Network Working Group J. Korhonen Request for Comments: 5446 Nokia Siemens Networks Category: Informational U. Nilsson TeliaSonera February 2009
Network Working Group J. Korhonen Request for Comments: 5446 Nokia Siemens Networks Category: Informational U. Nilsson TeliaSonera February 2009
Service Selection for Mobile IPv4
移动IPv4的服务选择
Status of This Memo
关于下段备忘
This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.
本备忘录为互联网社区提供信息。它没有规定任何类型的互联网标准。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (c) 2009 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2009 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document.
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/ 许可证信息)在本文件发布之日生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。
Abstract
摘要
In some Mobile IPv4 deployments, identifying the mobile node or the mobility service subscriber is not enough to distinguish among the multiple services possibly provisioned to the mobile node. The capability to specify different services in addition to the mobile node's identity can be leveraged to provide flexibility for mobility service providers to provide multiple services within a single mobility service subscription. This document describes a Service Selection extension for Mobile IPv4 that is intended to assist home agents to make specific service selections for their mobility service subscriptions during the registration procedure.
在一些移动IPv4部署中,识别移动节点或移动服务订户不足以区分可能提供给移动节点的多个服务。除了移动节点的身份之外,还可以利用指定不同服务的能力来为移动服务提供商提供灵活性,以便在单个移动服务订阅中提供多个服务。本文档描述了移动IPv4的服务选择扩展,旨在帮助归属代理在注册过程中为其移动服务订阅做出特定的服务选择。
Table of Contents
目录
1. Introduction ....................................................2 2. Requirements ....................................................3 3. Service Selection Extension .....................................3 4. Processing Considerations .......................................5 4.1. Mobile Node Considerations .................................5 4.2. Home Agent Considerations ..................................5 4.3. Foreign Agent Considerations ...............................6 5. Security Considerations .........................................7 6. IANA Considerations .............................................7 7. Acknowledgments .................................................7 8. References ......................................................8 8.1. Normative References .......................................8 8.2. Informative References .....................................8
1. Introduction ....................................................2 2. Requirements ....................................................3 3. Service Selection Extension .....................................3 4. Processing Considerations .......................................5 4.1. Mobile Node Considerations .................................5 4.2. Home Agent Considerations ..................................5 4.3. Foreign Agent Considerations ...............................6 5. Security Considerations .........................................7 6. IANA Considerations .............................................7 7. Acknowledgments .................................................7 8. References ......................................................8 8.1. Normative References .......................................8 8.2. Informative References .....................................8
Mobile IPv4 [RFC3344] can identify mobile nodes in various ways, including home addresses [RFC3344] and Network Access Identifiers (NAIs) [RFC4282] [RFC2794]. In some Mobile IPv4 deployments, identifying the mobile node (MN) or the mobility service subscriber via a Proxy Mobile IPv4 client [LEUNG] (hereafter, the mobile node and the Proxy Mobile IPv4 client are used interchangeably) is not enough to distinguish among the multiple services possibly provisioned to the mobile node.
移动IPv4[RFC3344]可以以各种方式识别移动节点,包括家庭地址[RFC3344]和网络访问标识符(NAI)[RFC4282][RFC2794]。在一些移动IPv4部署中,通过代理移动IPv4客户端[LEUNG]识别移动节点(MN)或移动服务订户(下文中,移动节点和代理移动IPv4客户端可交换地使用)不足以区分可能提供给移动节点的多个服务。
The capability to specify different services in addition to the mobile node's identity can be leveraged to provide flexibility for mobility service providers to provide multiple services within the same mobility service subscription. For example:
除了移动节点的标识之外,还可以利用指定不同服务的能力来为移动服务提供商提供灵活性,以便在相同的移动服务订阅中提供多个服务。例如:
o Provide an enterprise data access for which the mobility service provider hosts connectivity and mobility services on behalf of the enterprise.
o 提供企业数据访问,移动服务提供商代表企业为其托管连接和移动服务。
o Provide access to service domains that are otherwise not accessible from public networks because of some mobility service providers' business reasons.
o 提供对由于某些移动服务提供商的业务原因而无法从公共网络访问的服务域的访问。
o Provide simultaneous access to different service domains that are separated based on policies of the mobility service provider.
o 提供对基于移动服务提供商的策略分离的不同服务域的同时访问。
o Enable easier policy assignment for mobility service providers based on the subscribed services.
o 基于订阅的服务为移动服务提供商实现更轻松的策略分配。
This document describes a Service Selection extension for Mobile IPv4 that is intended to assist home agents to make specific service selections for their mobility service subscriptions during the registration procedure. A Mobile IPv6-equivalent Service Selection Mobility Option has been described in [RFC5149]. The service selection may affect home agent routing decisions, Home Address assignment policies, firewall settings, and security policies. When the service selection is used, every Registration Request must contain the Service Selection extension. The Service Selection extension from the Registration Request may be echoed back in the Registration Reply.
