Re: [secdir] [DMM] Secdir last call review of draft-ietf-dmm-ondemand-mobility-15

"Moses, Danny" <> Thu, 17 January 2019 20:12 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 8459C130E63; Thu, 17 Jan 2019 12:12:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.89
X-Spam-Status: No, score=-6.89 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id UKoNB_nyObdt; Thu, 17 Jan 2019 12:11:52 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id A0CF1128CF2; Thu, 17 Jan 2019 12:11:51 -0800 (PST)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from ([]) by with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 17 Jan 2019 12:11:50 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.56,489,1539673200"; d="scan'208,217";a="267958719"
Received: from ([]) by with ESMTP; 17 Jan 2019 12:11:50 -0800
Received: from ( by ( with Microsoft SMTP Server (TLS) id 14.3.408.0; Thu, 17 Jan 2019 12:11:49 -0800
Received: from ( by ( with Microsoft SMTP Server (TLS) id 14.3.408.0; Thu, 17 Jan 2019 12:11:48 -0800
Received: from ([]) by ([]) with mapi id 14.03.0415.000; Thu, 17 Jan 2019 22:11:05 +0200
From: "Moses, Danny" <>
To: Daniel Migault <>, "" <>
CC: "" <>, "" <>, "" <>
Thread-Topic: [DMM] Secdir last call review of draft-ietf-dmm-ondemand-mobility-15
Thread-Index: AQHUrUcsbqyzACp9uU2p16FppKffBKWz5VHA
Date: Thu, 17 Jan 2019 20:11:04 +0000
Message-ID: <>
References: <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-ctpclassification: CTP_NT
x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiMzcxMDI5NDAtYTIzNC00OGIwLWEwOTYtYTkxMGI4Y2QxZTcwIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiYkxna25GRlVZWStWd3BBVW1oV2dpVzZ0dVBwQ3BJN1UxczhKbjJsQ1hGXC9RamJLQ3ZLdzAwNWZHWGh6TVwvZEs3In0=
dlp-product: dlpe-windows
dlp-version: 11.0.400.15
dlp-reaction: no-action
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_F0CF5715D3D1884BAC731EA1103AC281441C1044HASMSX106gercor_"
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [secdir] [DMM] Secdir last call review of draft-ietf-dmm-ondemand-mobility-15
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 17 Jan 2019 20:12:02 -0000


Thanks for a very thorough review and the detailed comments. I appreciate your invested time.

There were one or two comments I did not fully understand.

I have used many of them to improve the document. There were some which I thought differently and provided by reasoning.

Please see my detailed response below.

Thanks and regards,


1.      "inefficiencies" seem too vague...

I am adding a reference to RFC 7333 that describe these inefficiencies in section 4.

2.      Use "IP session continuity" rather than "session continuity"

The original definition was "IP session continuity". However, Brian Haberman in the early review commented that this term is confusing since the IP layer is not a session layer and thus, "IP Session" is not defined. To resolve this, we agreed to change "IP session continuity" to "session continuity" in version 15 of this draft. I feel comfortable with any of these definitions, so if the reviewers can agree on a term, I will adopt it. In any case, I believe the text clearly describe the behavior of the network.

3.      Recommended reordering of the text in section 1.

I did not understand the recommended order, that is, which paragraph needs to be moved to which place. Please help clarify this comment.

4.      Replace 'ping' with a more useful application as an example.

Use text messaging instead.

5.      Split the feature versus its implementation should be done in a similar manner for both session continuity and reachability to ease reading.

After giving it some thought, I tend to think differently. This is the Introduction section and as such should be short. I do not think the splitting is needed to understand the rest of the document. I prefer to keep this section short.

6.      Add a paragraph that indicates the address reachability can be performed by applications using other means than IP reachability.

I do not think this is required. The motivation of this Introduction is to convince the reader that there is a benefit from enabling applications to indicate their requirements from the mobile network, rather than getting the full service support. I think the message is clear as it is.

7.      Add a reference to RFC 5014 and the usage of home and care-of addresses.

Actually, for mobile IP, this document is not required. If the mobile host supports mobile IP, it can enable applications to select either a home address or a care-of address to use for the IP connection and by that, use or choose not to use mobility services prided by the mobile network.

This document addresses the case where the network provide these services by proxy and thus, provides the full mobility service regardless of whether or not they are needed.

For proxy services, we need a way for applications to express their true needs and for the network stack to convey these needs to the network.

8.      Indicate 'on demand' in the Introduction.

I thought this is clear from the fact that each application indicates it mobility service requirements. As applications could be launched separately from each other with possible large time gaps, on-demand is deducted. But to be on the safe side, I will add 'on demand'.

9.      In the several definitions of types IP address in section 3 replace 'guarantee' with 'remains'

I prefer 'guarantee' because it better indicates the commitment of the network to preserve the address.

10.   A suggestion regarding the definition of Non-persistent IP address.

I did not quite understand this suggestion. Something to do with Home Address and mobile IP. However, I believe the definition of Non-persistent IP address in this section is good as it is.

