MN-2-2-1-1-014 - BU accepted (K = OFF by manual key management)
Host
|
R CN0
| |
-----+-------+--------+---------------- LinkZ
|
R2 NUTY
| |
-----+-------+-----------------+------- LinkY
|
R1 NUTX
| |
-----+-------+-----------------+------- LinkX
|
HA0 Node0 NUT0
| | |
----------------------+---------------+---------+------- Link0
| Link0 |
3ffe:501:ffff:100::/64 |
home link |
| LinkX |
3ffe:501:ffff:102::/64 |
|
| LinkY |
3ffe:501:ffff:103::/64 |
|
| LinkZ |
3ffe:501:ffff:104::/64 |
|
| HA0(Link0) |
3ffe:501:ffff:100:200:ff:fe00:a0a0 |
|
| Node0(Link0) |
3ffe:501:ffff:100:200:ff:fe00:a3a3 |
|
| R1(LinkX) |
3ffe:501:ffff:102:200:ff:fe00:a4a4 |
|
| R2(LinkY) |
3ffe:501:ffff:103:200:ff:fe00:a6a6 |
|
| CN0(LinkZ) |
3ffe:501:ffff:104:200:ff:fe00:a8a8 |
|
1. Selection Option
- IPsec key management between MN and HA : manual configuration
- IPsec support between MN and HA : YES
2. Position of Mobile Node
- none
HA0 NUT0 R1 R2 CN0
| | | | |
| ----> | | | | 1.Router Advertisement
| | | | |
| NUTX | | |
| | | | |
| | <---- | | | 2.Router Advertisement
| | | | |
| <---- | | | | 3.Neighbor Solicitations
| | | | | 4.(no reply:3 seconds)
| | | | |
| <---- | | | | 5.Binding Update
| ----> | | | | 6.Binding Acknowledgement
| | | | | 7.(wait) (*1)
| | | | |
1. Send Router Advertisement. (HA0 -> HA0_allnode_multi)
2. Send Router Advertisement. (R1 -> R1_allnode_multi)
3. Receive Neighbor Solicitations. (NUT0 -> HA0)
4. (no reply)
# Wait during a maximum of 3 seconds(RFC2461).
5. Receive Binding Update. (NUTX -> HA0)
6. Send Binding Acknowledgement. (HA0 -> NUTX)
# The Status field is set to 0(Binding Update accepted).
# The K bit field is set to 0.
7. (wait)
# Wait during enough retransmission timer.
Packet Format is:
6. Binding Acknowledgement
(*1) PASS: HA0 does not receive the retransmitting of Binding Update.
(draft-ietf-mobileip-ipv6-24.txt)
11.7.3 Receiving Binding Acknowledgements
(snip)
If the acknowledgement came from the home agent, the mobile node
examines the value of the Key Management Mobility Capability (K) bit.
If this bit is not set, the mobile node SHOULD discard key management
protocol connections, if any, to the home agent. The mobile node MAY
also initiate a new key management connection.
10.3.1 Primary Care-of Address Registration
(snip)
Regardless of the setting of the Acknowledge (A) bit in the Binding
Update, the home agent MUST return a Binding Acknowledgement to the
mobile node, constructed as follows:
o The Status field MUST be set to a value indicating success. The
value 1 (accepted but prefix discovery necessary) MUST be used if
the subnet prefix of the specified home address is deprecated,
becomes deprecated during the lifetime of the binding, or becomes
invalid at the end of the lifetime. The value 0 MUST be used
otherwise. For the purposes of comparing the binding and prefix
lifetimes, the prefix lifetimes are first converted into units of
four seconds by ignoring the two least significant bits.
o The Key Management Mobility Capability (K) bit is set if the
following conditions are all fulfilled, and cleared otherwise:
* The Key Management Mobility Capability (K) bit was set in the
Binding Update.
* The IPsec security associations between the mobile node and the
home agent have been established dynamically.
* The home agent has the capability to update its endpoint in the
used key management protocol to the new care-of address every
time it moves
Depending on the final value of the bit in the Binding
Acknowledgement, the home agent SHOULD perform the following
actions:
K = 0
Discard key management connections, if any, to the old care-of
address. If the mobile node did not have a binding before
sending this Binding Update, discard the connections to the
home address.
K = 1
Move the peer endpoint of the key management protocol
connection, if any, to the new care-of address. For an IKE
phase 1 connection, this means that any IKE packets sent to the
peer are sent to this address, and packets from this address
with the original ISAKMP cookies are accepted.