MIPv 6

TRNG I HC BCH KHOA TP.H CH MINH CHNG TRNH O TO KS.
CLC VIT-PHP
Mn hc: Thng tin & truyn d liu s
RFC 3775
Mobility Support in IPv6
June 2004
Phn 1: H tr di ng trong IPv6

Ti liu ny a ra mt giao thc tun theo nhng chun ca Internet dnh cho cng ng internet, v t ra nhng cu hi tho lun , nhng ngh ci tin . Hy cp ti phin bn hin ti ca "Nhng chun giao thc Internet chnh thc " (STD 1) cho trng thi chun ha v trng thi giao thc . ng gp ca s ghi nh ny l khng gii hn . Tm tt Ti liu ny a ra mt giao thc cho php nhng nt mng duy tr kt ni trong khi di chuyn trong Internet Ipv6 . Mi nt di ng lun lun c xc nh bi a ch nh ca n , m khng cn kt ni ca n ti Internet . Khi ra ngoi nh , mt nt di ng c ph thc cho mt a ch khc , cung cp thng tin v v tr hin ti ca n . Nhng gi tin IPv6 c a ti a ch nh ca mt nt di ng ri hng thng ti ni ph thc ca nt . Giao thc gip nhng nt mng IPv6 cha kt ni t a ch nh n a ch ph thc , v ri gi bt k gi tin no thng ti a ch ph thc cho nt mng . Nhm h tr thao tc ny ,Di ng IPv6 nh ngha mt giao thc IPv6 mi v mt ty chn im ch mi .Tt c nt mng IPv6 , hoc di ng hoc c nh , c th lin lc vi nhng nt di ng .
Phn 2: Dng IPsec bo v truyn tn hiu Mobile IPv6 gia

Mobile Nodes v Home Agents
Mobile IPv6 dng IPsec bo v truyn tn hiu gia HA v MN . Ti liu ny tho lun su v nhng yu cu , a ra nh dng gi c dng , m t nhng th tc nh dng ph hp v cch thc hin qun l nhng gi tin theo trnh t . Ti liu ny cng tho lun v vn bo mt chng li nhng attacker trnh nhng attack , chng ta dng IPsec Encapsulating Security Payload (ESP) [3] bo v lu thng gia HA v MN . iu khin giao thng bao gm nhng message trong Mobility Header nh sau : o Binding Update and Acknowledgement messages trao i gia MN v HA o Return routability messages Home Test Init v Home Test thng qua HA a ti CN o ICMPv6 messages trao i gia MN v HA nhm mc ch khi phc prefix MN v HA phi c mt IPsec security m bo lin lc an ton gia chng . IPsec khng bo m trt t ng ca message . Trt t ny do mt chui s trong Binding Update v Binding Acknowledgement messages. Chui s trong Binding Updates cng cung cp bo mt ti mt gii hn no . nhng n cng tht bi trong mt s trng hp , IKE l gii php bo mt ton din ..
Johnson, et al.
Standard Track
[Page 2 ]
RFC 3775
June 2004
Ni dung phn 1
1. Gii thiu ............................................................................................................................... 5 2. So snh vi IP di ng dnh cho IPv4 .................................................................................... 3. Thut ng ..................................................................................................................................... 3.1. Thut ng chung 3.2. Thut ng IPv6 di ng 4. Tng quan v IPv6 di ng ....................................................................................................... 4.1. Nguyn tc hot ng 4.2. Giao thc IPv6 mi 4.3. Ty chn im ch IPv6 mi 4.4. Tin nhn ICMP IPv6 mi 4.5. Thut ng cu trc d liu nim 4.6. phn gii Site-Local 5. Tng quan v an ninh IPv6 di ng ......................................................................................... 5.1. Cp nht kt ni ti a im home 5.2. Cp nht kt ni ti nt mng cn thit 5.2.1. Kha nt mng 5.2.2. Nonces 5.2.3. Cookies and Tokens 5.2.4. Hm mt m 5.2.5. Th tc kt ni phn hi 5.2.6. Tin nhn qun l kt ni c t chc 5.2.7. Kha nt mng v Nonces cp nht. 5.2.8. Ngn cn xung t Replay 5.3. Khm ph a ch home ng 5.4. Khm ph prefix di ng 5.5. Gi mang thng tin 6. Giao thc IPv6 mi, loi tin nhn, v ty chn im ch ................................................... 6.1. Mobility Header 6.1.1. nh dng. 6.1.2. Tin nhn yu cu kt ni li 6.1.3. Tin nhn xc nhn kim tra Home 6.1.4. Tin nhn xc nhn kim tra ni giao ph 6.1.5. Tin nhn kim tra Home 6.1.6. Tin nhn kim tra ni giao ph 6.1.7. Tin nhn cp nht kt ni 6.1.8. Tin nhn nhn kt ni 6.1.9. Tin nhn bo li kt ni 6.2. Ty chn Mobility 6.2.1. nh dng 6.2.2. Pad1 Johnson, et al. Standard Track [Page 3 ]
RFC 3775
June 2004
6.2.3. PadN 6.2.4. Tr gip kt ni li 6.2.5. a ch giao ph thay th 6.2.6. Nonce Indices 6.2.7. D liu qun l kt ni. 6.3. Ty chn a ch Home 6.4. Type 2 Routing Header 6.4.1. Format. 6.5. ICMP Home Agent Address Discovery Request Message 6.6. ICMP Home Agent Address Discovery Reply Message 6.7. ICMP Mobile Prefix Solicitation Message Format 6.8. ICMP Mobile Prefix Advertisement Message Format 7. Modifications to IPv6 Neighbor Discovery ............................................................................. 7.1. Modified Router Advertisement Message Format 7.2. Modified Prefix Information Option Format 7.3. New Advertisement Interval Option Format 7.4. New Home Agent Information Option Format 7.5. Changes to Sending Router Advertisements 8. Requirements for Types of IPv6 Nodes ................................................................................... 8.1. All IPv6 Nodes 8.2. IPv6 Nodes with Support for Route Optimization 8.3. All IPv6 Routers 8.4. IPv6 Home Agents 8.5. IPv6 Mobile Nodes 9. Correspondent Node Operation ............................................................................................... 9.1. Conceptual Data Structures 9.2. Processing Mobility Headers 9.3. Packet Processing 9.3.1. Receiving Packets with Home Address Option 9.3.2. Sending Packets to a Mobile Node 9.3.3. Sending Binding Error Messages 9.3.4. Receiving ICMP Error Messages 9.4. Return Routability Procedure. 9.4.1. Receiving Home Test Init Messages 9.4.2. Receiving Care-of Test Init Messages 9.4.3. Sending Home Test Messages. 9.4.4. Sending Care-of Test Messages 9.5. Processing Bindings 9.5.1. Receiving Binding Updates 9.5.2. Requests to Cache a Binding 9.5.3. Requests to Delete a Binding 9.5.4. Sending Binding Acknowledgements 9.5.5. Sending Binding Refresh Requests Johnson, et al. Standard Track [Page 4 ]
RFC 3775
June 2004
10. Home Agent Operation ............................................................................................................. 10.1. Conceptual Data Structures. 10.2. Processing Mobility Headers 10.3. Processing Bindings 10.3.1.Primary Care-of Address Registration 10.3.2.Primary Care-of Address De-Registration 10.4. Packet Processing 10.4.1.Intercepting Packets for a Mobile Node 10.4.2.Processing Intercepted Packets 10.4.3.Multicast Membership Control. 10.4.4.Stateful Address Autoconfiguration. 10.4.5.Handling Reverse Tunneled Packets 10.4.6.Protecting Return Routability Packets 10.5. Dynamic Home Agent Address Discovery 10.5.1.Receiving Router Advertisement Messages 10.6. Sending Prefix Information to the Mobile Node 10.6.1.List of Home Network Prefixes . 10.6.2.Scheduling Prefix Deliveries. 10.6.3.Sending Advertisements. 10.6.4.Lifetimes for Changed Prefixes. 11. Mobile Node Operation. ........................................................................................................... 11.1. Conceptual Data Structures. 11.2. Processing Mobility Headers . 11.3. Packet Processing 11.3.1.Sending Packets While Away from Home 11.3.2.Interaction with Outbound IPsec Processing 11.3.3.Receiving Packets While Away from Home 11.3.4.Routing Multicast Packets 11.3.5.Receiving ICMP Error Messages 11.3.6.Receiving Binding Error Messages 11.4. Home Agent and Prefix Management 11.4.1.Dynamic Home Agent Address Discovery 11.4.2.Sending Mobile Prefix Solicitations 11.4.3.Receiving Mobile Prefix Advertisements 11.5. Movement 11.5.1.Movement Detection 11.5.2.Forming New Care-of Addresses 11.5.3.Using Multiple Care-of Addresses 11.5.4.Returning Home. 11.6. Return Routability Procedure 11.6.1.Sending Test Init Messages. 11.6.2.Receiving Test Messages . 11.6.3.Protecting Return Routability Packets Johnson, et al. Standard Track [Page 5 ]
RFC 3775
June 2004
11.7. Processing Bindings 11.7.1.Sending Binding Updates to the Home Agent 11.7.2.Correspondent Registration. 11.7.3.Receiving Binding Acknowledgements. 11.7.4.Receiving Binding Refresh Requests 11.8. Retransmissions and Rate Limiting 12. Protocol Constants .................................................................................................................... 13. Protocol Configuration Variables ........................................................................................... 14. IANA Considerations................................................................................................................. 15. Security Considerations............................................................................................................. 15.1. Threats 15.2. Features. 15.3. Binding Updates to Home Agent 15.4. Binding Updates to Correspondent Nodes 15.5. Dynamic Home Agent Address Discovery. 15.6. Mobile Prefix Discovery 15.7. Tunneling via the Home Agent. 15.8. Home Address Option 15.9. Type 2 Routing Header
Johnson, et al.
Standard Track
[Page 6 ]
RFC 3775
June 2004
Ni dung phn 2
1. Li gii thiu ............................................................................................................................... 2. Thut ng ..................................................................................................................................... 3. nh dng gi ............................................................................................................................. 3.1. Binding Updates and Acknowledgements . 3.2. Return Routability Signaling 3.3. Prefix Discovery 3.4. Payload Packets 4. Nhng yu cu ............................................................................................................................ 4.1. Mandatory Support 4.2. Policy Requirements 4.3. IPsec Protocol Processing 4.4. Dynamic Keying . 5. Nhng nh dng mu ................................................................................................................ 5.1. Format 5.2. Manual Configuration 5.2.1 Binding Updates and Acknowledgements 5.2.2 Return Routability Signaling . 5.2.3 Prefix Discovery 5.2.4 Payload Packets 5.3. Dynamic Keying 5.3.1 Binding Updates and Acknowledgements 5.3.2 Return Routability Signaling 5.3.3 Prefix Discovery 5.3.4 Payload Packets 6. Nhng bc qun l trong mt nt ......................................................................................... 6.1. Binding Update to the Home Agent 6.2. Binding Update from the Mobile Node 6.3. Binding Acknowledgement to the Mobile Node 6.4. Binding Acknowledgement from the Home Agent 6.5. Home Test Init to the Home Agent 6.6. Home Test Init from the Mobile Node 6.7. Home Test to the Mobile Node 6.8. Home Test from the Home Agent 6.9. Prefix Solicitation Message to the Home Agent 6.10. Prefix Solicitation Message from the Mobile Node 6.11. Prefix Advertisement Message to the Mobile Node 6.12. Prefix Advertisement Message from the Home Agent 6.13. Payload Packet to the Home Agent 6.14. Payload Packet from the Mobile Node 6.15. Payload Packet to the Mobile Node Johnson, et al. Standard Track [Page 7 ]
RFC 3775
June 2004
6.16. Payload Packet from the Home Agent 6.17. Establishing New Security Associations 6.18. Rekeying Security Associations 6.19. Movements and Dynamic Keying 7. Implementation Considerations ................................................................................................ 7.1. IPsec 7.2. IKE 7.3. Bump-in-the-Stack 8. IANA Considerations .................................................................................................................. 9. Security Considerations ............................................................................................................. 10. References .....................................................................................................................................
Johnson, et al.
Standard Track
[Page 8 ]
RFC 3775
June 2004
1. Introduction
Ti liu ny a ra mt giao thc gip nt mng duy tr kt ni khi ra ngoi IPv6 Internet. Khng c h tr di ng c th trong IPv6 [11], gi tin cn gi cho nt mng khng th gi n nu nh nt ra ngoi ng dn home . tip tc kt ni trong khi di chuyn , mt nt di ng phi thay i a ch IP mi ln khi di chuyn n mt ni mi , nhng n khng th trao i v thc hin nhng kt ni cp cao khi thay i v tr . Di ng h tr trong IPv6 th rt quan trng , v my tnh di ng gn nh l ng vai tr phn ln trong dn s Internet sut thi k ca IPv6. Giao thc c nh ngha trong ti liu ny , c bit nh l Mobile IPv6, cho php mt nt di ng di chuyn t ni ny n ni khc , m khng cn thay i "home address" ca n . Gi tin s c hng ti nt di ng dng a ch ny bt chp v tr hin ti ca nt c kt ni vi Internet. Nt di ng cng c th tip tc kt ni vi nt khc (c nh hoc di ng ) sau khi di chuyn ti mt v tr mi . V tr di chuyn ca nt ra khi v tr home do l thng sut chuyn i thng tin , giao thc cp cao v nhng ng dng . Giao thc Mobile IPv6 thch hp cho di ng trong truyn thng ng nht v c truyn thng hn tp . V d nh , Mobile IPv6 gip nt di chuyn t mt mng Ethernet n mt mng khc cng nh t mt mng Ethernet segment ti mt LAN cell khng dy , vi a ch mng vn khng i khi di chuyn . Bn c th ngh ti giao thc Mobile IPv6 nh gii quyt vn qun l di ng trong lp mng . Vi ng dng qun l di ng -- v d nh , chuyn my trong thu pht khng dy ,mi my ch ph mt vng rt nh -- c gii quyt dng k thut lp ng dn . Th d , trong nhiu sn phm LAN khng dy hin nay , c cu di ng lp ng dn cho php mt "handover" ca mt nt di ng t cell ny n cell khc , thit lp li kt ni lp ng dn ti nt mt v tr mi . Mobile IPv6 khng hng ti gii quyt nhng vn lin quan ti vic dng my tnh di ng hoc mng khng dy . C th l , giao thc ny khng gii quyt : Nhng ng dn treo vi nhng kt ni khng trc tip hoc kt ni mt phn , nh vn u cui c giu ging nh mt my ch c giu khi cc router trn ng dn . iu khin quyn ng nhp trn mt ng dn ca mt nt mng . Cc dng phn cp hoc a phng ca mt qun l di ng (ging nh nhiu gii php qun l di ng cp ng dn hin nay ).
Johnson, et al.
Standard Track
[Page 9 ]
RFC 3775
Mobility Support in IPv6 Tr gip cho nhng ng dng tng thch. Mobile routers. Khm ph nhng dch v . Phn bit nhng gi tin b mt v nhng li sai v v nghn mng
June 2004
Johnson, et al.
Standard Track
[Page 10 ]
RFC 3775
June 2004
2. So snh vi IP di ng dnh cho IPv4

Thit k IP di ng h tr trong IPv6 (Mobile IPv6) mang li nhiu li nhun c v kinh nghim khi pht trin IP di ng h tr trong IPv4 (Mobile IPv4) [22, 23, 24], v c v c hi mang n t IPv6. Mobile IPv6 chia s cng cha nnng vi Mobile IPv4, nhng c tch hp trong IPv6 v c nhiu ci tin. Tm tt nhng im khc nhau gia Mobile IPv4 v Mobile IPv6: Khng cn trin khai nhng router c bit ng vai tr giao tip bn ngoi nh trong Mobile IPv4, Mobile IPv6 hot ng bt c ni u cng khng cn tr gip ca router a phng . H tr phn tch ng i l mt phn quan trng ca giao thc , so vi mt lot nhng my nhnh khng c chun . Mobile IPv6 c kh nng phn tch hng i m khng cn s sp xp trc . N c th trin khai trn din rng gia tt c nt mng vi nhng nt tng ng . H tr ny c tch hp trong Mobile IPv6 cho php phn tch ng i v tn ti song song vi nhng router lm nhim v "b lc li vo " [26]. IPv6 Neighbor Unreachability Detection bo m vic kt ni hnh hc gia nt mng vi router mc nh v tr hin ti Hu ht nhng gi tin c gi ti nt di ng ra khi home trong Mobile IPv6 dng mt header IPv6 hn l vic bt ti IP , gim c tng ph so vi Mobile IPv4. Mobile IPv6 c tch ring ra khi lp ng dn c th no , v n dng IPv6 Neighbor Discovery [12] thay v ARP. iu ny cng tng cng thm th mnh ca giao thc. Cch dng IPv6 encapsulation (v u dn ) s b i nhng nhu cu trong Mobile IPv6 v qun l "tunnel soft state". a ch home ng a ra mt c cu c tim nng trong Mobile IPv6 s c mt phn hi mt chiu ti nt di ng. Truyn thng trc tip trong IPv4 c nhng phn hi bit lp vi home.
Johnson, et al.
Standard Track
[Page 11 ]
RFC 3775
June 2004
3. Thut ng
3.1. Thut ng chung
IP ( giao thc Internet) Internet Protocol Version 6 (IPv6). Node ( nt mng ) Mt dng c thc hin IP. router Mt nt mng m nhng gi tin IP truyn i khng a ti chnh n unicast routable address ( a ch ng dn mt chiu ) Gi tin t mt mng nh IPv6 c gi ti mt interface c xc nh bi a ch ny .a ch ny hoc c tnh hot vi ton cc hoc mng a phng (nhng khng phi ng dn a phng ). host Mt nt mng khng phi l router. Link ( ng dn ) Tin ch giao tip hoc mt mi trng m trn cc nt c th giao tip ti lp ng dn , nh l mt Ethernet (n hoc cu ). ng dn l lp ngay di IP. Interface S kt ni ca mt nt ti mt link . subnet prefix ( tin t mng ) Mt chui bit bao gm mt s bit u ca a ch IP interface identifier
Johnson, et al.
Standard Track
[Page 12 ]
RFC 3775
June 2004
Mt s c dng xc nh mt interface ca mt nt trn mt link. interface identifier l phn bit cn li ca a ch IP sau subnet perfix . link-layer address Ch s xc nh lp ng dn cho mt interface, nh l nhng a ch IEEE 802 trn ng dn Ethernet Packet ( gi tin ) Mt IP header c thm thng tin . security association ( lien kt an ninh ) Mt lin kt an ninh IPsec l mt mi quan h hp tc hnh thnh khi chia s ti nguyn kha mt m v d liu kt hp . Lin kt an ninh rt n gin . C 2 lin kt an ninh cn bo v giao thng hai chiu gia hai nt , mi lin kt cho mi hng . security policy database ( CSDL an ninh ) Mt CSDL ca dch v an ninh cung cp cho nhng gi tin IP v theo mt hnh thc no . destination option ( ty chn im ch) Ty chn im ch c mang trong header ca ty chn im ch IPv6 . N bao gm nhng thng tin ty chn cn c kim tra bi nt IPv6 mang a ch im ch trong header IPv6 , khng phi bi router gia . Mobile IPv6 nh ngha ty chn im ch mi , the Home Address destination option (see Section 6.3). routing header A routing header c l l phn m rng ca header IPv6 ch gi hng phi c gi ti a ch IPv6 im ch trong mt cch no khc so vi nhng g c thc hin trong ng dn Internet chun. Trong ti liu ny dng thut ng "routing header" cp ti loi 2 routing header c c th trong phn 6.4. "|" (du ghp ) Vi cng thc dng du "|" ch vic ghp bit ging nh A | B. Kt qu bt u bng tt c cc byte ca d liu A , theo sau l tt c cc byte ca d liu B. Johnson, et al. Standard Track [Page 13 ]
RFC 3775 First (size, input)
June 2004
Hm "First (size, input)" ch vic ct d liu ban u , ch cn size bit u c gi li .
3.2. Thut ng ca Mobile IPv6

