Secdir last call review of draft-ietf-dmm-ondemand-mobility-15

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Reviewer: Daniel Migault
Review result: Not Ready

Hi,

I am the assigned Secdir reviewer for this draft. The Security Directorate
(Secdir) reviews all IETF documents being processed by the IESG for the IETF
 Chair.  Please treat these comments just like any other last call comments.

Yours,
Daniel

                     On Demand Mobility Management
                  draft-ietf-dmm-ondemand-mobility-15

Abstract

   Applications differ with respect to whether they need session
   continuity and/or IP address reachability.  The network providing the
   same type of service to any mobile host and any application running
   on the host yields inefficiencies.
<mglt>
"inefficiencies" seems too vague to me and it could be clarified.
Reading the abstract, it is unclear (to me) if the issue is on the
application side or the network operator side. I guess this is the
network side. It is also unclear the nature of the inefficiency.
</mglt>

   This document describes a
   solution for taking the application needs into account by selectively
   providing session continuity and IP address reachability on a per-
   socket basis.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on January 27, 2019.

Copyright Notice

   Copyright (c) 2018 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

Yegin, et al.           Expires January 27, 2019                [Page 1]

Internet-Draft             On Demand Mobility                  July 2018

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Notational Conventions  . . . . . . . . . . . . . . . . . . .   4
   3.  Solution  . . . . . . . . . . . . . . . . . . . . . . . . . .   4
     3.1.  Types of IP Addresses . . . . . . . . . . . . . . . . . .   4
     3.2.  Granularity of Selection  . . . . . . . . . . . . . . . .   6
     3.3.  On Demand Nature  . . . . . . . . . . . . . . . . . . . .   6
     3.4.  Conveying the Desired Address Type  . . . . . . . . . . .   7
   4.  Usage example . . . . . . . . . . . . . . . . . . . . . . . .   8
     4.1.  Pseudo-code example . . . . . . . . . . . . . . . . . . .   8
     4.2.  Message Flow example  . . . . . . . . . . . . . . . . . .  10
   5.  Backwards Compatibility Considerations  . . . . . . . . . . .  11
     5.1.  Applications  . . . . . . . . . . . . . . . . . . . . . .  11
     5.2.  IP Stack in the Mobile Host . . . . . . . . . . . . . . .  12
     5.3.  Network Infrastructure  . . . . . . . . . . . . . . . . .  12
     5.4.  Merging this work with RFC5014  . . . . . . . . . . . . .  12
   6.  Summary of New Definitions  . . . . . . . . . . . . . . . . .  13
     6.1.  New APIs  . . . . . . . . . . . . . . . . . . . . . . . .  13
     6.2.  New Flags . . . . . . . . . . . . . . . . . . . . . . . .  13
   7.  Security Considerations . . . . . . . . . . . . . . . . . . .  14
   8.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  14
   9.  Contributors  . . . . . . . . . . . . . . . . . . . . . . . .  14
   10. Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .  14
   11. References  . . . . . . . . . . . . . . . . . . . . . . . . .  14
     11.1.  Normative References . . . . . . . . . . . . . . . . . .  15
     11.2.  Informative References . . . . . . . . . . . . . . . . .  15
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  16

1.  Introduction

   In the context of Mobile IP [RFC5563][RFC6275][RFC5213][RFC5944], the
   following two attributes are defined for IP service provided to
   mobile hosts:

   Session continuity: The ability to maintain an ongoing transport
   interaction by keeping the same local end-point IP address throughout
   the life-time of the IP socket despite the mobile host changing its

Yegin, et al.           Expires January 27, 2019                [Page 2]

Internet-Draft             On Demand Mobility                  July 2018

   point of attachment within the IP network topology.  The IP address
   of the host may change after closing the IP socket and before opening
   a new one, but that does not jeopardize the ability of applications
   using these IP sockets to work flawlessly.  Session continuity is
   essential for mobile hosts to maintain ongoing flows without any
   interruption.

<mglt>
Session continuity can be provided at multiple layers thus I would
recommend for clarity to change session continuity to IP session
continuity and insists that this is being provided at the IP layer.

Not that IP is sessionless, so here session seems similar to
reachability but 'orchestrated' by a higher session protocol.
The difference I see is that reachability is a commitment (by the ISP)
for not changing the IP address while with session continuity the
commitment is related to the use of the IP address. In other words,
with a limited period of time.
</mglt>

   IP address reachability: The ability to maintain the same IP address
   for an extended period of time.  The IP address stays the same across
   independent sessions, and even in the absence of any session.  The IP
   address may be published in a long-term registry (e.g., DNS), and is
   made available for serving incoming (e.g., TCP) connections.  IP
   address reachability is essential for mobile hosts to use specific/
   published IP addresses.

