Design of the IKEv2 Mobility and Multihoming (MOBIKE) Protocol
RFC 4621
|
| Document |
Type |
|
RFC - Informational
(August 2006; No errata)
|
|
Last updated |
|
2018-12-20
|
|
Replaces |
|
draft-kivinen-mobike-design
|
|
Stream |
|
IETF
|
|
Formats |
|
plain text
html
pdf
htmlized
bibtex
|
|
Reviews |
|
|
| Stream |
WG state
|
|
(None)
|
|
Document shepherd |
|
No shepherd assigned
|
| IESG |
IESG state |
|
RFC 4621 (Informational)
|
|
Consensus Boilerplate |
|
Unknown
|
|
Telechat date |
|
|
|
Responsible AD |
|
Russ Housley
|
|
Send notices to |
|
(None)
|
Network Working Group T. Kivinen
Request for Comments: 4621 Safenet, Inc.
Category: Informational H. Tschofenig
Siemens
August 2006
Design of the IKEv2 Mobility and Multihoming (MOBIKE) Protocol
Status of This Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2006).
Abstract
The IKEv2 Mobility and Multihoming (MOBIKE) protocol is an extension
of the Internet Key Exchange Protocol version 2 (IKEv2). These
extensions should enable an efficient management of IKE and IPsec
Security Associations when a host possesses multiple IP addresses
and/or where IP addresses of an IPsec host change over time (for
example, due to mobility).
This document discusses the involved network entities and the
relationship between IKEv2 signaling and information provided by
other protocols. Design decisions for the MOBIKE protocol,
background information, and discussions within the working group are
recorded.
Kivinen & Tschofenig Informational [Page 1]
RFC 4621 Design of the MOBIKE Protocol August 2006
Table of Contents
1. Introduction ....................................................3
2. Terminology .....................................................4
3. Scenarios .......................................................6
3.1. Mobility Scenario ..........................................6
3.2. Multihoming Scenario .......................................7
3.3. Multihomed Laptop Scenario .................................8
4. Scope of MOBIKE .................................................8
5. Design Considerations ..........................................10
5.1. Choosing Addresses ........................................10
5.1.1. Inputs and Triggers ................................11
5.1.2. Connectivity .......................................11
5.1.3. Discovering Connectivity ...........................12
5.1.4. Decision Making ....................................12
5.1.5. Suggested Approach .................................12
5.2. NAT Traversal (NAT-T) .....................................12
5.2.1. Background and Constraints .........................12
5.2.2. Fundamental Restrictions ...........................13
5.2.3. Moving behind a NAT and Back .......................13
5.2.4. Responder behind a NAT .............................14
5.2.5. NAT Prevention .....................................15
5.2.6. Suggested Approach .................................15
5.3. Scope of SA Changes .......................................15
5.4. Zero Address Set Functionality ............................16
5.5. Return Routability Check ..................................17
5.5.1. Employing MOBIKE Results in Other Protocols ........19
5.5.2. Return Routability Failures ........................20
5.5.3. Suggested Approach .................................21
5.6. IPsec Tunnel or Transport Mode ............................22
6. Protocol Details ...............................................22
6.1. Indicating Support for MOBIKE .............................22
6.2. Path Testing and Window size ..............................23
6.3. Message Presentation ......................................24
6.4. Updating Address Set ......................................25
7. Security Considerations ........................................26
8. Acknowledgements ...............................................26
9. References .....................................................27
9.1. Normative references ......................................27
9.2. Informative References ....................................27
Kivinen & Tschofenig Informational [Page 2]
RFC 4621 Design of the MOBIKE Protocol August 2006
1. Introduction
The purpose of IKEv2 is to mutually authenticate two hosts, to
establish one or more IPsec Security Associations (SAs) between them,
and subsequently to manage these SAs (for example, by rekeying or
deleting). IKEv2 enables the hosts to share information that is
relevant to both the usage of the cryptographic algorithms that
should be employed (e.g., parameters required by cryptographic
algorithms and session keys) and to the usage of local security
policies, such as information about the traffic that should
Show full document text