Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x

Content for  TS 24.303  Word version:  18.0.0

Top   Top   Up   Prev   Next
1…   5…   5.2…   5.5A…   A…

 

5.5A  Protection of data traffic |R10|p. 25

5.5A.1  Generalp. 25

UE and HA can use the IKEv2 CREATE_CHILD_SA exchange procedure to create a child security association to be used to provide integrity protection, confidentiality protection or both, to all data traffic exchanged within the DSMIPv6 tunnel. The procedure can be initiated by the HA or by the UE at any time after the security association between UE and HA has been set up. If both UE and HA independently decide to initiate the child security association establishment, the procedure described in RFC 5996 applies. The profiles for tunnel mode IPsec ESP are defined in TS 33.402.
Up

5.5A.2  UE proceduresp. 25

After establishing the IPsec security association with the HA as described in subclause 5.1.2.2, the UE may initiate the creation of child security association pair to provide integrity protection, confidentiality protection or both. If the UE determines that the trust relationship of the non-3GPP access network is "untrusted" (see TS 24.302), the UE shall not initiate the creation of child security association. If the UE initiates the creation of child security association pair, the UE shall send to the HA a CREATE_CHILD_SA request as described in RFC 4877 and RFC 5996 with the following additions:
  1. the content of the Security Association payload is set accordingly for integrity protection, confidentiality protection or both as indicated in RFC 5996 using the IPsec profiles defined in TS 33.402; and
  2. the TSi shall contain all the Home Network Prefix assigned to the UE. If prefix delegation is used, the TSi shall also contain all the prefix(es) provided to the UE. If the UE received an IPv4 Home Address, the TSi shall also contain the IPv4 Home Address.
When the UE receives a CREATE_CHILD_SA request from the HA with selectors indicating the DSMIPv6 tunnel traffic, if the UE supports integrity protection, confidentiality protection or both, the UE shall reply with a CREATE_CHILD_SA response selecting the preferred transform proposed by the HA as specified in RFC 5996.
If the child SA is created successfully, the UE shall start encapsulating all the uplink packets in the DSMIPv6 tunnel in an IPsec ESP tunnel as negotiated with the HA during the CREATE_CHILD_SA procedure.
The UE can stop using integrity protection, confidentiality protection or both, for the DSMIPv6 tunnel traffic. In order to do that, the UE shall delete the respective child security association by sending an INFORMATIONAL request message including the DELETE payload as specified in RFC 5996.
Up

5.5A.3  HA proceduresp. 26

After establishing the IPsec security association with the UE as described in subclause 5.1.3.1, the HA may initiate the creation of child security association pair to provide integrity protection, confidentiality protection or both. If the HA receives the trust relationship indication as "untrusted" from the 3GPP AAA server during the authentication and authorization procedure or the authorization procedure (see TS 29.273), the HA shall not initiate the creation of child security association procedure. If the trust relationship indication is not received, the initiation of the creation of the child security association is implementation dependent (e.g. based on configuration). If the HA initiates the creation of child security association pair, the HA shall send to the UE a CREATE_CHILD_SA request as described in RFC 4877 and RFC 5996 with the following additions:
  1. the content of the Security Association payload is set accordingly for integrity protection, confidentiality protection or both as indicated in RFC 5996 using the IPsec profiles defined in TS 33.402; and
  2. the TSi shall contain all the Home Network Prefix assigned to the UE. If prefix delegation is used, the TSi shall also contain all the prefix(es) provided to the UE. If the UE received an IPv4 Home Address, the TSi shall also contain the IPv4 Home Address.
When the HA receives a CREATE_CHILD_SA request from the UE with selectors indicating the DSMIPv6 tunnel traffic, if the HA supports integrity protection, confidentiality protection or both, the HA shall check whether the child security association establishment can be accepted or not. If the HA receives the trust relationship indication set to "untrusted" indication from the 3GPP AAA server (see TS 29.273), the HA shall reject the child security association establishment by using the NOTIFY payload of type "NO_ADDITIONAL_SAS" in the CREATE_CHILD_SA response. If HA does not receive the trust relationship indication, whether to accept or reject the child security association is implementation dependent. Otherwise, the HA shall reply with a CREATE_CHILD_SA response selecting the preferred transform proposed by the HA as specified in RFC 5996.
If the child SA is created successfully, the HA shall start encapsulating, all the uplink packets in the DSMIPv6 tunnel in an IPsec ESP tunnel as negotiated with the UE during the CREATE_CHILD_SA procedure.
The HA can stop using integrity protection, confidentiality protection or both, for the DSMIPv6 tunnel traffic. In order to do that, the HA shall delete the respective child security association by sending an INFORMATIONAL request message including the DELETE payload as specified in RFC 5996.
Up