   Mobile IP is designed to provide both session continuity and IP
   address reachability to mobile hosts.  Architectures utilizing these
   protocols (e.g., 3GPP, 3GPP2, WIMAX) ensure that any mobile host
   attached to the compliant networks can enjoy these benefits.  Any
   application running on these mobile hosts is subjected to the same
   treatment with respect to session continuity and IP address
   reachability.

<mglt>
My understanding of the text is that Mobile IP is expensive to deploy
and I believe it would be easier for the reader to state it here before
developing all mechanisms that have been designed to overcome session
continuity in a different way. Thus I would put the following text right
 here:
   Achieving session continuity and IP address reachability with Mobile
   IP incurs some cost.  Mobile IP protocol forces the mobile host's IP
   traffic to traverse a centrally-located router (Home Agent, HA),
   which incurs additional transmission latency and use of additional
   network resources, adds to the network CAPEX and OPEX, and decreases
   the reliability of the network due to the introduction of a single
   point of failure [RFC7333].  Therefore, session continuity and IP
   address reachability SHOULD be provided only when necessary.
</mglt>

   It should be noted that in reality not every application may need
   these benefits.  IP address reachability is required for applications
   running as servers (e.g., a web server running on the mobile host).
   But, a typical client application (e.g., web browser) does not
   necessarily require IP address reachability.  Similarly, session
   continuity is not required for all types of applications either.
   Applications performing brief communication (e.g., ping) can survive
   without having session continuity support.

<mglt>
I believe that session continuity is the main motivation of the draft.
Mentioning ping as an example is counter productive as I doubt this is
the target application of the draft. Thus citing an application no one
really wants could mean that we have not found any other application
that do not need session continuity, which could be interpreted as every
application needs session continuity at the IP layer. This is not the
intention of the text, so we should find another example.

Well I think reachability and session continuity are two different
features. Applications may only need one of these features not both. In
addition, application can provide these features at the IP layer layer
or using other mechanisms. As a reason the use of Mobile IP is limited
to applications that needs both features being performed at the IP
layer which only concern a small fraction of applications.

Reading the text above seems to take for granted that reachability is
performed only at the IP layer. Splitting the feature versus its
implementation should be done in a similar manner for both session
continuity and reachability to ease the reading.
</mglt>

   Achieving session continuity and IP address reachability with Mobile
   IP incurs some cost.  Mobile IP protocol forces the mobile host's IP
   traffic to traverse a centrally-located router (Home Agent, HA),
   which incurs additional transmission latency and use of additional
   network resources, adds to the network CAPEX and OPEX, and decreases
   the reliability of the network due to the introduction of a single
   point of failure [RFC7333].  Therefore, session continuity and IP
   address reachability SHOULD be provided only when necessary.

<mglt>
This section should be moved up. Here it is splitting the
discussion on session continuity and reachability, which is confusing.
</mglt>

   Furthermore, when an application needs session continuity, it may be
   able to satisfy that need by using a solution above the IP layer,
   such as MPTCP [RFC6824], SIP mobility [RFC3261], or an application-
   layer mobility solution.  These higher-layer solutions are not
   subject to the same issues that arise with the use of Mobile IP since
   they can utilize the most direct data path between the end-points.
   But, if Mobile IP is being applied to the mobile host, the higher-

Yegin, et al.           Expires January 27, 2019                [Page 3]

Internet-Draft             On Demand Mobility                  July 2018

   layer protocols are rendered useless because their operation is
   inhibited by Mobile IP.  Since Mobile IP ensures that the IP address
   of the mobile host remains fixed (despite the location and movement
   of the mobile host), the higher-layer protocols never detect the IP-
   layer change and never engage in mobility management.

<mglt>
The same paragraph should say the reachability can be performed by
application using other means than IP reachability.
</mglt>

   This document proposes a solution for applications running on mobile
   hosts to indicate whether they need session continuity or IP address
   reachability.  The network protocol stack on the mobile host, in
   conjunction with the network infrastructure, provides the required
   type of service.

<mglt>
I assume that session continuity is only understood as IP session
continuity and not the transport layer.
</mglt>

   It is for the benefit of both the users and the
   network operators not to engage an extra level of service unless it
   is absolutely necessary.  It is expected that applications and
   networks compliant with this specification will utilize this solution
   to use network resources more efficiently.

<mglt>
The introduction should also position it work regarding 5014. At the
point it is not clear why the recommendations could not be such as:
* when IP session reachability only is requires the application
indicates a preference for Public IP addresses
* when IP session continuity is needed the application sends a
preference for home of address.
* when none is required the application sends a preference for Care of
Address.
</mglt>

<mglt>
While on demand is mentioned in the title, it does not appear in the
introduction. I believe the introduction should expose why there is a
need to have this feature.
</mglt>

2.  Notational Conventions

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

3.  Solution

3.1.  Types of IP Addresses

   Four types of IP addresses are defined with respect to mobility
   management.