11.   There are additional comments regarding mobile IP.

As I indicated before, this document is not about mobile IP where the mobile host has control over the selection of care-of versus Home addresses. It is about proxy solutions, in which the mobile host does not have any control over the mobility service because it is done by-proxy by the network.

12.   Need to mention the overlaps of the address types.

Yes, there are overlaps but I do not see why mentioning them helps.

13.   List the different address types in the same order in all sections to ease the reading.

I agree. Changing the order in section 3.3.

14.   A comment about having the application request the minimal capability and the network automatically providing the next level if it cannot fulfill this minimal level.

This is a point we considered along with enabling applications to request several levels in parallel and letting the network select the most preferable one. After some evaluation, we decided that this flexibility is counter-productive and it is best to specify a specific service type, and expect it to either be fulfilled or have the request fail. This way, no 'smart' decisions are made automatically by the network. Remember however, that the application requests the service from the network stack, and the network stack requests it from the network. We do not provide any restrictions on the implementations of network stacks. Some could perform caching of network capabilities, and select to respond to applications without interacting with the network.

15.   Another comment about the behavior of the API, assuming a request might not be fulfilled without resulting in an error response.

So as I described previously, API requests that cannot be fulfilled exactly as specified, result with an error response.

16.   A question about the ON_NET flag.

Yes, your understanding is correct.

17.   Request an example with the ON_NET flag.

There could be other examples as well. There are all kinds of cases that could be presented. There is a trade-off between the size of an RFC and a text book. We thought it would be useful to provide an example of a non-trivial case and leave other cases to future text books and tutorials.

18.   OnDeman versus On Demand versus On-Demand. Be consistent.

I agree. Will be fixed.

19.   IP v6 versus IPv6. Be consistent.

I agree. Will be fixed.

20.   Describe the mechanism in which the address type is indicated by the network to the host.

Unfortunately I cannot. Such a mechanism does not exist at the moment. We are working on that as well.

21.   In section 5.2, need to describe how the new IP stack needs to behave when an application that does not support On-Demand opens initiates a network connection. 'legacy manner' is not a good description.

The next paragraph in this section does exactly that. Describes how the IP stack should interact with the network.

22.   Place the statement about networks supporting or not supporting On-Demand functionality in the introduction.

I prefer not to do that. I am trying to keep the Introduction short and crisp. Listing all use-cases, backwards compatibility and other details - for that we have the rest of the document. The 'Introdcution' in my opinion should only provide information to help the reader decide it it should continue reading the document or not.

23.   The description regarding the use-case of using both setsockopt() and setsc()/bind() is hard to read. Clarify.

OK. I will try to simplify it. By the way, your understanding is correct.

24.   A comment about the placement of the flags and address types.

I did not quite get this comment. I would like to clarify that we are providing the Socket API as an example to clarify the concept. We expect other standard bodies to use this document to specify the exact implementation in different programming languages.

25.   Security threats.

I would like some clarification about these threats. My understanding is that these threats are relevant to the protocol use by the mobile host (or specifically its IP stack) to interact with the network to convey the desired mobility service, and receive the granted service.

But this document does not define these protocols. It defines the On-Demand concept and the features needed by the API between applications and the network stack. Shouldn't these threats be described in the specification of the protocol between the mobile host and network?

-----Original Message-----
From: dmm [] On Behalf Of Daniel Migault
Sent: Wednesday, January 16, 2019 04:57
Subject: [DMM] Secdir last call review of draft-ietf-dmm-ondemand-mobility-15

Reviewer: Daniel Migault

Review result: Not Ready


I am the assigned Secdir reviewer for this draft. The Security Directorate

(Secdir) reviews all IETF documents being processed by the IESG for the IETF  Chair.  Please treat these comments just like any other last call comments.



                     On Demand Mobility Management



   Applications differ with respect to whether they need session

   continuity and/or IP address reachability.  The network providing the

   same type of service to any mobile host and any application running

   on the host yields inefficiencies.


"inefficiencies" seems too vague to me and it could be clarified.

Reading the abstract, it is unclear (to me) if the issue is on the application side or the network operator side. I guess this is the network side. It is also unclear the nature of the inefficiency.


   This document describes a

   solution for taking the application needs into account by selectively

   providing session continuity and IP address reachability on a per-

   socket basis.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the

   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering

   Task Force (IETF).  Note that other groups may also distribute

   working documents as Internet-Drafts.  The list of current Internet-

   Drafts is at

   Internet-Drafts are draft documents valid for a maximum of six months

   and may be updated, replaced, or obsoleted by other documents at any

   time.  It is inappropriate to use Internet-Drafts as reference

   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on January 27, 2019.

Copyright Notice

   Copyright (c) 2018 IETF Trust and the persons identified as the

   document authors.  All rights reserved.