home address ( a ch home ) Mt a ch ng dn mt chiu c gn cho mt nt di ng, c dng nh mt a ch thng tr ca nt . a ch ny nm bn trong ng dn home . C cu ng dn IP chun s phn phi gi tin cho a ch home ca nt theo ng dn home . Nt di dng c th c nhiu a ch home , th d trn mt dng dn home c th c nhiu tin t home . home subnet prefix ( tin t mng home ) Tin t mng IP tng ng vi a ch nh ca mt nt di ng. home link ( ng dn home ) ng dn m ti tin t mng home c nh ngha . mobile node ( nt di ng ) Mt nt thay i im kt ni t ng dn ti mt ng dn khc , trong khi vn kt ni thng qua a ch home . Movement ( s di chuyn ) Thay i kt ni ca mt nt ti Internet , n khng cn kt ni vi cng mt ng dn nh trc . Nu mt nt di ng khng kt ni vi ng dn home th nt mng s thng bo l "ra khi nh ". Chuyn my L2 Mt qu trnh m mt nt thay i kt ni lp ng dn . Th d mt thay i im truy cp khng dy l chuyn my L2. Chuyn my L3 Theo sau chuyn my L2 , mt nt mng mun c mt thay i tin t mng trn ng dn cn phi c mt thay i trong a ch ph thc u tin . Th d thay i trong router truy cp theo sau mt thay i ca im truy cp khng dy , l chuyn my L3. Johnson, et al. Standard Track [Page 14 ]
RFC 3775
June 2004
im tng ng Mt nt ngang hng vi mt nt ang kt ni . Nt tng ng hoc c nh hoc di ng . foreign subnet prefix ( tin t mng bn ngoi ) Tin t mng IP khc tin t mng IP home ca nt di ng foreign link ng dn khc ng dn home ca nt di ng . care-of address Mt a ch ng dn mt chiu kt ni vi nt di ng khi n ang mt ng dn bn ngoi ; tin t mng ca a ch IP l mt tin t mng bn ngoi . Trong s nhng a ch ph thc ca nt di ng ti mt thi im (e.g., s c nhiu tin t mng khc nhau ), c mt ci s ng k vi home agent ca nt di ng c gi l a ch ph thc "chnh " home agent ( i l home ) L mt router trn ng dn home ca mt nt di ng ,nt di ng s ng k v tr ph thc hin ti ca n . Khi nt di ng ra khi nh , i l home s chn ng nhng gi tin trn ng dn home a ti a ch home ca nt di ng , bt ly chng v gi chng n a ch ph thc hin ti ca nt . Binding ( ni ) S kt ni ca a ch home vi a ch ph thc ca mt nt . ng k L mt qu trnh trong mt nt di ng thng bo cp nht kt ni cho i l home hoc nt tng ng , to ra nhng kt ni c ng k cho nt di ng . mobility message ( tin nhn di ng ) Tin nhn cha nhng header di ng (xem mc 6.1). binding authorization ( qun l kt ni )
Johnson, et al.
Standard Track
[Page 15 ]
RFC 3775
June 2004
ng k tng ng cn phi c qun l cho php ni nhn tin rng ngi gi c quyn to ra mt kt ni mi . return routability procedure (Th tc ng dn hon li) L th tc qun l nhng ng k bng cch trao i nhng chui m ha correspondent registration ( ng k tng ng ) Mt th tc ng dn hon li theo sau mt ng k , chy gia nt di ng v mt nt tng ng . home registration ( ng k home) Mt ng k gia mt nt di ng v mt i l home ,c qun l bng cch dng IPsec. nonce Nonces l nhng s ngu nhin c dng bn trong bi nhng nt tng ng to ra nhng chui kha c lin quan n th tc ng dn hon li . Nonces khng c th ti mt nt di ng , v gi b mt trong mt nt tng ng . nonce index ( ch s nonce ) Ch s nonce c dng ch nonce no s c dng khi to nhng gi tr chui kha , m khng cn tit l ra nonce . cookie Mt cookie l mt s ngu nhin c dng bi mt nt di ng ngn cn s bt chc ca nhng nt tng ng gi trong th tc ng dn hon li . care-of init cookie( cookie xc nh ph thc ) Mt cookie c gi ti nt tng ng trong dng thng bo xc nh kim tra ni ph thc , c phn hi trong dng thng bo kim tra ni ph thc . home init cookie ( cookie xc nh home ) Mt cookie c gi ti nt tng ng trong dng thng bo xc nh kim tra home , c phn hi trong dng thng bo kim tra home keygen token ( chui kha ) Johnson, et al. Standard Track [Page 16 ]
RFC 3775
June 2004
Mt chui kha l mt s c cung cp bi nt tng ng trong th tc ng dn phn hi gip nt di ng tnh ton kha m qun l kt ni , qun l cp nht kt ni. care-of keygen token ( chui kha ph thc ) Mt chui kha c gi bi nt tng ng trong thng bo kim tra ni ph thc . home keygen token ( chui kha home) Mt chui kha c gi bi nt tng ng trong thng bo kim tra home . binding management key (Kbm)( kha qun l kt ni ) (Kbm) l mt kha qun l thng bo kim sot kho kt ni (e.g., cp nht kt ni v xc nhn kt ni ). ng dn phn hi cung cp mt phng tin qun l kt ni .
Johnson, et al.
Standard Track
[Page 17 ]
RFC 3775
June 2004
4. Khi qut v Mobile IPv6

4.1. Hot ng c bn :
a ch home l c trng cho mt nt di ng home , l mt a ch IP bn trong mt tin t mng home trn ng dn home . Khi nt di ng cn home , gi tin s c chuyn thng ti a ch home thng qua mt c cu truyn dn thun tin . a ch ph thc cho mt nt di ng khi ra ngoi , l mt a ch IP bn trong mt tin t mng bn ngoi trn ng dn bn ngoi . Khi nt di ng ra khi home , gi tin s c chuyn ti a ch ph thc . Khi ri khi home , nt di ng s ng k a ch ph thc chnh cho router trn ng link home , v yu cu router ny ng vai tr nh i l home cho nt . Nt di ng s gi thng bo cp nht kt ni cho i l home v i l home s gi xc nhn kt ni hon li . Hot ng ca nt s c c th trong Section 11, v hot ng ca i l home s c th trong Section 10. Nt tng ng giao tip vi nt di ng c th c nh hoc di ng , nt di ng s thng tin v ni hin ti cho nt tng ng . iu ny thc hin thng qua ng k tng ng . Th tc kim tra ng dn hon li c thc hin qun l kt ni . Hot ng ca nt tng ng c c th trong Section 9. C 2 hnh thc giao tip gia nt di ng v nt tng ng Hnh thc th nht l giao tip thng qua i l home , khng cn kt ni gia 2 nt trn Hnh thc th 2 l thc hin kt ni trc tip gia 2 nt
Hnh thc th 2 tit kim c nhiu thi gian hn v truyn trc tip . N s b i c chi ph i l home v ng dn home.Thm na nguy c mt mng ti home s gim i C nt di ng v nt tng ng u c cch thm a ch home vo trong header IPv6 gi vo gi tin Mobile IPv6 cung cp tin ch nhiu i l home , khi s kh xc nh c . Mt c cu mi gi l khm ph a ch i l home ng s c trnh by trong phn 6.5.
4.2. Giao thc IPv6 mi :

Mobile IPv6 nh ngha mt giao thc IPv6 mi , dng header mobility (xem phn 6.1). Header mang theo nhng thng tin sau :
Johnson, et al.
Standard Track
[Page 18 ]
RFC 3775
June 2004
Xc nh kim tra Home Kim tra Home Xc nh kim tra ni ph thc Kim tra ni ph thc 4 loi tin nhn phn hi t nt di ng n nt tng ng . iu ny m bo cp nht kt ni c m t trong phn 5.2.5. Binding Update ( cp nht kt ni ) Cp nht kt ni m t v tr hin ti ca nt di ng cho nt tng ng v i l home . N m t cho i l home a ch ph thc chnh , ging nh ng k home . Binding Acknowledgement ( xc nhn kt ni ) Xc nhn nhn c cp nht kt ni , nu cha c , n s gi li hoc mt li s xy ra . Binding Refresh Request ( yu cu ti lp kt ni ) c dng t nt tng ng yu cu nt di ng thit lp li kt ni gia 2 nt. Thng bo ny s pht ra khi kt ni hot ng nhng thi gian kt ni ht hn Binding Error ( bo li kt ni ) Nt tng ng dng thng bo ny khi c li kt ni vi a ch home .
4.3. Ty chn ch IPv6 mi

Mobile IPv6 a ra ty chn ch a ch home . Ty chn ny s c m t trong phn 6.3.
4.4. Tin bo ICMP IPv6 mi :

Mobile IPv6 cng a ra 4 loi tin bo ICMP mi , 2 cho vic dng c cu xc nh a ch i l home ng , v 2 cho m li v c cu nh dng a ch . 2 tin bo ICMP mi cho vic dng c cu xc nh a ch i l home ng m t trong phn 10.5 v 11.4.1: o Home Agent Address Discovery Request, m t trong 6.5. o Home Agent Address Discovery Reply, m t trong 6.6. Johnson, et al. Standard Track [Page 19 ]
RFC 3775
June 2004
2 tin bo ICMP mi cho m li v c cu nh dng a ch, c m t trong 10.6: Mobile Prefix Solicitation, m t trong 6.7. Mobile Prefix Advertisement, m t trong 6.8.
4.5. Thut ng cu trc d liu nim :

Binding Cache ( kho kt ni ) L kho ca nhng kt ni cho nhng nt mng , n c duy tri bi i l home v nt tng ng , bao gm nhng entry ng k nt tng ng v a ch home (xem phn 10.1). Binding Update List ( danh sch cp nht kt ni ) Danh sch ny c duy tr bi nt di ng , bao gm nhng phn kt ni ca n vi nhng nt khc hoc nhng yu cu thit lp kt ni.C ng k tng ng v home bao gm trong danh sch ny . Nhng entry ca list ny s xa i khi thi gian kt ni ht hn , xem phn 11.1. Home Agents List ( danh sch i l home ) i l home cn bit nhng i l home khc trn cng ng dn . Thng tin ny s c cha trong danh sch i l home , s c m t chi tit trong phn 10.1. Danh sch ny c dng thng bo cho nt di ng xc nhn a ch i l home ng .
4.6. Site-Local Addressability ( phn gii site local )

Yu cu thc t : a ch home v tng ng l a ch ng dn mt chiu . phn gii Site-local hu dng trn mng khng kt ni vi Internet, nhng vic phn loi ny s khng xem xt l vic s dng c an ton hay khng . Nt di ng s khng quan tm n nhnh hin ti ca chng , rt kh ngn cn nhng va chm tnh c ti nhng nhnh khc , v s m h ca a ch site-local c th gy ra rc ri nu nh mng home v bn ngoi dng cng a ch . Do , a ch site-local khng nn c dng nh a ch home v a ch ph thc .
Johnson, et al.
Standard Track
[Page 20 ]
RFC 3775
June 2004
5. Tng quan v an ninh Mobile IPv6

Thc t cung cp nhiu cng c an ninh , bao gm cung cp vic bo v cho cp nht kt ni ca home v nt tng ng (dng header m rng IPsec , hoc dng ty chn d liu qun k kt ni , ty chn ny dng kha qun l kt ni , kbm , thit lp thng qua th tc ng dn phn hi ), bo v khi phc tin t di ng (dng header m rng Ipsec ), v bo v h thng Mobile IPv6 trao i gi tin d liu (ty chn im ch a ch home v header ng dn loi 2)
5.1.
Cp nht kt ni ti i l home :
Nt di ng v i l home phi dng kt hp an ninh IPsec thng nht v qun l cp nht v xc nhn kt ni . C nt di ng v i l home phi h tr v nn dng header gi ti an ninh (Encapsulating Security Payload) (ESP) [6] trong truyn dn v phi dng thut ton xc thc ti khng rng cung cp quyn xc nhn d liu gc ,ton vn kt ni v bo v chng li ti din ty chn . Ch rng header xc thc ( Authentication Header )(AH) [5] l kh thi nhng khng c th v qu di dng . bo v nhng thng tin trao i gia nt di ng v i l home dng IPsec, nhng entry c s d liu an ninh thch hp cn phi c to ra . Mt nt di ng cn ngn cn vic nt khc dng kt hp an ninh gi cp nht kt ni dng i l home ca mnh . Vn ny c gii quyt bng cch ku i l home kim tra xem a ch nh c cho c dng kt hp an ninh tng thch khng . Mt kim tra nh th s c thc hin bng qu trnh IPsec , bng cch c nhng entry CSDL an ninh xc nhn r rng kt hp an ninh bo v cp nht kt ni gia a ch home c cho v i l home . phng an kh thi th a ch home phi c trong cp nht v xc nhn kt ni . a ch home c dng trong gi tin ny nh mt ngun ch , hoc trong ty chn im ch a ch home v header ng dn loi 2 . V vi tt c kt hp an ninh IPsec trong thc t , nn phn t nh dng ca kt hp an ninh l phi c h tr . Nhng b mt chia s phi ngu nhin v n lp gia nhng nt khc nhau ,v phi c phn phi offline cho nhng nt di ng . Qun l kha t ng IKE [9] c l c h tr . Khi IKE c dng, hoc nhng entry CSDL an ninh hoc nhng qu trnh Mobile IPv6 phi xc nhn r rng chu k IKE mt li y nhim dng qun l to kt hp an ninh bo v cp nht kt ni cho mt a ch home .
5.2.
Cp nht kt ni ti nt tng ng
S dng th tc ng dn phn hi , n khng th ngn cn mt tn cng vo ng dn , nhng n c th gii hn hacker xc nh ng dn c th hoc gi mo cp nht kt ni trn Internet.
Johnson, et al.
Standard Track
[Page 21 ]
RFC 3775
June 2004
Bo mt thng tin s dng thut ton hash . Kha qun l kt ni , Kbm, c dng gii m . 5.2.1. Kha nt : Mi nt tng ng c mt kha b mt , Kcn, gi l "kha nt", c dng lm bng chng m gi n nt di ng .L mt s ngu nhin v di 20 byte . Kha ny gip nt tng ng xc nhn ng kt ni . Nt tng ng s thay i kha nt ny lin tc v vn an ninh 5.2.2. Nonces Nonce c dng bi nt tng ng xc nhn kt ni cng vi kha nt . Nonce c mt ch s nonce thay i theo chu k . N gip nt tng ng phn bit tin nhn cho tng chu k . Thng tin ca nonce ht hn cng s b xa Mt nonce l mt chui byte khong chng 64 bits. 5.2.3. Cookies and Tokens Th tc kim tra a ch ng dn phn hi dng cookies v tokens m lm nhng gi tr b mt trong thng tin kim tra v xc nhn kim tra . Cookie v token ng vai tr xc nhn kt ni ng gia nt i ng v nt tng ng cng nh xa nhng timer ht hn . 5.2.4. Hm mt m : Dng tnh ton gi tr hash . 5.2.5. Th tc ng dn phn hi : Th tc ng dn phn hi gip nt tng ng chc rng a ch ca nt di ng v c a ch home ln a ch ph thc . Sau nt tng ng mi thc hin kt ni v gi d liu . Nt di ng s xc minh mnh bng cch gi li d liu xc nhn m token . Kha d liu kt ni , Kbm, l ca nt di ng xc minh .
Johnson, et al.
Standard Track
[Page 22 ]
RFC 3775
June 2004
Mobile node Home agent Correspondent node | | | Home Test Init (HoTI) | | | ------------------------------>| ------------------------------->| | | | | Care-of Test Init (CoTI) | |--------------------------------- ------------------------------>| | | | | Home Test (HoT) | |<------------------------- -----|<-------------------------------| | | | | Care-of Test (CoT) | |<---------------------------------------------------- -----------| | | 4 gi tin coi nh thc hin ng thi , hnh thnh nn th tc ng dn phn hi . Home Test Init Nt di ng gi gi tin xc nhn kim tra home thng qua i l home ti nt tng ng . Ni dung ca tin c th tm tt c nh sau: a ch ngun = a ch home a ch ch = nt tng ng Tham s : o home init cookie : xc minh ng nt tng ng cn lin lc . Care-of Test Init Nt di ng gi gi tin xc nhn kim tra home ti nt tng ng khng thng qua i l home. Ni dung ca tin c th tm tt c nh sau: a ch ngun = a ch ph thc a ch ch = nt tng ng Tham s : o care-of init cookie : thng bo a ch ph thc cho nt tng ng ng thi xc minh . Home Test Gi tin kim tra home c gi p li gi tin xc minh kim tra home . Thng qua i l home , gm nhng thng tin sau : a ch ngun = nt tng ng a ch ch = a ch home Tham s : o home init cookie o home keygen token o home nonce index
Johnson, et al.
Standard Track
[Page 23 ]
RFC 3775 Chui xc nhn m home :
June 2004
home keygen token := First (64, HMAC_SHA1 (Kcn, (home address | nonce | 0))) Trc th tc ng dn phn hi , cn m bo i l home xc nh c a ch ph thc hin ti ca nt di ng . D liu c lm min nhim vi nhng tn cng thng qua m ha m token . Cookie xc nhn home cng c tr li cho nt di ng xc minh ng dn . Home nonce index gi cho nt di ng xc nhn m token home . Kim tra ph thc : Tham s : o care-of init cookie o care-of keygen token o care-of nonce index care-of keygen token := First (64, HMAC_SHA1 (Kcn, (care-of address | nonce | 1))) Khi nt di ng nhn c 2 tin th th tc hon thnh . Sau nt di ng thit lp kt ni . Dng hm hash hnh thnh : Kbm = SHA1 (home keygen token | care-of keygen token) Khi xa kt ni trc , kt ni mi c thit lp : Kbm = SHA1(home keygen token) Ch : nt tng ng khng to Kbm cho ti khi kt ni thc hin v nonce bt u 5.2.6. Gi tin qun l kt ni : ng k kt ni : Mobile node Correspondent node | | | Binding Update (BU) | |---------------------------------------------- ----------->| | (MAC, seq#, nonce indices, care-of address) | | | | | | Binding Acknowledgement (BA) (if sent) | |<---------------------------------------------- -----------| | (MAC, seq#, status) |
Johnson, et al.
Standard Track
[Page 24 ]
RFC 3775 Binding Update
June 2004
Kbm Tham s : o a ch home (Trong ty chn ch a ch home ) o Chui s (trong header gi tin cp nht kt ni ) o Ch s nonce home (trong Nonce Indices option) o Ch s nonce ph thc (trong Nonce Indices option) o First (96, HMAC_SHA1 (Kbm, (care-of address | correspondent | BU))) Binding Acknowledgement Tham s : o Chui s (trong header gi tin cp nht kt ni) o First (96, HMAC_SHA1 (Kbm, (care-of address | correspondent | BA))) MAX_RR_BINDING_LIFETIME seconds (thi gian gii hn kt ni ). 5.2.7. Cp nht kha nt v Nonces MAX_TOKEN_LIFETIME seconds every 30 seconds. 8 nonce gn nht l valid . 5.2.8. Ngn cn nhng tn cng Replay :
5.3. 5.4. 5.5.
Dynamic Home Agent Address Discovery Mobile Prefix Discovery Payload Packets
Mobile IPv6 a ra ty chn ch a ch home ,header ng dn , v header ng dn trong payload packets.
Johnson, et al.
Standard Track
[Page 25 ]
RFC 3775
June 2004
6. Giao thc , loi tin bo v ty chn ch IPv6 mi :