   - Fixed IP Address

   A Fixed IP address is an address with a guarantee to be valid for a
   very long time, regardless of whether it is being used in any packet
   to/from the mobile host, or whether or not the mobile host is
   connected to the network, or whether it moves from one point-of-
   attachment to another (with a different IP prefix) while it is
   connected.

<mglt>
Thought english is not my first language, "guarantee" sounds a bit
inappropriate. I might be wrong but the following text seems clearer to
me:

OLD:
A Fixed IP address is an address with a guarantee to be valid for a
   very long time

NEW:
A Fixed IP address is an address that remains valid for a
   very long time

</mglt>

   Fixed IP addresses are required by applications that need both
   session continuity and IP address reachability.

<mglt>
I think the document should clarify how this is different from a public
address 5014.
</mglt>

   - Session-lasting IP Address

   A session-lasting IP address is an address with a guarantee to be
   valid throughout the life-time of the socket(s) for which it was
   requested.  It is guaranteed to be valid even after the mobile host
   had moved from one point-of-attachment to another (with a different
   IP prefix).

<mglt>
Similarly I would propose the following text:

OLD:
  A session-lasting IP address is an address with a guarantee to be
   valid throughout the life-time of the socket(s)

NEW:
  A session-lasting IP address is an address
   valid throughout the life-time of the socket(s)

OLD:
It is guaranteed to be valid even after

NEW:
It remains valid even after
</mglt>

Yegin, et al.           Expires January 27, 2019                [Page 4]

Internet-Draft             On Demand Mobility                  July 2018

   Session-lasting IP addresses are required by applications that need
   session continuity but do not need IP address reachability.

<mglt>
Home of Address provides IP reachability, but it is unclear if IP
session continuity can be provided by other mechanisms that Mobile IP.
If that were the case, it would be good to specify how this coudl be
provided without IP reachability.
</mglt>

   - Non-persistent IP Address

   This type of IP address has no guarantee to exist after a mobile host
   moves from one point-of-attachment to another, and therefore, no
   session continuity nor IP address reachability are provided.  The IP
   address is created from an IP prefix that is obtained from the
   serving IP gateway and is not maintained across gateway changes.  In
   other words, the IP prefix may be released and replaced by a new one
   when the IP gateway changes due to the movement of the mobile host
   forcing the creation of a new source IP address with the updated
   allocated IP prefix.

<mglt>
It woudl be good to position this toward the care of address.
</mglt>

   - Graceful Replacement IP Address

   In some cases, the network cannot guarantee the validity of the
   provided IP prefix throughout the duration of the opened socket, but
   can provide a limited graceful period of time in which both the
   original IP prefix and a new one are valid.  This enables the
   application some flexibility in the transition from the existing
   source IP address to the new one.

   This gracefulness is still better than the non-persistence type of
   address for applications that can handle a change in their source IP
   address but require that extra flexibility.

<mglt>
The classes defined above have overlaps. I believe that we have:
Fixed IP Address \in Session-lasting IP Address \in Graceful Replacement IP
Address \in Non-persistent IP Address

I think that should be stated in the section.

</mglt>

   Applications running as servers at a published IP address require a
   Fixed IP Address.  Long-standing applications (e.g., an SSH session)
   may also require this type of address.  Enterprise applications that
   connect to an enterprise network via virtual LAN require a Fixed IP
   Address.

   Applications with short-lived transient sessions can use Session-
   lasting IP Addresses.  For example: Web browsers.

   Applications with very short sessions, such as DNS clients and
   instant messengers, can utilize Non-persistent IP Addresses.  Even
   though they could very well use Fixed or Session-lasting IP
   Addresses, the transmission latency would be minimized when a Non-
   persistent IP Addresses are used.

   Applications that can tolerate a short interruption in connectivity
   can use the Graceful-replacement IP addresses.  For example, a
   streaming client that has buffering capabilities.

Yegin, et al.           Expires January 27, 2019                [Page 5]

Internet-Draft             On Demand Mobility                  July 2018

3.2.  Granularity of Selection

   IP address type selection is made on a per-socket granularity.
   Different parts of the same application may have different needs.
   For example, the control-plane of an application may require a Fixed
   IP Address in order to stay reachable, whereas the data-plane of the
   same application may be satisfied with a Session-lasting IP Address.

3.3.  On Demand Nature

   At any point in time, a mobile host may have a combination of IP
   addresses configured.  Zero or more Non-persistent, zero or more
   Session-lasting, zero or more Fixed and zero or more Graceful-
   Replacement IP addresses may be configured by the IP stack of the
   host.  The combination may be as a result of the host policy,
   application demand, or a mix of the two.

