NAME

MN-2-1-1-1-004 - Valid BU (K = OFF by manual key management)


TARGET

Host


TOPOLOGY

                    
                                  |
                                  R       CN0
                                  |        |
                     -----+-------+--------+---------------- LinkZ
                          |
                          R2                      NUTY
                          |                         |
                     -----+-------+-----------------+------- LinkY
                                  |
                                  R1              NUTX
                                  |                 |
                     -----+-------+-----------------+------- LinkX
                          |
                         HA0             Node0    NUT0
                          |               |         |
    ----------------------+---------------+---------+------- Link0
                    
Link0 3ffe:501:ffff:100::/64 home link
LinkX 3ffe:501:ffff:102::/64  
LinkY 3ffe:501:ffff:103::/64  
LinkZ 3ffe:501:ffff:104::/64  
HA0(Link0) 3ffe:501:ffff:100:200:ff:fe00:a0a0  
Node0(Link0) 3ffe:501:ffff:100:200:ff:fe00:a3a3  
R1(LinkX) 3ffe:501:ffff:102:200:ff:fe00:a4a4  
R2(LinkY) 3ffe:501:ffff:103:200:ff:fe00:a6a6  
CN0(LinkZ) 3ffe:501:ffff:104:200:ff:fe00:a8a8  


INITIALIZATION

 1. Selection Option
    - IPsec key management between MN and HA : manual configuration
    - IPsec support between MN and HA (BU/BA): YES
 2. Position of Mobile Node
    - none


TEST PROCEDURE

                    
       HA0     NUT0     R1      R2      CN0
        |       |       |       |        |
        | ----> |       |       |        | 1.Router Advertisement
        |       |       |       |        |
        |      NUTX     |       |        |
        |       |       |       |        |
        |       | <---- |       |        | 2.Router Advertisement
        |       |       |       |        |
        | <---- |       |       |        | 3.Neighbor Solicitations(NUD)
        |       |       |       |        | 4.(no reply)
        |       |       |       |        |
        | <---- |       |       |        | 5.Binding Update (*1)
        |       |       |       |        |
                    
        1. Send Router Advertisement. (HA0 -> HA0_allnode_multi)
        2. Send Router Advertisement. (R1 -> R1_allnode_multi)
        3. Receive Neighbor Solicitations(NUD). (NUT0 -> HA0)
        4. (no reply)
            # Wait during a maximum of 3 seconds(RFC2461).
        5. Receive Binding Update. (NUTX -> HA0)
                    
        Packet Format is:
          5. Binding Update
                    


JUDGEMENT

 (*1) PASS: HA0 receives Binding Update,
            Then, check whether this packet fills all of the following,
             - The ESP Header is included.
             - The Key Management Mobility Capability(K) bit is set to OFF.


REFERENCE

                    
(draft-ietf-mobileip-ipv6-24.txt)
                    
 11.7.1 Sending Binding Updates to the Home Agent
                    
(snip)
                    
   To register a care-of address or to extend the lifetime of an
   existing registration, the mobile node sends a packet to its home
   agent containing a Binding Update, with the packet constructed as
   follows:
                    
   o  The Home Registration (H) bit MUST be set in the Binding Update.
                    
   o  The Acknowledge (A) bit MUST be set in the Binding Update.
                    
   o  The packet MUST contain a Home Address destination option, giving
      the mobile node's home address for the binding.
                    
   o  The care-of address for the binding MUST be used as the Source
      Address in the packet's IPv6 header, unless an Alternate Care-of
      Address mobility option is included in the Binding Update.  This
      option MUST be included in all home registrations, as the ESP
      protocol will not be able to protect care-of addresses in the IPv6
      header.  (Mobile IPv6 implementations that know they are using
      IPsec AH to protect a particular message might avoid this option.
      For brevity the usage of AH is not discussed in this document.)
                    
   o  If the mobile node's link-local address has the same interface
      identifier as the home address for which it is supplying a new
      care-of address, then the mobile node SHOULD set the Link-Local
      Address Compatibility (L) bit.
                    
   o  If the home address was generated using RFC 3041 [18], then the
      link local address is unlikely to have a compatible interface
      identifier.  In this case, the mobile node MUST clear the
      Link-Local Address Compatibility (L) bit.
                    
   o  If the IPsec security associations between the mobile node and the
      home agent have been established dynamically, and the mobile node
      has the capability to update its endpoint in the used key
      management protocol to the new care-of address every time it
      moves, the mobile node SHOULD set the Key Management Mobility
      Capability (K) bit in the Binding Update.  Otherwise, the mobile
      node MUST clear the bit.
                    
   o  The value specified in the Lifetime field SHOULD be less than or
      equal to the remaining valid lifetime of the home address and the
      care-of address specified for the binding.
                    
      Mobile nodes that use dynamic home agent address discovery should
      be careful with long lifetimes.  If the mobile node loses the
      knowledge of its binding with a specific home agent, registering a
      new binding with another home agent may be impossible as the
      previous home agent is still defending the existing binding.
      Therefore, mobile nodes that use home agent address discovery
      SHOULD ensure information about their bindings is not lost,
      de-register before losing this information, or use small
      lifetimes.
                    
                    
6.1.7 Binding Update Message
                    
(snip)
                    
   Key Management Mobility Capability (K)
                    
      If this bit is cleared, the protocol used for establishing the
      IPsec security associations between the mobile node and the home
      agent does not survive movements.  It may then have to be rerun.
      (Note that the IPsec security associations themselves are expected
      to survive movements.) If manual IPsec configuration is used, the
      bit MUST be cleared.
                    
      This bit is valid only in Binding Updates sent to the home agent,
      and MUST be cleared in other Binding Updates.  Correspondent nodes
      MUST ignore this bit.