本文档描述了移动IPv4的服务选择扩展,旨在帮助归属代理在注册过程中为其移动服务订阅做出特定的服务选择。[RFC5149]中描述了移动IPv6等效服务选择移动选项。服务选择可能会影响归属代理路由决策、归属地址分配策略、防火墙设置和安全策略。使用服务选择时,每个注册请求都必须包含服务选择扩展。来自注册请求的服务选择扩展可以在注册回复中回显。
In absence of a specifically indicated service, the home agent must act as if the default service, plain Internet access, had been requested. There is no absolute requirement that this default service would be allowed to all subscribers, but it is highly recommended in order to avoid having normal subscribers employ operator-specific configuration values in order to get basic service.
在没有特别指明的服务的情况下,归属代理必须像请求了默认服务(普通Internet访问)一样工作。没有绝对要求允许所有订阅者使用此默认服务,但强烈建议使用此默认服务,以避免普通订阅者为了获得基本服务而使用特定于运营商的配置值。
Some of the potential use cases were listed earlier in this section. The general aim is better manageability of services and service provisioning, from both operators' and service providers' points of view. However, it should be understood that there are potential deployment possibilities where selecting a certain service may restrict simultaneous access to other services from a user point of view (e.g., a "walled garden"). For example, services may be located in different administrative domains or external customer networks that practice excessive filtering of inbound and outbound traffic.
本节前面列出了一些潜在用例。总体目标是从运营商和服务提供商的角度来看,提高服务和服务供应的可管理性。然而,应当理解,存在潜在的部署可能性,其中选择某个服务可能会从用户的角度限制对其他服务的同时访问(例如,“围墙花园”)。例如,服务可能位于对入站和出站流量进行过度过滤的不同管理域或外部客户网络中。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照[RFC2119]中所述进行解释。
At most one Service Selection extension MAY be included in any Mobile IPv4 Registration Request message. When the service selection is used, the Service Selection extension MUST be included in every Registration Request message. In absence of a specifically indicated service in the Registration Request for the initial registration or re-registration, the home agent MUST act as if the default service, such as plain Internet access, had been requested. The Service Selection extension MUST be placed in the Registration Request message as follows:
任何移动IPv4注册请求消息中最多可以包括一个服务选择扩展。使用服务选择时,服务选择扩展必须包含在每个注册请求消息中。在初始注册或重新注册的注册请求中没有明确指明的服务的情况下,归属代理必须像请求了默认服务(如普通互联网接入)一样行事。服务选择扩展必须按如下方式放置在注册请求消息中:
o When present, the extension MUST appear after the MN-NAI extension, if the MN-NAI is also present in the message.
o 当存在时,如果消息中也存在MN-NAI,则扩展必须出现在MN-NAI扩展之后。
o If the extension was added by the mobile node to a Registration Request, it MUST appear prior to any authentication-enabling extensions [RFC3344] [RFC4721].
o 如果该扩展是由移动节点添加到注册请求中的,则它必须出现在任何启用身份验证的扩展[RFC3344][RFC4721]之前。
o In the event the foreign agent adds the Service Selection extension to a Registration Request, the extension MUST appear prior to any Foreign-Home authentication-enabling extensions [RFC3344].
o 如果外部代理将服务选择扩展添加到注册请求中,则扩展必须出现在任何外部家庭身份验证启用扩展之前[RFC3344]。
The home agent MAY echo the received Service Selection extension option back in a Mobile IPv4 Registration Reply message. The echoed Service Selection extension MUST be an unchanged copy of the Service Selection extension received in the corresponding Registration Request message. The Service Selection extension MUST be placed in the Registration Reply message as follows:
归属代理可以在移动IPv4注册回复消息中回显接收到的服务选择扩展选项。回显的服务选择扩展必须是在相应的注册请求消息中接收到的服务选择扩展的未更改副本。服务选择扩展必须按如下方式放置在注册回复消息中:
o If the extension was originally added by the mobile node to a Registration Request, it MUST appear in the Registration Reply prior to any authentication-enabling extensions [RFC3344] [RFC4721].
o 如果扩展最初是由移动节点添加到注册请求中的,则它必须出现在任何认证启用扩展[RFC3344][RFC4721]之前的注册回复中。
o If the foreign agent added the Service Selection extension to a Registration Request, the extension MUST appear in the Registration Reply prior to any Foreign-Home authentication-enabling extensions [RFC3344].