Yegin, et al.           Expires January 27, 2019                [Page 1]

Internet-Draft             On Demand Mobility                  July 2018

   This document is subject to BCP 78 and the IETF Trust's Legal

   Provisions Relating to IETF Documents

   ( in effect on the date of

   publication of this document.  Please review these documents

   carefully, as they describe your rights and restrictions with respect

   to this document.  Code Components extracted from this document must

   include Simplified BSD License text as described in Section 4.e of

   the Trust Legal Provisions and are provided without warranty as

   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2

   2.  Notational Conventions  . . . . . . . . . . . . . . . . . . .   4

   3.  Solution  . . . . . . . . . . . . . . . . . . . . . . . . . .   4

     3.1.  Types of IP Addresses . . . . . . . . . . . . . . . . . .   4

     3.2.  Granularity of Selection  . . . . . . . . . . . . . . . .   6

     3.3.  On Demand Nature  . . . . . . . . . . . . . . . . . . . .   6

     3.4.  Conveying the Desired Address Type  . . . . . . . . . . .   7

   4.  Usage example . . . . . . . . . . . . . . . . . . . . . . . .   8

     4.1.  Pseudo-code example . . . . . . . . . . . . . . . . . . .   8

     4.2.  Message Flow example  . . . . . . . . . . . . . . . . . .  10

   5.  Backwards Compatibility Considerations  . . . . . . . . . . .  11

     5.1.  Applications  . . . . . . . . . . . . . . . . . . . . . .  11

     5.2.  IP Stack in the Mobile Host . . . . . . . . . . . . . . .  12

     5.3.  Network Infrastructure  . . . . . . . . . . . . . . . . .  12

     5.4.  Merging this work with RFC5014  . . . . . . . . . . . . .  12

   6.  Summary of New Definitions  . . . . . . . . . . . . . . . . .  13

     6.1.  New APIs  . . . . . . . . . . . . . . . . . . . . . . . .  13

     6.2.  New Flags . . . . . . . . . . . . . . . . . . . . . . . .  13

   7.  Security Considerations . . . . . . . . . . . . . . . . . . .  14

   8.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  14

   9.  Contributors  . . . . . . . . . . . . . . . . . . . . . . . .  14

   10. Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .  14

   11. References  . . . . . . . . . . . . . . . . . . . . . . . . .  14

     11.1.  Normative References . . . . . . . . . . . . . . . . . .  15

     11.2.  Informative References . . . . . . . . . . . . . . . . .  15

   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  16

1.  Introduction

   In the context of Mobile IP [RFC5563][RFC6275][RFC5213][RFC5944], the

   following two attributes are defined for IP service provided to

   mobile hosts:

   Session continuity: The ability to maintain an ongoing transport

   interaction by keeping the same local end-point IP address throughout

   the life-time of the IP socket despite the mobile host changing its

Yegin, et al.           Expires January 27, 2019                [Page 2]

Internet-Draft             On Demand Mobility                  July 2018

   point of attachment within the IP network topology.  The IP address

   of the host may change after closing the IP socket and before opening

   a new one, but that does not jeopardize the ability of applications

   using these IP sockets to work flawlessly.  Session continuity is

   essential for mobile hosts to maintain ongoing flows without any



Session continuity can be provided at multiple layers thus I would recommend for clarity to change session continuity to IP session continuity and insists that this is being provided at the IP layer.

Not that IP is sessionless, so here session seems similar to reachability but 'orchestrated' by a higher session protocol.

The difference I see is that reachability is a commitment (by the ISP) for not changing the IP address while with session continuity the commitment is related to the use of the IP address. In other words, with a limited period of time.


   IP address reachability: The ability to maintain the same IP address

   for an extended period of time.  The IP address stays the same across

   independent sessions, and even in the absence of any session.  The IP

   address may be published in a long-term registry (e.g., DNS), and is

   made available for serving incoming (e.g., TCP) connections.  IP

   address reachability is essential for mobile hosts to use specific/

   published IP addresses.

   Mobile IP is designed to provide both session continuity and IP

   address reachability to mobile hosts.  Architectures utilizing these

   protocols (e.g., 3GPP, 3GPP2, WIMAX) ensure that any mobile host

   attached to the compliant networks can enjoy these benefits.  Any

   application running on these mobile hosts is subjected to the same

   treatment with respect to session continuity and IP address



My understanding of the text is that Mobile IP is expensive to deploy and I believe it would be easier for the reader to state it here before developing all mechanisms that have been designed to overcome session continuity in a different way. Thus I would put the following text right


   Achieving session continuity and IP address reachability with Mobile

   IP incurs some cost.  Mobile IP protocol forces the mobile host's IP

   traffic to traverse a centrally-located router (Home Agent, HA),

   which incurs additional transmission latency and use of additional

   network resources, adds to the network CAPEX and OPEX, and decreases

   the reliability of the network due to the introduction of a single

   point of failure [RFC7333].  Therefore, session continuity and IP

   address reachability SHOULD be provided only when necessary.


   It should be noted that in reality not every application may need

   these benefits.  IP address reachability is required for applications

   running as servers (e.g., a web server running on the mobile host).

   But, a typical client application (e.g., web browser) does not

   necessarily require IP address reachability.  Similarly, session

   continuity is not required for all types of applications either.

   Applications performing brief communication (e.g., ping) can survive

   without having session continuity support.


I believe that session continuity is the main motivation of the draft.

