NHRP with Mobile NHCs
RFC 2520
|
| Document |
Type |
|
RFC - Experimental
(February 1999; No errata)
|
|
Last updated |
|
2013-03-02
|
|
Stream |
|
IETF
|
|
Formats |
|
plain text
pdf
htmlized
bibtex
|
| Stream |
WG state
|
|
(None)
|
|
Document shepherd |
|
No shepherd assigned
|
| IESG |
IESG state |
|
RFC 2520 (Experimental)
|
|
Consensus Boilerplate |
|
Unknown
|
|
Telechat date |
|
|
|
Responsible AD |
|
(None)
|
|
Send notices to |
|
(None)
|
Network Working Group J. Luciani
Request for Comments: 2520 Nortel Networks
Category: Experimental H. Suzuki
Cisco Systems
N. Doraswamy
Nortel Networks
D. Horton
CiTR Pty Ltd
February 1999
NHRP with Mobile NHCs
Status of this Memo
This memo defines an Experimental Protocol for the Internet
community. It does not specify an Internet standard of any kind.
Discussion and suggestions for improvement are requested.
Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (1999). All Rights Reserved.
Abstract
This document describes an extension to NHRP [1] which would allow
Mobile NHCs to perform a registration with and attach to an NHS in
their home LIS in an authenticated manner.
As described in this document, Mobile NHCs are NHCs which are not
configured with enough information to find a specific serving NHS in
their home LIS, but which have a mechanism to find an NHS (which may
or may not be a serving NHS) to which they will attach. As described
in [1], an NHC may attach to a 'surrogate' NHS by using a mechanism
such as an anycast address. In this case, the NHC may use the
surrogate NHS to send a NHRP Registration Request toward the NHC's
home LIS where a serving NHS resides. However, as defined in [1],
packet authentication is performed on a hop by hop basis. In the
mobile NHC case, it is not practical for the mobile NHC be in a
security relationship with every surrogate NHS, thus it is presumably
desirable to have some form of end to end only authentication for the
case of a mobile NHC's registration. This document describes an
authentication extension for NHRP which has such end to end only
semantics.
Luciani, et al. Experimental [Page 1]
RFC 2520 NHRP with Mobile NHCs February 1999
1. Introduction
The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD,
SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this
document, are to be interpreted as described in [4].
This document describes an extension for Mobile NHCs to use when they
wish to register with their home LIS but initially connect to a non-
serving NHS to do so. The reader is encouraged to read [1] for more
details on the NHRP registration process.
2.0 Definition of the NHRP Mobile NHC Authentication Extension
Compulsory = 1
Type = 10 (proposed)
Length = variable
The NHRP Mobile NHC Authentication Extension is carried in NHRP
Registration packets to convey end to end authentication Information.
This extension is defined in contrast to the NHRP Authentication
Extension defined in [1] which has hop by hop semantics.
This new extension is used when a mobile NHC initially connects to an
NHS which is not one of its serving NHSs and the mobile NHC and
nonserving NHS are not in a security relationship. The mobile NHC
does this in order to send an NHRP Registration Request, via normal
routing and forwarding processes, to one of its serving NHSs with
which it does have a security relationship. As defined in [1], a
serving NHS is an NHS in the NHC's home LIS with which the NHC will
register. Upon receiving such an NHRP Registration Request, the
serving NHS will do the following: authenticate the sender NHC, set
up a VC to the NHC, and then send an NHRP Resolution Reply in
response on that new VC.
Note that, as defined in [1], a transit NHS (such as the one to which
the mobile NHC initially connects) must ignore an extension which it
does not understand and that an NHS must not change the order of
extensions in an NHRP packet. Thus, the end to end semantics of this
extension are preserved without causing changes to existing
implementations.
If a serving NHS receives a packet which fails the hop by hop
authentication test defined in [1] then the NHS MUST generate an
Error Indication of type 'Authentication Failure' and discard the
packet. However in the case where the NHRP Mobile NHC Authentication
Extension is used as described above, sending an Error Indication is
not possible since no route exists back toward the mobile NHC
assuming a VC does not already exist between the mobile NHC and the
Luciani, et al. Experimental [Page 2]
RFC 2520 NHRP with Mobile NHCs February 1999
serving NHS which received the NHRP Registration Request. In this
Show full document text