o 如果外国代理将服务选择扩展添加到注册请求中,则该扩展必须出现在注册回复中,然后再出现任何外国家庭身份验证启用扩展[RFC3344]。
The Service Selection extension has the following format:
服务选择扩展具有以下格式:
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type = 151 | Length | Identifier... ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type = 151 | Length | Identifier... ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Service Selection Extension
服务选择扩展
o Type: 8-bit identifier set to 151 (the type of this skippable extension).
o 类型:8位标识符设置为151(此可跳过扩展的类型)。
o Length: 8-bit unsigned integer, representing the length of the Service Selection extension in octets, excluding the Type and Length fields. A value of zero (0) is not allowed.
o 长度:8位无符号整数,以八位字节表示服务选择扩展的长度,不包括类型和长度字段。不允许值为零(0)。
o Identifier: A variable-length, encoded service-identifier string used to identify the requested service. The identifier string length is between 1 and 255 octets. This specification allows international identifier strings that are based on the use of Unicode characters, encoded as UTF-8 [RFC3629] and formatted using Normalization Form KC (NFKC) as specified in [NFKC].
o 标识符:一个可变长度的编码服务标识符字符串,用于标识请求的服务。标识符字符串长度介于1到255个八位字节之间。本规范允许使用基于Unicode字符的国际标识符字符串,编码为UTF-8[RFC3629],并使用[NFKC]中规定的规范化格式KC(NFKC)进行格式化。
'ims', 'voip', and 'voip.companyxyz.example.com' are valid examples of Service Selection extension Identifiers. At minimum the Identifier MUST be unique among the home agents to which the mobile node is authorized to register.
“ims”、“voip”和“voip.companyxyz.example.com”是服务选择扩展标识符的有效示例。在移动节点被授权注册的归属代理中,标识符至少必须是唯一的。
A mobile node or its proxy representative MAY include the Service Selection extension into any Registration Request message. The Service Selection extension can be used with any mobile node identification method. The extension is used to identify the service to be associated with the mobility session; if the service selection is used, the Service Selection extension MUST be included into every Registration Request message sent to a home agent. If the mobile node wishes to change the selected service, it is RECOMMENDED that the mobile node de-register the existing binding with the home agent before proceeding with a binding registration for a different service. The provisioning of the service identifiers to the mobile node or its proxy representative is out of the scope of this specification.
移动节点或其代理代表可将服务选择扩展包括到任何注册请求消息中。服务选择扩展可以与任何移动节点识别方法一起使用。扩展用于标识与移动会话相关联的服务;如果使用服务选择,则服务选择扩展必须包含在发送给归属代理的每个注册请求消息中。如果移动节点希望更改所选服务,建议移动节点在继续为不同服务进行绑定注册之前,先向归属代理注销现有绑定。向移动节点或其代理代表提供服务标识符超出了本规范的范围。
If the mobile node receives a Registration Reply message with a Code set to SERVICE_AUTHORIZATION_FAILED and the mobile node has an existing binding with the Home Address used in the failed Registration Request message, the mobile node MUST delete the existing binding. If there is no existing binding, the mobile node proceeds as with any failed initial registration.
如果移动节点接收到代码设置为SERVICE_AUTHORIZATION_FAILED的注册回复消息,并且移动节点具有与失败注册请求消息中使用的家庭地址的现有绑定,则移动节点必须删除现有绑定。如果没有现有绑定,移动节点将继续进行任何失败的初始注册。
Upon receiving the Service Selection extension, the home agent authenticates and authorizes the mobile node. If the home agent supports the Service Selection, it MUST also verify that the mobile node is authorized to the service identified by the Service Selection extension. The services the mobile node is authorized to SHOULD be part of the general mobile node subscription data. If the mobile node is not authorized to the service, or the home agent does not
在接收到服务选择扩展时,归属代理认证和授权移动节点。如果归属代理支持服务选择,则它还必须验证移动节点是否被授权使用由服务选择扩展标识的服务。移动节点被授权的服务应该是通用移动节点订阅数据的一部分。如果移动节点未被授权使用该服务,或者归属代理未被授权
recognize the identified service, the home agent MUST deny the registration and send a Registration Reply with a Code SERVICE_AUTHORIZATION_FAILED (error code 151).
