To:
dnsop@cafax.se
From:
Soohong Daniel Park <soohong.park@samsung.com>
Date:
Fri, 14 Mar 2003 16:29:02 +0900
Importance:
Normal
Sender:
owner-dnsop@cafax.se
Subject:
Domain Name Dynamic Update for IPv6 Mobile Node while away from home.
Hi folks I'd like to discuss this document which is still rough and not submitted yet. Most of all, I want to listen to DNS folks' opinion. Could you look into it and response to me ? If I missed an important point, let me know it. I attach this document. Daniel Abstract While a mobile node is attached to some foreign link away from home, it is addressable at one or more care-of addresses. But the address in DNS file is not care-of address but home address. Therefore, whenever new correspondent nodes are trying to connect to a mobile node, these packets are still gone through a Home Agent by reverse tunneling. This document suggests Domain Name Dynamic Update for IPv6 Mobile Node while away from home. ============================================== Soohong Daniel Park Researcher Mobile Platform Lab, Samsung electronics TEL:+82-31-200-3728 FAX:+82-31-200-3147 mailto:Soohong.Park@samsung.com
INTERNET-DRAFT Soohong Daniel Park Expires: September 2003 SAMSUNG Electronics March 2003 Domain Name Dynamic Update for IPv6 Mobile Node while away from home. < draft-park-dndu-ipv6-mobile-node-00.txt > Status of This Memo This document is an Internet-Draft and is subject to all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Abstract While a mobile node is attached to some foreign link away from home, it is addressable at one or more care-of addresses. But the address in DNS file is not care-of address but home address. Therefore, whenever new correspondent nodes are trying to connect to a mobile node, these packets are still gone through a Home Agent by reverse tunneling. This document suggests Domain Name Dynamic Update for IPv6 Mobile Node while away from home. Table of Contents 1. Introduction .............................................. 2 2. Operation Procedure ....................................... 2 2.1 RR Considerations ......................................... 3 2.2 BU Considerations ......................................... 4 2.3 Nonce Indices option for DNDU ............................. 4 3. 6DNDU Requirements ........................................ 4 4. Using DAD message ......................................... 5 4.1 New option for Domain Name ................................ 5 5. Security Considerations ................................... 5 6. Normative References ...................................... 6 7. Informative References .................................... 6 8. Author' Address ........................................... 6 Park Expires September 2003 [Page 1] INTERNET-DRAFT DNDU for IPv6 MN while away from home March 2003 1. Introduction While a mobile node is attached to some foreign link away from home, it is addressable at one or more care-of addresses. But the address in DNS file is not care-of address but home address. Therefore, whenever new correspondent nodes are trying to connect to a mobile node, these packets are still gone through a Home Agent by reverse tunneling. Moreover, a lot of new correspondent node initiate a mobile node, a lot of traffics must be gone through a Home Agent by reverse tunneling. This document suggests Domain Name Dynamic Update (DNDU) procedure for registering the Domain Name and IPv6 addresses with the DNS Server automatically while core-of address is performing the DAD procedure for detecting duplication in new link. Also, the NS message for the DAD has a new care-of address in the target field and original domain name in the new option field. In order to use this mechanism, there should be a minimum functions implemented on node and server. 2. Operation Procedure When a mobile node is moving to another link but still reachable at the previous link, the mobile node must perform a Binding Update. It is described in [MIPv6]. This section is focusing on one that new CNs initiate the first connection to a MN which was moved to another link. Home Link [AR1] | away from home-----> | /----------------------------------------------| | / | |------[MN] **************** | | * DNSv6 Server * | | *******/******** | | /\ / | [CN1]--| / \/ | | / | | / | -----|--------|-------/---|-----|---------------------|--- | | | | | V | | | | V [CN2] | [CNn] |------[MN] | | | | ********** | ********** | * 6DNDU *----------| * 6DNDU *---------| * server * * server * | ********** | ********** | | | | | CN:Correspondent Node | | MN:Mobile Node [ARn] [AR2] AR:Access Router Foreign Link <Figure : operation procedure for 6DNDU> Park Expires September 2003 [Page 2] INTERNET-DRAFT DNDU for IPv6 MN while away from home March 2003 e.g. AR1 prefix : 2001::1/64 AR2 prefix : 2001::2/64 MN home address : 2001::1:aaaa MN domain name : daniel.example.com MN care-of address : 2001::2:aaaa DNSv6 file : daniel.example.com IN AAAA 2001::1:aaaa DNSv6 Updated file : daniel.example.com IN AAAA 2001::2:aaaa o The MN is moving to a foreign link while communicating with the CN1 The MN is received a new prefix from the AR2 The MN has a new care-of address The MN performs the DAD processing (target : 2001::2:aaaa option : daniel.example.com) o The 6DNDU server receives a NS message from the MN The server is caching the DAD information and waiting until the DAD is completed (1~2 sec) If the server receives all-node multicast address, the care-of address is duplicated The server is verifying the option type (Domain Name, TBD) update DNS file in the DNSv6 server (DNSv6 Updated file) o The CN2 initiates a new connection to the MN The CN2 sends a DNS query message to the DNSv6 server query name : daniel.example.com The CN2 receives a DNS reply message from the DNSv6 server rdata : 2001::2:aaaa o RR processing between MN and CN2 The MN sends CoTI to the CN2 (with X flag in Reserved field of the CoTI) The CN2 sends CoT to the MN o Binding Update between MN and CN2 The MN sends BU to the CN2 (with X flag in Reserved field of the BU) The CN2 send BA to the CN2 Note: The new X flag is a temporary value. 2.1 RR Considerations When the new CN initiates to the MN away from home, Return Routability must be performed. Originally RR procedure is done by testing whether packets addressed to the two claimed addresses are routed to the MN. But when the new CN initiates to the MN away from home, it don't need to be done by home testing as HoTI and HoT. Therefore, the CoTI message is sent to the new CN with a new flag. This flag announces to the CN that is not required to be HoTI and HoT processing. Also, the CoT is sent in response to the CoTI message to the MN. When the MN has received the CoT message, the return routability procedure is complete. As a result of the procedure, the MN has the data it needs to send a Binding Update to the CN. The MN generates the binding management key as follows Kbm = SHA1 (care-of keygen token Park Expires September 2003 [Page 3] INTERNET-DRAFT DNDU for IPv6 MN while away from home March 2003 2.2 BU Considerations After the MN has created the Kbm, it can supply a verifiable Binding Update to the CN with new flag to announce that the CN is not required to be HoTI and HoT processing. o Binding Update message source address = care-of address destination address = correspondent parameters: - home address (within the Home Address destination option) - sequence number (within the BU message header) - care-of address index (within the Nonce Indices option for DNDU) - HMAC_SHA1 (Kbm, (care-of address | CN address | BU)) Once the CN has verified the X flag and the MAC, it can create a Binding Cache entry for the mobile. Note that the CN should create the home address field by the BU message. o Binding Acknowledgement It is the same as [MIPv6] 2.3 Nonce Indices option for DNDU In order to skip over the Home Nonce Index value, the new option can be used to perform Domain Name Dynamic Update. The Nonce Indices option for DNDU has an alignment requirement of 2n. Its format is as follows: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type = TBD | Length = 2 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Care-of Nonce Index | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3. 6DNDU Requirements In order to use this mechanism, the 6DNDU node and 6DNDU server. must support the following requirements. 6DNDU node Requirements 6DNDU node must insert Domain Name to new option field in the NS when a 6DNDU node is going on DAD processing. 6DNDU node don't require to be performed home testing by RR. So X flag must be set in Reserved field of CoTI. When 6DNDU node sends the BU message, home nonce index parameter should be omitted and the new option must be used to announce only care-of address index with X flag in Reserved field of BU. Park Expires September 2003 [Page 4] INTERNET-DRAFT DNDU for IPv6 MN while away from home March 2003 6DNDU server Requirements 6DNDU server must perform general DAD processing, and DNS function for domain name update [2136]. 4. Using DAD message DAD must take place on all unicast addresses, regardless of whether they are obtained through stateful, stateless or manual configuration. When a MN is attached to a foreign link which has another prefix information, in order to use a new core-of address, it must perform DAD processing. 6DNDU uses the DAD messages with new option (for carrying the Domain Name) for Dynamic Update Domain Name. 4.1 New option for Domain Name In order to announce Domain Name simultaneously with the address, this document defines new option called "Domain Name" (the Type value will be defined later). 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ~ Domain Name ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Option Name Type Source Link-Layer Address 1 Target Link-Layer Address 2 Prefix Information 3 Redirected Header 4 MTU 5 . . . . Domain Name (TBD) <Figure : new option for Domain Name> 5. Security Considerations If someone wants to hijack correct Domain Name registration, they could send a NS message with incorrect or same Domain Name to the 6DNDU server repeatedly and server would start the Domain Name registration through above mechanism, which is a security hole. As ND message is described in [2461], a host can check validity of message. If ND message includes an IP Authentication Header, the message authenticates correctly. For DNS UPDATE processing, secure DNS Dynamic Update is illustrated in [3007]. Park Expires September 2003 [Page 5] INTERNET-DRAFT DNDU for IPv6 MN while away from home March 2003 6. Normative References [2373] Hinden, R. and S. Deering, "IP Version 6 Addressing Architecture", RFC 2373, July 1998. [2460] Deering, S. abd R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification", RFC 2460, December 1998. [1034] P. Mockapetris, "DOMAIN NAMES - CONCEPTS AND FACILITIES", RFC 1034, November 1987. [1035] P. Mockapetris, "Domain Names - Implementation and Specification" RFC 1035, November 1987. 7. Informative References [2461] Narten, T., Nordmark, E. and W. Simpson, "Neighbor Discovery for IP version 6(IPv6)", RFC 2461, December 1998. [2136] P. Vixie et al., "Dynamic Updates in the Domain Name System (DNS UPDATE)", RFC2136, April 1997. [3007] B. Wellington, "Secure Domain Name System (DNS) Dynamic Update", RFC 3007, November 2000. [6DNAR] S. Park, "IPv6 Domain Name Auto Registration", draft- park-6dnar-01.txt, work in progress. [MIPv6] D. Johnson, C. Perkins, and J. Arkko. "Mobility Support in IPv6, draft-ietf-mobileip-ipv6-21.txt, work in progress. 8. Author' Address Soohong Daniel Park SAMSUNG Electronics Digital Media R&D Center 416, Maetan-3Dong,Paldal-Gu, Suwon City, Gyeonggi-Do,Korea Phone: +82-31-200-3728 Email:soohong.park@samsung.com Park Expires September 2003 [Page 6]