
+------------+ +------------+
+------------+
|MN(IP1) |Mobile node
|flow(IP1,..)|using IP1
|FM, LMc |anchored to
+------------+DPA(IPa1)
]]></artwork>
</figure>
</section>
</section>
</section>
<section anchor="sec_on-demand" numbered="true" toc="default">
<name>IP Mobility Handling in Distributed Anchoring Environments: Mobility
Support Only When Needed</name>
<t>
IP mobility support may be provided only when needed instead of being provided
by default. Three cases can be considered:
</t>
<ul spacing="normal">
<li>
Nomadic case: No address continuity is required. The IP address used by the MN
changes after a movement and traffic using the old address is disrupted. If
session continuity is required, then it needs to be provided by a solution
running at Layer 4 or above.
</li>
<li>
Mobility case with traffic redirection: Address continuity is required. When the
MN moves, the previous anchor still anchors the traffic using the old IP
address and forwards it to the new MN's location. The MN obtains a new IP
address anchored to the new location and preferably uses it for new
communications established while connected at the new location.
</li>
<li>
Mobility case with anchor relocation: Address continuity is required. In this ca
se,
the route followed by the traffic is optimized by using some means for traffic
indirection to deviate from default routes.
</li>
</ul>
<t>
A straightforward choice of mobility anchoring is the following: the MN
chooses, as a source IP address for packets belonging to an IP flow, an
address allocated by the network the MN is attached to when the flow was
initiated.
As such, traffic belonging to this flow traverses the MN's mobility anchor
<xref target="I-D.seite-dmm-dma" format="default"/> <xref
target="I-D.ietf-dmm-pmipv6-dlif" format="default"/>.
</t>
<t>
The IP prefix/address at the MN's side of a flow may be anchored to the Access
Router (AR) to which the MN is attached. For example, when an MN attaches to a
network (Net1) or moves to a new network (Net2), an IP prefix from the attached
network is assigned to the MN's interface. In addition to configuring new
link-local addresses, the MN configures from this prefix an IP address that is
typically a dynamic IP address (meaning that this address is only used while the
MN is attached to this access router, so the IP address configured by
the MN dynamically changes when attaching to a different access network). It
then uses this IP address when a flow is initiated. Packets from this flow
addressed to the MN are simply forwarded according to the forwarding table.
</t>
<t>
There may be multiple IP prefixes/addresses that an MN can select when
initiating a flow. They may be from the same access network or different
access networks. The network may advertise these prefixes with cost options
<xref target="I-D.mccann-dmm-prefixcost" format="default"/> so that the mobile
node may choose the one with the least cost. In addition, the IP
prefixes/addresses provided by the network may be of different types regarding
whether mobility support is supported <xref target="RFC8653"
format="default"/>. An MN will need to choose which IP prefix/address to use
for each flow according to whether or not it needs IP mobility support,
for example, using the mechanisms described in <xref target="RFC8653"
format="default"/>.
</t>
<section anchor="sec_changing-anchor" numbered="true" toc="default">
<name>Nomadic Case</name>
<t>
When IP mobility support is not needed for a flow, the LM and FM functions are
not utilized so that the configurations in <xref target="sec_distributed-anchori
ng-configurations" format="default"/> are simplified as shown in
<xref target="fig_change-net" format="default"/>.
</t>
<figure anchor="fig_change-net">
<name>Changing to a New IP Address/Prefix</name>
<artwork name="" type="" align="left" alt=""><![CDATA[
Net1 Net2
+---------------+ +---------------+
|AR1 | AR is changed |AR2 |
+---------------+ -------> +---------------+
|CPA: | |CPA: |
|---------------| |---------------|
|DPA(IPa1): | |DPA(IPa2): |
|anchors IP1 | |anchors IP2 |
+---------------+ +---------------+
+...............+ +---------------+
.MN(IP1) . MN moves |MN(IP2) |
.flow(IP1,...) . =======> |flow(IP2,...) |
+...............+ +---------------+
]]></artwork>
</figure>
<t>
When there is no need to provide IP mobility to a flow, the flow may use a new
IP address acquired from a new network as the MN moves to the new network.