Mentioning ping as an example is counter productive as I doubt this is the target application of the draft. Thus citing an application no one really wants could mean that we have not found any other application that do not need session continuity, which could be interpreted as every application needs session continuity at the IP layer. This is not the intention of the text, so we should find another example.

Well I think reachability and session continuity are two different features. Applications may only need one of these features not both. In addition, application can provide these features at the IP layer layer or using other mechanisms. As a reason the use of Mobile IP is limited to applications that needs both features being performed at the IP layer which only concern a small fraction of applications.

Reading the text above seems to take for granted that reachability is performed only at the IP layer. Splitting the feature versus its implementation should be done in a similar manner for both session continuity and reachability to ease the reading.


   Achieving session continuity and IP address reachability with Mobile

   IP incurs some cost.  Mobile IP protocol forces the mobile host's IP

   traffic to traverse a centrally-located router (Home Agent, HA),

   which incurs additional transmission latency and use of additional

   network resources, adds to the network CAPEX and OPEX, and decreases

   the reliability of the network due to the introduction of a single

   point of failure [RFC7333].  Therefore, session continuity and IP

   address reachability SHOULD be provided only when necessary.


This section should be moved up. Here it is splitting the discussion on session continuity and reachability, which is confusing.


   Furthermore, when an application needs session continuity, it may be

   able to satisfy that need by using a solution above the IP layer,

   such as MPTCP [RFC6824], SIP mobility [RFC3261], or an application-

   layer mobility solution.  These higher-layer solutions are not

   subject to the same issues that arise with the use of Mobile IP since

   they can utilize the most direct data path between the end-points.

   But, if Mobile IP is being applied to the mobile host, the higher-

Yegin, et al.           Expires January 27, 2019                [Page 3]

Internet-Draft             On Demand Mobility                  July 2018

   layer protocols are rendered useless because their operation is

   inhibited by Mobile IP.  Since Mobile IP ensures that the IP address

   of the mobile host remains fixed (despite the location and movement

   of the mobile host), the higher-layer protocols never detect the IP-

   layer change and never engage in mobility management.


The same paragraph should say the reachability can be performed by application using other means than IP reachability.


   This document proposes a solution for applications running on mobile

   hosts to indicate whether they need session continuity or IP address

   reachability.  The network protocol stack on the mobile host, in

   conjunction with the network infrastructure, provides the required

   type of service.


I assume that session continuity is only understood as IP session continuity and not the transport layer.


   It is for the benefit of both the users and the

   network operators not to engage an extra level of service unless it

   is absolutely necessary.  It is expected that applications and

   networks compliant with this specification will utilize this solution

   to use network resources more efficiently.


The introduction should also position it work regarding 5014. At the point it is not clear why the recommendations could not be such as:

* when IP session reachability only is requires the application indicates a preference for Public IP addresses

* when IP session continuity is needed the application sends a preference for home of address.

* when none is required the application sends a preference for Care of Address.



While on demand is mentioned in the title, it does not appear in the introduction. I believe the introduction should expose why there is a need to have this feature.


2.  Notational Conventions

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",


   document are to be interpreted as described in [RFC2119].

3.  Solution

3.1.  Types of IP Addresses

   Four types of IP addresses are defined with respect to mobility


   - Fixed IP Address

   A Fixed IP address is an address with a guarantee to be valid for a

   very long time, regardless of whether it is being used in any packet

   to/from the mobile host, or whether or not the mobile host is

   connected to the network, or whether it moves from one point-of-

   attachment to another (with a different IP prefix) while it is



Thought english is not my first language, "guarantee" sounds a bit inappropriate. I might be wrong but the following text seems clearer to



A Fixed IP address is an address with a guarantee to be valid for a

   very long time


A Fixed IP address is an address that remains valid for a

   very long time


   Fixed IP addresses are required by applications that need both

   session continuity and IP address reachability.


I think the document should clarify how this is different from a public address 5014.


   - Session-lasting IP Address

   A session-lasting IP address is an address with a guarantee to be

   valid throughout the life-time of the socket(s) for which it was

   requested.  It is guaranteed to be valid even after the mobile host

   had moved from one point-of-attachment to another (with a different

   IP prefix).


Similarly I would propose the following text:


  A session-lasting IP address is an address with a guarantee to be

   valid throughout the life-time of the socket(s)


  A session-lasting IP address is an address

   valid throughout the life-time of the socket(s)


It is guaranteed to be valid even after


It remains valid even after


Yegin, et al.           Expires January 27, 2019                [Page 4]

Internet-Draft             On Demand Mobility                  July 2018

   Session-lasting IP addresses are required by applications that need

   session continuity but do not need IP address reachability.


Home of Address provides IP reachability, but it is unclear if IP session continuity can be provided by other mechanisms that Mobile IP.

If that were the case, it would be good to specify how this coudl be provided without IP reachability.


   - Non-persistent IP Address

   This type of IP address has no guarantee to exist after a mobile host

   moves from one point-of-attachment to another, and therefore, no

   session continuity nor IP address reachability are provided.  The IP

   address is created from an IP prefix that is obtained from the

   serving IP gateway and is not maintained across gateway changes.  In

   other words, the IP prefix may be released and replaced by a new one

   when the IP gateway changes due to the movement of the mobile host

   forcing the creation of a new source IP address with the updated

   allocated IP prefix.