6.1. Header di ng :
Header di ng l header m rng c dng bi nt di ng ,nt tng ng v i l home trong tt c nhng gi tin lin quan n vic to v qun l kt ni . 6.1.1. nh dng : +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Payload Proto | Header Len | MH Type | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Checksum | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | . . . Message Data . . . | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Payload Proto : Byte chn 8-bit. Xc nh loi ca Header di ng . dng cng gi tr nh IPv6 Next Header field . Nn gn cho payload protocol loi IPPROTO_NONE (59 decimal). Chiu di Header : S nguyn khng du 8-bit, biu din chiu di header. Loi MH : Byte chn 8-bit. Xc nh thng tin di ng nghi vn . Loi MH khng xc nh s gy ra li truyn . Reserved Chui 8-bit ngc h tr thm . Gi tr gn l 0 nu l ngi gi , cn ngi nhn th khng quan tm .
Johnson, et al.
Standard Track
[Page 26 ]
RFC 3775 Checksum
June 2004
S nguyn khng du 16-bit. Vng ny cha phn kim tra ca header di ng . tnh ton bit kim tra , tt c u gn cho gi tr 0 . D liu gi tin : C th theo sau l nhng ty chn di ng
6.1.2. Thng tin yu cu refresh kt ni : Gi tin ny c nt tng ng gi cho nt di ng yu cu refresh kt ni di ng . MH type c gi tr l 0 . +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | . . . Mobility options . . . | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 6.1.3. Thng bo xc nhn kim tra home : Nt di ng dng thng bo xc nhn kim tra home khi to mt th tc ng dn phn hi v yu cu m xc nhn home t pha nt tng ng . MH type c gi tr l 1 . +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + Home Init Cookie + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | . . . Mobility options . . . | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Johnson, et al. Standard Track [Page 27 ]
RFC 3775
June 2004
Home Init Cookie Chui ngu nhin 64 bit , cookie xc nhn home . 6.1.4. Thng bo xc nhn kim tra ni ph thc MH type c gi tr l 2 . +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + Care-of Init Cookie | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | . . . Mobility options . . . | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Care-of Init Cookie Chui ngu nhin 64 bit , cookie xc nhn ni ph thc . 6.1.5. Home Test Message MH type c gi tr l 3 . +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Home Nonce Index | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + Home Init Cookie + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + Home Keygen Token + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | . . . Mobility options . . . | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Johnson, et al.
Standard Track
[Page 28 ]
RFC 3775
June 2004
6.1.6. Thng bo kim tra ni ph thc MH type c gi tr 4 . +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Care-of Nonce Index | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + Care-of Init Cookie + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + Care-of Keygen Token + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | . . . Mobility Options . . . | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 6.1.7. Thng bo cp nht kt ni MH type c gi tr 5 . +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sequence # | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |A |H |L |K | Reserved | Lifetime | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | . . . Mobility Options . . . | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Acknowledge (A) Bit yu cu chp nhn kt ni bn nt tng ng . Home Registration (H) ( ng k home ) Bit yu cu bn nhn hoi ng nh i l home . im ch ca bit ny phi l mt router v khi nt di ng s c cng tin t a ch home vi router ny khi kt ni Johnson, et al. Standard Track [Page 29 ]
RFC 3775
June 2004
Link-Local Address Compatibility (L) Bit xc nhn nt di ng c a ch home cng lp vi nhng a ch ng dn a phng . Key Management Mobility Capability (K) Bit ny hu dng kgi truyn gia nt di ng v i l home , thit lp giao kt an ninh IPsec . Sequence # S nguyn khng du 16 bit , nt nhn dng lit k cp nht kt ni , nt nhn kt hp xc nhn kt ni v cp nht kt ni . Lifetime ( thi gian tn ti ) S nguyn khng du 16 bit . Thi gian kt ni bi expire . Nu bng 0 th kt ni s b hy , n v thi gian s l 4 giy Xa kt ni c th c thc hin thng qua gn gi tr timelife l 0 hoc a ch ph thc trng vi a ch home . Nt tng ng khng nn xa kho kt ni trc khi expire , tuy nhin nu c s c thng bo li kt ni ti nt di ng , nhng khi s xy ra delay trong truyn thng . 6.1.8. Binding Acknowledgement Message MY type c gi tr 6 . +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Status | K | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sequence # | Lifetime | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | . . . Mobility Options . . . | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Key Management Mobility Capability (K) Nt tng ng s set bit K gi tr 0. Johnson, et al. Standard Track [Page 30 ]
RFC 3775
June 2004
Status S nguyn khng du 8-bit ch trng thi ca cp nht kt ni . Nu gi tr ca status nh hn 128 , cp nht kt ni coi nh c chp nhn . Nu ln hn hoc bng 128 , kt ni b hy bi bn nhn . Status c nhng gi tr sau : 0 Cp nht kt ni c chp thun . 1 Chp nhn nhng cp nht tin t l cn thit 128 L do khng xc nh 129 Quyn qun tr b ngn cm 130 Ti nguyn gii hn 131 ng k home khng c h tr 132 Khng c mng home 133 Khng c i l home cho nt di ng 134 Lp a ch tht bi 135 Chui s qu gii hn 136 Ch s nonce home ht hn 137 Ch s nonce ph thc ht hn 138 Nonce ht hn 139 Thay i loi ng k khng cho php
Sequence # S sequence ca xc nhn kt ni copy t s sequence ca cp nht kt ni . c dng so snh gia 2 thng bo . Lifetime Nu cp nht kt ni b loi b th gi tr ny khng xc nh . 6.1.9. Thng tin bo li kt ni : Khi ty chn ch a ch home khng tng thch vi nt tng ng , s c li v di ng MH type lc c gi tr 7 .
Johnson, et al.
Standard Track
[Page 31 ]
RFC 3775
June 2004
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Status | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | | + Home Address + | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ . . . Mobility Options . . . | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Status S nguyn khng du 8 bit nu l do sau : 1 Kt ni vi ty chn ch a ch home khng xc nh 2 Gi tr MH type khng xc nhn Home Address Nt di ng dng a ch ny xem coi kt ni no khng tn ti , v mt nt c th c nhiu a ch home .
6.2. Ty chn di ng
Thng tin di ng c th khng c hoc c nhiu ty chn di ng . Ty chn nh dng thng tin . 6.2.1. nh dng : Dng nh dng gi tr loi chiu di (TLV) : 0 1 2 3 01234567890123456789012345678901 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Option Type | Option Length | Option Data... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Johnson, et al. Standard Track [Page 32 ]
RFC 3775
June 2004
Ty chn loi : Byte xc nhn 8-bit. Khi ni nhn khng nhn ra ty chn ny s b qua . Ty chn chiu di : S nguyn khng du 8-bit, a ra chiu di byte ca ty chn di ng Ty chn d liu Cha nhng d liu ca ty chn nh dng . 6.2.2. Pad1 Ty chn pad1 khng c i hi v sp hng . nh dng nh sau : 0 01234567 +-+-+-+-+-+-+-+-+ | Type = 0 | +-+-+-+-+-+-+-+-+ NOTE! nh dng khng c ty chn chiu di cng nh ty chn d liu 6.2.3. PadN Ty chn pad1 khng c i hi v sp hng . nh dng nh sau : 0 1 0123456789012345 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - | Type = 1 | Option Length | Option Data +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - 6.2.4. Binding Refresh Advice i hi sp hng 2n , c nh dng nh sau : 0 1 2 3 01234567890123456789012345678901 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type = 2 | Length = 2 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| Refresh Interval | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+Johnson, et al. Standard Track [Page 33 ]
RFC 3775
June 2004
Li khuyn refresh kt ni ch c trong xc nhn kt ni ca i l home gi nt di ng trong ng k home . 6.2.5. a ch ph thc thay th : i hi sp xp 8n+6. nh dng nh sau :
Khi a ch ph thc khng c a ch ngun ng hoc c cu an ninh khng bo v c a ch ph thc , ty chn ny s c s dng , n ch dng trong cp nht kt ni v cha a ch ph thc thay th trong khi kt ni . 6.2.6. Nonce Indices C s sp hng l 2n , c nh dng nh sau :
Nonce Indie c dng trong cp nht kt ni ti nt tng ng , v chi khi c km vi ty chn d liu qun l kt ni . Nt tng ng s dng gi tr ny thit lp nn token .
6.2.7. D liu qun l kt ni : Khng i hi xp hng . nhng do l ty chn cui cng nn n phi tht v 8n + 2. nh dng nh sau : Johnson, et al. Standard Track [Page 34 ]
RFC 3775
June 2004
Dng trong thng bo cp nht kt ni v xc nhn kt ni Vng Authenticator cha nhng gi tr mt m quyt nh rng thng bo c n t ng ni gi . Th tc tnh nhng gi tr ny gi l nhng th tc qun l .
Mobility Data = care-of address | correspondent | MH Data Authenticator = First (96, HMAC_SHA1 (Kbm, Mobility Data))
"MH Data" l ni dung ca header di ng , khng bao gm field Authenticator. Gi tr Authenticator s c tnh nu nh checksum trong header l zero .
6.3. Ty chn a ch home :

Ty chn a ch home c mang theo bi header m rng ty chn ch (gi tr header k l 60). N c gi trong tin do nt di ng gi thng bo cho ngi nhn a ch home ca n khi n ra ngoi .
Johnson, et al.
Standard Track
[Page 35 ]
RFC 3775 Option Type 201 = 0xC9 Option Length Set gi tr 16 . Home Address
June 2004
a ch home phi a ch ng dn 1 chiu Ty chn a ch home c t nh sau : o Sau keader ng dn nu c o Trc header fragment nu c o Trc AH Header or ESP Header, nu mt trong 2 header tn ti
6.4. Header ng dn loi 2 :

Header ng dn mi dng to kt ni trc tip gia nt tng ng n ni ph thc ca nt di ng . a ch ph thc c thm vo vng a ch ch IPv6 . Khi n n a ch ph thc , nt di ng s tch header c c a ch home Header loi 2 ch cha mt a ch IP v do bn nhn phi chng minh mnh l a ch nhn duy nht gi tin khng phi i n ni khc . Nu hot vi ca a ch home nh hn hot vi ca ni ph thc , gi tin s b xa b . 6.4.1. nh dng :
Johnson, et al.
Standard Track
[Page 36 ]
RFC 3775 Next Header
June 2004
Byte chn 8-bit. Xc nh loi header theo sau header ng dn . Dng cng tp gi tr nh header k IPv6 [11]. Hdr Ext Len 2 (S nguyn khng du 8 bit ); chiu di header tnh theo block 8 byte . Routing Type 2 (S nguyn khng du 8 bit). Segments Left 1 (S nguyn khng du 8 bit). Home Address a ch home ca nt di ng ch .
6.5. Thng bo yu cu khi phc a ch home ICMP

c dng nt di ng khi phc a ch home ng .
Type 144 Code 0 Checksum The ICMP checksum [14]. Identifier H tr trong vic xc nhn s tng ng ca tin yu cu v tin tr li . a ch gi tin l mt trong nhng ni ph thc ca nt di ng . Khi thc hin th tc khi phc a ch i l home ng , nt di ng hu nh khng lin kt vi i l home no . i l home s tr li thng bo Reply khi phc i l home cho ngun gi t nt di ng Johnson, et al. Standard Track [Page 37 ]
RFC 3775
June 2004
6.6. Thng bo tr li khi phc a ch home ICMP

i l home dng thng bo ny tr li cho nt di ng dng c cu i l home ng
Type 145 Code 0 Checksum The ICMP checksum [14]. Home Agent Addresses Danh sch a ch i l home trn ng link dnh cho nt di ng
6.7. nh dng thng bo yu cu tip u ng di ng ICMP

Thng bo ny c dng bi nt di ng gi n i l home khi n ra khi home , yu cu tip u ng , cp nht a ch home lin tc
Johnson, et al.
Standard Track
[Page 38 ]
RFC 3775 IP fields : a ch gi tin :
June 2004
a ch ph thc ca nt di ng . a ch nhn : a ch home ca nt di ng . a ch home phi trn ng link m nt di ng ang mun bit thng tin v tip u ng . Gii hn tn ti Ty chn ch ESP header IPsec headers ICMP Fields: Type 146 Code 0 Checksum The ICMP checksum [14].
6.8. nh dng thng tin thng bo tip u ng di ng ICMP

Do i l home gi cho nt di ng thng bo tip u ng ca a ch home
Johnson, et al.
Standard Track
[Page 39 ]
RFC 3775 IP Fields: Source Address i l home Destination Address
June 2004
a ch ph thc ca nt di ng . Routing header( header ng dn ) : Loi 2 . ESP header IPsec headers ICMP Fields: Type 147 Code 0 Checksum The ICMP checksum [14].
Johnson, et al.
Standard Track
[Page 40 ]
RFC 3775
June 2004
7. Thay i khm ph xung quanh ca IPv6

7.1. nh dng thng tin thng bo ng dn thay i :
Mobile IPv6 thm vo mt bit c n trong thng bo thng tin ni rng router ang gi chng chnh l i l home trn ng dn . nh dng ca n nh sau :
i l home (H) Bit i l home (H) c set trong thng bo ng dn ch rng router gi thng bo l mt a ch home trn ng link Reserved Gim t 6 bit xung cn 5 bit c c bit c nh ni trn
7.2.
nh dng thng tin tip u ng c thay i :
Mobile IPv6 cn a ch ton cu ca router trong danh sch i l home cung cp cho c cu i l home ng Tuy nhin th tc khm ph xung quanh ch tm c nhng a ch local ca router Mobile IPv6 m rng khm ph xung quanh a ra nhng da ch ton cu , bng cch thm vo bit c n vo trong nh dng ca ty chn thng tin tip u ng nh sau :
Johnson, et al.
Standard Track
[Page 41 ]
RFC 3775
June 2004
Nhng thay i c th : a ch Router (R) 1-bit c a ch router . Khi bit ny set, vng prefix cha a ch IP hon ho chnh l router ang gi Reserved1 Vng ny ch cn 5 bit thay v 6 bit , v c thm 1 bit c .
7.3.
nh dng ty chn khong thi gian thng bo mi :
Mobile IPv6 dng ty chn khong thi gian thng bo , thng bo khong thi gian lp li router gi thng tin ca n cho nt di ng . nh dng ca n nh sau :
Johnson, et al.
Standard Track
[Page 42 ]
RFC 3775 Type = 7 Advertisement Interval
June 2004
S nguyn khng du 32 bit . Thi gian ti a ca 2 tin nhn thng bo t router , MaxRtrAdvInterval c tnh theo mili giy . Nt di ng s dng gi tr ny trong thut ton bo m di chuyn ca mnh
7.4.
nh dng ty chn thng tin i l home mi :
Mobile IPv6 a ra ty chn ny i l home thng bo cho nhng phn chc nng ca n nh mt i l home
Home Agent Preference (Quyn u tin i l home ) S nguyn khng du 16 bit . Quyn u tin i l home gi thng bo Router ny , s dng nhng a ch theo th t , c tr li cho nt di ng trong vng a ch i l home trong thng bo Home Agent Address Discovery Reply message. Gi tr cng cao c ngha l mc u tin cng cao . Nu ty chn ny khng c trong thng bo Router ( m Home Agent (H) bit c set , th gi tr u tin cho i l home ny s l 0 . a chi home gi i s t ng c set mc u tin , th d da vo s MN hin ti m n ang phc v hoc da trn phn ti nguyn cn li m n cn c th phc v thm Home Agent Lifetime ( thi gian sng i l home ) S nguyn khng du 16 bit . Thi gian sng tnh theo n v giy . Gi tr mc nh ny s c c th trong thng bo Router Gi tr ti a c th t ti 18.2 hours. Gi tr 0 khng c s dng . Thi gian ny ch p dng cho nhng tin ch ca home agent ; n khng c tc dng cho nhng thng tin khc . Ty chn ny s xut hin trong thng bo Router ch khi Home Agent (H) bit c set. Nu ty chn ny khng c trong thng bo Router m Home Agent (H) bit c set , gi tr lifetime s ging nh nhng router khc . Johnson, et al. Standard Track [Page 43 ]
RFC 3775
June 2004
Nu c 2 ty chn trn ch l mc nh th khng nn thm vo trong thng bo Router.
7.5.
Nhng thay i i vi thng bo Router :
c tnh giao thc khm ph xung quanh [12] gii hn router ti mt khong thi gian gia nhng ln gi nhng thng bo Router multicast khng tng minh t bt c nn mng c cho no (gii hn bi MinRtrAdvInterval v MaxRtrAdvInterval), pht biu rng : "Routers nhn nhng thng bo router thng xuyn host bit c s hin din ca n trong mt t pht , nhng khng thng xuyn da vo nhng thng bo m bo v nhng li router ; mt thut ton bo v vic khng kt ni xung quanh bit lp cng cp vic xc nh li ." Tuy nhin gii hn ny khng thch hp cung cp vic xc nh di chuyn cho MN . MN bit c s di chuyn ca n thng qua router mi khi MN di chuyn trong mng khng dy ( hoc kt ni vt l vi mt mng khng dy mi ) , v bng cch bit c vic kt ni vi router c l khng cn na . MN phi xc nh nhanh khi m n di chuyn ti mt ng dn ca mt router mi , chng c th t c mt a ch ph thc mi v gi cp nht kt ni thng bo a ch ny ti HA v xc nh nt tng ng nh cn thit . Mt phng php c th xc nh di chuyn nhanh , l tng mc m ti thng bo Router t ng c gi . Mobile IPv6 ko gii hn ny n ni Router c th gi nhng thng bo router multicast t ng thng xuyn hn . Phng php ny c ng dng nhng ni m router ang mong ch cung cp dch v ving thm nhng MN (e.g., nh giao din mng khng dy ),hoc trn n phc v nh mt HA cho mt hay nhiu MN (MN tr v nh v cn nhn nhng thng bo ). Routers h tr di ng c th nn c nh dng vi mt gi tr MinRtrAdvInterval v MaxRtrAdvInterval nh hn cho php gi nhng thng bo Router multicast t ng thng xuyn hn . Gi tr nh nht cho php l : o MinRtrAdvInterval 0.03 seconds o MaxRtrAdvInterval 0.07 seconds Trong trng hp khong ngt v delay nh nht c dng , thi gian ngha gia nhng thng bo Router t ng l 50 ms.Vic dng nhng gii hn nh th ny cn phi nh dng . H thng m nhng gi tr ny c sn m khng c mc nh , th nn mc nh ti nhng gi tr c th trong RFC 2461. Kin thc v nhng loi giao din mng v mi trng hot ng nn cp ti nh dng nhng gii hn ny .y l quan trng vi nhng ng dn khng dy , khi m tng tn s n hiu multicast c th gy ra trng lp d bo trc . Johnson, et al. Standard Track [Page 44 ]
RFC 3775
June 2004
Thm vo , gi tr nh c th c ca MaxRtrAdvInterval c th gy ra mt s vn vi s xc nh chuyn ng mt s mobile nodes. chc chn rng khng c vn , router nn thm vo 20 ms cho mi Advertisement Intervals gi i trong Ras. Ch rng multicast Router Advertisements khng phi lc no cng cn thit trong cc mng khng dy c bng thng hn ch. Vic xc nh s di chuyn v thay i lin kt trong mng c thc hin bi cc lp bn di. Router advertisements trong mng ny nn c gi i ch khi no cn thit. Trong nhng mng ny nn c kh nng khng cho php cc multicast Router Advertisement khng cn thit ti mt s giao tip nht nh. Gi tr MinRtrAdvInterval v MaxRtrAdvInterval trong mt s trng hp c th c gn cc gi tr cao hn. Home agents phi km theo lc chn Source Link-Layer Address trong mi Router Advertisement m n gi i. Ch rng theo nh RFC 2461, AdvDefaultLifetime mc nh da trn gi tr ca MaxRtrAdvInterval v gi tr ca n ch tnh bng giy. Do gi tr rt nhca MaxRtrAdvInterval c th lm cho gi tr ca trng ny bng 0. trnh tnh trng ny, router phi gi cho gi tr ny nh nht l 1 giy.
Johnson, et al.
Standard Track
[Page 45 ]
RFC 3775
June 2004
8. Yu cu cho loi ca IPv6 Nodes