5.6  Attach to additional access network |R10|p. 26

5.6.1  Generalp. 26

The operations defined within subclause 5.6 apply to an IFOM capable UE configured for IFOMand a HA supporting IFOM.
The attach to additional access network procedure is performed by a UE supporting IFOM that has already established a PDN connection through an access network and decides to extend the PDN connection to another access network.
There can be two possible scenarios:
  • the existing access network is a home link and the added access network is a foreign link; or
  • the existing access network is a foreign link and the added access network is a home link.
The attach to additional access network procedure involves performing the following:
  • access specific procedure to connect and configure an IP address for the added access network;
  • discovery of a HA IP address if the UE has not obtained the IP address of the HA;
  • home link detection;
  • setting up a security association if there is no security existing association between the UE and HA; and
  • exchange of Binding Update and Binding Acknowledgement with the BID mobility option and FID mobility option between the UE and HA.
Up

5.6.2  UE proceduresp. 27

5.6.2.1  Generalp. 27

For the attach to additional access network procedure, the UE is already attached to either a home link or foreign link and discovers a new link. The UE applies the DSMIPv6 Home Link Detection Function as specified in subclause 5.1.2.3 to determine if the new link will be a home link or a foreign link. If the new link is a home link, the UE follows the procedure as specified in subclause 5.6.2.2. If the new link is a foreign link, the UE follows the procedure as specified in subclause 5.6.2.3.
Up

5.6.2.2  Attach to additional access network acting as home linkp. 27

The UE shall perform the DSMIPv6 Home Link Detection Function as specified in subclause 5.1.2.3.
In addition, the UE shall perform the initial binding registration and IPv4 Home Address assignment as specified in subclause 5.1.2.4 with the following additional rules:
  1. the UE shall send a Binding Update through the home link;
  2. the O (Overwrite) flag in the Binding Update shall be set to "0";
  3. the UE shall insert a BID mobility option in this Binding Update with:
    • the 'H' flag in the BID mobility option set to "1";
    • the Care-of Address field set to the IPv6 Home Address of the binding; and
    • the BID-PRI field set to assign the priority to the BID as indicated in RFC 6089;
  4. if routing filters were previously registered with the HA, the UE shall include a flow summary mobility option as specified in RFC 6089 listing the values of the FIDs identifying the routing filter that were previously registered; and
  5. if the UE creates one or more routing rules as specified in subclause 5.1.2.4, for each FID mobility option, the value of the BID field in the Binding Reference suboption identifies the routing address that the UE wants to use to exchange packets matching the routing filter.
When the UE receives the Binding Acknowledgment from the HA, the UE shall process the Binding Acknowledgment as specified in subclause 5.1.2.4.
Up

5.6.2.3  Attach to an additional access acting as foreign linkp. 27

The UE shall perform the same procedures described in subclause 5.1.2.4. The UE shall send the Binding Update message through the added link. In addition, the UE shall register the binding for the home link by including a BID mobility option in the Binding Update message. The BID mobility option fields for the binding for the home link are those indicated in RFC 5648 for home binding with the following distinctions:
  1. the H flag shall be set to "1";
  2. the Care-of Address field shall be set to the IPv6 HoA of the binding; and
  3. the BID-PRI field shall be set to the assigned priority of the BID as indicated in RFC 6089.
    The UE shall process the received Binding Acknowledgement as specified in subclause 5.1.2.4.
Up

5.6.3  HA proceduresp. 28

5.6.3.1  Generalp. 28

The following subclauses describe the detailed HA procedures for the case when a UE is attaching to an additional access network.

5.6.3.2  Attach to an additional access network acting as home linkp. 28

When receiving a Binding Update from the UE, the HA performs the same procedure as specified in subclause 5.2.3.2. In addition, the HA shall validate the Binding Update as described in RFC 5648, RFC 6089 and RFC 6088.

5.6.3.3  Attach to additional access acting as foreign linkp. 28

When receiving a Binding Update from the UE, the HA performs the same procedures described in subclause 5.2.3.2 and in addition the HA shall validate the Binding Update as described in RFC 5648, and RFC 6089 and RFC 6088. As described in RFC 5648, the HA shall:
  • process the IPv6 address contained in the BID option with the H flag set to 0 as the Care-of Address; and
  • process the IPv4 address contained in the BID option with the H flag set to 0 in the same way as the HA process the address contained in the IPv4 Care-of Address option in subclause 5.2.3.2.
Up

5.7  Inter-access flow mobility |R10|p. 28

5.7.1  Generalp. 28

The operations defined within this sub-clause apply to an IFOM capable UE configured for IFOM and to HA supporting IFOM.
The inter-access flow mobility is performed by the UE supporting IFOM that already established a PDN connection and exchanges packets belonging to the PDN connection through multiple access networks. The UE has previously registered one or more routing rules with the HA.
In this procedure, the UE updates the HA by performing any of the following operations:
  • assigning one or more routing filters to an access network different from the one those routing filters were previously assigned;
  • adding one or more new routing rules to the HA; or
  • removing one or more previously registered routing rules from the HA.
The procedure involves the exchange of a Binding Update and a Binding Acknowledgement with BID and FID options between the UE and the HA.
Up