<mglt>
Listing the different classes in the same order as the one of the
definitions may ease the reading.
</mglt>

   When an application requires a specific type of IP address and such
   an address is not already configured on the host, the IP stack SHALL
   attempt to configure one.  For example, a host may not always have a
   Session-lasting IP address available.  When an application requests
   one, the IP stack SHALL make an attempt to configure one by issuing a
   request to the network (see Section 3.4 below for more details).  If
   the operation fails, the IP stack SHALL fail the associated socket
   request and return an error.  If successful, a Session-lasting IP
   Address gets configured on the mobile host.  If another socket
   requests a Session-lasting IP address at a later time, the same IP
   address may be served to that socket as well.  When the last socket
   using the same configured IP address is closed, the IP address may be
   released or kept for future applications that may be launched and
   require a Session-lasting IP address.

<mglt>
I suspect the application is expected to request the type of IP with
minimal capabilities. In some cases the OS may not have the requested
type of address bu may have another type of addresses that could fulfill
the application requirements. I believe the text should specify what
should be done in this situation. I suppose the text will say that the
host sends a request to the network.

However, I suspect that allowing the OS to return higher capabilities
would encourage the applications to send a minimal level of expectation
so to maximize the probability of avoiding a interaction between the
host and the network to request the specific type of IP address.
</mglt>

   In some cases it might be preferable for the mobile host to request a
   new Session-lasting IP address for a new opening of an IP socket
   (even though one was already assigned to the mobile host by the
   network and might be in use in a different, already active IP
   sockets).  It is outside the scope of this specification to define
   criteria for choosing to use available addresses or choosing to
   request new ones.  It supports both alternatives (and any
   combination).

   It is outside the scope of this specification to define how the host
   requests a specific type of prefix and how the network indicates the
   type of prefix in its advertisement or in its reply to a request).

   The following are matters of policy, which may be dictated by the
   host itself, the network operator, or the system architecture
   standard:

Yegin, et al.           Expires January 27, 2019                [Page 6]

Internet-Draft             On Demand Mobility                  July 2018

   - The initial set of IP addresses configured on the host at boot
   time.

   - Permission to grant various types of IP addresses to a requesting
   application.

   - Determination of a default address type when an application does
   not make any explicit indication, whether it already supports the
   required API or it is just a legacy application.

3.4.  Conveying the Desired Address Type

   [RFC5014] introduced the ability of applications to influence the
   source address selection with the IPV6_ADDR_PREFERENCE option at the
   IPPROTO_IPV6 level.  This option is used with setsockopt() and
   getsockopt() calls to set/get address selection preferences.

   Extending this further by adding more flags does not work when a
   request for an address of a certain type results in requiring the IP
   stack to wait for the network to provide the desired source IP prefix
   and hence causing the setsockopt() call to block until the prefix is
   allocated (or an error indication from the network is received).

<mglt>
One thing is the value of the flags, another thing is the behaviour of
the API. So I understand that the new API provides more flexibility in
the sense that a requirement that cannot be fulfilled does not
necessarily end up in an error. Instead it can lead in an IP address
that does not fulfill the application requirement. If that is correct,
this is still something the application will have to deal with. IN one
case, it will need to deal with an error, in the other case, with
something that does not fulfill the requirements. If that is correct, I
believe the benefit of it should be highlighted.
</mglt>

   Alternatively a new socket API is defined - getsc() which allows
   applications to express their desired type of session continuity
   service.  The new getsc() API will return an IPv6 address that is
   associated with the desired session continuity service and with
   status information indicating whether or not the desired service was
   provided.

   An application that wishes to secure a desired service will call
   getsc() with the service type definition and a place to contain the
   provided IP address, and call bind() to associate that IP address
   with the socket (See pseudo-code example in Section 4 below).

   When the IP stack is required to use a source IP address of a
   specified type, it can use an existing address, or request a new IP
   prefix (of the same type) from the network and create a new one.  If
   the host does not already have an IPv6 prefix of that specific type,
   it MUST request one from the network.

   Using an existing address from an existing prefix is faster but might
   yield a less optimal route (if a hand-off event occurred after its
   configuration).  On the other hand, acquiring a new IP prefix from
   the network may be slower due to signaling exchange with the network.

   Applications can control the stack's operation by setting a new flag
   - ON_NET flag - which directs the IP stack whether to use a

Yegin, et al.           Expires January 27, 2019                [Page 7]

Internet-Draft             On Demand Mobility                  July 2018

   preconfigured source IP address (if exists) or to request a new IPv6
   prefix from the current serving network and configure a new IP
   address.

   This new flag is added to the set of flags in the
   IPV6_ADDR_PREFERENCES option at the IPPROTO_IPV6 level.  It is used
   in setsockopt() to set the desired behavior.