Mobile Ipv6 t ra nhiu yu cu c bit cho cc chc nng c cung cp bi nhiu loi Ipv6 node khc nhau. Phn ny s tng kt li nhng yu cu, nhn dng cc chc nng ca tng yu cu m n mun ch tr. Cc yu cu c phn loi theo ci nhm ca node: Tt c cc node IPv6. Tt c cc node IPv6 h tr vic ti u ha ng truyn. Tt c cc router Ipv6. Tt c cc Mobile IPv6 home agents. Tt c Mobile IPv6 mobile nodes.
8.1.
Tt c cc node Ipv6
Bao gm bt c node no c th ti mt thi im l corresponding node ca mt mobile node, gi gi n mobile node hoc l nhn gi t mobile node. Khng c c t Mobile Ipv6 no cn thit cho cc node ny, v k thut Ipv6 n thun hiu dng. Nu mt mobile node c gng thit lp mt ng i ti u vi 1 node ch h tr Ipv6 c bn, mt thng bo li ICMP s c gi i cho bit node khng h tr vic ti u ny, v thng tin s c thc hin thng qua home agent. Mt node Ipv6 khng phi h tr la chn Home Address destination, routing header loi 2, hay Mobility Header tr khi n h tr y cc yu cu lit k trong phn tip theo cho c ti u ung i, chc nng mobile node hay home agent.
8.2.
IPv6 Nodes h tr ti u ng i
Cc node thc hin ti u ha ng i l mt tp con ca tt c cc Ipv6 node trn internet. Kh nng ca mt corresponding node tham gia vo ti u ha ng i l cn thit cho s hot ng hiu qu ca Ipv6 Internet, v mt s l do sau y: Trnh nghn trong mng gia nh, cho php s dng cc cc home agent hiu sut thp ngay c cho hng ngn mobile node. Gim ti mng khi m cc thit b di ng chim u th hn hn. Gim s hn lon v tr trong truyn tin. Tn hiu QoS thnh cng nhiu hn c th khi thit lp ng hm s b qua v ngun ngh s t i. Tng s mnh m so vi s phn chia mng, nghn v vi vn khc.
Nhng hiu ng ny kt hp li cho php hiu sut cao hn v mnh hn cho thng tin gia mobile node v Ipv6 correspondent node. Johnson, et al. Standard Track [Page 46 ]
RFC 3775
June 2004
Nhng yu cu sau y p dng cho mi correspondent node h tr ti u ha ng i: Node phi c kh nng xc nhn la chn Home Address s dng mc Binding Cache c sn. Node phi c kh nng thm vo mt routing header loi 2 vo gi gi n mt mobile node. Tr khi correspondent node hot ng nh mt mobile node, n phi b qua routing header loi 2 v loi b mt cch m thm cc gi c cc header ny. Node phi c kh nng bin dch ICMP messages. Node phi c kh nng gi Binding Error messages. Node phi c kh nng thc hin Mobility Headers. Node phi c kh nng tham gia vo mt return routability procedure. Node phi c kh nng thc hin Binding Update messages. Node phi c kh nng tr li mt Binding Acknowledgement. Node phi c kh nng duy tr Binding Cache trong accepted Binding Updates. Node phi cho php chc nng ti u ha ng i c cho php hay khng cho php bi ngi qun tr. Mc nh phi l cho php.
8.3.
Tt c router IPv6
Tt c Router u nh hng n cch MN lin lc : Mi router nn gi qung thng bo xc nhn di chuyn ca MN. Router nn h tr tc nhanh . Router nn h tr prefix trong a ch IP
8.4.
HA ca IPv6
MN hot ng hiu qu khi ra khi nh , Router trn ng link home cn ng vai tr nh HA . Nhng yu cu thm i vi Router ng vai tr HA l : HA phi lu tr d liu ca MN trong kho kt ni HA c th can thip vo gi gi cho MN HA c trch nhim tunnel gi tin cho MN theo a ch ph thc u tin HA phi kim tra xc thc a ch home ca MN HA phi tr li xc nhn kt ni khi nhn c cp nht kt ni HA cn h tr nhng nh dng cho ngi s dng HA nn h tr gi ICMP Mobile Prefix Advertisements v nn tr li cho Mobile Prefix Solicitations HA phi h tr IPsec ESP bo v gi tin thuc ng dn phn hi . HA cn h tr giao thc iu khin multicast HA c th h tr nh dng a ch tng minh cho MN . Johnson, et al. Standard Track [Page 47 ]
RFC 3775
June 2004
8.5.
MN ca IPv6
Cui cng l nhng yu cu i vi MN : MN phi duy tr cp nht list MN phi h tr IPv6 encapsulation v decapsulation [15]. MN phi h tr header ng dn loi 2 MN phi h tr thng bo li ng dn (Section 11.3.6). MN phi h tr nhn li ICMP (Section 11.3.5). MN phi h tr xc nhn di chuyn , a ch ph thc v tr li a ch home (Section 11.5). MN c th qun l Mobility Headers trong Section 11.2. MN phi h tr th tc ng dn phn hi MN phi h tr gi cp nht kt ni MN phi nhn v qun l xc nhn kt ni MN phi h tr thng bo di ng , nh dng li a ch dng prefix c cp nht MN nn h tr dng a ch home ng MN phi h tr ti u ng i MN phi h tr t nh dng a ch tng minh nh l DHCPv6 [29]
Johnson, et al.
Standard Track
[Page 48 ]
RFC 3775
June 2004
9. Hot ng ca CN (correspondent node)

9.1. Cu trc d liu nim
Ipv6 h tr ti u ng i duy tr mt Binding Cache. Mt Binding cache ring r phi d duy tr bi mi Ipv6 node cho mi unicast routable addresses ca n. Binding cache c th c thc hin bng bt c cch no c miu t trong ti liu ny. Mi th trong Binding Cache mt cch nim bao gm cc trng sau: Home address ca MN cho th ny. Care-of address ca MN c ch ra bi trng a ch nh trong th ny. Gi tr thi gian sng, l thi gian to ra hay l thi gian chnh sa gn y nht ca th ny.. Mt c xc nh th ny l th ng k hom hay khng (thch hp cho cc node c tch hp cc chc nng HA). Gi tr ln nht ca trng Sequence Number nhn c trc . Thng tin cn dng cho Binding Cache entry .
Cc Binding Cache entries khng nh du nh l mt home registrations c th c thay th bt c lc no bi quyn thay th hp l nhng khng c xa khi khng cn thit.
9.2.
Processing Mobility Headers

Mobility Header processing phi c xem xt theo nhng qui tc sau: checksum phi c m bo nh trong Section 6.1. Nu khc, node phi m thm loi b message. Trng MH Type phi c mt gi tr c bit(Section 6.1.1). Nu khng th phi loi b message v to ra mt Binding Error message nh trong Section 9.3.3, vi trng Status gn l 2 (unrecognized MH Type value). Trng Payload Proto phi l IPPROTO_NONE (59 decimal). Nu khng, node phi loi b message v gi ICMP Parameter Problem, Code 0, trc tip n Source Address ca gi nh m t trong RFC 2463 [14]. Nh th khng c thng tin Binding Cache c dng trong ICMP message gi. Trng Pointer trong ICMP message phi ch n trng Payload Proto. Trng Header Len trong Mobility Header khng c nh hn chiu di c trng cho loi ca message ny nh trong Section 6.1. Nu khng, node phi hy gi v phi gi ICMP Parameter Problem, Code 0, trc tip n Source Address ca gi nh m t trong RFC 2463 [14].
Johnson, et al.
Standard Track
[Page 49 ]
RFC 3775
June 2004
9.3.
Packet Processing
Phn ny m t lm th no mt CN gi gi n MN v nhn gi ngc li. 9.3.1. Nhn gi vi Home Address Option
Gi cha Home Address option phi c loi b nu a ch home khng phi l mt unicast routable address. MN c th gm 1 Home Address destination option trong gi nu h tin rng CN c mt Binding Cache entry cho a ch nh ca mt MN. Gi cha mt Home Address option phi c loi b nu khng c mt Binding Cache entry no tng ng. Mt Binding Cache entry tng ng phi c cng a ch nh nh l trong Home Address destination option, v a ch care-of hin ti phi bng vi a ch ngun ca gi. Nhng kim tra ny khng cn phi th hin cho cc gi c cha Home Address option v Binding Update. Nu gi b loi b da trn nhng kim tra trn, node tng ng phi gi mt Binding Error message nh m t trong Section 9.3.3. Trng Status trong tin ny phi c gn l 1(unknown binding for Home Address destination option). Node CN phi thc hin cc la chn theo cch ph hp vi s i ca trng Home Address t Home Address option thnh IPv6 header v thay th gi tr ban u ca trng Source Address. Sau khi mi IPv6 options c tin hnh, n phi c kh nng cho php cc lp trn tin hnh gi m khng cn phi bit l n n t a ch care-of hay Home Address option c s dng. Vic s dng IPsec Authentication Header (AH) cho Home Address option l khng bt buc, tr khi IPv6 header ca mt gi c bao bi AH, khi vic xc minh phi bao c Home Address option. s bao ny c thc hin mt cch t ng bi nh ngha ca Option Type code cho Home Address option, khi m n xc nh l d liu bn trong n khng c thay i trn ng i ca gi cho n ch cui cng, v do th la c thm vo tnh ton AH. Khi c gng xc nhn da liu xc minh AH trong mt gi cha Home Address option, node nhn phi tnh ton d liu xc minh AH nu nh iu sau y l ng: Home Address option cha a ch care-of, v trng a ch ngun IPv6 ca IPv6 header cha a ch nh. iu ny tun theo vi tnh ton m t trong Section 11.3.2. 9.3.2. Gi mt gi n MN Trc khi gi bt c gi no, node gi phi kim tra Binding Cache ca n c mt th ca a ch ch m gi c gi n. Nu node gi c th Binding Cache cho a ch ny, node gi phi s dng type 2 routing header nh tuyn gi n MN ny bng a ch care-of ca n. Tuy nhin, node gi khng cn phi lm th trong cc trng hp sau y: o Khi gi mt gi IPv6 Neighbor Discovery [12]. o Cc trng hp khc cp trong Section 6.1. Johnson, et al. Standard Track [Page 50 ]
RFC 3775
June 2004
Khi tnh ton d liu xc minh trong mt gi cha mt type 2 routing header, CN phi tnh d liu xc minh AH nu nh iu sau y l ng: Routing header cha a ch care-of, trng a ch ch IPv6 ca header cha a ch nh. V trng Segments Left l 0. Tm kim trong IPsec Security Policy Database phi da trn a ch nh ca MN. 9.3.3. Gi Binding Error Messages Section 9.2 v Section 9.3.1 m t iu kin li dn n vic gi Binding Error message. Mt Bingding Error message c gi trc tip n a ch xut hin trong trng Source Address ca gi. Nu a ch source khng phi l mt a ch unicast th binding error message khng c gi i. 9.3.4. Nhn mt ICMP Error Messages Mi ICMP error message gy ra bi cc gi trn ng ca n a ch care-of s c tr li CN bng cch bnh thng. Nu nh CN khng c th Binding Cache cho MN th gi s c nh tuyn thng qua MNs home-link.
9.4.
Return Routability Procedure

Phn ny m t cc ng thi ca CN trong sut qu trnh return routability procedure. 9.4.1. Nhn Home Test Init Messages CN xc minh cc iu sau y: o Gi khng bao gm Home Address destination option.
Mi gi cha Home Address option phi b loi b nu khng CN s khng gi HoT tr li li HoTi do cc iu kin cp trong Section 5.2. 9.4.2. Nhn Care-of Test Init Messages CN s kim tra: o Gi khng c cha Home Address destination option. Mi gi cha Home Address option phi b loi b nu khng CN s khng gi CoT tr li li CoTi do cc iu kin cp trong Section 5.2. 9.4.3. Gi Home Test Messages CN s to ra home keygen token v s dng nonce index hin ti nh l Home Nonce Index. Sau n s to ra Home Test message (Section 6.1.5) v gi n n MN theo a ch nh. Johnson, et al. Standard Track [Page 51 ]
RFC 3775
June 2004
9.4.4. Gi Care-of Test Messages CN to ra mt care-of keygen token v s dng nonce index hin ti nh l Care-of Nonce Index. Sau n s to ra mt Care-of Test message (Section 6.1.6) v gi n n MN theo a ch nh..
9.5.
Qu trnh Binding
Cc message cho bingding: o Binding Update o Binding Refresh Request o Binding Acknowledgement o Binding Error 9.5.1. Nhn Binding Updates
Trc khi chp nhn mt Binding Update, node nhn phi xc minh Binding Update da vo cc iu kin sau y: Gi phi cha mt unicast routable home address, trong Home Address option hoc Source Address, nu nh Home Address option khng tn ti. Trng Sequence Number trong Binding Update ln hn Sequence Number nhn c trong Binding Update hp l trc . Nu node nht khng c th Binding Cache no cho home address n phi chp nhn bt c gi tr Sequence Number no m n nhn c t MN. Khi m Home Registration khng c gn, cn nhng iu sau y: Mt la chn Nonce Indice mobility phi tn ti, v gi tr Care-of Nonce Index trong la chn ny phi mi nhn ra bi CN. CN phi ti sn sinh ra home keygen token v care-of keygen token t thng tin cha trong gi. Sau n s sinh ra Kbm v s dng xc minh trng xc nhn trong Binding Updates. La chn Binding Authorization Data mobility phi tn ti, v ni dung ca n phi tha lut miu t trong phn 5.2.6. La chn Binding Authorization Data mobility phi l la chn cui cng. Johnson, et al. Standard Track [Page 52 ]
RFC 3775
June 2004
Nu nh Home Registration c gn, la chn Nonce Indices mobility khng c tn ti. Nu mt MN nhn c Sequence number nh hn Sequence number t ln Binding Updates hp l trc , node nhn phi gi mt BA vi status code l 135, v s Sequence number trong trng Sequence Number ca Binding Acknowledgement. Nu nh vic gn tn ti cho a ch nh ny v c Home Registration c gi tr khc bit H trong Binding Update, node nhn phi gi li mt BA vi status code l 139. C Home Registration lu trong th Binding Cache khng c thay i. Nu node nhn khng cn nhn ra Home Nonce Index, Care-of Nonce Index, hay c hai gi tr t Binding Update, node nhn phi gi li mt BA vi status code tng ng l 136, 137, 138. Nu gi khng tha cc yu cu trn th phi b loi b 1 cch mc nh. Nu gi tha cc yu cu trn, sau Binding Update s tip tc nh sau: Gi tr Sequence Number nhn t MN trong Binding Update c lu trong th Binding Cache tng ng vi a ch nh. Nu Lifetime c ch ra trong Binding Update khc 0 v a ch care-of khng bng vi a ch nh, th y l 1 yu cu ghi nh 1 binding cho a ch nh. Nu ngc li th y l y6u cu xa ghi nh binding cho a ch nh ny. a ch care-of phi c xc nh nh sau: Nu la chn Altenate Care-of Address tn ti, th a ch care-of l la chn . Nu khc, a ch care-of l trng Source Address trong header ca gi IPv6. a ch nh cho binding phi c xc nh nh sau: Nu la chn Home Address destination tn ti th a ch nh chnh l la chn . Nu khc, a ch nh l trng Source Address trong header ca gi IPv6. 9.5.2. Yu cu ghi nh mt Binding Phn ny ni v vic yu cu ghi nh mt binding khi m Home Registration (H) bit khng c bt trong Binding Update. Trong trng hp ny, node nhn phi to ra mt th mi trong Binding Cache cho a ch nh , nu tn ti mt th. Lifetime cho mt th Binding Cache c khi to t trng Lifetime trong Binding Update. Gi tr Lifetime cho th Binding Cache khng c ln hn gi tr Lifetime trong Binding Update. Mi th Binding Cache phi c xa nu qu gi tr Liftime. CN c th t chi mt th Binding Cache mi nu nh n khng c thng tin cn thit. Mt th mi c th b t chi nu CN tin rng thng tin ca n c s dng cho mc ch khc. Trong c 2 trng hp, CN phi gi li mt Binding Acknowledgement vi gi tr status l 130. 9.5.3. Yu cu xa Binding Johnson, et al. Standard Track [Page 53 ]
RFC 3775
June 2004
Phn ny ni v vic yu cu xa mt binding khi m Home Registration (H) bit khng c bt trong Binding Update. Nu tn ti mt binding cho a ch nh th n phi c xa i. Khng c th no c to ra tr li cho Binding Update ny. Nu th Binding Cache c to ra bng cch sa dng return routability nonces, CN phi chc chn rng gi tr nonce khng c s dng li vi a ch nh v care-of xc nh. Nu c 2 nonce u hp l, CN s phi nh s kt hp gia nonce index, a ch v sequence number l khng hp l cho n khi 1 trong 2 nonce tr nn qu c. 9.5.4. Gi Binding Acknowledgements Mt Binding Acknowledgement c th c gi tr li cho mt Binding Update nh sau: Nu Binding Update b loi b nh m t trong Section 9.2 hay Section 9.5.1, mt Binding Acknowledgement khng c gi i.Nu khc, hnh ng theo nguyn tc sau. Nu mt Acknowledge (A) bit c bt ln trong Binding Update, mt Binding Acknowledgement MUST be sent. Nu khc, hnh ng theo nguyn tc sau. Nu node t chi Binding Update do w hn nonce index, mt Binding Acknowledgement phi c gi i. Nu node chp nhn Binding Update, Binding Acknowledgement khng c gi i. Nu node chp nhn mt Binding Update to hoc cp nht mt th cho binding, trng status trong Binding Acknowledgement phi c gn gi tr nh hn 128. Nu khc trng status phi c gn gi tr ln hoc bng 128. Nu trng status trong Binding Acknowledgement ch gi tr 136 (expired home nonce index), 137 (expired care-of nonce index), hay 138 (expired nonces) th tin tc khng c bao gm la chnBinding Authorization Data mobility option. Ngc li, la chn Binding Authorization Data mobility phi c km theo. 9.5.5. Gi mt Binding Refresh Requests Nu mt th Binding Cache xa m vn tip tc c hiu lc khi m gi gi tin n MN, gi tip theo gi n MN s c nh tuyn 1 cch bnh thng n lin kt nh ca MN. Lin lc vi MN tip tc, tuy nhin ng hm n mng nh to ra tr khi truyn gi n MN. Nu ngi gi bit rng th Binding Cache vn cn s dng c, n c th gi mt Binding Refresh Request message n MN trnh tnh trng tr bng cch xa hay to li th Binding Cache entry. .
Johnson, et al.
Standard Track
[Page 54 ]
RFC 3775
June 2004
10. Hot ng ca HA
10.1. Cu trc d liu nim :
HA phi duy tr mt kho kt ni v HA . Mt Router c xc nhn l HA khi n gi mt thng bo Router trong bt HA c set . Khi thi gian tn ti ht hn , d liu s c xa khi HA list . Mi HA list s cha nhng thng tin sau : o a ch IP ng dn a phng ca HA . Thng tin ny c bit thng qua a ch ngun o Mt hoc nhiu a ch ton cc o Thi gian tn ti ca list o Nhng HA lin i
10.2. Qun l nhng header di ng :