</t>
<t>
Regardless of whether or not IP mobility is needed, if the flow has not terminat
ed before
the MN moves to a new network, the flow may subsequently restart using the new
IP address assigned from the new network.
</t>
<t>
When IP session continuity is needed, even if an application flow is ongoing as
the MN moves, it may still be desirable for the application flow to change to
using the new IP prefix configured in the new network. The application flow may
then be closed at the IP level and then be restarted using a new IP address
configured in the new network. Such a change in the IP address used by the
application flow may be enabled using a higher-layer mobility support that is
not in the scope of this document.
</t>
<t>
In <xref target="fig_change-net" format="default"/>, a flow initiated while the
MN was using the
IP prefix IP1, anchored to a previous access router AR1 in network Net1, has
terminated before the MN moves to a new network Net2. After moving to Net2, the
MN uses the new IP prefix IP2, anchored to a new access router AR2 in network
Net2, to start a new flow. Packets may then be forwarded without requiring IP-la
yer mobility support.
</t>
<t>
An example call flow is outlined in <xref target="fig_change-net-flow"
format="default"/>. An MN attaches to AR1, which sends a router advertisement
(RA) including information about the prefix assigned to the MN, from which the
MN configures an IP address (IP1). This address is used for new
communications, for example, with a correspondent node (CN). If the MN moves to
a new network and attaches to AR2, the process is repeated (the MN obtains a new
IP address, IP2, from AR2). Since the IP address (IP1) configured at the
previously visited network is not valid at the current attachment point,
any existing flows have to be reestablished using IP2.
</t>
<t>
Note that in these scenarios, if there is no mobility support provided by
Layer 4 or
above, application traffic would stop.
</t>
<figure anchor="fig_change-net-flow">
<name>Restarting a Flow with New IP Prefix/Address</name>
<artwork name="" type="" align="left" alt=""><![CDATA[
MN AR1 AR2 CN
|MN attaches to AR1: | | |
|acquires MN-ID and profile | |
|--RS---------------->| | |
| | | |
|<----------RA(IP1)---| | |
| | | |
Assigned prefix IP1 | | |
IP1 address configuration | |
| | | |
|<-Flow(IP1,IPcn,...)-+------------------------------------------>|
| | | |
|MN detaches from AR1 | | |
|MN attaches to AR2 | | |
| | | |
|--RS------------------------------>| |
| | | |
|<--------------RA(IP2)-------------| |
| | | |
Assigned prefix IP2 | | |
IP2 address configuration | |
| | | |
|<-new Flow(IP2,IPcn,...)-----------+---------------------------->|
| | | |
]]></artwork>
</figure>
</section>
<section anchor="sec_traffic_redirection" numbered="true" toc="default">
<name>Mobility Case with Traffic Redirection</name>
<t>
When IP mobility is needed for a flow, the LM and FM functions in <xref target="
sec_distributed-anchoring-configurations" format="default"/> are utilized. There
are two
possible cases: (i) the mobility anchor remains playing that role and forwards t
raffic to a new locator in the new network, and (ii) the mobility anchor (data-p
lane
function) is changed but binds the MN's transferred IP address/prefix.
The latter enables optimized routes but requires some data-plane node that
enforces traffic indirection. We focus on the first case in this section. The
second case is addressed in <xref target="sec_anchor_relocation"
format="default"/>.