<mglt>
My understanding of the flag is that it forces the OS to request
the network. This means that even if it already has teh desired IP
address the ON_NET flag set will force the OS to re-ask. When unset, the
decision to re-ask or not is let to the OS. IS that correct ?
</mglt>

4.  Usage example

4.1.  Pseudo-code example

<mglt>
It would be good the example also shows the ON_NET flag.
</mglt>

   The following example shows pseudo-code for creating a Stream socket
   (TCP) with a Session-Lasting source IP address:

   #include <sys/socket.h>
   #include <netinnet/in.h>

     // Socket information
   int              s ;            // socket id

     // Source information (for secsc() and bind())
   sockaddr_in6     sourceInfo     // my address and port for bind()
   in6_addr         sourceAddress  // will contain the provisioned
                                   // source IP address
   uint8_t          sc_type = IPV6_REQUIRE_SESSION_LASTING_IP ;
                                   // For requesting a Session-Lasting
                                   // source IP address

     // Destination information (for connect())
   sockaddr_in6     serverInfo ;   // server info for connect()

     // Create an IPv6 TCP socket
   s = socket(AF_INET6, SOCK_STREAM, 0) ;
   if (s!=0) {
         // Handle socket creation error
         // ...
   } // if socket creation failed
   else {
          // Socket creation is successful
          // The application cannot connect yet, since it wants to use
          // a Session-Lasting source IP address It needs to request
          // the Session-Lasting source IP before connecting
        if (setsc(s, &sourceAddress, &sc_type)) == 0){
             // setting session continuity to Session Lasting is
             // Successful. sourceAddress now contains the Session-
             // LAsting source IP address
<mglt>s/LAsting/Lasting/gc</mglt>

Yegin, et al.           Expires January 27, 2019                [Page 8]

Internet-Draft             On Demand Mobility                  July 2018

             // Bind to that source IP address
           sourceInfo.sin6_family = AF_INET6 ;
           sourceInfo.sin6_port = 0  // let the stack choose the port
           sourceInfo.sin6_address = sourceAddress ;
                                   // Use the source address that was
                                   // generated by the setsc() call
           if (bind(s, &sourceInfo, sizeof(sourceInfo))==0){
                // Set the desired server's information for connect()
              serverInfo.sin6_family = AF_INET6 ;
              serverInfo.sin6_port = SERVER_PORT_NUM ;
              serverAddress.sin6_addr = SERVER_IPV6_ADDRESS ;

                // Connect to the server
              if (connect(s, &serverInfo, sizeof(serverInfo))==0) {
                  // connect successful (3-way handshake has been
                  // completed with Session-Lasting source address.
                  // Continue application functionality
                  // ...
              }  // if connect() is successful
              else {
                  // connect failed
                  // ...
                  // Application code that handles connect failure and
                  // closes the socket
                  // ...
              } // if connect() failed
           } // if bind() successful
           else {
                  // bind() failed
                  // ...
                  // Application code that handles bind failure and
                  // closes the socket
                  // ...
           } // if bind() failed
        }  // if setsc() was successful and of a Session-Lasting
           // source IP address was provided
        else {
             // application code that does not use Session-lasting IP
             // address. The application may either connect without
             // the desired Session-lasting service, or close the
             // socket...
        } // if setsc() failed
   }  // if socket was created successfully

     // The rest of the application's code
     // ...

Yegin, et al.           Expires January 27, 2019                [Page 9]

Internet-Draft             On Demand Mobility                  July 2018

4.2.  Message Flow example

   The following message flow illustrates a possible interaction for
   achieving OnDemand functionality.  It is an example of one scenario
   and should not be regarded as the only scenario or the preferred one.

<mglt>OnDemand versus On Demand versus On-Demand. The text should be
consistent. </mglt>
   This flow describes the interaction between the following entities:

   - Applications requiring different types of OnDemand service.

   - The mobile host's IP stack.

   - The network infrastructure providing the services.

   In this example, the network infrastructure provides 2 IPv6 prefixes
   upon attachment of the mobile host to the network: A Session-lasting
   IPv6 prefix and a Non-persistent IPv6 prefix.  Whenever the mobile
   host moves to a different point-of-attachment, the network
   infrastructure provides a new Non-persistent IPv6 address.

   In this example, the network infrastructure does not support Fixed IP
   addresses nor Graceful-replacement IP addresses.

   Whenever an application opens an IP socket and requests a specific
   IPv6 address type, the IP stack will provide one from its available
   IPv6 prefixes or return an error message if the request cannot be
   fulfilled.

   Message Flow:

   - The mobile device attaches to the network.

   - The Network provides two IPv6 prefixes: PREFsl1 - a Session-lasting
   IPv6 prefix and PREFnp1 - a Non-persistent IP v6 prefix.

<mglt>IP v6/IPv6/gc</mglt>
<mglt>It would ease the reading if the mechanism used to specify the
Type of the address by the operator to the host being described - at
least an example.
</mglt>

   - An application on the mobile host is launched.  It opens an IP
   socket and requests a Non-persistent IPv6 address.