Tt c nhng HA u phi tun th lut trong phn 9.2 i vi header di ng
10.3. Qun l kt ni :
10.3.1.ng k a ch ph thc u tin : Khi mt nt nhn cp nht kt ni phi xc nhn n , xc thc n vi HA Phn ny m t cc bc x l khi MN cn yu cu ng k a ch ph thc u tin . Trc tin , HA cn thc hin nhng buc kim tra nh sau : MN phi tr li mt thng bo xc nhn kt ni ti HA Nu a ch home khng ging vi trong list ca HA n s tr li cho MN mt thng bo xc nhn v trng status c set l 132 Nu HA b cp nht kt ni v mt l do khc n phi gi tr li mt gi tr thng bo l do
Johnson, et al.
Standard Track
[Page 55 ]
RFC 3775
June 2004
Ty chn a ch home phi c trong thng bo .N c xc nhn theo nhng lut l no Nu HA chp nhn kt ni , n s thm vo mt entry trong cache Nt s c ng k nh l mt HA v n s tn ti cho n khi thi gian ht hn . Nu HA cha hon ton kt ni c vi a ch home n s gi thng tin xc nhn mt ln na trc khi gi xc nhn kt ni tr v cho MN. iu ny s m bo l khng c nt no khc trong ng link home nhn c cp nht kt ni . a ch c th s c test thng qua bit Link-Local Address Compatibility (L) , nh sau : L=0: ch vi a ch c cho , khng lin quan ti nhng a ch trn link home L=1: xc nhn cho c a ch ng link home Thi gian tn ti ca entry trong list ph thuc nhng yu t nh sau : Khng c ln hn thi gian tn ti ca cp nht kt ni . Khng c ln hn thi gian valid ca subnet prefix trong a ch home ca MN HA s tr li cp nht kt ni cho MN theo cu tr nh sau : Trng status phi c set ti mt gi tr thnh cng ch nh . Gi tr 1 s c dng nu nh subnet prefix khng c chp thun hoc ht hn . Nu khng gi tr 0 s c dng . Key Management Mobility Capability (K) bit c set nu nh nhng iu kin sau tha mn : o The Key Management Mobility Capability (K) bit c set trong cp nht kt ni o Lin kt an ninh IPsec gia HA v MN c thit lp ng . o HA c th bit im cui khi MN di chuyn dng giao thc qun l kha ng . Ph thuc vo gi tr bit cui cng trong xc nhn kt ni , HA s thc hin nh sau : K=0 Xa b kt ni .
Johnson, et al.
Standard Track
[Page 56 ]
RFC 3775 K=1
June 2004
Di chuyn n a ch ph thc mi . Trng chui s phi c copy t trung trong cp nht kt ni . Trng thi gian tn ti cn c set bi HA tha mn nhng iu kin cn thit.
10.3.2.Ngng ng k a ch ph thc u tin : Trng hp khi MN v nh hoc n bit rng khng c a ch no trong mng hin ti Khi MN nh a ch ngun cng chnh l a ch home . Khi bt u qu trnh cp nht kt ni , HA phi thc hin nhng bc kim tra sau : Nu nh a ch home khng c trong entry list ca HA th n s xa cp nht kt ni v gi xc nhn thng bo Nu HA khng xa cp nht kt ni , n s xa entry lien quan n MN v gi cp nht kt ni vi ni dung nh sau : Trng status set l 0 , m ch thnh cng . The Key Management Mobility Capability (K) bit c xa v a ch home c xem l a ch ph thc u tin The Sequence Number field MUST be copied from the Sequence Number given in the Binding Update. Thi gian tn ti c set l 0 Ty chn di ng c b . Thm vo HA ngng bt gi v khng cn thit na
10.4. Qun l gi tin :

10.4.1.Can thip nhng gi tin cho MN Khi mt node phc v nh mt HA , n phi can thip vo gi tin gi cho MN . lm c vic ny n thng bo cho ng dn home thay cho MN . Thng bo xung quanh phi c set vi nhng ngoi l sau :
Johnson, et al.
Standard Track
[Page 57 ]
RFC 3775
June 2004
a ch ch phi l a ch IP c th ca MN . The Router (R) bit phi c set l 0 . The Solicited Flag (S) khng c set . The Override Flag (O) phi c set thng bo ny cp nht cho nhng nt no ang cha . a ch ngun l HA dng gi thng bo ny .
10.4.2.Qun l nhng gi tin b can thip : HA s gi gi tin cho MN dng th tc ng dn phn hi , v gi ti a ch ph thc ca n Trc khi gi n cho MN , HA phi thc hin an ninh IPsec m bo bo mt 10.4.3.iu khin quan h multicast : Phn ny h tr nhng thng bo multicast theo nhm . Nu khng h tr nhng tin ny s khng c x l 10.4.4.T nh dng a ch tng minh : Mt nh dng a ch mi gi l DHCPipv6 10.4.5.X l nhng gi tin b tr li : Nu kt ni gia MN v HA khng c , HA phi h tr th tc nh sau : ng dn ti HA dng th tc bt IP . N c th b xa v th tc ny ch bo v ng dn home v CN . 10.4.6.Bo v nhng gi tin ng dn phn hi HA dng IPsec ESP cho vic bo v nhng gi tin Nhng thut ton v m ha c trnh by trong nhng phn trc
10.5. Khm ph a ch HA ng :
MN bit c nhng HA thay th trong ng dn v khi cn n c th thay i . 10.5.1.Nhn nhng thng bo Router
Johnson, et al.
Standard Track
[Page 58 ]
RFC 3775 Cc bc phn tch :
June 2004
Nu Home Agent (H) bit khng c set , xa nhng entry tn ti trong list c lin quan n router Phn tch a ch IP trong header . Xem xt nhng tham chiu cho HA ny . Quyt nh thi gian tn ti cho HA ny . Nu thng bo cha Router c sn trong list m n c thi gian tn ti l khng th xa entry , nu thi gian tn ti l hu hn th reset n li
10.6. Gi thng tin Prefix cho MN :

10.6.1.Danh sch nhng prefix mng home : MN khi ra khi nh s nhn c thng bo prefix . Thng bo ny s cho bit nhng thng tin v subnet prefix ca mng HA 10.6.2.K hoch phn phi prefix : HA s ln k hoch thng bo prefix mi cho MN : PHI: Thi gian tn ti s c set li reset . NN: Mt prefix mi c thm vo . Mt thut ton mi c thc hin MaxScheduleDelay = min (MaxMobPfxAdvInterval, Preferred Lifetime), Thi gian tr cui cng cho thng bo : RAND_ADV_DELAY = MinMobPfxAdvInterval + (rand() % abs(MaxScheduleDelay - MinMobPfxAdvInterval)) 10.6.3.Gi nhng thng bo : Tun theo nhng phn m mt gi tin phi c vi a ch ngun l HA v a ch ch l a ch ph thc ca MN
Johnson, et al.
Standard Track
[Page 59 ]
RFC 3775
June 2004
11. Hot ng ca MN
11.1. Cu trc d liu nim :
Mi MN phi duy tr danh sch cp nht kt ni t HA hoc ti CN . Mi entry cha nhng phn sau y : a ch IP m cp nht kt ni ang gi ti . The home address for which that Binding Update was sent. a ch ph thc Gi tr khi u ca thi gian tn ti . Thi gian cn li ca kt ni . Gi tr ln nht ca chui s Thi im m mt kt ni sau cng c gi . Trng thi truyn li . Mt c quyt nh l c mt cp nht khc trong tng lai hay khng . p nht kt ni cha nhng phn sau : Thi im cui cng ca thng bo gn nht . Trng thi truyn li . Gi tr cookie dng trong thng bo khi to Home token nhn t CN . Indice nhn t CN Thi im nhn token
11.2. Qun l header di ng :

M t trong phn 9.2
11.3. Qun l gi tin :

11.3.1.Gi gi tin trong khi ra khi nh MN s chn a ch lm a ch ngun nh sau : Giao thc trn IP s x l chung nhng gi tin cho MN . Nu MN nh , n s dng a ch home gi . Nu ra ngoi n s gi thng cho CN nu kt ni tn ti , nu khng n dng tunnel ngc
MN s dng a ch ph thc lm a ch ngun khi ra ngoi
Johnson, et al.
Standard Track
[Page 60 ]
RFC 3775
June 2004
Nu n dng a ch home gi , khng c mt giao thc IPv6 no cn thit cho vic truyn gi tin . Khi i ra ngoi n s c gi theo 2 cch sau : Ti u ng truyn : sCch ny khng cn phi i qua mng home . MN cn m bo entry CN c th x l gi tin . Do mt entry cn phi c : C th : Hnh thnh gi tin vi a ch home l mt a ch ngun . Thm vo ty chn a ch home Thay i a ch ngun thnh mt trong nhng a ch ph thc . a ch ngun hay chnh l a ch home . a ch ch hay chnh l a ch CN . Mt trong nhng a ch ph thc hin ti . Entry ch rng kt ni khi to thnh cng . Thi gian cn li ca kt ni .
Reverse Tunneling y l c cu tunnel gi tin thng qua HA . N khng hiu qu nh cch trn nhng n l cn thit khi khng c kt ni ti CN . C th : Gi tin c gi ti HA dng th tc bt IP a ch ngun l a ch ph thc u tin trong list ca HA . a ch ch l HA .
11.3.2.Thng nht vi qun l IPsec : S thng nht gia IPv6 v Ipsec . Ipsec dng trong mode truyn v MN dng a ch home trong gi tin
Johnson, et al.
Standard Track
[Page 61 ]
RFC 3775
June 2004
Gi tin c to ra bi giao thc v nhng ng dng cp cao hn (e.g., by TCP) khi MN nh v dng giao thc IPv6. Gi tin s c so snh vi an ninh IPv6 quyt nh qu trnh qun l no c dng [4]. Nu Ipsec c dng , mt SA mi s c to cho gi tin . Khi ra khi nh , MN s dng gii thut ti u ng truyn v tunnel ngc truyn .
11.3.3. Nhn gi tin khi i ra khi nh : Khi i ra khi nh , MN s nhn gi tin gi HA thng qua 2 cch : Gi tin gi cho MN khng c entry cache kt ni s gi ti HA v truyn ti MN . Gi tin nu c entry cache kt ni s gi ti a ch ph thc dng header ng dn loi 2
11.3.4.Gi tin dn multicast : Khi nh , trn ng home link MN d dng nhn c gi tin multicast t nhm . Nhng khi di ra ngoi , n cn mt giao thc nhn c multicast cho nhm . MN s gi thng bo iu khin multicast cho HA v khi nhn c gi tin HA s tunnel cho n . Vic truyn ny c thc hin sau kh MN c kt ni ti HA . MN mun gi cn c 2 ty chn sau : 1. Gi thng thng qua ng link bn ngoi . ng dng ch cn quan tm n a ch ph thc v ng link bn ngoi 2. Gi thng qua tunnel t HA . 11.3.5.Nhn thng bo li ICMP : Bt c nt no khng nhn ra header di ng s tr li thng bo li ICMP ,v khi entry trong list kt ni s c xa 11.3.6.Nhn thng bo li kt ni : Nu MN nhn mt gi tin thng bo li kt ni m trong entry list ca n khng c n s xa thng bo . iu ny l cn thit v s lm trn b nh .
Johnson, et al.
Standard Track
[Page 62 ]
RFC 3775
June 2004
Nu trng status l 1 , MN nn thc hin nhng bc sau :: Nu m MN nhn ra kt ni vn c thit lp , thng bo s uc b qua gim thiu x l . Nu khng c , n s thc hin li th tc ng dn phn hi to kt ni mi
Nu trng status l 2 , MN nn thc hin nhng bc sau : Nu MN khng mong mt xc nhn t CN , n nn b qua thng bo Mt khc n dng mt m rng khc i vi trng hp c th ny .
11.4. HA v qun l Prefix

11.4.1.Khm ph a ch home ng Khi MN mun gi thng bo a ch ph thc cho HA trn ng link home nhng n khng bit chnh xc router no l HA . lm c iu MN s gi mt thng bo ICMP Home Agent Address Discovery Request message multicast ti ng link home . V c th MN s ng k kt ni vi HA . Nu n khng nhn c tr li xc nhn n s gi li sau mt chu k no . 11.4.2.Gi thng bo prefix di ng : Khi MN c mt a ch home nhng khng cn tc dng na , MN s gi thng bo ny yu cu mt prefix mi 11.4.3.Nhn thng bo prefix di ng : Thng bo ny c gi t HA cho MN khi MN i ra khi nh Khi MN nhn c n s x l thng bo nh sau : a ch ngun cha a ch home . Header c dng ng dn loi 2 . Trong trng hp xc nhn thnh cng , thng bo s c ghi nhn . Mt khc MN nn gi li mt thng bo i prefix khc
Johnson, et al.
Standard Track
[Page 63 ]
RFC 3775
June 2004
11.5. Di chuyn :
11.5.1.Pht hin di chuyn : Mc ch chnh l pht hin handover L3, bao gm nhng gii thut nh Router Discovery v Neighbor Unreachability Detection. Ni chung n cn c nghin cu . Khi MN pht hin ra handover L3 n s chn mt router mi v pht i mt thng bo yu cu mt a ch ph thc mi 11.5.2.Hnh thnh mt a ch ph thc mi : Khi MN nhn ra mnh di chuyn , a ch ph thc c khng cn hiu dng v n cn mt a ch ph thc mi . MN khng c gi thng bo a ch mi cho HA nhiu hn MAX_UPDATE_RATE ln trong mt giy . MN ch c mt a ch ph thc u tin ti mt thi im . Nhng nu kt ni khng thc hin c , MN cn mt s a ch d b cho trng hp ny .Hn na trong khng dy , mt MN c th kt ni vi nhiu ng link v do nhiu a ch cho nhiu ng link l iu tt nhin 11.5.3.Dng nhiu a ch ph thc : MN c th dng a ch ph thc c nh mt a ch d b , v c th n cn lin kt vi a ch Khi no m MN thy rng khng cn kt ni c na n s s dng a ch mi v tm mt a ch khc . 11.5.4.Tr v nh Trong ng k home , MN phi set Acknowledge (A) v Home Registration (H) bits, thi gian tn ti l 0 v a ch ph thc lc ny l a ch home . MN s gi thng bo kt ni ti HA router khng cn ng vai tr l HA na
11.6. Th tc ng dn phn hi :
11.6.1.Gi thng bo khi to kim tra : 11.6.2.Nhn thng bo kim tra : 2 phn trn c th xem li phn 5 hiu r hn Johnson, et al. Standard Track [Page 64 ]
RFC 3775
June 2004
11.6.3.Bo mt gi tin ng dn phn hi : MN s bt u dng a ch ph thc u tin khi gi i cp nht kt ni cho HA v c chp nhn
11.7. Qun l kt ni
C th coi li phn 5 nm thm 11.7.1.ng k tng ng : Khi MN m bo a ch home ca n l tht n s cho php CN nhn a ch ph thc ca n thng qua ng k tng ng . Th tc ny chnh l th tc ng dn phn hi theo sau bi mt ng k Th tc khi to ny nhm cp nht hoc xa i danh sch kt ni trong CN 11.7.2.Nhn xc nhn kt ni : 11.7.3.Nhn yu cu refresh kt ni :
11.8. Gi li v gii hn tc :
Khi MN gi i mt thng bo n phi quyt nh thi gian ch xc nhn gi li nu nh gi tin b mt Nu vn khng nhn c response n s gi tip nhng vi mt tc chm hn . Truyn li phi dng mt chui s ln hn gi tr ban u . i vi thng bo kim tra home v a ch ph thc phi dng mt gi tr cookie mi khi truyn li .
Johnson, et al.
Standard Track
[Page 65 ]
RFC 3775
June 2004
12. Protocol Constants

DHAAD_RETRIES INITIAL_BINDACK_TIMEOUT INITIAL_DHAAD_TIMEOUT INITIAL_SOLICIT_TIMER MAX_BINDACK_TIMEOUT MAX_NONCE_LIFETIME MAX_TOKEN_LIFETIME MAX_RR_BINDING_LIFETIME MAX_UPDATE_RATE PREFIX_ADV_RETRIES PREFIX_ADV_TIMEOUT 4 retransmissions 1 second 3 seconds 3 seconds 32 seconds 240 seconds 210 seconds 420 seconds 3 times 3 retransmissions 3 seconds
Johnson, et al.
Standard Track
[Page 66 ]
RFC 3775
June 2004
13. Protocol Configuration Variables

MaxMobPfxAdvInterval MinDelayBetweenRAs MinMobPfxAdvInterval InitialBindackTimeoutFirstReg Default: 86,400 seconds Default: 3 seconds, Min: 0.03 seconds Default: 600 seconds Default: 1.5 seconds
HA phi cho php 3 bin u tin c php cu hnh bi nh qun tr h thng, v MN phi cho php bin cui cng c php cu hnh bi nh qun tr h thng.
Johnson, et al.
Standard Track
[Page 67 ]
RFC 3775
June 2004
14. IANA Considerations

MH Type: 0 Binding Refresh Request 1 Home Test Init 2 Care-of Test Init 3 Home Test 4 Care-of Test 5 Binding Update 6 Binding Acknowledgement 7 Binding Error Mobility : 0 Pad1 1 PadN 2 Binding Refresh Advice 3 Alternate Care-of Address 4 Nonce Indices 5 Authorization Data Status Code: 0 Binding Update accepted 1 Accepted but prefix discovery necessary 128 Reason unspecified Johnson, et al. Standard Track [Page 68 ]
RFC 3775
June 2004
129 Administratively prohibited 130 Insufficient resources 131 Home registration not supported 132 Not home subnet 133 Not home agent for this mobile node 134 Duplicate Address Detection failed 135 Sequence number out of window 136 Expired home nonce index 137 Expired care-of nonce index 138 Expired nonces 139 Registration type change disallowed
Johnson, et al.
Standard Track
[Page 69 ]
RFC 3775
June 2004
15. nh gi an ninh
15.1. Nguy c :
Bt c gii php no cng phi i ph vi vic dng nhm c cu . Trong di ng IPv6 , nguy c nhiu nht l kt ni sai , thm vo c nhng tn cng ca hacker : Nguy c lin quan n cp nht kt ni . Nu mt attacker c th gi mt thng bo m HA chp thun th coi nh mt d liu. Hacker cng c can thip vo lin lc ca MN bng cch gi li cp nht kt ni c Nguy c lin quan n gi tin vi nhng header di ng Nguy c lin quan n th tc pht hin HA ng v prefix Nguy c lien quan n b nh .
15.2. Nhng thnh phn chnh :

Bao gm nhng phn sau y : ng hm ngc . Bo v cp nht kt ni ti HA v CN . Bo v chng li tn cng vo ty chn a ch home . Bo v ng hm gia MN v HA . ng nhng lin quan n header ng dn .
15.3. Cp nht kt ni ti HA
S dng thng nht tn hiu m bo MN xc thc . Thm vo bo v chng replay cng rt cn thit . MN v HA dng cng mt kha dng c cu truyn offline nhng hu nh l khng th
15.4. Cp nht kt ni ti CN
C th dng chung mt cch chung nh ti HA
15.5. Key Lengths