</t>
<t>
Mobility support can be provided by using mobility management methods, such as
the approaches surveyed in the following academic papers: <xref
target="IEEE-DISTRIBUTED-MOBILITY" format="default"/>, <xref target="PMIP-DMA"
format="default"/>, and <xref target="DMM-MOBILE-INTERNET"
format="default"/>. After moving, a certain MN's traffic flow may continue
using the IP prefix from the prior network of attachment. Yet, some time
later, the application generating this traffic flow may be closed. If the
application is started again, the new flow may not need to use the prior
network's IP address to avoid having to invoke IP mobility support. This may
be the case where a dynamic IP prefix/address, rather than a permanent one, is
used. Packets belonging to this flow may then use the new IP prefix (the one
allocated in the network where the flow is being initiated). Routing is again
kept simpler without employing IP mobility and will remain so as long as the
MN, which is now in the new network, does not move again to another network.
</t>
<t>
An example call flow in this case is outlined in <xref
target="fig_flow-continuity" format="default"/>. In this example, the AR1
plays the role of the FM-DP entity and redirects the traffic (e.g., using an IP
tunnel) to AR2.
</t>
<figure anchor="fig_flow-continuity">
<name>Flow Using IP Prefix from Home Network after MN has
Moved</name>
<artwork name="" type="" align="left" alt=""><![CDATA[
MN AR1 AR2 CN
|MN attaches to AR1: | | |
|acquires MN-ID and profile | |
|--RS---------------->| | |
| | | |
|<----------RA(IP1)---| | |
| | | |
Assigned prefix IP1 | | |
IP1 address configuration | |
| | | |
|<-Flow(IP1,IPcn,...)-+------------------------------------------>|
| | | |
|MN detaches from AR1 | | |
|MN attaches to AR2 | | |
| | | |
|--RS------------------------------>| |
(some IP mobility support solution)
|<--------------RA(IP2,IP1)---------| |
| | | |
| +<-Flow(IP1,IPcn,...)---------------------->|
| +<===========>+ |
|<-Flow(IP1,IPcn,...)-------------->+ |
| | | |
Assigned prefix IP2 | | |
IP2 address configuration | |
| | | |
Flow(IP1,IPcn) terminates | |
| | | |
|<-new Flow(IP2,IPcn,...)-----------+---------------------------->|
| | | |
]]></artwork>
</figure>
<t>
Another solution could be to place an FM-DP entity closer to
the CN network to perform traffic steering to deviate from default routes
(which will bring the packet to AR1 per default routing). The LM and FM
functions are implemented as shown in <xref target="fig_anchor-redirection"
format="default"/>.
</t>
<figure anchor="fig_anchor-redirection">
<name>Anchor Redirection</name>
<artwork name="" type="" align="left" alt=""><![CDATA[
Net1 Net2
+---------------+ +---------------+
|AR1 | |AR2 |
+---------------+ +---------------+
|CPA: | |CPA: |
| | |LM:IP1 at IPa1 |
|---------------| IP1 (anchored to Net1) |---------------|
|DPA(IPa1): | is redirected to Net2 |DPA(IPa2): |
|anchors IP1 | =======> |anchors IP2 |
|FM:IP1 via IPa2| |FM:IP1 via IPa1|
+---------------+ +---------------+
+...............+ +---------------+
.MN(IP1) . MN moves |MN(IP2,IP1) |
.flow(IP1,...) . =======> |flow(IP1,...) |
. . |flow(IP2,...) |
+...............+ +---------------+
]]></artwork>
</figure>
<t>
Multiple instances of DPAs (at access routers), which are providing IP prefixes
to the MNs, are needed to provide distributed mobility anchoring in an
appropriate configuration such as those described in <xref target="fig_dmm_net-b
ased" format="default"/> (<xref target="sec_distributed-anchoring-network-based"
format="default"/>) for network-based
distributed mobility or in <xref target="fig_dmm_client-based" format="default"/
> (<xref target="sec_distributed-anchoring-host-based" format="default"/>) for c
lient-based distributed
mobility.
</t>
</section>
<section anchor="sec_anchor_relocation" numbered="true" toc="default">
<name>Mobility Case with Anchor Relocation</name>
<t>
We focus next on the case where the mobility anchor (data-plane function) is
changed but binds the MN's transferred IP address/prefix. This enables optimized
routes but requires some data-plane node that enforces traffic indirection.
</t>
<t>
IP mobility is invoked to enable IP session continuity for an ongoing flow as
the MN moves to a new network. The anchoring of the IP address of the flow is in
the home network of the flow (i.e., different from the current network of
attachment). A centralized mobility management mechanism may employ indirection
from the anchor in the home network to the current network of attachment. Yet, i
t
may be difficult to avoid using an unnecessarily long route (when the route
between the MN and the CN via the anchor in the home network is significantly
longer than the direct route between them). An alternative is to move the IP
prefix/address anchoring to the new network.
</t>
<t>
The IP prefix/address anchoring may move
without changing the IP prefix/address of the flow.
The LM function in <xref target="fig_dmm_net-based" format="default"/> of
<xref target="sec_distributed-anchoring-network-based" format="default"/>
is implemented as shown in <xref target="fig_anchor-mobility" format="default"/>
.
</t>
<figure anchor="fig_anchor-mobility">
<name>Anchor Relocation</name>
<artwork name="" type="" align="left" alt=""><![CDATA[
Net1 Net2
+---------------+ +---------------+
|AR1 | |AR2 |
+---------------+ +---------------+
|CPA: | |CPA: |
|LM:IP1 at IPa1 | |LM:IP1 at IPa2 |
| changes to | | |
| IP1 at IPa2 | | |
|---------------| |---------------|
|DPA(IPa1): | IP1 anchoring effectively moved |DPA(IPa2): |
|anchored IP1 | =======> |anchors IP2,IP1|
+---------------+ +---------------+
+...............+ +---------------+
.MN(IP1) . MN moves |MN(IP2,IP1) |
.flow(IP1,...) . =======> |flow(IP1,...) |
+...............+ +---------------+
]]></artwork>
</figure>
<t>
As an MN with an ongoing session moves to a new network, the flow may preserve
IP session continuity by moving the anchoring of the original IP prefix/address
of the flow to the new network.
</t>
<t>
One way to accomplish such a move is to use a centralized routing protocol,
but such a solution may present some scalability concerns and its
applicability is typically limited to small networks. One example of this type
of solution is described in <xref target="I-D.ietf-rtgwg-atn-bgp"
format="default"/>.
When an MN associates with an anchor, the anchor injects the MN's prefix into
the global routing system. If the MN moves to a new anchor, the old anchor
withdraws the /64 and the new anchor injects it instead.
</t>
</section>
</section>
<section anchor="security" numbered="true" toc="default">
<name>Security Considerations</name>
<t>
As stated in <xref target="RFC7333" format="default"/>, "a DMM solution <bcp14>M
UST</bcp14> support any security
protocols and mechanisms needed to secure the network and to make continuous
security improvements". It "<bcp14>MUST NOT</bcp14> introduce new security risks
".
</t>
<t>
There are different potential deployment models of a DMM solution. The present
document has presented three different scenarios for distributed anchoring:
(i) nomadic case, (ii) mobility case with traffic redirection, and (iii)
mobility case with anchor relocation. Each of these cases has different security
requirements, and the actual security mechanisms depend on the specifics
of each solution/scenario.
</t>
<t>
As general rules, for the first distributed anchoring scenario (nomadic case),
no additional security consideration is needed, as this does not involve any
additional mechanism at Layer 3. If session connectivity is required, the
Layer 4 or
above solution used to provide it <bcp14>MUST</bcp14> also provide the
required authentication and security.
