CN-4-8-2 - Home and Care-of Nonce Index timeout - De-Registration from the foreign link
Host
HA----------R2----------R1----------R0
| | | |
| | | |
|---- |---- |----MN |----CN(NUT)
| | | |
| | | |
Home Link Link2 Link1 Link0
(Foreign) (Foreign)
Link0 3ffe:501:ffff:100::/64 Link1 3ffe:501:ffff:101::/64 Foreign Link Link2 3ffe:501:ffff:102::/64 Foreign Link 2 Home Link 3ffe:501:ffff:104::/64 Home Link CN(NUT) 3ffe:501:ffff:100::X
Auto Configuration (InterfaceID)MN(in Link1) 3ffe:501:ffff:101::Y
Increased in each test (InterfaceID)MN care-of address MN(in Home Link) 3ffe:501:ffff:104::Y
Increased in each test (InterfaceID)MN home address R0(Link0) 3ffe:501:ffff:100::1 R1(Link1) 3ffe:501:ffff:101::1 R2(Link2) 3ffe:501:ffff:102::1 HA(Home Link) 3ffe:501:ffff:104::1
Reboot NUT (reboot.rmt)
MN R1 HA R0 CN(NUT)
| | | | |
| | | |------>| 1.RA
| | | | |
| | | |------>| 2.NS
| | | | |
| | | |<------| 3.NA
| | | | |
|-------------->|-------------->| 4.Echo Request
| | | | |
|<--------------|<--------------| 5.Echo Reply
| | | | |
|------------------------------>| 6.Echo Request(Home Address option)
| | | | |
|<------------------------------| 7.BE(Status=1)
| | | | |
|------------------------------>| 8.CoTI
| | | | |
|-------------->|-------------->| 9.HoTI
| | | | |
|<------------------------------| 10.CoT
| | | | |
|<--------------|<--------------| 11.HoT
| | | | |
|------------------------------>| 12.BU
| | | | |
|<------------------------------| 13.BA
| | | | |
|------------------------------>| 14.Echo Request(Home Address option)
| | | | |
|<------------------------------| 15.Echo Reply(Type2 Routing Header)
| | | | |
|-------------->|-------------->| 16.HoTI
| | | | |
|<--------------|<--------------| 17.HoT
| | | | |
|------------------------------>| 18.CoTI
| | | | |
|<------------------------------| 19.CoT
| | | | |
| | | | | Expire MAX_NONCE_LIFE(240s)
| | | | |
|------------------------------>| 20.BU(Lifetime=0, Care-of Nonce Index=Received in 19.)
| | | | |
|<------------------------------| 21.BA(Status=136) (*1)
| | | | |
|------------------------------>| 22.Echo Request(Home Address option)
| | | | |
|<------------------------------| 23.Echo Reply(Type2 Routing Header) (*2)
| | | | |
1. Send Router Advertisement. 2. Send Neighbor Solicitation. 3. Receive Neighbor Advertisement. 4. Send ICMP Echo Request. 5. Receive ICMP Echo Reply. 6. Send ICMP Echo Request(Home Address option). 7. Receive Binding Error(Status=1). 8. Send Care-of Test Init. 9. Send Home Test Init. 10. Receive Care-of Test. 11. Receive Home Test. 12. Send Binding Update. 13. Receive Binding Acknowledgement. 14. Send ICMP Echo Request(Home Address option). 15. Receive ICMP Echo Reply(Type2 Routing Header). 16. Send Home Test Init. 17. Receive Home Test. 18. Send Care-of Test Init. 19. Receive Care-of Test. *Expire MAX_NONCE_LIFE(240s) 20. Send Binding Update(Lifetime=0, Care-of Nonce Index=Received in 19). 21. Receive Binding Acknowledgement(Status=136). 22. Send ICMP Echo Request(Home Address option). 23. Receive ICMP Echo Reply(Type2 Routing Header).
Packet Format
20. Binding Update
21. Binding Acknowledgement(No Binding Authorization Data option)
IPv6 header
Routing header (type 2)
home address
Mobility header
Binding Acknowledgement
(Not include Binding Authorization Data option)
22. Binding Update(No Home Address option)
23. Binding Acknowledgement(No Type2 Routing Header)
(*1) MN receives Binding Acknowledgement. - The Destination Address is set to the Source Address of the Binding Update (MN care-of address). - The Status field is set to 136. - Binding Authorization Data option is not included.
(*2) MN receives ICMP Echo Reply. (Binding Cache entry is not deleted.) - The Destination Address is set to MN care-of address. - Type 2 Routing Header is included.
(draft-ietf-mobileip-ipv6-24.txt)
9.5.1 Receiving Binding Updates
o A Nonce Indices mobility option MUST be present, and the Home and
Care-of Nonce Index values in this option MUST be recent enough to
be recognized by the correspondent node. (Care-of Nonce Index
values are not inspected for requests to delete a binding.)
(snip)
If the receiving node no longer recognizes the Home Nonce Index value, Care-of Nonce Index value, or both values from the Binding Update, then the receiving node MUST send back a Binding Acknowledgement with status code 136, 137, or 138, respectively.
(snip)
o If the Lifetime specified in the Binding Update is zero or the
specified care-of address matches the home address for the
binding, then this is a request to delete the cached binding for
the home address. In this case, the Binding Update MUST include a
valid home nonce index, and the care-of nonce index MUST be
ignored by the correspondent node. The generation of the binding
management key depends then exclusively on the home keygen token
(Section 5.2.5). If the Home Registration (H) bit is set in the
Binding Update, the Binding Update is processed according to the
procedure specified in Section 10.3.2; otherwise, it is processed
according to the procedure specified in Section 9.5.3.
5.2.7 Updating Node Keys and Nonces
Correspondent nodes generate nonces at regular intervals. It is recommended to keep each nonce (identified by a nonce index) acceptable for at least MAX_TOKEN_LIFETIME seconds (see Section 12) after it has been first used in constructing a return routability message response. However, the correspondent node MUST NOT accept nonces beyond MAX_NONCE_LIFETIME seconds (see Section 12) after the first use. As the difference between these two constants is 30 seconds, a convenient way to enforce the above lifetimes is to generate a new nonce every 30 seconds. The node can then continue to accept tokens that have been based on the last 8 (MAX_NONCE_LIFETIME / 30) nonces. This results in tokens being acceptable MAX_TOKEN_LIFETIME to MAX_NONCE_LIFETIME seconds after they have been sent to the mobile node, depending on whether the token was sent at the beginning or end of the first 30 second period. Note that the correspondent node may also attempt to generate new nonces on demand, or only if the old nonces have been used. This is possible, as long as the correspondent node keeps track of how long a time ago the nonces were used for the first time, and does not generate new nonces on every return routability request.
12. Protocol Constants
MAX_NONCE_LIFETIME 240 seconds
9.5.4 Sending Binding Acknowledgements
If the Status field in the Binding Acknowledgement contains the value 136 (expired home nonce index), 137 (expired care-of nonce index), or 138 (expired nonces) then the message MUST NOT include the Binding Authorization Data mobility option. Otherwise, the Binding Authorization Data mobility option MUST be included, and MUST meet the specific authentication requirements for Binding Acknowledgements as defined in Section 5.2.