Hacker cng c th ph c th tc ng dn hon li bng cch nm c gi tr m ha .
Johnson, et al.
Standard Track
[Page 70 ]
RFC 3775
June 2004
Tuy nhin dng gii thut hash v ch ly 96 bit , n lm cho vic tm ra gii thut m ha l mt iu ht sc kh khn
15.6. Khm ph a ch HA ng
Kh nng tm c a ch IP ca HA l c th i vi hacker bng phng php qut . Dng ICMP , lm gim nguy c ny i rt nhiu
15.7. Khm ph prefix di ng :

Nhng thng tin cn c bo mt trnh MN c nhng thng tin lch lc dn ti kt ni nhm .
15.8. Truyn qua HA :

ng hm ny c th c bo mt thng qua nhng m ha hash HA c th dng IPsec ASP bo mt ng hm thng tin gia n vi MN .
15.9. Ty chn a ch home :

Khi MN gi thng thng tin ti CN , trng a ch ngun chnh l a ch ph thc ca MN . Ty chn a ch home thung thng bo cho CN bit a ch home ca MN . Nu kt ni gia CN v MN cha c thit lp th ty chn a ch home khng c dng
Johnson, et al.
Standard Track
[Page 71 ]
RFC 3775
June 2004
Phn 2 Dng IPsec bo v truyn tn hiu Mobile IPv6 gia Mobile Nodes v Home Agents
Johnson, et al.
Standard Track
[Page 72 ]
RFC 3775
June 2004
1. Li gii thiu
Trong Mobile IPv6, mt MN lun nh v ti mt a ch home , d n nh hay ra ngoi . a ch home l mt a ch trong subnet prefix trn ng link home . Khi MN nh , gi tin s truyn ti a ch home v ti MN thng qua ng link home Khi MN trong link ngoi , n s c nh v bng mt a ch ph thc . a ch ph thc s lin kt vi MN trong subnet perfix t ng link ngoi c th . S lin kt gia a ch home vi a ch ph thc c bit nh mt binding cho MN . Khi ra khi nh ,MN s ng k mt a ch ph thc u tin cho mt router trn home link , yu cu router ny ng vai tr nh mt home agent . MN s thc hin ng k binding bng cch gi mt Binding Update n HA . HA s tr li MN bng cch gi thng bo "Binding Acknowledgement" Mt nt khc mun lin lc vi MN c bit nh l mt "correspondent nodes". MN s cung cp thng tin v v tr hin ti ca n cho CN , mt ln na dng Binding Update v Binding Acknowledgement. Thm na , th tc ng dn phn hi thc hin gia MN , HA v CN xc thc v qun l binding . Gi tin s gi tunnel thng qua HA hoc trc tip nu tn ti binding gia MN va CN . Mobile IPv6 tunnel gi tin theo 2 hng : encapsulating hoc dng IPsec tunnel nu tunnel cn c bo v Mobile IPv6 cng h tr t nh dng mng home . Do home subnet prefixes c th thay i theo thi gian nn MN cn bit thng tin cp nht cho home subnet prefixes thng qua c cu "prefix discovery". Ti liu ny cng tho lun v vn bo mt chng li nhng attacker trnh nhng attack , chng ta dng IPsec Encapsulating Security Payload (ESP) [3] bo v lu thng gia HA v MN . iu khin giao thng bao gm nhng message trong Mobility Header nh sau : o Binding Update and Acknowledgement messages trao i gia MN v HA o Return routability messages Home Test Init v Home Test thng qua HA a ti CN o ICMPv6 messages trao i gia MN v HA nhm mc ch khi phc prefix MN v HA phi c mt IPsec security m bo lin lc an ton gia chng . IPsec khng bo m trt t ng ca message . Trt t ny do mt chui s trong Binding Update v Binding Acknowledgement messages. Chui s trong Binding Updates cng cung cp bo mt
Johnson, et al.
Standard Track
[Page 73 ]
RFC 3775
June 2004
ti mt gii hn no . nhng n cng tht bi trong mt s trng hp , IKE l gii php bo mt ton din .. Mobile IPv6 thit lp nhng yu cu chnh cho MN v HA m bo bo mt . Ti liu ny s tho lun su hn .
Johnson, et al.
Standard Track
[Page 74 ]
RFC 3775
June 2004
3. nh dng gi
3.1. Binding Updates and Acknowledgements
Khi MN ra khi nh , BU t n gi ti HA cn nhng header nh sau: IPv6 header (source = care-of address, destination = home agent) Destination Options header Home Address option (home address) ESP header in transport mode Mobility header Binding Update Alternate Care-of Address option (care-of address)
Alternate Care-of Address option c dng m bo rng a ch ph thc c bo v bi ESP. HA xem a ch trong option ny nh l a ch ph thc hin ti ca MN . a ch home c bo v trc tip bi ESP nhng a ch home c nh c bo mt lin kt c th , c i hi . Binding Acknowledgements c gi tr li cho MN phi h tr ti thiu nhng header sau : IPv6 header (source = home agent , destination = care-of address) Routing header (type 2) home address ESP header in transport mode Mobility header Binding Acknowledgement
Khi MN nh , nhng qui lut trn l khc khi MN ly a ch home lm source . Tnh hung ny xy ra khi Mn ang tr v nh . Trong tnh hung ny , Binding Updates phi h tr nhng header sau : IPv6 header (source = home address, destination = home agent) ESP header in transport mode Mobility header Binding Update
Binding Acknowledgement messages tng ng s c nhng header sau :
Johnson, et al.
Standard Track
[Page 75 ]
RFC 3775
Mobility Support in IPv6 IPv6 header (source = home agent,destination = home address) ESP header in transport mode Mobility header Binding Acknowledgement
June 2004
3.2.
Truyn tn hiu ung dn phn hi :
Khi Home Test Init messages tunnel ti HA c bo mt bng IPsec, chng phi c h tr bi nhng header sau : IPv6 header (source = care-of address, destination = home agent) ESP header in tunnel mode IPv6 header (source = home address , destination = correspondent node) Mobility Header Home Test Init
Ch s c s tha hip trong vic dng a ch ph thc hay dng a ch home lm a ch ch . . Tng t , khi Home Test messages tunnel t HA c bo mt bi IPsec , chng n s c h tr bi nhng header sau : IPv6 header (source = home agent , destination = care-of address) ESP header in tunnel mode IPv6 header (source = correspondent node , destination = home address) Mobility Header Home Test
nh dng ny s m bo cho nhng gi tin c gi ti ch khi MN di chuyn . HA th khng thay i trong khi a ch ph thc th thay i . Khi MN c a ch ph thc mi , gi tin s c mt a ch ngun mi cn phi cp nht . Ch rng HA cn gi tin c xc thc m khng cn bit s thay i a ch ngun , do ngi gi mi ch cn c cng kha bo mt nh ln gi trc . iu ny gip ngi gi chng thc l cng mt thc th m khng cn bit s thay i a ch ngun . Qu trnh ny s phc tp hn bn pha HA , khi HA cha thng tin a ch ph thc trc trong Security Association Database nh l a ch ch bn ngoi . Khi IKE c dng , MN chy n trn phn u ca a ch ph thc , v ch bo mt vn dng cng mt a ch khi IKE ang chy . HA c th tunnel mt Home Test message ti MN , n dng a ch ph thc hin ti nh l a ch ch cho nhng gi tin , gi s bo mt bit c r a ch bn ngoi ca MN . Khng cn nh dng mi hoc thit lp li vng IKE khi ang di chuyn .
3.3.
Prefix Discovery
Standard Track [Page 76 ]
Johnson, et al.
RFC 3775
June 2004
Nu IPsec c dng bo m khi phc prefix , yu cu prefix t MN ti HA s cn c nhng header sau : IPv6 header (source = care-of address, destination = home agent) Destination Options header Home Address option (home address) ESP header in transport mode ICMPv6 Mobile Prefix Solicitation
Ln na nu nh IPsec c dng , nhng thng bo thng tin perfix t HA n MN s gm c nhng header sau : IPv6 header (source = home agent , destination = care-of address) Routing header (type 2) home address ESP header in transport mode ICMPv6 Mobile Prefix Advertisement
3.4.
Payload Packets ( gi tin )
Nu IPsec c dng bo m gi tin tunnel t HA n MN , chng ta dng nh dng nh trong phn 3.2 . Tuy nhin thay v dng Mobility Header, nhng gi tin ny c th cha nhng giao thc IPv6 hp php : IPv6 header (source = care-of address, destination = home agent) ESP header in tunnel mode IPv6 header (source = home address ,destination = correspondent node) Any protocol
Tng t , khi dng IPsec dng m bo gi tin tunnel t MN n HA , chng ta dng nh dng gm nhng header sau : IPv6 header (source = home agent, destination = care-of address) ESP header in tunnel mode IPv6 header (source = correspondent node, destination = home address) Any protocol
Johnson, et al.
Standard Track
[Page 77 ]
RFC 3775
June 2004
4. Nhng yu cu :
Phn ny m t nhng lnh bt buc cho nhng MN Mobile IPv6 v HA. Nhng lut ny khin cho lin lc IPsec tin hnh trong khi di chuyn , bo mt m bo tt , v m bo nhng trt t qun l ng cho gi tin Nhng lut ny ch cp cho i hi khi lin lc gia MN v HA , cn nhng yu cu ring khi dng IPsec cho MN khng nm trong phn ny .
4.1.
H tr bt buc :
Nhng yu cu sau p dng cho c MN v HA : o nh dng ty chn an ninh IPsec c h tr . nh dng kha din ra bn ngoi mng , th d khi MN nh dng dng HA ca n . o Qun l kha t ng dng IKE [4] c l c h tr . Ch c IKEv1 c tho lun trong ti liu ny . C cu qun l kha t ng khc tn ti v xut hin trn IKEv1, nhng ti liu ny khng a ra vn lin quan n chng . o ESP encapsulation ca Binding Updates v Acknowledgements gia MN v HA phi c h tr v phi c dng . o ESP encapsulation ca Home Test Init v Home Test messages tunnel gia MN v HA phi c h tr v nn c dng o ESP encapsulation ca ICMPv6 messages lin quan n khi phc perfix phi c h tr v nn c dng . o ESP encapsulation ca nhng gi tin gia MN v HA c l c h tr v c dng . o Nu giao thc iu khin membership multicast v giao thc t nh dng a ch c h tr, bo mt d liu cho nhng giao thc ny phi c h tr .
4.2.
Nhng yu cu policy:
Nhng yu cu sau y p dng cho c MN v HA : o Khi mt gi tin c gi ti nt nhn kt hp vi bo mt Ipsec , a ch xut hin trong Home Address destination option c xem nh a ch ngun ca gi tin Ch rng home address option xut hin trc IPsec headers. Johnson, et al. Standard Track [Page 78 ]
RFC 3775
June 2004
o Tng t a ch home trong Type 2 Routing header hng ti nt nhn c xem nh a ch ch ca gi tin , khi gi tin kt hp vi an ninh IPsec . Tng t vic thc hin cng c a vo trong qun l Routing header nh c m t trn cho Home Address destination option. o Khi IPsec c dng bo v truyn tn hiu ng dn phn hi hoc nhng gi tin , bo mt ny ch c ng dng trong nhng gi tin ng dn phn hi nm trong interface gi tunnel IPv6 gia MN v HA . Vn ny c th thc hin thng qua nhng entry database bo mt cho interface tunnel . Nhng quy tc ny khng p dng cho tt c lin lc vt l , nhng ch i vi nhng giao tip tunnel . o S qun l MN da trn s y nhim ca user hay machine . Ch h iu hnh a ngi dng cho php tt c ngi dng ca mt nt dng bt c a ch IP no gn vi nt . iu ny gii hn kh nng ca HA c th xc nh t a ch home ti mt user c th trong mt mi trng nh th . Nu xc nhn ngi dng trong mt mi trng a ngi dng , vic nh dng nn qun l ton b cc a ch home lin kt vi nt o Khi MN tr v nh v ng k li vi HA , tunnel gia HA v a ch ph thc ca MN s b xa b . Nhng entry bo mt , c dng bo v tunnel gia HA v MN phi cho ch inactive (th d s xa chng i v s ci li sau ny thng qua mt API). Nu bo mt c to ng dng IKE, chng n s t ng xa i khi ht hn . Nu bo mt c to thng qua nh dng bng tay , chng n s hu dng v hot ng khi MN ra khi nh ln na . Bo mt cho Binding Updates v Acknowledgements, v khm ph prefix khng nn xa b khi n khng cn ph thuc vo ni ph thc v c th c dng li Nhng lut sau dng cho MN : o MN phi dng Home Address destination option trong Binding Updates v Mobile Prefix Solicitations, c gi ti HA t a ch ph thc o Khi MN nhn mt lot thay i prefixes t HA thng qua perfix discovery , cn phi nh dng nhng entry bo mt mi , v c l cng cn lin kt bo mt mi . N nm ngoi hot vi ca nhng phung php ny Nhng lut sau dng cho HA : o HA phi dng Type 2 Routing header trong Binding Acknowledgements v Mobile Prefix Advertisements c gi ti MN , ln na cn thy mt a ch home khi kim tra policy c thc hin .
Johnson, et al.
Standard Track
[Page 79 ]
RFC 3775
June 2004
o Cn trnh kh nng mt MN s dng lin kt bo mt ca n gi mt Binding Update thay cho mt MN khc dng cng mt HA . trnh chuyn ny , nhng entry database policy bo mt khng th mp m xc nhn mt lin kt an ninh n khi gi Binding Updates gia a ch home c cho v HA khi lin kt bo mt IPsec kha bng tay c thc hin . Khi kha ng c s dng ,security policy database entries phi xc nh r rng s y nhim IKE pha 1 m c th c dng to lin kt bo mt cho Binding Updates nhng a ch home c th . Cch lin kt c duy tr nm ngoi hoi vi c th , nhng chng cng c duy tr , th d , nh mt bng qun l a phng trong HA . Nu ID pha 1 l mt tn min chun y (FQDN), mt hnh thc bo mt DNS c l cng c dng . o Khi nhng perfix thng bo t HA thay i , cn nh dng nhng policy entries bo mt mi , v cng cn nh dng lin kt bo mt mi .
4.3.
Qun l giao thc IPsec :
Nhng yu cu sau c p dng cho c HA v MN : o Khi bo mt Binding Updates, Binding Acknowledgements, v prefix discovery, c MN v HA phi h tr v nn dng Encapsulating Security Payload (ESP) header khi lin lc v phi dng mt mt thut ton qun l gi tin khng null cung cp nhng qun l d liu gc , thng nht kt ni v bo v anti-replay ty chn . H tr bt buc vi nhng thut ton m ha v thng nht bo mt c nh ngha trong RFC 2401 [2], RFC 2402 [8], v RFC 2406 [3]. Tuy nhin cn quan tm khi chn gii thut gii m cho ESP. Thut ton thng nht bo mt hin ti ni chung l quan trng . Thut ton m ha , DES, bt buc bi chun IPsec hin ti . y l vn c th khi lin kt IPsec c nh dng bng tay , v cng mt kha s dng trong mt thi gian di o Tunnel mode IPsec ESP phi c dng bo mt nhng gi tin ph thuc vo th tc ng dn phn hi . B chuyn i non-null encryption v thut ton non-null authentication phi c p dng . Ch th tc ng dn phn hi dng trao i 2 message gia MN v CN . Mc ch trao i ny l m bo MN lin kt vi home c a ch ph thc chnh xc . Mt trong nhng trao i l c gi ti v t CN trong khi ci khc c tunnel thng qua HA . Nu mt tn cng trn ng link ca MN v ng link hin ti ca MN l mt mng khng dy khng an ton , ngi tn cng s thy ton b messages, v tn cng vo n . Mt ngi c th ngn cn tn cng bng cch m bo nhng gi tin truyn qua HA c m ha Note that this specification concerns itself only with on-the-wire formats, and does not dictate specific implementations mechanisms. In the case of IPsec tunnel mode, the use of IP-in-IP encapsulation followed by IPsec transport mode encapsulation may Johnson, et al. Standard Track [Page 80 ]
RFC 3775 also be possible.
June 2004
Nhng quy tc sau ng dng cho MN : o Khi ESP c dng bo v thng bo cp nht kt ni , khng c bo mt cho a ch ph thc xut hin trong header IPv6 bn ngoi vng bo v ca ESP. iu ny l quan trng cho HA xc nhn rng a ch ph thc khng b xm nhp . V khi , ngi tn cng s phn hi giao thng ca MN ti mt a ch khc . ngn cn chuyn ny , qun tr Mobile IPv6 phi dng ty chn di ng a ch ph thc thay th trong cp nht kt ni gi ti MN khi MN ra khi nh . Ngoi l l khi MN tr v nh v bt u ng k a ch home nh v tr hin ti Trong trng hp ny th khng cn ty chn thay th . Khi IPsec c dng bo v ng dn phn hi hoc nhng gi tin , MN phi set a ch ngun m n dng trong tunnel gi tin ti a ch ph thc hin ti . MN bt u dng a ch ph thc u tin ngay khi gi cp nht kt ni ti HA ng k a ch mi ny . Tng t , n bt u dng a ch mi nh l a ch ch ca nhng gi tin nhn t HA . Nhng quy tc sau ng dng cho HA : o Khi IPsec c dng bo v ng dn phn hi hoc nhng gi tin, lin kt bo mt IPsec c cn cung cp bo v ny . Khi a ch ph thc cho MN thay i va lc cp nht kt ni c chp thun , mt gii php c bit cn lm cho gi tin k tip c gi dng lin kt bo mt . HA phi set a ch ph thc mi nh l a ch ch ca gi tin ny , nu nh header outer ca lin kt an ninh thay i .Tng t, HA bt u ch a ch ngun mi trong gi tin c nhn t MN . S thay i a ch nh th c th c thc hin , th d , thng qua API t qu trnh Mobile IPv6 ti qu trnh IPsec . Nn ch rng vic dng API nh th v nhng thay i a ch ch phi c thc hin khi cp nht kt ni c nhn bi HA v c bo mt dng IPsec. Vic nh dng a ch da trn nhng ngun khc , nh l cp nht kt ni ti CN c bo v bi ng dn phn hi , hoc quyn ng nhp m API t ng dng no c th dn ti ph hng bo mt .
4.4.
Kha ng :
Nhng qui nh sau p dng cho c HA v MN : o Nu bo v chng replay c thc hin , kha ng phi c dng . IPsec c th cung cp bo v chng replay ch khi kha ng c dng (nhng n khng lun l gii php ). IPsec cng khng bo m trnh t ng ca gi tin , ch c th n mi khng b replay . V vn ny , chui s bn trong thng bo Mobile IPv6 c dng m bo trnh t ng .Tuy nhin nu chui s 16 bit Mobile IPv6 lp vng , hoc HA khi ng li hoc mt trng thi ca Johnson, et al. Standard Track [Page 81 ]
RFC 3775
June 2004
n i vi nhng chui s , khi tn cng replay hoc recording l c th xy ra . Vic dng kha ng , bo v chng replay IPsec , v nhng chui s Mobile IPv6 c th cng nhau ngn cn nhng tn cng nh vy . Nu IKE bn 1 c dng vi m chia s trc trong mode chnh , n s quyt nh m chia s dng t a ch IP ngang hng . Tuy nhin vi Mobile IPv6 ,vn ny c l l a ch ph thc v khng xc nh MN no mun lin lc vi HA . Do , nu qun tr m chia s trc c dng trong IKEv1 gia MN v HA th trng thi tn cng phi c dng . Cng nn ch rng nhu cu quan tm phi c thc hin vi la chn xc nhn pha 1. Ch m ti xc nhn ID_IPV6_ADDR c dng , bng xc nhn r rng kha l khng th Ch kh khn trong mode chnh v m chia s trc trong IKE version 1 c bit n cho nhng a ch ng . Vi a ch tnh , khng c vn g c. Tuy nhin vi Mobile IPv6, vic dng a ch ph thc chy IKE ti HA a ra mt vn ngay c khi a ch home c nh Nhng qui nh ng dng cho MN : o Thm vo nhng qui nh trn , if nu kha ng c dng , giao thc qun l kha phi dng a ch ph thc nh a ch ngun khi trao i giao thc vi HA ca MN
o Tuy nhin bo mt IPsec vi HA ca MN dng a ch home . l do bo mt IPsec phi c yu cu t giao thc qun l kha dng a ch home ca MN nh mt xc nhn khch . H thng bo mt bo v cp nht kt ni v xc nhn kt ni c yu cu cho giao thc header di ng trong mode truyn ti v cho nhng a ch IP nh im u cui . Khng c mt la chn no khc . Tng t , h thng bo mt bo v khi phc prefix l cn thit cho giao thc ICMPv6 v nhng a ch IP c th , ln na cng khng c la chn khc . H thng bo mt cho nhng gi tin v bo mt ng dn phn hi c i hi cho mt giao din ng hm c th v c giao thc gi tin hoc Header di ng , trong ch ng hm . Trong trng hp ny pha i hi im cui l a ch IP v pha cn li l mt wildcard, v khng c la chn no khc . o Nu MN dng IKE version 1 thit lp h thng bo mt vi HA ca n , n nn theo nhng th tc tho lun trong phn 11.7.1 v 11.7.3 ca phn c s [7] xem xt coi im cui IKE c th c di chuyn hay khng nu IKE pha 1 phi c thit lp li . Nhng qui nh sau p dng cho HA : o Nu HA dng IKE version 1 thit lp h thng bo mt vi MN , n nn theo nhng th tc trong phn 10.3.1 v 10.3.2 trong phn c s [7] xem xt coi im cui IKE c th c di chuyn hay khng nu IKE pha 1 phi c thit lp li .
Johnson, et al.
Standard Track
[Page 82 ]
RFC 3775
June 2004
5. nh dng th
Sau y chng ta s m t CSDL chnh sch bo mt (SPD) v CSDL h thng bo mt (SAD) cn thit bo v thng bo cp nht kt ni v xc nhn kt ni c trao i gia MN v HA . Phn 5.1 gii thiu nh dng chng ta s dng trong phn SPD v SAD. Phn 5.2 m t cch nh dng bng tay h thng bp mt IPsec c kha m khng cn kha ng , v phn 5.3 m t cch dng kha ng .
5.1.
Format
nh dng c dng nh sau . SPD description c nh dng nh sau : <node> "SPD OUT:" "-" <spdentry> "-" <spdentry> ... "-" <spdentry> <node> "SPD IN:" "-" <spdentry> "-" <spdentry> ... "-" <spdentry> Trong <node> l tn ca nt , v <spdentry> c nh dng nh sau : "IF" <condition> "THEN USE SA " <sa> | "IF" <condition> "THEN USE SA " <pattern> | Trong <condition> l biu thc lun l v trng ca gi tin IPv6, <sa> l tn ca mt h thng bo mt c th , v <pattern> l h thng bo mt c th c phn phi trn IKE [4]. SAD description c nh dng sau : <node> "SAD:" "-" <sadentry> "-" <sadentry> ... "-" <sadentry> Trong <node> l tn ca nt , v <sadentry> c nh dng nh sau : Johnson, et al. Standard Track [Page 83 ]
RFC 3775
June 2004
<sa> "(" <dir> "," <spi> "," <destination> "," <ipsec-proto> "," <mode> ")" ":" <rule> Trong <dir> l "IN" hoc "OUT", <spi> l SPI h thng bo mt , <destination> l im ch ca n , <ipsec-proto> l trong trng hp "ESP" ca chng ta , <mode> hoc l "TUNNEL" hoc l "TRANSPORT", v <rule> l biu thc m t phn chn IPsec, th d., trng no ca gi tin IPsec phi c gi tr no . Chng ta s dng MN th d trong phn ny vi a ch home l "home_address_1". Xc nhn ca user trong MN ny l "user_1". a ch ca HA l "home_agent_1".
5.2.
nh dng bng tay :