5.7.2  UE proceduresp. 28

The UE performs the same procedures described in subclause 5.3.2 with the following exceptions:
  • the UE shall set the O (Overwrite) flag to 0;
  • the UE shall not include any Alternate Care-of Address option in the Binding Update message; and
  • the UE shall not include any IPv4 Care-of Address option in the Binding Update message.
In addition, the UE shall extend the Binding Update message with the following options (see RFC 5648, RFC 6089 and RFC 6088):
  1. The UE shall include a BID identifier mobility option:
    • the BID field is set to the value identifying the routing address used as IP Source Address of the Binding Update message;
    • if the Binding Update message is sent over a home link, the "H" flag is set to 1;
    • if the Binding Update message is sent over a foreign link, the "H" flag is set to 0;
    • the BID-PRI priority field is set to the priority assigned to the BID as indicated in RFC 6089; and
    • if the routing address is an IPv4 address, a NAT was detected and the UE is not exchanging data traffic, the UE may insert the routing address in the Care-of Address field of the BID mobility option;
  2. the UE may create one or more routing rules. For each routing rule that the UE wants to register with the HA, the UE shall include a FID mobility option containing one traffic selector as specified in RFC 6089. Traffic selectors are defined in RFC 6088:
    • the UE shall set the FID field to an arbitrary value;
    • the UE shall set the FID-PRI field to assign the priority to the routing filter as indicated in RFC 6089;
    • the UE shall include a Binding Reference suboption as indicated in RFC 6089. The value assigned to the BID identifies the routing address that the UE wants to use to exchange the packets matching the routing filters; and
    • traffic selector suboption shall be set as specified in RFC 6089 and RFC 6088. The parameters described in the traffic selector suboption represent the routing filter that corresponds to the routing rule that the UE wants to register with the HA;
  3. The UE may insert a flow summary mobility option (as described in RFC 6089).
    • If the UE wants to keep some routing rules previously registered unmodified, i.e. no flow handover, the UE lists the values of the FIDs identifying the routing rules that the UE wants to keep unmodified in the flow summary mobility option; and
    • If the UE wants to remove one or more previously registered routing rules, the UE does not include in the flow summary mobility option the FIDs identifying the routing rules that the UE wants to remove; and
  4. the UE may modify one or more routing rules with the HA. For each routing rule that the UE wants to modify, the UE shall include a FID mobility option as specified in RFC 6089.
    • the UE shall set the FID field to the value identifying the routing filter the UE wants to handover;
    • the UE shall set the FID-PRI field to assign the priority to the BID as indicated in RFC 6089; and
    • the UE shall include a Binding Reference suboption as indicated in RFC 6089. The value assigned to the BID identifies the routing address that the UE wants to use to exchange the packets matching the routing filters.
The handling of the received Binding Acknowledgement message is the same as specified in subclause 5.1.2.4. In addition, the UE handles the FID and BID mobility options contained in the received Binding Acknowledgment message as specified in RFC 5648, RFC 6089 and RFC 6088.
Up

5.7.3  HA proceduresp. 29

When receiving a Binding Update from the UE, the HA performs the same procedures described in subclause 5.3.3 and in addition the HA shall validate the Binding Update as described in RFC 5648, RFC 6089 and RFC 6088.

5.8  UE-initiated removal of an access network from a PDN connection |R10|p. 30

5.8.1  Generalp. 30

The operations defined within this sub-clause apply to an IFOM capable UE configured for IFOM and to HA supporting IFOM.
The removal of an access network from a PDN connection procedure is initiated by a UE which has a PDN connection through multiple access networks. In this procedure, the UE stops using one of the access network for the PDN connection.
The procedure involves the exchange of a Binding Update and a Binding Acknowledgement between the UE and the HA.
There can be two possible scenarios:
  • home link access network is removed and foreign link access network is maintained; or
  • foreign link access network is removed and home link access network is maintained.
Up

5.8.2  UE proceduresp. 30

5.8.2.1  Generalp. 30

The removal of an access network from a PDN connection is performed by a UE attached to multiple access networks. The UE sends a Binding Update message in order to update the HA binding cache removing the entry corresponding to the removed access network. If the removed access network is a home link, the UE follows the procedure as specified in subclause 5.8.2.2. If the removed access network is a foreign link, the UE follows the procedure as specified in subclause 5.8.2.3.
Up

