NAME

MN-2-2-1-1-014 - BU accepted (K = OFF by manual key management)


TARGET

Host


TOPOLOGY

                    
                                  |
                                  R       CN0
                                  |        |
                     -----+-------+--------+---------------- LinkZ
                          |
                          R2                      NUTY
                          |                         |
                     -----+-------+-----------------+------- LinkY
                                  |
                                  R1              NUTX
                                  |                 |
                     -----+-------+-----------------+------- LinkX
                          |
                         HA0             Node0    NUT0
                          |               |         |
    ----------------------+---------------+---------+------- Link0
                    
Link0 3ffe:501:ffff:100::/64 home link
LinkX 3ffe:501:ffff:102::/64  
LinkY 3ffe:501:ffff:103::/64  
LinkZ 3ffe:501:ffff:104::/64  
HA0(Link0) 3ffe:501:ffff:100:200:ff:fe00:a0a0  
Node0(Link0) 3ffe:501:ffff:100:200:ff:fe00:a3a3  
R1(LinkX) 3ffe:501:ffff:102:200:ff:fe00:a4a4  
R2(LinkY) 3ffe:501:ffff:103:200:ff:fe00:a6a6  
CN0(LinkZ) 3ffe:501:ffff:104:200:ff:fe00:a8a8  


INITIALIZATION

 1. Selection Option
    - IPsec key management between MN and HA : manual configuration
    - IPsec support between MN and HA : YES
 2. Position of Mobile Node
    - none


TEST PROCEDURE

                    
       HA0     NUT0     R1      R2      CN0
        |       |       |       |        |
        | ----> |       |       |        | 1.Router Advertisement
        |       |       |       |        |
        |      NUTX     |       |        |
        |       |       |       |        |
        |       | <---- |       |        | 2.Router Advertisement
        |       |       |       |        |
        | <---- |       |       |        | 3.Neighbor Solicitations
        |       |       |       |        | 4.(no reply:3 seconds)
        |       |       |       |        |
        | <---- |       |       |        | 5.Binding Update
        | ----> |       |       |        | 6.Binding Acknowledgement
        |       |       |       |        | 7.(wait) (*1)
        |       |       |       |        |
                    
        1. Send Router Advertisement. (HA0 -> HA0_allnode_multi)
        2. Send Router Advertisement. (R1 -> R1_allnode_multi)
        3. Receive Neighbor Solicitations. (NUT0 -> HA0)
        4. (no reply)
            # Wait during a maximum of 3 seconds(RFC2461).
        5. Receive Binding Update. (NUTX -> HA0)
        6. Send Binding Acknowledgement. (HA0 -> NUTX)
            # The Status field is set to 0(Binding Update accepted).
            # The K bit field is set to 0.
        7. (wait)
            # Wait during enough retransmission timer.
                    
        Packet Format is:
          6. Binding Acknowledgement
                    


JUDGEMENT

 (*1) PASS: HA0 does not receive the retransmitting of Binding Update.


REFERENCE

                    
(draft-ietf-mobileip-ipv6-24.txt)
                    
11.7.3 Receiving Binding Acknowledgements
                    
(snip)
                    
   If the acknowledgement came from the home agent, the mobile node
   examines the value of the Key Management Mobility Capability (K) bit.
   If this bit is not set, the mobile node SHOULD discard key management
   protocol connections, if any, to the home agent.  The mobile node MAY
   also initiate a new key management connection.
                    
                    
10.3.1 Primary Care-of Address Registration
                    
(snip)
                    
   Regardless of the setting of the Acknowledge (A) bit in the Binding
   Update, the home agent MUST return a Binding Acknowledgement to the
   mobile node, constructed as follows:
                    
   o  The Status field MUST be set to a value indicating success.  The
      value 1 (accepted but prefix discovery necessary) MUST be used if
      the subnet prefix of the specified home address is deprecated,
      becomes deprecated during the lifetime of the binding, or becomes
      invalid at the end of the lifetime.  The value 0 MUST be used
      otherwise.  For the purposes of comparing the binding and prefix
      lifetimes, the prefix lifetimes are first converted into units of
      four seconds by ignoring the two least significant bits.
                    
   o  The Key Management Mobility Capability (K) bit is set if the
      following conditions are all fulfilled, and cleared otherwise:
                    
      *  The Key Management Mobility Capability (K) bit was set in the
         Binding Update.
                    
      *  The IPsec security associations between the mobile node and the
         home agent have been established dynamically.
                    
      *  The home agent has the capability to update its endpoint in the
         used key management protocol to the new care-of address every
         time it moves
                    
                    
      Depending on the final value of the bit in the Binding
      Acknowledgement, the home agent SHOULD perform the following
      actions:
                    
      K = 0
                    
         Discard key management connections, if any, to the old care-of
         address.  If the mobile node did not have a binding before
         sending this Binding Update, discard the connections to the
         home address.
                    
      K = 1
                    
         Move the peer endpoint of the key management protocol
         connection, if any, to the new care-of address.  For an IKE
         phase 1 connection, this means that any IKE packets sent to the
         peer are sent to this address, and packets from this address
         with the original ISAKMP cookies are accepted.