1

IP Service Authorization Support andMobility Selection for X.S0011-E

Source:QUALCOMM Inc.:Masa Shirota, George Cherian, Jun Wang, mshirota/gcherian/jwang@qualcomm.com

KDDI:Yusuke Hirano, Masanori Usui, y-hirano/ma-usui@kddi.com

Sprint:Brent Hirschman, Brent.Hirschman@sprint.com

Notice ©2008. All rights reserved.

The contributors grants a free, irrevocable license to 3GPP2 and its Organizational Partners to incorporate text or other copyrightable material contained in the contribution and any modifications thereof in the creation of 3GPP2 publications; to copyright and sell in Organizational Partner’s name any Organizational Partner’s standards publication even though it may include all or portions of this contribution; and at the Organizational Partner’s sole discretion to permit others to reproduce in whole or in part such contribution or the resulting Organizational Partner’s standards publication. The contributors are also willing to grant licenses under such contributor copyrights to third parties on reasonable, non-discriminatory terms and conditions for purpose of practicing an Organizational Partner’s standard which incorporates this contribution.

This document has been prepared by the contributors to assist the development of specifications by 3GPP2. It is proposed to the Committee as a basis for discussion and is not to be construed as a binding proposal on the contributors. The contributors specifically reserves the right to amend or modify the material contained herein and nothing herein shall be construed as conferring or offering licenses or rights with respect to any intellectual property of the contributors other than provided in the copyright statement above.

2

Requirements and Assumptions• There are needs from operators to support authorization of IP services for dual stack

IPv4 and IPv6 operations.

• The AT may be authorized with one or more of the following IP services:– IPv4– IPv6– MIPv4 – MIPv6 (If MIPv6 is authorized, IPv6 has also to be authorized.)– IPv4 with PMIPv4– IPv4 PMIPv6– IPv6 with PMIPv4– IPv6 PMIPv6

• X.S0028-A (WLAN Interworking), X.S0054 (Converged Access Network) and X.S0061 (Network PMIP Support) already support IP Service Authorization. X.S0011 should also be able to provide the same service.

• AT shall also be able to indicate mobility preference.– If CMIP is preferred by the mobile, it shall be able to inform the NW about it.

• NW makes the final decision on the selection of the mobility protocol based on local policy or IP Service Authorization information etc.

• PDSN does not inform AT about the selection between Simple IP and PMIP.

3

Proposal for IP Service Authorization

• During PPP authentication, the HAAA sends IP-Services-Authorized Attribute in an Access Accept Message if access authentication (CHAP, PAP) is successful.

• An implicit indication based on standard PPP, DHCP procedures will be used to indicate if a certain service is not authorized to the AT in stead of defining any new message from the PDSN. The procedures have already been specified in X.S0061.

• Legacy Mobile IPv4 single mode AT may not perform PPP authentication. In this case, IP Service Authorization relies on Mobile IP registration procedure. If the service is not authorized, MIP registration is failed.

4

IP-Services-Authorized Attribute

IP-Services-Authorized RADIUS VSA: The IP-Service-Authorized VSA indicates whether the MS is authorized for using IPv4, IPv6, MIPv4, MIPv6, Simple IP with PMIP.

S4P6

S6P4

S4P4

M6

M4

S6

S4

Type (1 octet): 26Length (1 octet): 12Vendor ID (4 octets): 5535

Type Length Vendor ID

Vendor ID Vendor-Type Vendor-Len

0 31

Authorized IP Services

Authorized IP Services:

S6P6

Vendor-Type (1 octet): 185Vendor-Length (1 octet): 6

S4: Set to 1 if Simple IPv4 service is authorizedS6: Set to 1 if Simple IPv6 service is authorized. If M6 is set to 1, this bit shall also be set to 1.M4: Set to 1 if MIPv4 is authorizedM6: Set to 1 if MIPv6 is authorizedS4P4: set to 1 if Simple IPv4 with Network PMIP4 is authorized.S6P4: Set to 1 if Simple IPv6 with Network PMIP4 is authorized.S4P6: set to 1 if Simple IPv4 with Network PMIP6 is authorized.S6P6: Set to 1 if Simple IPv6 with Network PMIP6 is authorized.

RRRRRRR

5

Recommendation

• Adopt the followings:– IP Service Authorization attribute should be added.