Cp nht v xc nhn kt ni :
5.2.1.
y l ni dung ca SPD v SAD bo v thng bo cp nht v xc nhn kt ni : mobile node SPD OUT: - IF source = home_address_1 & destination = home_agent_1 & proto = MH THEN USE SA SA1 mobile node SPD IN: - IF source = home_agent_1 & destination = home_address_1 & proto = MH THEN USE SA SA2 mobile node SAD: - SA1(OUT, spi_a, home_agent_1, ESP, TRANSPORT): source = home_address_1 & destination = home_agent_1 & proto = MH - SA2(IN, spi_b, home_address_1, ESP, TRANSPORT): source = home_agent_1 & destination = home_address_1 & proto = MH home agent SPD OUT: - IF source = home_agent_1 & destination = home_address_1 & proto = MH Johnson, et al. Standard Track [Page 84 ]
RFC 3775 THEN USE SA SA2
June 2004
home agent SPD IN: - IF source = home_address_1 & destination = home_agent_1 & proto = MH THEN USE SA SA1 home agent SAD: - SA2(OUT, spi_b, home_address_1, ESP, TRANSPORT): source = home_agent_1 & destination = home_address_1 & proto = MH - SA1(IN, spi_a, home_agent_1, ESP, TRANSPORT): source = home_address_1 & destination = home_agent_1 & proto = MH trn MH i din cho s giao thc trong Header di ng [7]. 5.2.2. Thng tin ng dn phn hi :
Sau y chng ta s m t nhng phn SPD v SAD cn thit bo v truyn tin ng dn phn hi gia MN v HA . Ch nhng qui nh trong SPD c sp xp theo trt t , v nhng ci trong phn trc s c quyn u tin hn so vi nhng ci ny . Ni cch khc , nhng phn u tin hn s xy ra trong phn u ca danh sch th t SPD RFC 2401 [2]. mobile node SPD OUT: - IF interface = IPv6 IPv6 tunnel to home_agent_1 & source = home_address_1 & destination = any & proto = MH THEN USE SA SA3 mobile node SPD IN: - IF interface = IPv6 tunnel from home_agent_1 & source = any & destination = home_address_1 & proto = MH THEN USE SA SA4 mobile node SAD: - SA3(OUT, spi_c, home_agent_1, ESP, TUNNEL): source = home_address_1 & destination = any & proto = MH - SA4(IN, spi_d, care_of_address_1, ESP, TUNNEL): source = any & destination = home_address_1 & proto = MH Johnson, et al. Standard Track [Page 85 ]
RFC 3775
June 2004
home agent SPD OUT: - IF interface = IPv6 tunnel to home_address_1 & source = any & destination = home_address_1 & proto = MH THEN USE SA SA4 home agent SPD IN: - IF interface = IPv6 tunnel from home_address_1 & source = home_address_1 & destination = any & proto = MH THEN USE SA SA3
home agent SAD: - SA4(OUT, spi_d, care_of_address_1, ESP, TUNNEL): source = any & destination = home_address_1 & proto = MH - SA3(IN, spi_c, home_agent_1, ESP, TUNNEL): source = home_address_1 & destination = any & proto = MH H thng bo mt t HA n MN dng a ch ph thc hin ti nh im ch . Nh c tho lun trc y , a ch ny c cp nht trong SAD khi MN di chuyn . N c th c khi to ti HA trc khi MN ng k 5.2.3. Khi phc Prefix :
Sau y chng ta s m t nhng phn thm SPD v SAD bo v khi phc perfix . Ch rng nhng SPDs c m t trn bo v cho tt c giao thng ICMPv6 traffic gia MN v HA , v c l IPsec khng c kh nng phn bit c nhng loi ICMPv6 khc nhau . mobile node SPD OUT: - IF source = home_address_1 & destination = home_agent_1 & proto = ICMPv6 THEN USE SA SA5. mobile node SPD IN: - IF source = home_agent_1 & destination = home_address_1 & proto = ICMPv6 THEN USE SA SA6 mobile node SAD: - SA5(OUT, spi_e, home_agent_1, ESP, TRANSPORT): source = home_address_1 & destination = home_agent_1 & proto = ICMPv6 Johnson, et al. Standard Track [Page 86 ]
RFC 3775
June 2004
- SA6(IN, spi_f, home_address_1, ESP, TRANSPORT): source = home_agent_1 & destination = home_address_1 & proto = ICMPv6 home agent SPD OUT: - IF source = home_agent_1 & destination = home_address_1 & proto = ICMPv6 THEN USE SA SA6 home agent SPD IN: - IF source = home_address_1 & destination = home_agent_1 & proto = ICMPv6 THEN USE SA SA5
home agent SAD: - SA6(OUT, spi_f, home_address_1, ESP, TRANSPORT): source = home_agent_1 & destination = home_address_1 & proto = ICMPv6 - SA5(IN, spi_e, home_agent_1, ESP, TRANSPORT): source = home_address_1 & destination = home_agent_1 & proto = ICMPv6 5.2.4. Gi tin ti :
C th thc hin thm nhng bo mt ph ty chn cho gi tin trong ng hm .Bo mt ny din ra tng t nh bo mt ng dn phn hi trn , nhng i hi mt gi tr khc ca trng giao thc. Nhng phn SPD v SAD cn thit c cho thy bn di . chnh l nhng phn cho vic bo mt thng bo cp nht v xc nhn kt ni , v nhng phn bo mt cho thng bo khi to kim tra home v thng bo kim tra home u tin trn nhng phn ny . mobile node SPD OUT: - IF interface = IPv6 tunnel to home_agent_1 & source = home_address_1 & destination = any & proto = X THEN USE SA SA7 mobile node SPD IN: - IF interface = IPv6 tunnel from home_agent_1 & source = any & destination = home_address_1 & proto = X THEN USE SA SA8 Johnson, et al. Standard Track [Page 87 ]
RFC 3775
June 2004
mobile node SAD: - SA7(OUT, spi_g, home_agent_1, ESP, TUNNEL): source = home_address_1 & destination = any & proto = X - SA8(IN, spi_h, care_of_address_1, ESP, TUNNEL): source = any & destination = home_address_1 & proto = X home agent SPD OUT: - IF interface = IPv6 tunnel to home_address_1 & source = any & destination = home_address_1 & proto = X THEN USE SA SA8 home agent SPD IN: - IF interface = IPv6 tunnel from home_address_1 & source = home_address_1 & destination = any & proto = X THEN USE SA SA7 home agent SAD: - SA8(OUT, spi_h, care_of_address_1, ESP, TUNNEL): source = any & destination = home_address_1 & proto = X - SA7(IN, spi_g, home_agent_1, ESP, TUNNEL): source = home_address_1 & destination = any & proto = X Nu mi quan h nhm multicast iu khin giao thc nh l MLDv1 [9] hoc MLDv2 [11] cn c bo mt , nhng gi tin ny c l nn dng mt a ch ng dn a phng hn l a ch home ca MN . V th m ngun v ch c th c cho nh l mt wildcard v nhng phn SPD s lm vic c nht da trn giao din v giao thc c dng , l ICMPv6 cho c MLDv1 v MLDv2. Nhng vn tng t c th c i ph khi s dng giao thc nh dng a ch tng minh DHCPv6 [10]. Mc tiu hng ti cng l dng DHCPv6 . DHCPv6 dng giao thc UDP. H tr cho nhiu lp bt tin (nh l ESP c bt tin trong ESP) khng bt buc bi RFC 2401 [2] , ni cch khc n l mt vn thng xute6n . Do rt hu ch khi nh dng giao thc X trong nhng phn trn k c AH hoc ESP.
5.3.
Kha ng :
Trong phn ny chng ta a ra nh dng th dng IKE to nhng h thng an ninh . 5.3.1. Cp nht v xc nhn kt ni : Johnson, et al. Standard Track [Page 88 ]
RFC 3775
June 2004
y l nhng ni dung ca SPD cho vic bo mt thng bo cp nht v xc nhn kt ni : mobile node SPD OUT: - IF source = home_address_1 & destination = home_agent_1 & proto = MH THEN USE SA ESP TRANSPORT: local phase 1 identity = user_1 mobile node SPD IN: - IF source = home_agent_1 & destination = home_address_1 & proto = MH THEN USE SA ESP TRANSPORT: local phase 1 identity = user_1 home agent SPD OUT: - IF source = home_agent_1 & destination = home_address_1 & proto = MH THEN USE SA ESP TRANSPORT: peer phase 1 identity = user_1
home agent SPD IN: - IF source = home_address_1 & destination = home_agent_1 & proto = MH THEN USE SA ESP TRANSPORT: peer phase 1 identity = user_1 Chng ta a ra nhng chi tit v vic truyn tin c ngh trn , v nhng chi tit c lin quan n nhng phng php qun l c th nh l nhng chng nhn c lit k nh mt ch s xc nhn c th , m phi c dng . Chng ta cn dng IKE version 1 dng a ch ph thc nhng vn dng IPsec SAs cho a ch home . iu kin ph c thit lp cho HA SPD xc nhn mt thit b ngang hng pha 1 l "user_1" phi c xc nhn bi HA . Mc ch ca iu kin ny l m bo cho vic to ra IKE pha 2 a ch home ca ngi dng khng th pht cho ngi dng khc Trong MN , chng ta n gin ch thit lp ID a phng l "user_1". Nhng kim tra ny cng xc nh rng nh dng ca HA l c th ngi dng c ngha l : Mi ngi dng ca a ch home cn mt phn nh dng c th . N c th lm n gin i nhim v nh dng bng nhng s xc minh m c a ch home trong trng Subject AltName . Tuy nhin , khng r rng nu nh hot ng IKE cho php mt a ch c s dng cho vic mang nhng phn pht IKE khi mt a ch khc c xc minh l c dng . Trong bt c trng hp no , nhng phng php ny i hi nhng nhim v c th ngi dng trong qun l vic xc minh . 5.3.2. Thng bo ng dn phn hi : Johnson, et al. Standard Track [Page 89 ]
RFC 3775
June 2004
Bo mt ng dn phn hi c th thc hin theo cch nh trn . mobile node SPD OUT: - IF interface = IPv6 tunnel to home_agent_1 & source = home_address_1 & destination = any & proto = MH THEN USE SA ESP TUNNEL: outer destination = home_agent_1 & local phase 1 identity = user_1 mobile node SPD IN: - IF interface = IPv6 tunnel from home_agent_1 & source = any & destination = home_address_1 & proto = MH THEN USE SA ESP TUNNEL: outer destination = home_agent_1 & local phase 1 identity = user_1 home agent SPD OUT: - IF interface = IPv6 tunnel to home_address_1 & source = any & destination = home_address_1 & proto = MH THEN USE SA ESP TUNNEL: outer destination = home_address_1 & peer phase 1 identity = user_1 home agent SPD IN: - IF interface = IPv6 tunnel from home_address_1 & source = home_address_1 & destination = any & proto = MH THEN USE SA ESP TUNNEL: outer destination = home_address_1 & peer phase 1 identity = user_1 H thng bo mt t HA n MN dng a ch ph thc hin ti nh im ch . Nh c tho lun t trc , a ch ny c cp nht trong SAD khi MN di chuyn . Nhng phn SPD c th c vit dng a ch home , nu nh vic cp nht a ch ph thc trong SPD cng thc hin trong bo mt . 5.3.3. Pht hin prefix : Sau y chng ta s m t nhng phn SPD thm bo mt pht hin prefix vi IKE. (Ch khi mt prefix mi c pht hin , cn phi nhp nhng phn SPD nh dng bng tay xc nh quyn truy cp cho a ch home mi .) mobile node SPD OUT: - IF source = home_address_1 & destination = home_agent_1 & Johnson, et al. Standard Track [Page 90 ]
RFC 3775
June 2004
proto = ICMPv6 THEN USE SA ESP TRANSPORT: local phase 1 identity = user_1 mobile node SPD IN: - IF source = home_agent_1 & destination = home_address_1 & proto = ICMPv6 THEN USE SA ESP TRANSPORT: local phase 1 identity = user_1 home agent SPD OUT: - IF source = home_agent_1 & destination = home_address_1 & proto = ICMPv6 THEN USE SA ESP TRANSPORT: peer phase 1 identity = user_1 home agent SPD IN: - IF source = home_address_1 & destination = home_agent_1 & proto = ICMPv6 THEN USE SA ESP TRANSPORT: peer phase 1 identity = user_1 5.3.4. Gi tin : Bo mt gi tin cng nh i vi ng dn phn hi . Trong trng hp kha tay , nhng phn SPD ny c quyn u tin thp hn nhng ci trn . mobile node SPD OUT: - IF interface = IPv6 tunnel to home_agent_1 & source = home_address_1 & destination = any & proto = X THEN USE SA ESP TUNNEL: outer destination = home_agent_1 & local phase 1 identity = user_1 mobile node SPD IN: - IF interface = IPv6 tunnel from home_agent_1 & source = any & destination = home_address_1 & proto = X THEN USE SA ESP TUNNEL: outer destination = home_agent_1 & local phase 1 identity = user_1 home agent SPD OUT: - IF interface = IPv6 tunnel to home_address_1 & source = any & destination = home_address_1 & proto = X THEN USE SA ESP TUNNEL: outer destination = home_address_1 & peer phase 1 identity = user_1 Johnson, et al. Standard Track [Page 91 ]
RFC 3775
June 2004
home agent SPD IN: - IF interface = IPv6 tunnel from home_address_1 & source = home_address_1 & destination = any & proto = X THEN USE SA ESP TUNNEL: outer destination = home_address_1 & peer phase 1 identity = user_1
Johnson, et al.
Standard Track
[Page 92 ]
RFC 3775 6.
June 2004
Nhng bc qun l bn trong mt nt
6.1.
Cp nht kt ni ti HA :
Bc 1. Ti MN , Mobile IPv6 module u tin s to nhng gi nh sau : IPv6 header (source = home address, destination = home agent) Mobility header Binding Update Bc 2 . Gi ny s c kt hp vi IPsec SPD trn MN v chng ta nn ch rng IPsec phi c p dng . Bc 3. Sau chng ta thm nhng ty chn Mobile IPv6 nhng cha thay i a ch ,. Kt qu l : IPv6 header (source = home address,destination = home agent) Destination Options header Home Address option (care-of address) Mobility header Binding Update Bc 4. Cui cng IPsec headers c thm vo v nhng gi tr truy cp cn thit s c tnh : IPv6 header (source = home address,destination = home agent) Destination Options header Home Address option (care-of address) ESP header (SPI = spi_a) Mobility header Binding Update spi_a y l gi tr SPI hoc nh dng bng tay , hoc c tha thun trong nhng ln trao i IKE trc . Bc 5. Trc khi gi gi tin i , a ch trong IPv6 header v Destination Options header c thay i : IPv6 header (source = care-of address,destination = home agent) Destination Options header Home Address option (home address) Johnson, et al. Standard Track [Page 93 ]
RFC 3775 ESP header (SPI = spi_a) Mobility header Binding Update
June 2004
6.2.
Cp nht kt ni t MN :
Bc 1. Gi tin sau y c nhn ti HA : IPv6 header (source = care-of address,destination = home agent) Destination Options header Home Address option (home address) ESP header (SPI = spi_a) Mobility header Binding Update Bc 2. Ty chn a ch home c x l u tin , c kt qu nh sau : IPv6 header (source = home address,destination = home agent) Destination Options header Home Address option (care-of address) ESP header (SPI = spi_a) Mobility header Binding Update Bc 3. ESP header c x l k tip : IPv6 header (source = home address,destination = home agent) Destination Options header Home Address option (care-of address) Mobility header Binding Update Bc 4. Gi tin ny kt hp vi nhng qui lut c th hin trong h thng bo mt (source = home address, destination = home agent, proto = MH). Bc 5. Mobile IPv6 x l cp nht kt ni . Cp nht kt ni c phn phi vi Mobile IPv6 module. Bc 6. Nu c mt h thng bo mt trong CSDL bo mt cho ng dn phn hi hoc gi tin cho MN , nhng h thng bo mt ny cp nht vi a ch ph thc
6.3.
Xc nhn kt ni ti MN :
Standard Track [Page 94 ]
Johnson, et al.
RFC 3775
June 2004
Bc 1. Mobile IPv6 a ra nhng gi tin nh sau : IPv6 header (source = home agent,destination = home address) Mobility header Binding Acknowledgement Bc 2. Gi tin ny s kt hp vi nhng phn IPsec , v chng ta nn nh rng IPsec phi c p dng . Bc 3. Sau chng ta thm Route Headers cn thit nhng cha thay i a ch . Kt qu l : IPv6 header (source = home agent,destination = home address) Routing header (type 2) care-of address Mobility header Binding Acknowledgement Bc 4. Chng ta p dng IPsec: IPv6 header (source = home agent,destination = home address) Routing header (type 2) care-of address ESP header (SPI = spi_b) Mobility header Binding Acknowledgement Bc 5. Cui cng trc khi gi i chng ta thay a ch trong IPv6 header v Route header: IPv6 header (source = home agent,destination = care-of address) Routing header (type 2) home address ESP header (SPI = spi_b) Mobility header Binding Acknowledgement
6.4.
Xc nhn kt ni t HA :
Bc 1. Gi tin sau c nhn ti MN : IPv6 header (source = home agent,destination = care-of address) Routing header (type 2) Johnson, et al. Standard Track [Page 95 ]
RFC 3775 home address ESP header (SPI = spi_b) Mobility header Binding Acknowledgement
June 2004
Bc 2. Sau khi routing header c x l , gi tin tr thnh : IPv6 header (source = home agent,destination = home address) Routing header (type 2) care-of address ESP header (SPI = spi_b) Mobility header Binding Acknowledgement Bc 3. ESP header c x l k tip , kt qu : IPv6 header (source = home agent,destination = home address) Routing header (type 2) care-of address Mobility header Binding Acknowledgement Bc 4. Gi tin ny kt hp vi nhng qui nh trong h thng bo mt (source = home agent, destination = home address, proto =MH). Bc 5. Xc nhn kt ni c phn phi ti Mobile IPv6 module.
6.5.
Khi to kim tra home ti HA :
Bc 1. MN to thng bo khi to kim tra home : IPv6 header (source = home address,destination = correspondent node) Mobility header Home Test Init Bc 2. Mobile IPv6 xc nhn gi tin i theo ng hm ti HA . Bc 3. Gi tin c kt hp vi nhng phn qui nh IPsec cho giao din , v chng ta s nhn thy IPsec cn c ng dng . Bc 4. Nhng header trng thi ng hm IPsec c thm vo . Ch rng chng ta dng a ch ph thc nh mt a ch ngun cho gi tin ng hm . Johnson, et al. Standard Track [Page 96 ]
RFC 3775
June 2004
IPv6 header (source = care-of address,destination = home agent) ESP header (SPI = spi_c) IPv6 header (source = home address, destination = correspondent node) Mobility header Home Test Init Bc 5. Gi tin c gi ti HA dng phng thc bt tin IPsec.
6.6.
Khi to kim tra home t MN :
Bc 1. HA nhn gi tin nh sau : IPv6 header (source = care-of address,destination = home agent) ESP header (SPI = spi_c) IPv6 header (source = home address,destination = correspondent node) Mobility Header Home Test Init Bc 2. Qu trnh x l IPsec c thc hin , kt qu l : IPv6 header (source = home address,destination = correspondent node) Mobility Header Home Test Init Bc 3. Gi tin nhn c kt hp vi nhng qui nh trong h thng bo mt IPsec v c th c x l thm na . Bc 4. Gi tin ri s c hung thng ti CN .
6.7.
Kim tra home ti MN :
Bc 1. HA nhn gi tin kim tra home t CN : IPv6 header (source = correspondent node,destination = home address) Mobility Header Home Test Init Bc 2. HA xc nh gi tin ny c hng ti MN khi ra khi nh , v quyt nh truyn ng hm cho n . Bc 3. Gi tin c kt hp vi nhng phn qui nh IPsec cho giao din , v chng ta s nhn thy IPsec cn c ng dng. Johnson, et al. Standard Track [Page 97 ]
RFC 3775
June 2004
Bc 4. IPsec c p dng , hnh thnh gi tin mi . Ch rng HA lun nm v tr hin ti ca MN , v cp nht a ch im cui ng hm trong h thng bo mt tng ng IPv6 header (source = home agent,destination = care-of address) ESP header (SPI = spi_d) IPv6 header (source = correspondent node,destination = home address) Mobility Header Home Test Init Bc 5. Gi tin c gi ti a ch ph thc dng phng thc bt tin IPsec.
6.8.
Kim tra home t HA :
Bc 1. MN nhn gi tin nh sau : IPv6 header (source = home agent, destination = care-of address) ESP header (SPI = spi_d) IPv6 header (source = correspondent node,destination = home address) Mobility Header Home Test Init Bc 2. IPsec c x l , kt qu l : IPv6 header (source = correspondent node,destination = home address) Mobility Header Home Test Init Bc 3. Kt hp vi qui nh trong h thng bo mt (source = any, destination = home address). Bc 4. Gi tin c a ti x l Mobile IPv6 .
6.9.
Thng bo i hi Prefix ti Home Agent
Th tc ny ging nh gii thiu phn 6.1.
6.10. Thng bo i hi Prefix t Mobile Node