   - The IP stack provides IPnp1 which is generated from PREFnp1.

   - Another application is launched, requesting a Non-persistent IPv6
   address.

   - The IP stack provides IPnp1 again.

   - A third application is launched.  This time, it requires a Session-
   lasting IPv6 address.

<mglt>second ?</mglt>

Yegin, et al.           Expires January 27, 2019               [Page 10]

Internet-Draft             On Demand Mobility                  July 2018

   - The IP stack provides IPsl1 which is generated from PREFsl1.

   - The mobile hosts moves to a new point-of-attachment.

   - The network provides a new Non-persistent IPv6 prefix - PREFnp2.
   PREFnp1 is no longer valid.

   - The applications that were given IPnp1 re-establish the socket and
   receive a new IPv6 address - IPnp2 which is generated from PREFnp2

   - The application that is using IPsl1 can still use it since the
   network guaranteed that PREFsl1 will be valid even after moving to a
   new point-of-attachment.

   - A new application is launched, this time requiring a Graceful-
   replacement IPv6 address.

   - The IP stack returns setsc() with an error since the network does
   not support this service.

   - The application re-attempts to open a socket, this time requesting
   a Session-lasting IPv6 address.

   - The IP stack provides IPsl1.

5.  Backwards Compatibility Considerations

   Backwards compatibility support is REQUIRED by the following 3 types
   of entities:

   - The Applications on the mobile host

   - The IP stack in the mobile host

   - The network infrastructure

5.1.  Applications

   Legacy applications that do not support the OnDemand functionality
   will use the legacy API and will not be able to take advantage of the
   On-Demand Mobility feature.

   Applications using the new OnDemand functionality MUST be aware that
   they may be executed in legacy environments that do not support it.
   Such environments may include a legacy IP stack on the mobile host,
   legacy network infrastructure, or both.  In either case, the API will
   return an error code and the invoking applications may just give up
   and use legacy calls.

Yegin, et al.           Expires January 27, 2019               [Page 11]

Internet-Draft             On Demand Mobility                  July 2018

5.2.  IP Stack in the Mobile Host

   New IP stacks MUST continue to support all legacy operations.  If an
   application does not use On-Demand functionality, the IP stack MUST
   respond in a legacy manner.

<mglt>
The legacy manner does not seems to be a standard way of behavior. It
seems to me as the way the OS used to behave. I believe the draft shoudl
be a bit more specific here.
</mglt>

   If the network infrastructure supports On-Demand functionality, the
   IP stack SHOULD follow the application request: If the application
   requests a specific address type, the stack SHOULD forward this
   request to the network.  If the application does not request an
   address type, the IP stack MUST NOT request an address type and leave
   it to the network's default behavior to choose the type of the
   allocated IP prefix.  If an IP prefix was already allocated to the
   host, the IP stack uses it and may not request a new one from the
   network.

5.3.  Network Infrastructure

   The network infrastructure may or may not support the On-Demand
   functionality.  How the IP stack on the host and the network
   infrastructure behave in case of a compatibility issue is outside the
   scope of this API specification.

<mglt>
I believe that such statement should be made in the introduction with the
addition of a list of potential mechanism to provide the type of IP
addresses by the network. There is a need to have such mechanisms since
the OS cannot derive the properties from the IP address itself. Which
was teh case with Home of address, care of address, cga....
</mglt>

5.4.  Merging this work with RFC5014

   [RFC5014] defines new flags that may be used with setsockopt() to
   influence source IP address selection for a socket.  The list of
   flags include: source home address, care-of address, temporary
   address, public address CGA (Cryptographically Created Address) and
   non-CGA.  When applications require session continuity service and
   use setsc() and bind(), they SHOULD NOT set the flags specified in
   [RFC5014].

   However, if an application sets a specific option using setsockopt()
   with one of the flags specified in [RFC5014] and also selects a
   source IP address using setsc() and bind() the IP address that was
   generated by setsc() and bound using bind() will be the one used by
   traffic generated using that socket and options set by setsockopt()
   will be ignored.

<mglt>The sentence above is hard to read - at least to me. I suspect
"the" is missing after "by". What the text says is that after bind
setsockopt will be ignored. Correct ?
</mglt>

   If bind() was not invoked after setsc() by the application, the IP
   address generated by setsc() will not be used and traffic generated
   by the socket will use a source IP address that complies with the
   options selected by setsockopt().

