1 ip service authorization support and mobility selection for x.s0011-e source: qualcomm inc.: masa...
TRANSCRIPT
1
IP Service Authorization Support andMobility Selection for X.S0011-E
Source:QUALCOMM Inc.:Masa Shirota, George Cherian, Jun Wang, mshirota/gcherian/[email protected]
KDDI:Yusuke Hirano, Masanori Usui, y-hirano/[email protected]
Sprint:Brent Hirschman, [email protected]
Notice ©2008. All rights reserved.
The contributors grants a free, irrevocable license to 3GPP2 and its Organizational Partners to incorporate text or other copyrightable material contained in the contribution and any modifications thereof in the creation of 3GPP2 publications; to copyright and sell in Organizational Partner’s name any Organizational Partner’s standards publication even though it may include all or portions of this contribution; and at the Organizational Partner’s sole discretion to permit others to reproduce in whole or in part such contribution or the resulting Organizational Partner’s standards publication. The contributors are also willing to grant licenses under such contributor copyrights to third parties on reasonable, non-discriminatory terms and conditions for purpose of practicing an Organizational Partner’s standard which incorporates this contribution.
This document has been prepared by the contributors to assist the development of specifications by 3GPP2. It is proposed to the Committee as a basis for discussion and is not to be construed as a binding proposal on the contributors. The contributors specifically reserves the right to amend or modify the material contained herein and nothing herein shall be construed as conferring or offering licenses or rights with respect to any intellectual property of the contributors other than provided in the copyright statement above.
2
Requirements and Assumptions• There are needs from operators to support authorization of IP services for dual stack
IPv4 and IPv6 operations.
• The AT may be authorized with one or more of the following IP services:– IPv4– IPv6– MIPv4 – MIPv6 (If MIPv6 is authorized, IPv6 has also to be authorized.)– IPv4 with PMIPv4– IPv4 PMIPv6– IPv6 with PMIPv4– IPv6 PMIPv6
• X.S0028-A (WLAN Interworking), X.S0054 (Converged Access Network) and X.S0061 (Network PMIP Support) already support IP Service Authorization. X.S0011 should also be able to provide the same service.
• AT shall also be able to indicate mobility preference.– If CMIP is preferred by the mobile, it shall be able to inform the NW about it.
• NW makes the final decision on the selection of the mobility protocol based on local policy or IP Service Authorization information etc.
• PDSN does not inform AT about the selection between Simple IP and PMIP.
3
Proposal for IP Service Authorization
• During PPP authentication, the HAAA sends IP-Services-Authorized Attribute in an Access Accept Message if access authentication (CHAP, PAP) is successful.
• An implicit indication based on standard PPP, DHCP procedures will be used to indicate if a certain service is not authorized to the AT in stead of defining any new message from the PDSN. The procedures have already been specified in X.S0061.
• Legacy Mobile IPv4 single mode AT may not perform PPP authentication. In this case, IP Service Authorization relies on Mobile IP registration procedure. If the service is not authorized, MIP registration is failed.
4
IP-Services-Authorized Attribute
IP-Services-Authorized RADIUS VSA: The IP-Service-Authorized VSA indicates whether the MS is authorized for using IPv4, IPv6, MIPv4, MIPv6, Simple IP with PMIP.
S4P6
S6P4
S4P4
M6
M4
S6
S4
Type (1 octet): 26Length (1 octet): 12Vendor ID (4 octets): 5535
Type Length Vendor ID
Vendor ID Vendor-Type Vendor-Len
0 31
Authorized IP Services
Authorized IP Services:
S6P6
Vendor-Type (1 octet): 185Vendor-Length (1 octet): 6
S4: Set to 1 if Simple IPv4 service is authorizedS6: Set to 1 if Simple IPv6 service is authorized. If M6 is set to 1, this bit shall also be set to 1.M4: Set to 1 if MIPv4 is authorizedM6: Set to 1 if MIPv6 is authorizedS4P4: set to 1 if Simple IPv4 with Network PMIP4 is authorized.S6P4: Set to 1 if Simple IPv6 with Network PMIP4 is authorized.S4P6: set to 1 if Simple IPv4 with Network PMIP6 is authorized.S6P6: Set to 1 if Simple IPv6 with Network PMIP6 is authorized.