6.11. Thng bo prefix ti Mobile Node
Johnson, et al.
Standard Track
[Page 98 ]
RFC 3775
June 2004
6.12. Thng bo prefix t Home Agent

6.13. Gi tin ti Home Agent

6.14. Gi tin t Mobile Node

6.15. Gi tin ti Mobile Node

6.16. Gi tin t Home Agent

6.17. Thit lp h thng bo mt mi :

Bc 1. MN mun dng cp nht kt ni ti HA IPv6 header (source = home address,destination = home agent) Mobility header Binding Update Bc 2. Khng c h thng bo mt tn ti bo v cp nht kt ni v th MN khi to IKE. Gi tin IKE c gi theo mu sau . Gi u l th d v gi tin c gi t MN , v gi th 2 c gi t HA . Th d cho thy m xc minh pha 1 c dng cho MN l FQDN. IPv6 header (source = care-of address,destination = home agent) UDP IKE ... IDii = ID_FQDN mn123.ha.net ...
IPv6 header (source = home agent,destination = care-of address) UDP IKE Johnson, et al. Standard Track [Page 99 ]
RFC 3775
June 2004
... IDir = ID_FQDN ha.net ... Bc 3. IKE phase 1 hon thnh , v phase 2 c khi to yu cu h thng bo mt bo v giao thng gia a ch home ca MN v HA . Nhng a ch ny l c chn . iu ny dn ti vic nhn v gi nhng gi tin ph IKE. Th d bn di cho thy mt gi tin gi t MN v mt gi t HA . Th d cho thy m xc minh pha 2 c dng cho MN chnh l a ch home ca MN IPv6 header (source = care-of address,destination = home agent) UDP IKE ... IDci = ID_IPV6_ADDR home address ... IPv6 header (source = home agent,destination = care-of address) UDP IKE . IDcr = ID_IPV6_ADDR home agent ... Bc 4. Nhng bc cn li c trong phn 6.1.
6.18. H thng bo mt dng i kha :

Bc 1. MN va HA tn ti h thng bo mt . Mi bn s quyt nh khi no s thay i kha ,th d nh thi gian sng ca n . Bc 2. Nhng gi tin header di ng c gi i trong qu trnh i kha c l c bo v bng h thng bo mt ang tn ti . Bc 3. Khi i kha xong , h thng bo mt mi c thit lp . C th l trong thi gian chuyn tip th c h thng c v mi u tn ti . Ci mi nn c dng khi n sn sng Bc 4. Mt ghi ch v vic xa ci c s c tip nhn . Sau , ch c ci mi c dng .Ch khng c i hi cho s tn ti ca IPsec v h thng bo mt IKE lin kt vi kt ni . Khng cn xa h thng bo mt nu nh kt ni b hy , v mt kt ni mi s c thit lp sau . V phn cng tng tc m ha ch c th xoay x c mt s lng h thng bo mt nht nh , h thng bo mt c th s b xa trn IKE gi s lng l ti thiu . Vic xa khng lin quan n chuyn mt kt ni vi bn ngoi . Nu mt ng giao thng ph cn c thit lp , th mt h thng an ninh mi l cn thit bo v n
6.19. S di chuyn v kha ng :

Johnson, et al. Standard Track [Page 100 ]
RFC 3775
June 2004
Trong phn ny chng ta s tho lun mt s chuyn lin quan gia vic di chuyn v h thng bo mt da trn IKE. trng thi ban u ,MN khng c ng k bt c ni no v khng c h thng bo mt vi HA . Ty thuc vo nt tng ng c di chuyn n v tr ph thc mi hay khng , nhng hot ng trong bc 9 v 10 l khc nhau . Bc 1. MN vi a ch home A di chuyn ti a ch ph thc B. Bc 2. MN chy IKE t a ch ph thc B ti HA , thit lp pha 1. HA ch hot ng nh ngi tr li trc khi bit v tr hin ti ca MN . Bc 3. c bo v bi pha 1, MN thit lp mt cp h thng bo mt cho vic bo v giao thng header di ng ti v t a ch home A. Bc 4. MN gi mt cp nht kt ni v nhn mt xc nhn kt ni dng h thng bo mt c to bc 3 . Bc 5. MN thit lp mt cp h thng bo mt cho nhng gi tin ca ng dn phn hi . H thng bo mt ny ch ng hm v im cui ca chng bn pha MN chnh l a ch ph thc B. V mc ch ca v d , bc ny dng kt ni thit lp bc 2. Nhiu lin kt pha 1 vn cho php. Bc 6. MN dng h thng bo mt c to Bc 5 Chy ng dn phn hi .
Bc 7. MN di chuyn ti v tr mi v a ra a ch ph thc mi C. Bc 8. MN gi mt cp nht kt ni v nhn mt xc nhn kt ni dng h thng bo mt to bc 3 .HA m bo gi tin k tip c gi dng h thng bo mt c to bc 5 s c a ch ph thc mi nh l a ch ch ca n , nu nh a ch ch header thay i . Bc 9. Nu MN v HA c kh nng thay i im cui , chng n s thay i a ch n C. Nu chng n khng c kh nng , c 2 nt ny u phi xa lin kt phase 1 c to vi a ch ph thc B v s thit lp IKE phase 1 mi trn nh ca a ch ph thc C. Kh nng ny s thay i im cui IKE phase 1 c ch nh trong c (K) qun l kha di ng [7] trong thng bo cp nht v xc nhn kt ni . Bc 10. Nu mt kt ni IKE pha 1 mi c thit lp sau khi di chuyn , MN khng th nhn bt k thng bo no t h thng bo mt IKE c . Thng bo t u h thng bo mt IKE pha 1 mi s c tip nhn v x l . Nu MN v HA c th cp nht im cui IKE , chng n c th tip tc dng kt ni IKE pha 1 c . Johnson, et al. Standard Track [Page 101 ]
RFC 3775
June 2004
7. 7.1. IPsec
Xem xt hot ng
Ch rng nh dng gi tin v trt t header tho lun trong phn 3 phi c h tr , nhng vic thc hin c l h tr nhng nh dng khc . Ni chung , vic dng nhng nh dng khng i hi y c th dn ti x l sai t thit b tng ng , nu nh h tr ca nhng nh dang ny khng c xc nh trc . Vic xc minh nh th c th c din ra ng thi vi vic nhng tham s ca h thng bo mt c ng . . Trong nhng trng hp ny , mt xc minh nh th l khng cn thit khi thit b ngang hng dng nhng h tr c th IPv6. . Chng ta chn nh dng bt file cho bo mt th tc ng dn phn hi v bo mt gi tin m ch c th c nhn ra nu im ch ca gi tin IPsec c gi t HA c th thay i khi MN di chuyn . Mt trong nhng l do chnh dng nh dng l n xa 24 byte u khi ty chn a ch home hoc header ng dn c thm vo trong gi tin trong ng hm . Phn u nh th khng c ngha trong bo mt cho gi tin ng dn phn hi , nhng s to mt phn u ph nu IPsec c dng bo mt ng hm cho gi tin ti HA . Phn u ny c ngha cho giao thng thi gian thc . h tr a ch ph thc nh a ch ch bn pha MN , HA phi hnh ng nu nh a ch header ch trong h thng bo mt ti MN b thay i khi di chuyn . Phng php l t do khi thc hin s thay i ny , nh l dng mt API vi vic thc hin IPsec thay i tham s ca h thng bo mt , xa h thng v to h thng mi , hoc nh dng ca gi tin sau khi n i qua h thng x l . Yu cu duy nht khi ng k kt ni mi ti HA , gi tin IPsec k tip c gi theo h thng bo mt s c a n a ch ph thc mi . Chng ta nn qui nh c th i vi mt giao din ng hm . iu ny c ngha l vi thc hin c lin quan n ng hm HA MN nh l mt giao din bit lp m trn IPsec SPDs c th c dng . Mt vn na ca x l IPsec trn giao din ng hm l i hi truy cp ti vic thc hin BITS trc khi gi tin thc s i ra
7.2.
IKE
Chng ta yu cu rng giao thc qun l kha ng phi c quyt nh qun l i vi vic thit lp h thng bo mt IPsec vi nhng a ch khc nhau hn l nhng g m qun l kha ang chy . Chng ta mong rng iu ny s c thc hin bng cch nh dng kt ni cho php gia m xc nhn ngi dng pha 1 v a ch home . Khi qun l xc thc c dng , phn mnh IKE c th c gii quyt . iu ny c th xy ra khi dy chuyn xc nhn c dng , hoc ngay c vi nhng xc thc n nu chng qu ln . Nhiu tng la khng gii quyt c vn phn mnh .Router trn ng dn cng
Johnson, et al.
Standard Track
[Page 102 ]
RFC 3775
June 2004
phn mnh sau ln u tin v n s khng c header IP full m so snh vi mt danh sch ng nhp . Ni m phn mnh xy ra , im cui s khng th thit lp h thng bo mt . May mn thay , vic thc hin Mobile IPv6 dng chui xc nhn ngn , v n kt ni thng ti mng nh . Khi s c xy ra , c l l kh (gi s nh i ra ngoi ) khi thay th tng la hoc router vi thit b h tr phn mnh . N c l gip cha xc nhn thit b tng ng a phng , hoc c chng thng qua nhng phng tin khc .
7.3.
Bump-in-the-Stack
Mobile IPv6 t ra cc yu cu cao cho mt mu thc hin ca IPsec gi l Bump-In-TheStack. As Mobile IPv6 specific modifications of the packets are required before or after IPsec processing, the BITS implementation has to perform also some tasks related to mobility. This may increase the complexity of the implementation, even if it already performs some tasks of the IP layer (such as fragmentation). Specifically, Bump-in-the-Stack implementations may have to deal with the following issues: o Processing the Home Address destination option and Routing header type 2 to a form suitable for IPsec processing to take place. This is needed, among other things, for the security association and policy lookups. While relatively straightforward, the required processing may have a hardware effect in BITS implementations, if they use hardware support beyond the cryptographic operations. o Detecting packets sent between the mobile node and its home agent using IPv6 encapsulation. o Offering the necessary APIs for updating the IPsec and IKE security association endpoints.
Johnson, et al.
Standard Track
[Page 103 ]
RFC 3775
June 2004
8. IANA Considerations
No IANA actions are necessary based on this document. IANA actions for the Mobile IPv6 protocol itself have been covered in [7].
Johnson, et al.
Standard Track
[Page 104 ]
RFC 3775
June 2004
9. Security Considerations
The Mobile IPv6 base specification [7] requires strong security between the mobile node and the home agent. This memo discusses how that security can be arranged in practice, using IPsec. The security considerations related to this are documented in the base specification, including a discussion of the implications of using either manual or dynamic keying.
Johnson, et al.
Standard Track
[Page 105 ]
RFC 3775
June 2004
REFERENCE
1. RFC 3776 2. RFC 3775
Johnson, et al.
Standard Track
[Page 106 ]

MIPv 6

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

MIPv 6

Uploaded by

Copyright:

Available Formats

TRNG I HC BCH KHOA TP.H CH MINH CHNG TRNH O TO KS.

Mn hc: Thng tin & truyn d liu s

Mobility Support in IPv6

Phn 1: H tr di ng trong IPv6

Phn 2: Dng IPsec bo v truyn tn hiu Mobile IPv6 gia

Mobility Support in IPv6

Mobility Support in IPv6

Mobility Support in IPv6

Mobility Support in IPv6

Mobility Support in IPv6

Mobility Support in IPv6

Mobility Support in IPv6

Mobility Support in IPv6

2. So snh vi IP di ng dnh cho IPv4

Mobility Support in IPv6

Mobility Support in IPv6

RFC 3775 First (size, input)

Mobility Support in IPv6

Hm "First (size, input)" ch vic ct d liu ban u , ch cn size bit u c gi li .

3.2. Thut ng ca Mobile IPv6

Mobility Support in IPv6

Mobility Support in IPv6

Mobility Support in IPv6

Mobility Support in IPv6

4. Khi qut v Mobile IPv6

4.2. Giao thc IPv6 mi :

Mobility Support in IPv6

4.3. Ty chn ch IPv6 mi

4.4. Tin bo ICMP IPv6 mi :

Mobility Support in IPv6

4.5. Thut ng cu trc d liu nim :

4.6. Site-Local Addressability ( phn gii site local )

Mobility Support in IPv6

5. Tng quan v an ninh Mobile IPv6

Mobility Support in IPv6

Mobility Support in IPv6

RFC 3775 Chui xc nhn m home :

Mobility Support in IPv6

RFC 3775 Binding Update

Mobility Support in IPv6

5.3. 5.4. 5.5.

Mobile IPv6 a ra ty chn ch a ch home ,header ng dn , v header ng dn trong payload packets.

Mobility Support in IPv6

6. Giao thc , loi tin bo v ty chn ch IPv6 mi :

RFC 3775 Checksum

Mobility Support in IPv6

Mobility Support in IPv6

Mobility Support in IPv6

Mobility Support in IPv6

Mobility Support in IPv6

Mobility Support in IPv6

Mobility Support in IPv6

Mobility Support in IPv6

Mobility Support in IPv6

6.3. Ty chn a ch home :

Mobility Support in IPv6

6.4. Header ng dn loi 2 :

RFC 3775 Next Header

Mobility Support in IPv6

6.5. Thng bo yu cu khi phc a ch home ICMP

Mobility Support in IPv6

6.6. Thng bo tr li khi phc a ch home ICMP

6.7. nh dng thng bo yu cu tip u ng di ng ICMP