Yegin, et al.           Expires January 27, 2019               [Page 12]

Internet-Draft             On Demand Mobility                  July 2018

6.  Summary of New Definitions

<mglt>
Flags and address types should in my opinion be placed in evidence. (.h)
</mglt>

6.1.  New APIs

   setsc() enables applications to request a specific type of source IP
   address in terms of session continuity.  Its definition is:

   int setsc(int sockfd, in6_addr *sourceAddress, sc_type addressType);

   Where:
    - sockfd -        is the socket descriptor of the socket with which
                      a specific address type is associated
    - sourceAddress - is a pointer to an area allocated for setsc() to
                      place the generated source IP address of the
                      desired session continuity type
    - addressType -   Is the desired type of session continuity service.
                      It is a 3-bit field containing one of the
                      following values:
                      0 - Reserved
                      1 - FIXED_IPV6_ADDRESS
                      2 - SESSION_LASTING_IPV6_ADDRESS
                      3 - NON_PERSISTENT_IPV6_ADDRESS
                      4 - GRACEFUL_REPLACEMENT_IPV6_ADDRESS
                      5-7 - Reserved

   setsc() returns the status of the operation:
    - 0 - Address was successfully generated
    - EAI_REQUIREDIPNOTSUPPORTED - the required service type is not
      supported
    - EAI_REQUIREDIPFAILED - the network could not fulfill the desired
      request

   setsc() MAY block the invoking thread if it triggers the TCP/IP stack
   to request a new IP prefix from the network to construct the desired
   source IP address.  If an IP prefix with the desired session
   continuity features already exists (was previously allocated to the
   mobile host) and the stack is not required to request a new one as a
   result of setting the IPV6_REQUIRE_SRC_ON_NET flag (defined below),
   setsc() MAY return immediately with the constructed IP address and
   will not block the thread.

6.2.  New Flags

   The following flag is added to the list of flags in the
   IPV6_ADDR_PREFERENCE option at the IPPROTO6 level:

   IPV6_REQUIRE_SRC_ON_NET - set IP stack address allocation behavior

Yegin, et al.           Expires January 27, 2019               [Page 13]

Internet-Draft             On Demand Mobility                  July 2018

   If set, the IP stack will request a new IPv6 prefix of the desired
   type from the current serving network and configure a new source IP
   address.  If reset, the IP stack will use a preconfigured one if it
   exists.  If there is no preconfigured IP address of the desired type,
   a new prefix will be requested and used for creating the IP address.

7.  Security Considerations

   The setting of certain IP address type on a given socket may be
   restricted to privileged applications.  For example, a Fixed IP
   Address may be provided as a premium service and only certain
   applications may be allowed to use them.  Setting and enforcement of
   such privileges are outside the scope of this document.

<mglt>
I believe the text could describe the threat such recommendation is
addressing.

The document describes how applications provides the OS their
requirements in order to select the appropriated IP address. The
resource are associated to different costs. While the cost is primarily
on the operator side, it is likely that usage by the mobile node comes
with some restrictions, limitation or direct cost. Typically, some type
of IP address may be provided by the operator for a limited number of
bytes upon which the IP address type will not be available to the mobile
node or may be charged. A malicious application may use these
limitations to generate extra billing of the mobile node or to prevent
the usage of some applications by exhausting the expected type of IP
address.

In order to prevent such scenario, the mobile node SHOULD be able to
authorize specific PI address types to privilege application.

With these new types of IP addresses, the IP address leaks some
connectivity requirements of the application. This also means that
additional information is provided to the destination which could reveal
to a passive monitoring attacker some information such as the type of
application and the application itself even though the packet is
protected by IPsec or TLS.

To avoid profiling an application according to the type of IP addresses,
it is expected that prefixes provided by the operator are associated to
various type of addresses over time. As a result, the type of address
could not be associated to the prefix, making application profiling
based on the type of address harder.
Application using multiple type of IP addresses to avoid being profiled
is likely to create some patterns. So that remains a hard problem to
solve by the application.

The usage of a fixed IP address, enables tracking the mobile node, or
its application over time. This is a similar problem as the one
encountered with Public IP addresses. The usage of the Fixed IP
addresses should be limited.

To limit the effect of IP tracking, the application or the OS should
ensure that IP addresses regularly change to limit IP tracking by a
passive observer.  The application should regularly set the On Demand
flag. The application should be able to ensure that session lasting IP
address are regularly changed by setting a lifetime for example handled
by the application. In addition, the application should consider the use
of graceful replacement IP addresses.

Similarly, the OS may also associated IP addresses with a lifetime. Upon
receiving a request for a given type of IP address, after some time, the
OS should request a new address to the network even if it already has
one IP address available with the requested type. This includes any type
of IP address. Addresses of type graceful replacement or non persistent
IP addresses should be regularly renewed by the OS.

The lifetime of an IP address may be expressed in number of seconds or
in umber of bytes sent through this IP address.
</mglt>

Session lasting IP address could be used to avoid tracking and should be
preferred. However, there should be a way to specify between one session
lasting or if the IP address can last multiple sessions.