It woudl be good to position this toward the care of address.


   - Graceful Replacement IP Address

   In some cases, the network cannot guarantee the validity of the

   provided IP prefix throughout the duration of the opened socket, but

   can provide a limited graceful period of time in which both the

   original IP prefix and a new one are valid.  This enables the

   application some flexibility in the transition from the existing

   source IP address to the new one.

   This gracefulness is still better than the non-persistence type of

   address for applications that can handle a change in their source IP

   address but require that extra flexibility.


The classes defined above have overlaps. I believe that we have:

Fixed IP Address \in Session-lasting IP Address \in Graceful Replacement IP Address \in Non-persistent IP Address

I think that should be stated in the section.


   Applications running as servers at a published IP address require a

   Fixed IP Address.  Long-standing applications (e.g., an SSH session)

   may also require this type of address.  Enterprise applications that

   connect to an enterprise network via virtual LAN require a Fixed IP


   Applications with short-lived transient sessions can use Session-

   lasting IP Addresses.  For example: Web browsers.

   Applications with very short sessions, such as DNS clients and

   instant messengers, can utilize Non-persistent IP Addresses.  Even

   though they could very well use Fixed or Session-lasting IP

   Addresses, the transmission latency would be minimized when a Non-

   persistent IP Addresses are used.

   Applications that can tolerate a short interruption in connectivity

   can use the Graceful-replacement IP addresses.  For example, a

   streaming client that has buffering capabilities.

Yegin, et al.           Expires January 27, 2019                [Page 5]

Internet-Draft             On Demand Mobility                  July 2018

3.2.  Granularity of Selection

   IP address type selection is made on a per-socket granularity.

   Different parts of the same application may have different needs.

   For example, the control-plane of an application may require a Fixed

   IP Address in order to stay reachable, whereas the data-plane of the

   same application may be satisfied with a Session-lasting IP Address.

3.3.  On Demand Nature

   At any point in time, a mobile host may have a combination of IP

   addresses configured.  Zero or more Non-persistent, zero or more

   Session-lasting, zero or more Fixed and zero or more Graceful-

   Replacement IP addresses may be configured by the IP stack of the

   host.  The combination may be as a result of the host policy,

   application demand, or a mix of the two.


Listing the different classes in the same order as the one of the definitions may ease the reading.


   When an application requires a specific type of IP address and such

   an address is not already configured on the host, the IP stack SHALL

   attempt to configure one.  For example, a host may not always have a

   Session-lasting IP address available.  When an application requests

   one, the IP stack SHALL make an attempt to configure one by issuing a

   request to the network (see Section 3.4 below for more details).  If

   the operation fails, the IP stack SHALL fail the associated socket

   request and return an error.  If successful, a Session-lasting IP

   Address gets configured on the mobile host.  If another socket

   requests a Session-lasting IP address at a later time, the same IP

   address may be served to that socket as well.  When the last socket

   using the same configured IP address is closed, the IP address may be

   released or kept for future applications that may be launched and

   require a Session-lasting IP address.


I suspect the application is expected to request the type of IP with minimal capabilities. In some cases the OS may not have the requested type of address bu may have another type of addresses that could fulfill the application requirements. I believe the text should specify what should be done in this situation. I suppose the text will say that the host sends a request to the network.

However, I suspect that allowing the OS to return higher capabilities would encourage the applications to send a minimal level of expectation so to maximize the probability of avoiding a interaction between the host and the network to request the specific type of IP address.


   In some cases it might be preferable for the mobile host to request a

   new Session-lasting IP address for a new opening of an IP socket

   (even though one was already assigned to the mobile host by the

   network and might be in use in a different, already active IP

   sockets).  It is outside the scope of this specification to define

   criteria for choosing to use available addresses or choosing to

   request new ones.  It supports both alternatives (and any


   It is outside the scope of this specification to define how the host

   requests a specific type of prefix and how the network indicates the

   type of prefix in its advertisement or in its reply to a request).

   The following are matters of policy, which may be dictated by the

   host itself, the network operator, or the system architecture


Yegin, et al.           Expires January 27, 2019                [Page 6]

Internet-Draft             On Demand Mobility                  July 2018

   - The initial set of IP addresses configured on the host at boot


   - Permission to grant various types of IP addresses to a requesting


   - Determination of a default address type when an application does

   not make any explicit indication, whether it already supports the

   required API or it is just a legacy application.

3.4.  Conveying the Desired Address Type

   [RFC5014] introduced the ability of applications to influence the

   source address selection with the IPV6_ADDR_PREFERENCE option at the

   IPPROTO_IPV6 level.  This option is used with setsockopt() and

   getsockopt() calls to set/get address selection preferences.

   Extending this further by adding more flags does not work when a

   request for an address of a certain type results in requiring the IP

   stack to wait for the network to provide the desired source IP prefix

   and hence causing the setsockopt() call to block until the prefix is

   allocated (or an error indication from the network is received).