5.8.2.2  Removal of Home link accessp. 30

If the UE removes the home link from a specific PDN connection, the UE shall perform one of the following operations:
a)
the UE sends a Binding Update with the Lifetime field set to 0 as specified in RFC 5555 and RFC 6275 and with a BID mobility option. The UE populates the BID mobility option as follows (see RFC 5648):
  • the BID identifier field is set to the BID corresponding to the access network the UE wants to remove;
  • the H flag is set to 0; and
  • the Care-of Address field in the BID mobility option is omitted;
or:
b)
the UE sends a Binding Update message as indicated in subclause 5.1.2.4 with the following additions:
  • the Binding Update message shall be exchanged through the maintained access network;
  • the BID identifier field is set to the value identifying the maintained access network; and
  • the Care-of Address field in the BID mobility option is omitted.
Up

5.8.2.3  Removal of foreign link from a PDN connectionp. 30

If the UE removes an access network acting as foreign link from a specific PDN connection and maintains the connection to the PDN through the home link, the UE shall send a Binding Update message with the Lifetime field set to 0 as specified in subclause 5.4.2.2. If the UE decides to close the security association set up with the HA, the UE shall send the INFORMATIONAL request message including a DELETE payload as specified in subclause 5.4.2.2.
Up

5.8.3  HA proceduresp. 31

5.8.3.1  Generalp. 31

The following subclauses describe the detailed HA procedures for the case when a UE is removing an access network from a PDN connection.

5.8.3.2  Removal of home link access from a PDN connectionp. 31

In case of removal of a home link from a PDN connection executed by the UE, the HA shall perform the following operations:
  • if the Lifetime field of the received Binding Update is set to 0, the HA processes the received Binding Update message as described in RFC 5555 and RFC 6275 and RFC 5648; and
  • if the Lifetime field of the received Binding Update is not set to 0, the HA shall perform the same procedures described in subclause 5.6.3.3.
Up

5.8.3.3  Removal of foreign link from a PDN connectionp. 31

When the HA receives a Binding Update with the Lifetime field set to 0, the HA shall perform the same procedures described in subclause 5.4.3.2.

5.9  Network-initiated removal of an access network from a PDN connection |R10|p. 31

5.9.1  Generalp. 31

The operations defined within this subclause apply to IFOM capable UE configured for IFOM and to HA supporting IFOM.
The removal of an access network from a PDN connection procedure is initiated by the HA for a UE that has an established PDN connection through multiple access networks with the HA. In this procedure, the HA informs the UE that an entry in the binding cache is no more valid over one of the access network for the PDN connection. The UE then performs the network-initiated removal of an access network from a PDN connection procedure.
The procedure involves the exchange of a Binding Revocation Indication (BRI) message and a Binding Revocation Acknowledgement (BRA) between the UE and the HA as specified in RFC 5846.
Once the procedure is completed, the UE uses the maintained access network for the PDN connection.
There can be two possible scenarios:
  • home link access network is removed and foreign link access network is maintained; or
  • foreign link access network is removed and home link access network is maintained.
Up

5.9.2  UE proceduresp. 31

5.9.2.1  Generalp. 31

The following subclauses describe the detailed UE procedures for the case when the HA removes an access network from a PDN connection.

5.9.2.2  Removal of home link access from a PDN connectionp. 32

Upon receiving a BRI message with a BID option, the UE shall perform the procedure as specified in subclause 5.4.2.1 with the following additions:
  • the UE shall process the BID mobility option as specified in RFC 5846;
  • the UE shall include the received BID mobility option in the BRA as specified in RFC 5846; and
  • the UE shall not close the security associations set up with the HA.
Up

5.9.2.3  Removal of foreign link from a PDN connectionp. 32

Upon receiving a BRI message without a BID mobility option from the HA, the UE shall process the BRI message as specified in subclause 5.4.2.1. If the UE decides to close the security association set up with the HA, the UE shall send the INFORMATIONAL request message including a DELETE payload as specified in subclause 5.4.2.2.

5.9.3  HA proceduresp. 32

5.9.3.1  Generalp. 32

The following subclauses describe the detailed HA procedures for the case when the HA removes an access network from a PDN connection.

5.9.3.2  Removal of home link access from a PDN connectionp. 32

In order to remove the home link access from a PDN connection, the HA shall perform the procedure as specified in subclause 5.4.3.1 with the following additions:
  • the HA shall include a BID mobility option of the home link access in the BRI message sent to the UE; and
  • the HA shall only remove the home binding of the the PDN connection from the HA binding update cache, when a BRA message with the same BID mobility option is received.
Up

5.9.3.3  Removal of foreign link from a PDN connectionp. 32

In order to remove the foreign link access network from a PDN connection, the HA shall perform the network initiated detach procedure by sending a BRI message without a BID mobility option as described in subclause 5.4.3.1.
If an INFORMATIONAL request message including a DELETE payload is received, the HA shall perform the procedure as specified in subclause 5.4.3.2.
Up

Up   Top   ToC