要识别识别的服务,归属代理必须拒绝注册并发送注册回复,代码为“服务\授权\失败”(错误代码151)。
The Service Selection extension is used to assist the mobile node authorization phase and identifies a specific service that is to be authorized. The Service Selection extension MAY also affect the Home Address allocation when, for example, used with the MN-NAI extension. For example, for the same NAI, there MAY be different Home Addresses, depending on the identified service. Furthermore, the Service Selection extension MAY also affect the routing of the outbound IP packets in the home agent depending on the selected service. The home agent MAY also apply different policy or quality of service treatment to traffic flows based on the selected service.
服务选择扩展用于协助移动节点授权阶段,并标识要授权的特定服务。例如,当与MN-NAI扩展一起使用时,服务选择扩展还可能影响家庭地址分配。例如,对于同一NAI,可能有不同的家庭地址,这取决于所识别的服务。此外,服务选择扩展还可根据所选服务影响归属代理中出站IP分组的路由。归属代理还可以基于所选服务对业务流应用不同的策略或服务质量处理。
If the newly arrived Registration Request message with a Service Selection extension indicates a change in the selected service, then the home agent MUST re-authorize the mobile node. The absence of the Service Selection extension MUST be treated as a request for the default service, which may also cause the re-authorization of the mobile node. Depending on the home agent's policies, the services policies, the Home Address allocation policies, and the subscription policies, the home agent may or may not be able to authorize the mobile node to the new service. For example the existing service and the new service could require different Home Addresses. If the authorization fails, then the home agent MUST deny the registration, delete any binding with the existing Home Address, and send a Registration Reply with a Code set to SERVICE_AUTHORIZATION_FAILED (error code 151).
如果具有服务选择扩展的新到达的注册请求消息指示所选服务中的更改,则归属代理必须重新授权移动节点。缺少服务选择扩展必须被视为对默认服务的请求,这也可能导致移动节点的重新授权。根据归属代理的策略、服务策略、归属地址分配策略和订阅策略,归属代理可以授权移动节点使用新服务,也可以不授权移动节点使用新服务。例如,现有服务和新服务可能需要不同的家庭地址。如果授权失败,则归属代理必须拒绝注册,删除与现有归属地址的任何绑定,并发送注册回复,代码设置为SERVICE_authorization_FAILED(错误代码151)。
Depending on the local home agent's policy, the home agent MAY echo the Service Selection extension in the corresponding Registration Reply message towards the mobile node or the foreign agent. The home agent MUST NOT change the content of the echoed Service Selection extension.
根据本地归属代理的策略,归属代理可以向移动节点或外部代理回显相应注册回复消息中的服务选择扩展。归属代理不得更改回显服务选择扩展的内容。
A foreign agent MUST skip the Service Selection extension if the Registration Request already contains the Service Selection extension. If the Registration Request does not contain the Service Selection extension, the foreign agent MAY add the Service Selection extension to the Registration Request message. How the foreign agent learns the service that the mobile node needs to authorize is outside the scope of this document.
如果注册请求已包含服务选择扩展,则外部代理必须跳过服务选择扩展。如果注册请求不包含服务选择扩展,则外部代理可以将服务选择扩展添加到注册请求消息中。外部代理如何了解移动节点需要授权的服务不在本文档的范围之内。
In the case a foreign agent added the Service Selection extension to the Registration Request on behalf of the mobile node, it MUST verify whether the corresponding Registration Reply message from a home agent also contains an echoed Service Selection extension. If the received Registration Reply message contains the echoed Service Selection extension, the foreign agent MUST NOT include the extension to the Registration Reply message that gets forwarded to the mobile node.
在外部代理代表移动节点将服务选择扩展添加到注册请求的情况下,它必须验证来自归属代理的相应注册回复消息是否也包含回显的服务选择扩展。如果收到的注册回复消息包含回送的服务选择扩展,则外部代理不得将该扩展包含到转发到移动节点的注册回复消息中。
The protection for the Service Selection extension depends on the service that is being identified and eventually selected. If the service selection information should not be revealed on the wire, it should be protected in a manner similar to Registration Requests and Registration Replies. The Service Selection extension is protected by the same authentication-enabling extension as the rest of the Registration Request message.
服务选择扩展的保护取决于正在识别和最终选择的服务。如果服务选择信息不应在网上公开,则应以类似于注册请求和注册回复的方式对其进行保护。服务选择扩展受与注册请求消息其余部分相同的身份验证启用扩展的保护。
The home agent MUST verify that the mobile node is authorized to the service included in the Service Selection extension. The Service Selection extension authorization is part of the normal mobile node registration and authentication procedure. Both registration authentication and service authorization MUST succeed before the mobile node is allowed to register to the home agent.