– Refer X.S0061 for IP Service Authorization and IP Mobility Selection Procedures

6

Appendix

7

Implicit Indication for Non Authorization

• AT accesses with Simple IPv4 while Simple IPv4 is not authorized, but Mobile IPv4 is authorized.

– The PDSN sends IPCP Configure Reject including IP address option.• AT accesses with Simple IPv4 or Mobile IPv4 while both of them are not authorized.

– The PDSN sends IPCP Protocol Reject.• AT accesses with Mobile IPv4 while Mobile IPv4 is not authorized, but Simple IPv4 is

authorized.– The PDSN sends IPCP Configure NAK proposing IP address option with

assigned IP address.• AT accesses with Simple IPv6 or Mobile IPv6 while both of them are not authorized.

– The PDSN sends IPv6CP Protocol Reject.• AT accesses with Mobile IPv6 while Mobile IPv6 is not authorized.

– The PDSN sends DHCPv6 reply without VSP for HA information.– Or, the HA rejects a Binding Update.

8

Proposal for Mobility Selection

• Mobility Selection can be performed by using the same procedure specified in the previous slide for the Implicit indication in IP Service Authorization. (This proposal has been adopted for X.S0061. X.S0011-E should also use the same procedure.)

• New AT behavior– AT always perform PAP/CHAP authentication (This is required for AT that supports dual

stack for Simple IP and Mobile IP in X.S0011-D v2.0.)– AT indicates the preference of CMIP by initiating CMIP based IPCP procedure

• AT sends IPCP-Config-Req (no address option)– If the AT receives IPCP-Config-Ack (no address option) it continues with CMIP

• Otherwise (if AT gets IPCP-Config-Nak (address option)) it assumes PMIP/Simple IP operation

• New PDSN behavior– PDSN selects the mobility option based on various factors including the following

• NW policy• AT’s preference to use CMIP• PDSN support of PMIP• AT authorization to use a certain mobility protocol (based on the authentication procedure)

– If the mobility option selected is ‘PMIP mobility’, then • PDSN performs PMIP binding update procedure• PDSN sends IPCP-Config-Nak (IP-address option) in response to IPCP-Config-Req (without IP

address option)– Otherwise

• PDSN sends IPCP-Config-Ack (without IP address option)

9

Call-Flows – IPv4: New AT on new PDSN

IPCP-Configure-Req (no address option)

Case-1: New AT initiates CMIP4 mobility; Network grants PMIP mobility

AT PDSNHA/LMA

PBU/PRRQ

PBA/PRRPIPCP-Configure-Nak(IP-addr=IP_ADDR)

IPCP-Configure-Req(IP-addr=PDSN-IP_ADDR)

IPCP-Configure-Ack(IP-addr=PDSN-IP_ADDR)

PAP/CHAP Authentication

AAA

PAP/CHAP Authentication

NW selects PMIP for AT

IPCP-Configure-Req (IP-addr)

IPCP-Configure-Ack (IP-addr)

10

Call flows – IPv4: Legacy AT on (new) PDSN

IPCP-Configure-Req (no addr option)

Case-2: Legacy AT initiates CMIP4 mobility; Network grants CMIP mobility

AT PDSN HA

IPCP-Configure-Ack (no addr option)

IPCP-Configure-Req (no addr option)

IPCP-Configure-Ack (no addr option)

AAA

No auth performed earlier. PDSN doesn’t

assign IP address

MIP procedures

11

IPv6 mobility selection

IPv6CP-Configure-Req (addr=0)

Case 3: New AT initiates CMIP6 mobility; Network grants PMIP mobility

AT PDSNHA/LMA

PBU/PRRQ

PBA/PRRPIPv6CP-Configure-Nak(addr=Interface ID)

IPv6CP-Configure-Req(addr=LinkLocalID)

IPv6CP-Configure-Ack(addr=LinkLocalID)

PAP/CHAP Authentication

AAA

PAP/CHAP Authentication

NW selects PMIP for AT

DHCPv6 : Information Request

DHCPv6 : Reply (no HA info)

AT uses Simple-IPv6 mode

RA (prefix)

IPv6CP-Configure-Req(addr=Interface ID)

IPv6CP-Configure-Ack(addr=Interface ID)