</t>
<t>
The second and third distributed anchoring scenarios (mobility case) involve
mobility signaling among the mobile node and the control-plane and data-plane
anchors. The control-plane messages exchanged between these entities
<bcp14>MUST</bcp14> be protected using end-to-end security associations with
data-integrity and data-origination capabilities. IPsec <xref target="RFC8221"
format="default"/> Encapsulating Security Payload (ESP) in transport mode with
mandatory integrity protection <bcp14>SHOULD</bcp14> be used for protecting
the signaling messages. Internet Key Exchange Protocol Version 2 (IKEv2) <xref t
arget="RFC8247" format="default"/>
<bcp14>SHOULD</bcp14> be used to set up security associations between the data-p
lane
and control-plane anchors. Note that in scenarios in which traffic indirection
mechanisms are used to relocate an anchor, authentication and authorization
mechanisms <bcp14>MUST</bcp14> be used.
</t>
<t>
Control-plane functionality <bcp14>MUST</bcp14> apply authorization checks to an
y commands or
updates that are made by the control-plane protocol.
</t>
</section>
<section numbered="true" toc="default">
<name>IANA Considerations</name>
<t>
This document has no IANA actions.
</t>
</section>
</middle>
<back>
<displayreference target="I-D.ietf-dmm-fpc-cpdp" to="FPC-DMM-PROTOCOL"/>
<displayreference target="I-D.ietf-dmm-pmipv6-dlif" to="IPV6-DMM-EXT"/>
<displayreference target="I-D.ietf-rtgwg-atn-bgp" to="BGP-ATN-IPS"/>
<displayreference target="I-D.matsushima-stateless-uplane-vepc" to="STATELESS-UP
LANE-VEPC"/>
<displayreference target="I-D.mccann-dmm-prefixcost" to="PREFIX-COST"/>
<displayreference target="I-D.sarikaya-dmm-for-wifi" to="DMM-WIFI"/>
<displayreference target="I-D.seite-dmm-dma" to="DMM-DMA"/>
<displayreference target="I-D.yhkim-dmm-enhanced-anchoring" to="DMM-ENHANCED-ANC
HORING"/>
<references>
<name>References</name>
<references>
<name>Normative References</name>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.2119.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.8174.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.7333.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.5213.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.6275.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.3753.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.7429.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.8221.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.8247.xml"/>
</references>
<references>
<name>Informative References</name>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.6459.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.8653.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml3/reference.
I-D.ietf-dmm-fpc-cpdp.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml3/reference.I
-D.mccann-dmm-prefixcost.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml3/reference.
I-D.matsushima-stateless-uplane-vepc.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml3/reference.
I-D.seite-dmm-dma.xml"/>
<reference anchor='I-D.ietf-dmm-pmipv6-dlif'>
<front>
<title>Proxy Mobile IPv6 extensions for Distributed Mobility Management</title>
<author initials='CJ' surname='Bernardos' fullname='Carlos Bernardos'>
<organization />
</author>
<author initials='A' surname='Oliva' fullname='Antonio de la Oliva'>
<organization />
</author>
<author initials='F' surname='Giust' fullname='Fabio Giust'>
<organization />
</author>
<author initials='JC' surname='Zuniga' fullname='Juan Zuniga'>
<organization />
</author>
<author initials='A' surname='Mourad' fullname='Alain Mourad'>
<organization />
</author>
<date month='March' year='2020' />
</front>
<seriesInfo name='Internet-Draft' value='draft-ietf-dmm-pmipv6-dlif-06' />
</reference>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml3/reference.
I-D.sarikaya-dmm-for-wifi.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml3/reference.I
-D.yhkim-dmm-enhanced-anchoring.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml3/reference.