归属代理必须验证移动节点是否被授权使用服务选择扩展中包括的服务。服务选择扩展授权是正常移动节点注册和认证过程的一部分。在允许移动节点注册到归属代理之前,注册认证和服务授权都必须成功。
A new Mobile IPv4 Extension type has been assigned in the "Extensions appearing in Mobile IP control messages" registry for the extension described in Section 3. The Extension type has been allocated from the 'skippable' range (128-255):
已在“移动IP控制消息中出现的扩展”注册表中为第3节中描述的扩展分配了新的移动IPv4扩展类型。已从“可跳过”范围(128-255)中分配扩展类型:
Service Selection Extension is set to 151
服务选择扩展设置为151
A new Mobile IPv4 error code has been assigned in the "Registration denied by the home agent" section of the "Code Values for Mobile IP Registration Reply Messages" registry. The error code has been allocated from the 'Error Codes from the Home Agent' range (128-192):
已在“移动IP注册回复消息的代码值”注册表的“归属代理拒绝注册”部分分配了新的移动IPv4错误代码。已从“来自归属代理的错误代码”范围(128-192)中分配错误代码:
SERVICE_AUTHORIZATION_FAILED is set to 151
服务\授权\失败设置为151
The authors would like to thank Henrik Levkowetz, Kent Leung, Spencer Dawkins, and Jari Arkko for their comments. Jouni Korhonen also acknowledges TeliaSonera and the TEKES MERCoNe project, where most of the work was conducted.
作者要感谢Henrik Levkowetz、Kent Leung、Spencer Dawkins和Jari Arkko的评论。Jouni Korhonen还承认TeliaSonera和TEKES MERCoNe项目,其中大部分工作是在那里进行的。
[NFKC] Davis, M. and M. Durst, "Unicode Standard Annex #15; Unicode Normalization Forms", Unicode 5.0.0, October 2006.
[NFKC]Davis,M.和M.Durst,“Unicode标准附录#15;Unicode规范化格式”,Unicode 5.0.0,2006年10月。
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[RFC3344] Perkins, C., "IP Mobility Support for IPv4", RFC 3344, August 2002.
[RFC3344]Perkins,C.,“IPv4的IP移动支持”,RFC 3344,2002年8月。
[RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO 10646", STD 63, RFC 3629, November 2003.
[RFC3629]Yergeau,F.,“UTF-8,ISO 10646的转换格式”,STD 63,RFC 3629,2003年11月。
[LEUNG] Leung, K., "WiMAX Forum/3GPP2 Proxy Mobile IPv4", Work in Progress, December 2008.
[LEUNG]LEUNG,K.,“WiMAX论坛/3GPP2代理移动IPv4”,正在进行的工作,2008年12月。
[RFC2794] Calhoun, P. and C. Perkins, "Mobile IP Network Access Identifier Extension for IPv4", RFC 2794, March 2000.
[RFC2794]Calhoun,P.和C.Perkins,“IPv4移动IP网络访问标识符扩展”,RFC 27942000年3月。
[RFC4282] Aboba, B., Beadles, M., Arkko, J., and P. Eronen, "The Network Access Identifier", RFC 4282, December 2005.
[RFC4282]Aboba,B.,Beadles,M.,Arkko,J.,和P.Erenen,“网络访问标识符”,RFC 42822005年12月。
[RFC4721] Perkins, C., Calhoun, P., and J. Bharatia, "Mobile IPv4 Challenge/Response Extensions (Revised)", RFC 4721, January 2007.
[RFC4721]Perkins,C.,Calhoun,P.,和J.Bharatia,“移动IPv4挑战/响应扩展(修订版)”,RFC 47212007年1月。
[RFC5149] Korhonen, J., Nilsson, U., and V. Devarapalli, "Service Selection for Mobile IPv6", RFC 5149, February 2008.
[RFC5149]Korhonen,J.,Nilsson,U.,和V.Devarapalli,“移动IPv6的服务选择”,RFC 5149,2008年2月。
Authors' Addresses
作者地址
Jouni Korhonen Nokia Siemens Networks Linnoitustie 6 FIN-02600 Espoo FINLAND
Jouni Korhonen诺基亚西门子网络公司Linnoitustie 6 FIN-02600 Espoo芬兰
EMail: jouni.nospam@gmail.com
EMail: jouni.nospam@gmail.com
Ulf Nilsson TeliaSonera Corporation Marbackagatan 11 S-123 86 Farsta SWEDEN
Ulf Nilsson TeliaSonera Corporation Marbackagatan 11 S-123 86瑞典法尔斯塔
EMail: ulf.s.nilsson@teliasonera.com
EMail: ulf.s.nilsson@teliasonera.com