One thing is the value of the flags, another thing is the behaviour of the API. So I understand that the new API provides more flexibility in the sense that a requirement that cannot be fulfilled does not necessarily end up in an error. Instead it can lead in an IP address that does not fulfill the application requirement. If that is correct, this is still something the application will have to deal with. IN one case, it will need to deal with an error, in the other case, with something that does not fulfill the requirements. If that is correct, I believe the benefit of it should be highlighted.


   Alternatively a new socket API is defined - getsc() which allows

   applications to express their desired type of session continuity

   service.  The new getsc() API will return an IPv6 address that is

   associated with the desired session continuity service and with

   status information indicating whether or not the desired service was


   An application that wishes to secure a desired service will call

   getsc() with the service type definition and a place to contain the

   provided IP address, and call bind() to associate that IP address

   with the socket (See pseudo-code example in Section 4 below).

   When the IP stack is required to use a source IP address of a

   specified type, it can use an existing address, or request a new IP

   prefix (of the same type) from the network and create a new one.  If

   the host does not already have an IPv6 prefix of that specific type,

   it MUST request one from the network.

   Using an existing address from an existing prefix is faster but might

   yield a less optimal route (if a hand-off event occurred after its

   configuration).  On the other hand, acquiring a new IP prefix from

   the network may be slower due to signaling exchange with the network.

   Applications can control the stack's operation by setting a new flag

   - ON_NET flag - which directs the IP stack whether to use a

Yegin, et al.           Expires January 27, 2019                [Page 7]

Internet-Draft             On Demand Mobility                  July 2018

   preconfigured source IP address (if exists) or to request a new IPv6

   prefix from the current serving network and configure a new IP


   This new flag is added to the set of flags in the

   IPV6_ADDR_PREFERENCES option at the IPPROTO_IPV6 level.  It is used

   in setsockopt() to set the desired behavior.


My understanding of the flag is that it forces the OS to request the network. This means that even if it already has teh desired IP address the ON_NET flag set will force the OS to re-ask. When unset, the decision to re-ask or not is let to the OS. IS that correct ?


4.  Usage example

4.1.  Pseudo-code example


It would be good the example also shows the ON_NET flag.


   The following example shows pseudo-code for creating a Stream socket

   (TCP) with a Session-Lasting source IP address:

   #include <sys/socket.h>

   #include <netinnet/in.h>

     // Socket information

   int              s ;            // socket id

     // Source information (for secsc() and bind())

   sockaddr_in6     sourceInfo     // my address and port for bind()

   in6_addr         sourceAddress  // will contain the provisioned

                                   // source IP address

   uint8_t          sc_type = IPV6_REQUIRE_SESSION_LASTING_IP ;

                                   // For requesting a Session-Lasting

                                   // source IP address

     // Destination information (for connect())

   sockaddr_in6     serverInfo ;   // server info for connect()

     // Create an IPv6 TCP socket

   s = socket(AF_INET6, SOCK_STREAM, 0) ;

   if (s!=0) {

         // Handle socket creation error

         // ...

   } // if socket creation failed

   else {

          // Socket creation is successful

          // The application cannot connect yet, since it wants to use

          // a Session-Lasting source IP address It needs to request

          // the Session-Lasting source IP before connecting

        if (setsc(s, &sourceAddress, &sc_type)) == 0){

             // setting session continuity to Session Lasting is

             // Successful. sourceAddress now contains the Session-

             // LAsting source IP address <mglt>s/LAsting/Lasting/gc</mglt>

Yegin, et al.           Expires January 27, 2019                [Page 8]

Internet-Draft             On Demand Mobility                  July 2018

             // Bind to that source IP address

           sourceInfo.sin6_family = AF_INET6 ;

           sourceInfo.sin6_port = 0  // let the stack choose the port

           sourceInfo.sin6_address = sourceAddress ;

                                   // Use the source address that was

                                   // generated by the setsc() call

           if (bind(s, &sourceInfo, sizeof(sourceInfo))==0){

                // Set the desired server's information for connect()

              serverInfo.sin6_family = AF_INET6 ;

              serverInfo.sin6_port = SERVER_PORT_NUM ;

              serverAddress.sin6_addr = SERVER_IPV6_ADDRESS ;

                // Connect to the server

              if (connect(s, &serverInfo, sizeof(serverInfo))==0) {

                  // connect successful (3-way handshake has been

                  // completed with Session-Lasting source address.

                  // Continue application functionality

                  // ...

              }  // if connect() is successful

              else {

                  // connect failed

                  // ...

                  // Application code that handles connect failure and

                  // closes the socket

                  // ...

              } // if connect() failed

           } // if bind() successful

           else {

                  // bind() failed

                  // ...

                  // Application code that handles bind failure and

                  // closes the socket

                  // ...

           } // if bind() failed

        }  // if setsc() was successful and of a Session-Lasting

           // source IP address was provided

        else {

             // application code that does not use Session-lasting IP

             // address. The application may either connect without

             // the desired Session-lasting service, or close the

             // socket...

        } // if setsc() failed

   }  // if socket was created successfully

     // The rest of the application's code

     // ...