RRRRRRR
5
Recommendation
• Adopt the followings:– IP Service Authorization attribute should be added.
– Refer X.S0061 for IP Service Authorization and IP Mobility Selection Procedures
6
Appendix
7
Implicit Indication for Non Authorization
• AT accesses with Simple IPv4 while Simple IPv4 is not authorized, but Mobile IPv4 is authorized.
– The PDSN sends IPCP Configure Reject including IP address option.• AT accesses with Simple IPv4 or Mobile IPv4 while both of them are not authorized.
– The PDSN sends IPCP Protocol Reject.• AT accesses with Mobile IPv4 while Mobile IPv4 is not authorized, but Simple IPv4 is
authorized.– The PDSN sends IPCP Configure NAK proposing IP address option with
assigned IP address.• AT accesses with Simple IPv6 or Mobile IPv6 while both of them are not authorized.
– The PDSN sends IPv6CP Protocol Reject.• AT accesses with Mobile IPv6 while Mobile IPv6 is not authorized.
– The PDSN sends DHCPv6 reply without VSP for HA information.– Or, the HA rejects a Binding Update.
8
Proposal for Mobility Selection
• Mobility Selection can be performed by using the same procedure specified in the previous slide for the Implicit indication in IP Service Authorization. (This proposal has been adopted for X.S0061. X.S0011-E should also use the same procedure.)
• New AT behavior– AT always perform PAP/CHAP authentication (This is required for AT that supports dual
stack for Simple IP and Mobile IP in X.S0011-D v2.0.)– AT indicates the preference of CMIP by initiating CMIP based IPCP procedure
• AT sends IPCP-Config-Req (no address option)– If the AT receives IPCP-Config-Ack (no address option) it continues with CMIP
• Otherwise (if AT gets IPCP-Config-Nak (address option)) it assumes PMIP/Simple IP operation
• New PDSN behavior– PDSN selects the mobility option based on various factors including the following
• NW policy• AT’s preference to use CMIP• PDSN support of PMIP• AT authorization to use a certain mobility protocol (based on the authentication procedure)
– If the mobility option selected is ‘PMIP mobility’, then • PDSN performs PMIP binding update procedure• PDSN sends IPCP-Config-Nak (IP-address option) in response to IPCP-Config-Req (without IP
address option)– Otherwise
• PDSN sends IPCP-Config-Ack (without IP address option)
9
Call-Flows – IPv4: New AT on new PDSN
IPCP-Configure-Req (no address option)
Case-1: New AT initiates CMIP4 mobility; Network grants PMIP mobility
AT PDSNHA/LMA
PBU/PRRQ
PBA/PRRPIPCP-Configure-Nak(IP-addr=IP_ADDR)
IPCP-Configure-Req(IP-addr=PDSN-IP_ADDR)
IPCP-Configure-Ack(IP-addr=PDSN-IP_ADDR)
PAP/CHAP Authentication
AAA
PAP/CHAP Authentication
NW selects PMIP for AT
IPCP-Configure-Req (IP-addr)
IPCP-Configure-Ack (IP-addr)
10
Call flows – IPv4: Legacy AT on (new) PDSN
IPCP-Configure-Req (no addr option)
Case-2: Legacy AT initiates CMIP4 mobility; Network grants CMIP mobility
AT PDSN HA
IPCP-Configure-Ack (no addr option)
IPCP-Configure-Req (no addr option)
IPCP-Configure-Ack (no addr option)
AAA
No auth performed earlier. PDSN doesn’t
assign IP address
MIP procedures
11
IPv6 mobility selection
IPv6CP-Configure-Req (addr=0)
Case 3: New AT initiates CMIP6 mobility; Network grants PMIP mobility
AT PDSNHA/LMA
PBU/PRRQ
PBA/PRRPIPv6CP-Configure-Nak(addr=Interface ID)
IPv6CP-Configure-Req(addr=LinkLocalID)
IPv6CP-Configure-Ack(addr=LinkLocalID)
PAP/CHAP Authentication
AAA
PAP/CHAP Authentication
NW selects PMIP for AT
DHCPv6 : Information Request
DHCPv6 : Reply (no HA info)
AT uses Simple-IPv6 mode
RA (prefix)
IPv6CP-Configure-Req(addr=Interface ID)
IPv6CP-Configure-Ack(addr=Interface ID)