To:
dnsop@cafax.se
From:
Soohong Daniel Park <soohong.park@samsung.com>
Date:
Fri, 14 Mar 2003 16:29:02 +0900
Importance:
Normal
Sender:
owner-dnsop@cafax.se
Subject:
Domain Name Dynamic Update for IPv6 Mobile Node while away from home.
Hi folks
I'd like to discuss this document which is still rough and not submitted
yet.
Most of all, I want to listen to DNS folks' opinion.
Could you look into it and response to me ?
If I missed an important point, let me know it.
I attach this document.
Daniel
Abstract
While a mobile node is attached to some foreign link away from home,
it is addressable at one or more care-of addresses. But the address in
DNS file is not care-of address but home address. Therefore, whenever
new correspondent nodes are trying to connect to a mobile node, these
packets are still gone through a Home Agent by reverse tunneling.
This document suggests Domain Name Dynamic Update for IPv6 Mobile Node
while away from home.
==============================================
Soohong Daniel Park
Researcher
Mobile Platform Lab, Samsung electronics
TEL:+82-31-200-3728 FAX:+82-31-200-3147
mailto:Soohong.Park@samsung.com
INTERNET-DRAFT Soohong Daniel Park
Expires: September 2003 SAMSUNG Electronics
March 2003
Domain Name Dynamic Update for IPv6 Mobile Node while away from home.
< draft-park-dndu-ipv6-mobile-node-00.txt >
Status of This Memo
This document is an Internet-Draft and is subject to all provisions
of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other
documents at any time. It is inappropriate to use Internet-Drafts
as reference material or to cite them other than as "work in
progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
Abstract
While a mobile node is attached to some foreign link away from home,
it is addressable at one or more care-of addresses. But the address in
DNS file is not care-of address but home address. Therefore, whenever
new correspondent nodes are trying to connect to a mobile node, these
packets are still gone through a Home Agent by reverse tunneling.
This document suggests Domain Name Dynamic Update for IPv6 Mobile Node
while away from home.
Table of Contents
1. Introduction .............................................. 2
2. Operation Procedure ....................................... 2
2.1 RR Considerations ......................................... 3
2.2 BU Considerations ......................................... 4
2.3 Nonce Indices option for DNDU ............................. 4
3. 6DNDU Requirements ........................................ 4
4. Using DAD message ......................................... 5
4.1 New option for Domain Name ................................ 5
5. Security Considerations ................................... 5
6. Normative References ...................................... 6
7. Informative References .................................... 6
8. Author' Address ........................................... 6
Park Expires September 2003 [Page 1]
INTERNET-DRAFT DNDU for IPv6 MN while away from home March 2003
1. Introduction
While a mobile node is attached to some foreign link away from home,
it is addressable at one or more care-of addresses. But the address in
DNS file is not care-of address but home address. Therefore, whenever
new correspondent nodes are trying to connect to a mobile node, these
packets are still gone through a Home Agent by reverse tunneling.
Moreover, a lot of new correspondent node initiate a mobile node, a
lot of traffics must be gone through a Home Agent by reverse tunneling.
This document suggests Domain Name Dynamic Update (DNDU) procedure for
registering the Domain Name and IPv6 addresses with the DNS Server
automatically while core-of address is performing the DAD procedure
for detecting duplication in new link. Also, the NS message for the DAD
has a new care-of address in the target field and original domain name
in the new option field. In order to use this mechanism, there should
be a minimum functions implemented on node and server.
2. Operation Procedure
When a mobile node is moving to another link but still reachable at
the previous link, the mobile node must perform a Binding Update. It
is described in [MIPv6]. This section is focusing on one that new CNs
initiate the first connection to a MN which was moved to another link.
Home Link
[AR1]
| away from home----->
| /----------------------------------------------|
| / |
|------[MN] **************** |
| * DNSv6 Server * |
| *******/******** |
| /\ / |
[CN1]--| / \/ |
| / |
| / |
-----|--------|-------/---|-----|---------------------|--- |
| | | | V
| | | | V
[CN2] | [CNn] |------[MN]
| |
| |
********** | ********** |
* 6DNDU *----------| * 6DNDU *---------|
* server * * server * |
********** | ********** |
| |
| |
CN:Correspondent Node | |
MN:Mobile Node [ARn] [AR2]
AR:Access Router Foreign Link
<Figure : operation procedure for 6DNDU>
Park Expires September 2003 [Page 2]
INTERNET-DRAFT DNDU for IPv6 MN while away from home March 2003
e.g.
AR1 prefix : 2001::1/64
AR2 prefix : 2001::2/64
MN home address : 2001::1:aaaa
MN domain name : daniel.example.com
MN care-of address : 2001::2:aaaa
DNSv6 file : daniel.example.com IN AAAA 2001::1:aaaa
DNSv6 Updated file : daniel.example.com IN AAAA 2001::2:aaaa
o The MN is moving to a foreign link while communicating with the CN1
The MN is received a new prefix from the AR2
The MN has a new care-of address
The MN performs the DAD processing (target : 2001::2:aaaa
option : daniel.example.com)
o The 6DNDU server receives a NS message from the MN
The server is caching the DAD information and waiting until the
DAD is completed (1~2 sec)
If the server receives all-node multicast address,
the care-of address is duplicated
The server is verifying the option type (Domain Name, TBD)
update DNS file in the DNSv6 server (DNSv6 Updated file)
o The CN2 initiates a new connection to the MN
The CN2 sends a DNS query message to the DNSv6 server
query name : daniel.example.com
The CN2 receives a DNS reply message from the DNSv6 server
rdata : 2001::2:aaaa
o RR processing between MN and CN2
The MN sends CoTI to the CN2 (with X flag in Reserved field of
the CoTI)
The CN2 sends CoT to the MN
o Binding Update between MN and CN2
The MN sends BU to the CN2 (with X flag in Reserved field of the
BU)
The CN2 send BA to the CN2
Note: The new X flag is a temporary value.