Yegin, et al.           Expires January 27, 2019                [Page 9]

Internet-Draft             On Demand Mobility                  July 2018

4.2.  Message Flow example

   The following message flow illustrates a possible interaction for

   achieving OnDemand functionality.  It is an example of one scenario

   and should not be regarded as the only scenario or the preferred one.

<mglt>OnDemand versus On Demand versus On-Demand. The text should be consistent. </mglt>

   This flow describes the interaction between the following entities:

   - Applications requiring different types of OnDemand service.

   - The mobile host's IP stack.

   - The network infrastructure providing the services.

   In this example, the network infrastructure provides 2 IPv6 prefixes

   upon attachment of the mobile host to the network: A Session-lasting

   IPv6 prefix and a Non-persistent IPv6 prefix.  Whenever the mobile

   host moves to a different point-of-attachment, the network

   infrastructure provides a new Non-persistent IPv6 address.

   In this example, the network infrastructure does not support Fixed IP

   addresses nor Graceful-replacement IP addresses.

   Whenever an application opens an IP socket and requests a specific

   IPv6 address type, the IP stack will provide one from its available

   IPv6 prefixes or return an error message if the request cannot be


   Message Flow:

   - The mobile device attaches to the network.

   - The Network provides two IPv6 prefixes: PREFsl1 - a Session-lasting

   IPv6 prefix and PREFnp1 - a Non-persistent IP v6 prefix.

<mglt>IP v6/IPv6/gc</mglt>

<mglt>It would ease the reading if the mechanism used to specify the Type of the address by the operator to the host being described - at least an example.


   - An application on the mobile host is launched.  It opens an IP

   socket and requests a Non-persistent IPv6 address.

   - The IP stack provides IPnp1 which is generated from PREFnp1.

   - Another application is launched, requesting a Non-persistent IPv6


   - The IP stack provides IPnp1 again.

   - A third application is launched.  This time, it requires a Session-

   lasting IPv6 address.

<mglt>second ?</mglt>

Yegin, et al.           Expires January 27, 2019               [Page 10]

Internet-Draft             On Demand Mobility                  July 2018

   - The IP stack provides IPsl1 which is generated from PREFsl1.

   - The mobile hosts moves to a new point-of-attachment.

   - The network provides a new Non-persistent IPv6 prefix - PREFnp2.

   PREFnp1 is no longer valid.

   - The applications that were given IPnp1 re-establish the socket and

   receive a new IPv6 address - IPnp2 which is generated from PREFnp2

   - The application that is using IPsl1 can still use it since the

   network guaranteed that PREFsl1 will be valid even after moving to a

   new point-of-attachment.

   - A new application is launched, this time requiring a Graceful-

   replacement IPv6 address.

   - The IP stack returns setsc() with an error since the network does

   not support this service.

  - The application re-attempts to open a socket, this time requesting

   a Session-lasting IPv6 address.

   - The IP stack provides IPsl1.

5.  Backwards Compatibility Considerations

   Backwards compatibility support is REQUIRED by the following 3 types

   of entities:

   - The Applications on the mobile host

   - The IP stack in the mobile host

   - The network infrastructure

5.1.  Applications

   Legacy applications that do not support the OnDemand functionality

   will use the legacy API and will not be able to take advantage of the

   On-Demand Mobility feature.

   Applications using the new OnDemand functionality MUST be aware that

   they may be executed in legacy environments that do not support it.

   Such environments may include a legacy IP stack on the mobile host,

   legacy network infrastructure, or both.  In either case, the API will

   return an error code and the invoking applications may just give up

   and use legacy calls.

Yegin, et al.           Expires January 27, 2019               [Page 11]

Internet-Draft             On Demand Mobility                  July 2018

5.2.  IP Stack in the Mobile Host

   New IP stacks MUST continue to support all legacy operations.  If an

   application does not use On-Demand functionality, the IP stack MUST

   respond in a legacy manner.


The legacy manner does not seems to be a standard way of behavior. It seems to me as the way the OS used to behave. I believe the draft shoudl be a bit more specific here.


   If the network infrastructure supports On-Demand functionality, the

   IP stack SHOULD follow the application request: If the application

   requests a specific address type, the stack SHOULD forward this

   request to the network.  If the application does not request an

   address type, the IP stack MUST NOT request an address type and leave

   it to the network's default behavior to choose the type of the

   allocated IP prefix.  If an IP prefix was already allocated to the

   host, the IP stack uses it and may not request a new one from the


5.3.  Network Infrastructure

   The network infrastructure may or may not support the On-Demand

   functionality.  How the IP stack on the host and the network

   infrastructure behave in case of a compatibility issue is outside the

   scope of this API specification.


I believe that such statement should be made in the introduction with the addition of a list of potential mechanism to provide the type of IP addresses by the network. There is a need to have such mechanisms since the OS cannot derive the properties from the IP address itself. Which was teh case with Home of address, care of address, cga....