I-D.ietf-rtgwg-atn-bgp.xml"/>
<reference anchor="DMM-MOBILE-INTERNET">
<front>
<title>Distributed and Dynamic Mobility Management in Mobile
Internet: Current Approaches and Issues</title>
<author initials="H" surname="Chan">
<organization/>
</author>
<author initials="H" surname="Yokota">
<organization/>
</author>
<author initials="J" surname="Xie">
<organization/>
</author>
<author initials="P" surname="Seite">
<organization/>
</author>
<author initials="D" surname="Liu">
<organization/>
</author>
<date month="February" year="2011"/>
</front>
<refcontent>Journal of Communications, Vol. 6, No. 1
</refcontent>
</reference>
<reference anchor="IEEE-DISTRIBUTED-MOBILITY">
<front>
<title>Distributed IP mobility management from the perspective of
the IETF: motivations, requirements, approaches, comparison, and chal
lenges</title>
<author initials="J" surname="Lee">
<organization/>
</author>
<author initials="J" surname="Bonnin">
<organization/>
</author>
<author initials="P" surname="Seite">
<organization/>
</author>
<author initials="H. A." surname="Chan">
<organization/>
</author>
<date month="October" year="2013"/>
</front>
<refcontent>IEEE Wireless Communications, vol. 20, no. 5, pp. 159-168
</refcontent>
</reference>
<reference anchor="PMIP-DMA">
<front>
<title>Proxy mobile IP with distributed mobility anchors</title>
<author initials="H" surname="Chan">
<organization/>
</author>
<date month="December" year="2010"/>
</front>
<refcontent>IEEE Globecom Workshops Miami, FL, 2010, pp. 16-20
</refcontent>
</reference>
</references>
</references>
<section numbered="false">
<name>Acknowledgements
</name>
<t>The work of <contact fullname="Jong-Hyouk Lee"/> was supported by the MSIT (M
inistry of Science
and ICT), Korea, under the ITRC (Information Technology Research Center)
support program (IITP-2020-2015-0-00403) supervised by the IITP (Institute for
Information &amp; communications Technology Planning &amp; Evaluation).
</t>
</section>
<section numbered="false" toc="default">
<name>Contributors</name>
<t>
<contact fullname="Alexandre Petrescu"/> and <contact fullname="Fred
Templin"/> had contributed to earlier draft versions of this document regarding
distributed anchoring for hierarchical networks and for network mobility,
although these extensions were removed to keep the document within reasonable
length.
</t>
<t>
This document has benefited from other work on mobility support in SDN networks,
on providing mobility support only when needed, and on mobility support in
enterprise networks. These works have been referenced. While some of these
authors have taken the work to jointly write this document, others have
contributed at least indirectly by writing these works. The latter include
<contact fullname="Philippe Bertin"/>, <contact fullname="Dapeng Liu"/>,
<contact fullname="Satoru Matushima"/>, <contact fullname="Pierrick Seite"/>,
<contact fullname="Jouni Korhonen"/>,
and <contact fullname="Sri Gundavelli"/>.
</t>
<t>
For completeness, some terminology from draft-ietf-dmm-deployment-models-04
has been incorporated into this document.
</t>
<t>
Valuable comments have been received from <contact fullname="John
Kaippallimalil"/>, <contact fullname="ChunShan Xiong"/>, <contact
fullname="Dapeng Liu"/>, <contact fullname="Fred Templin"/>, <contact
fullname="Paul Kyzivat"/>, <contact fullname="Joseph Salowey"/>, <contact
fullname="Yoshifumi Nishida"/>, <contact fullname="Carlos Pignataro"/>,
<contact fullname="Mirja Kuehlewind"/>, <contact fullname="Eric Vyncke"/>,
<contact fullname="Qin Wu"/>, <contact fullname="Warren Kumari"/>, <contact
fullname="Benjamin Kaduk"/>, <contact fullname="Roman Danyliw"/>, and <contact
fullname="Barry Leiba"/>. <contact fullname="Dirk von Hugo"/>, <contact
fullname="Byju Pularikkal"/>, and <contact fullname="Pierrick Seite"/> have
generously provided careful review with helpful corrections and
suggestions. <contact fullname="Marco Liebsch"/> and <contact fullname="Lyle
Bertz"/> also performed very detailed and helpful reviews of this document.
</t>
</section>
</back>
</rfc>
 End of changes. 1 change blocks. 
lines changed or deleted lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/