</mglt>

8.  IANA Considerations

   This document has no IANA considerations.

9.  Contributors

   This document was merged with [I-D.sijeon-dmm-use-cases-api-source].
   We would like to acknowledge the contribution of the following people
   to that document as well:

   Sergio Figueiredo
   Altran Research, France
   Email: sergio.figueiredo@xxxxxxxxxx

   Younghan Kim
   Soongsil University, Korea
   Email: younghak@xxxxxxxxx

   John Kaippallimalil
   Huawei, USA
   Email: john.kaippallimalil@xxxxxxxxxx

10.  Acknowledgements

   We would like to thank Wu-chi Feng, Alexandru Petrescu, Jouni
   Korhonen, Sri Gundavelli, Dave Dolson and Lorenzo Colitti for their
   valuable comments and suggestions on this work.

11.  References

Yegin, et al.           Expires January 27, 2019               [Page 14]

Internet-Draft             On Demand Mobility                  July 2018

11.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <https://www.rfc-editor.org/info/rfc2119>.

   [RFC5014]  Nordmark, E., Chakrabarti, S., and J. Laganier, "IPv6
              Socket API for Source Address Selection", RFC 5014,
              DOI 10.17487/RFC5014, September 2007,
              <https://www.rfc-editor.org/info/rfc5014>.

11.2.  Informative References

   [I-D.sijeon-dmm-use-cases-api-source]
              Jeon, S., Figueiredo, S., Kim, Y., and J. Kaippallimalil,
              "Use Cases and API Extension for Source IP Address
              Selection", draft-sijeon-dmm-use-cases-api-source-07 (work
              in progress), September 2017.

   [RFC3261]  Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston,
              A., Peterson, J., Sparks, R., Handley, M., and E.
              Schooler, "SIP: Session Initiation Protocol", RFC 3261,
              DOI 10.17487/RFC3261, June 2002,
              <https://www.rfc-editor.org/info/rfc3261>.

   [RFC5213]  Gundavelli, S., Ed., Leung, K., Devarapalli, V.,
              Chowdhury, K., and B. Patil, "Proxy Mobile IPv6",
              RFC 5213, DOI 10.17487/RFC5213, August 2008,
              <https://www.rfc-editor.org/info/rfc5213>.

   [RFC5563]  Leung, K., Dommety, G., Yegani, P., and K. Chowdhury,
              "WiMAX Forum / 3GPP2 Proxy Mobile IPv4", RFC 5563,
              DOI 10.17487/RFC5563, February 2010,
              <https://www.rfc-editor.org/info/rfc5563>.

   [RFC5944]  Perkins, C., Ed., "IP Mobility Support for IPv4, Revised",
              RFC 5944, DOI 10.17487/RFC5944, November 2010,
              <https://www.rfc-editor.org/info/rfc5944>.

   [RFC6275]  Perkins, C., Ed., Johnson, D., and J. Arkko, "Mobility
              Support in IPv6", RFC 6275, DOI 10.17487/RFC6275, July
              2011, <https://www.rfc-editor.org/info/rfc6275>.

   [RFC6824]  Ford, A., Raiciu, C., Handley, M., and O. Bonaventure,
              "TCP Extensions for Multipath Operation with Multiple
              Addresses", RFC 6824, DOI 10.17487/RFC6824, January 2013,
              <https://www.rfc-editor.org/info/rfc6824>.

Yegin, et al.           Expires January 27, 2019               [Page 15]

Internet-Draft             On Demand Mobility                  July 2018

   [RFC7333]  Chan, H., Ed., Liu, D., Seite, P., Yokota, H., and J.
              Korhonen, "Requirements for Distributed Mobility
              Management", RFC 7333, DOI 10.17487/RFC7333, August 2014,
              <https://www.rfc-editor.org/info/rfc7333>.

Authors' Addresses

   Alper Yegin
   Actility
   Istanbul
   Turkey

   Email: alper.yegin@xxxxxxxxxxxx

   Danny Moses
   Intel Corporation
   Petah Tikva
   Israel

   Email: danny.moses@xxxxxxxxx

   Kisuk Kweon
   Samsung
   Suwon
   South Korea

   Email: kisuk.kweon@xxxxxxxxxxx

   Jinsung Lee
   Samsung
   Suwon
   South Korea

   Email: js81.lee@xxxxxxxxxxx

   Jungshin Park
   Samsung
   Suwon
   South Korea

   Email: shin02.park@xxxxxxxxxxx

Yegin, et al.           Expires January 27, 2019               [Page 16]

Internet-Draft             On Demand Mobility                  July 2018

   Seil Jeon
   Sungkyunkwan University
   Suwon
   South Korea

   Email: seiljeon@xxxxxxxx

Yegin, et al.           Expires January 27, 2019               [Page 17]





[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux