Design of the IKEv2 Mobility and Multihoming (MOBIKE) Protocol
RFC 4621
Document | Type | RFC - Informational (August 2006; No errata) | |
---|---|---|---|
Authors | Tero Kivinen , Hannes Tschofenig | ||
Last updated | 2018-12-20 | ||
Replaces | draft-kivinen-mobike-design | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized bibtex | ||
Reviews | |||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 4621 (Informational) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Russ Housley | ||
Send notices to | (None) |
Network Working Group T. Kivinen Request for Comments: 4621 Safenet, Inc. Category: Informational H. Tschofenig Siemens August 2006 Design of the IKEv2 Mobility and Multihoming (MOBIKE) Protocol Status of This Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2006). Abstract The IKEv2 Mobility and Multihoming (MOBIKE) protocol is an extension of the Internet Key Exchange Protocol version 2 (IKEv2). These extensions should enable an efficient management of IKE and IPsec Security Associations when a host possesses multiple IP addresses and/or where IP addresses of an IPsec host change over time (for example, due to mobility). This document discusses the involved network entities and the relationship between IKEv2 signaling and information provided by other protocols. Design decisions for the MOBIKE protocol, background information, and discussions within the working group are recorded. Kivinen & Tschofenig Informational [Page 1] RFC 4621 Design of the MOBIKE Protocol August 2006 Table of Contents 1. Introduction ....................................................3 2. Terminology .....................................................4 3. Scenarios .......................................................6 3.1. Mobility Scenario ..........................................6 3.2. Multihoming Scenario .......................................7 3.3. Multihomed Laptop Scenario .................................8 4. Scope of MOBIKE .................................................8 5. Design Considerations ..........................................10 5.1. Choosing Addresses ........................................10 5.1.1. Inputs and Triggers ................................11 5.1.2. Connectivity .......................................11 5.1.3. Discovering Connectivity ...........................12 5.1.4. Decision Making ....................................12 5.1.5. Suggested Approach .................................12 5.2. NAT Traversal (NAT-T) .....................................12 5.2.1. Background and Constraints .........................12 5.2.2. Fundamental Restrictions ...........................13 5.2.3. Moving behind a NAT and Back .......................13 5.2.4. Responder behind a NAT .............................14 5.2.5. NAT Prevention .....................................15 5.2.6. Suggested Approach .................................15 5.3. Scope of SA Changes .......................................15 5.4. Zero Address Set Functionality ............................16 5.5. Return Routability Check ..................................17 5.5.1. Employing MOBIKE Results in Other Protocols ........19 5.5.2. Return Routability Failures ........................20 5.5.3. Suggested Approach .................................21 5.6. IPsec Tunnel or Transport Mode ............................22 6. Protocol Details ...............................................22 6.1. Indicating Support for MOBIKE .............................22 6.2. Path Testing and Window size ..............................23 6.3. Message Presentation ......................................24 6.4. Updating Address Set ......................................25 7. Security Considerations ........................................26 8. Acknowledgements ...............................................26 9. References .....................................................27 9.1. Normative references ......................................27 9.2. Informative References ....................................27 Kivinen & Tschofenig Informational [Page 2] RFC 4621 Design of the MOBIKE Protocol August 2006 1. Introduction The purpose of IKEv2 is to mutually authenticate two hosts, to establish one or more IPsec Security Associations (SAs) between them, and subsequently to manage these SAs (for example, by rekeying or deleting). IKEv2 enables the hosts to share information that is relevant to both the usage of the cryptographic algorithms that should be employed (e.g., parameters required by cryptographic algorithms and session keys) and to the usage of local security policies, such as information about the traffic that shouldShow full document text