2.1 RR Considerations
When the new CN initiates to the MN away from home, Return Routability
must be performed. Originally RR procedure is done by testing whether
packets addressed to the two claimed addresses are routed to the MN.
But when the new CN initiates to the MN away from home, it don't need
to be done by home testing as HoTI and HoT. Therefore, the CoTI message
is sent to the new CN with a new flag. This flag announces to the CN
that is not required to be HoTI and HoT processing. Also, the CoT is
sent in response to the CoTI message to the MN.
When the MN has received the CoT message, the return routability
procedure is complete. As a result of the procedure, the MN has the
data it needs to send a Binding Update to the CN. The MN generates the
binding management key as follows
Kbm = SHA1 (care-of keygen token
Park Expires September 2003 [Page 3]
INTERNET-DRAFT DNDU for IPv6 MN while away from home March 2003
2.2 BU Considerations
After the MN has created the Kbm, it can supply a verifiable
Binding Update to the CN with new flag to announce
that the CN is not required to be HoTI and HoT processing.
o Binding Update message
source address = care-of address
destination address = correspondent
parameters:
- home address (within the Home Address destination option)
- sequence number (within the BU message header)
- care-of address index (within the Nonce Indices option
for DNDU)
- HMAC_SHA1 (Kbm, (care-of address | CN address | BU))
Once the CN has verified the X flag and the MAC, it can create a
Binding Cache entry for the mobile. Note that the CN should create the
home address field by the BU message.
o Binding Acknowledgement
It is the same as [MIPv6]
2.3 Nonce Indices option for DNDU
In order to skip over the Home Nonce Index value, the new option can
be used to perform Domain Name Dynamic Update.
The Nonce Indices option for DNDU has an alignment requirement of 2n.
Its format is as follows:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type = TBD | Length = 2 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Care-of Nonce Index |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
3. 6DNDU Requirements
In order to use this mechanism, the 6DNDU node and 6DNDU server.
must support the following requirements.
6DNDU node Requirements
6DNDU node must insert Domain Name to new option field in the NS
when a 6DNDU node is going on DAD processing.
6DNDU node don't require to be performed home testing by RR. So
X flag must be set in Reserved field of CoTI.
When 6DNDU node sends the BU message, home nonce index parameter
should be omitted and the new option must be used to announce
only care-of address index with X flag in Reserved field of BU.
Park Expires September 2003 [Page 4]
INTERNET-DRAFT DNDU for IPv6 MN while away from home March 2003
6DNDU server Requirements
6DNDU server must perform general DAD processing, and DNS
function for domain name update [2136].
4. Using DAD message
DAD must take place on all unicast addresses, regardless of
whether they are obtained through stateful, stateless or manual
configuration. When a MN is attached to a foreign link which
has another prefix information, in order to use a new core-of address,
it must perform DAD processing. 6DNDU uses the DAD messages with new
option (for carrying the Domain Name) for Dynamic Update Domain Name.
4.1 New option for Domain Name
In order to announce Domain Name simultaneously with the address,
this document defines new option called "Domain Name"
(the Type value will be defined later).
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
~ Domain Name ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Option Name Type
Source Link-Layer Address 1
Target Link-Layer Address 2
Prefix Information 3
Redirected Header 4
MTU 5
. .
. .
Domain Name (TBD)
<Figure : new option for Domain Name>
5. Security Considerations
If someone wants to hijack correct Domain Name registration, they
could send a NS message with incorrect or same Domain Name to the
6DNDU server repeatedly and server would start the Domain Name
registration through above mechanism, which is a security hole.
As ND message is described in [2461], a host can check validity of
message. If ND message includes an IP Authentication Header, the
message authenticates correctly. For DNS UPDATE processing, secure
DNS Dynamic Update is illustrated in [3007].
Park Expires September 2003 [Page 5]
INTERNET-DRAFT DNDU for IPv6 MN while away from home March 2003
6. Normative References
[2373] Hinden, R. and S. Deering, "IP Version 6 Addressing
Architecture", RFC 2373, July 1998.
[2460] Deering, S. abd R. Hinden, "Internet Protocol, Version
6 (IPv6) Specification", RFC 2460, December 1998.
[1034] P. Mockapetris, "DOMAIN NAMES - CONCEPTS AND
FACILITIES", RFC 1034, November 1987.
[1035] P. Mockapetris, "Domain Names - Implementation and
Specification" RFC 1035, November 1987.
7. Informative References
[2461] Narten, T., Nordmark, E. and W. Simpson, "Neighbor
Discovery for IP version 6(IPv6)", RFC 2461, December
1998.
[2136] P. Vixie et al., "Dynamic Updates in the Domain Name
System (DNS UPDATE)", RFC2136, April 1997.
[3007] B. Wellington, "Secure Domain Name System (DNS) Dynamic
Update", RFC 3007, November 2000.
[6DNAR] S. Park, "IPv6 Domain Name Auto Registration", draft-
park-6dnar-01.txt, work in progress.
[MIPv6] D. Johnson, C. Perkins, and J. Arkko. "Mobility Support
in IPv6, draft-ietf-mobileip-ipv6-21.txt, work in
progress.
8. Author' Address
Soohong Daniel Park
SAMSUNG Electronics
Digital Media R&D Center
416, Maetan-3Dong,Paldal-Gu,
Suwon City, Gyeonggi-Do,Korea
Phone: +82-31-200-3728
Email:soohong.park@samsung.com
Park Expires September 2003 [Page 6]