5.4.  Merging this work with RFC5014

   [RFC5014] defines new flags that may be used with setsockopt() to

   influence source IP address selection for a socket.  The list of

   flags include: source home address, care-of address, temporary

   address, public address CGA (Cryptographically Created Address) and

   non-CGA.  When applications require session continuity service and

   use setsc() and bind(), they SHOULD NOT set the flags specified in


   However, if an application sets a specific option using setsockopt()

   with one of the flags specified in [RFC5014] and also selects a

   source IP address using setsc() and bind() the IP address that was

   generated by setsc() and bound using bind() will be the one used by

   traffic generated using that socket and options set by setsockopt()

   will be ignored.

<mglt>The sentence above is hard to read - at least to me. I suspect "the" is missing after "by". What the text says is that after bind setsockopt will be ignored. Correct ?


   If bind() was not invoked after setsc() by the application, the IP

   address generated by setsc() will not be used and traffic generated

   by the socket will use a source IP address that complies with the

   options selected by setsockopt().

Yegin, et al.           Expires January 27, 2019               [Page 12]

Internet-Draft             On Demand Mobility                  July 2018

6.  Summary of New Definitions


Flags and address types should in my opinion be placed in evidence. (.h) </mglt>

6.1.  New APIs

   setsc() enables applications to request a specific type of source IP

   address in terms of session continuity.  Its definition is:

   int setsc(int sockfd, in6_addr *sourceAddress, sc_type addressType);


    - sockfd -        is the socket descriptor of the socket with which

                      a specific address type is associated

    - sourceAddress - is a pointer to an area allocated for setsc() to

                      place the generated source IP address of the

                      desired session continuity type

    - addressType -   Is the desired type of session continuity service.

                      It is a 3-bit field containing one of the

                      following values:

                      0 - Reserved

                      1 - FIXED_IPV6_ADDRESS

                      2 - SESSION_LASTING_IPV6_ADDRESS

                      3 - NON_PERSISTENT_IPV6_ADDRESS

                      4 - GRACEFUL_REPLACEMENT_IPV6_ADDRESS

                      5-7 - Reserved

   setsc() returns the status of the operation:

    - 0 - Address was successfully generated

    - EAI_REQUIREDIPNOTSUPPORTED - the required service type is not


    - EAI_REQUIREDIPFAILED - the network could not fulfill the desired


   setsc() MAY block the invoking thread if it triggers the TCP/IP stack

   to request a new IP prefix from the network to construct the desired

   source IP address.  If an IP prefix with the desired session

   continuity features already exists (was previously allocated to the

   mobile host) and the stack is not required to request a new one as a

   result of setting the IPV6_REQUIRE_SRC_ON_NET flag (defined below),

   setsc() MAY return immediately with the constructed IP address and

   will not block the thread.

6.2.  New Flags

   The following flag is added to the list of flags in the

   IPV6_ADDR_PREFERENCE option at the IPPROTO6 level:

   IPV6_REQUIRE_SRC_ON_NET - set IP stack address allocation behavior

Yegin, et al.           Expires January 27, 2019               [Page 13]

Internet-Draft             On Demand Mobility                  July 2018

   If set, the IP stack will request a new IPv6 prefix of the desired

   type from the current serving network and configure a new source IP

   address.  If reset, the IP stack will use a preconfigured one if it

   exists.  If there is no preconfigured IP address of the desired type,

   a new prefix will be requested and used for creating the IP address.

7.  Security Considerations

   The setting of certain IP address type on a given socket may be

   restricted to privileged applications.  For example, a Fixed IP

   Address may be provided as a premium service and only certain

   applications may be allowed to use them.  Setting and enforcement of

   such privileges are outside the scope of this document.


I believe the text could describe the threat such recommendation is addressing.

The document describes how applications provides the OS their requirements in order to select the appropriated IP address. The resource are associated to different costs. While the cost is primarily on the operator side, it is likely that usage by the mobile node comes with some restrictions, limitation or direct cost. Typically, some type of IP address may be provided by the operator for a limited number of bytes upon which the IP address type will not be available to the mobile node or may be charged. A malicious application may use these limitations to generate extra billing of the mobile node or to prevent the usage of some applications by exhausting the expected type of IP address.

In order to prevent such scenario, the mobile node SHOULD be able to authorize specific PI address types to privilege application.

With these new types of IP addresses, the IP address leaks some connectivity requirements of the application. This also means that additional information is provided to the destination which could reveal to a passive monitoring attacker some information such as the type of application and the application itself even though the packet is protected by IPsec or TLS.

To avoid profiling an application according to the type of IP addresses, it is expected that prefixes provided by the operator are associated to various type of addresses over time. As a result, the type of address could not be associated to the prefix, making application profiling based on the type of address harder.

Application using multiple type of IP addresses to avoid being profiled is likely to create some patterns. So that remains a hard problem to solve by the application.

The usage of a fixed IP address, enables tracking the mobile node, or its application over time. This is a similar problem as the one encountered with Public IP addresses. The usage of the Fixed IP addresses should be limited.

To limit the effect of IP tracking, the application or the OS should ensure that IP addresses regularly change to limit IP tracking by a passive observer.  The application should regularly set the On Demand flag. The application should be able to ensure that session lasting IP address are regularly changed by setting a lifetime for example handled by the application. In addition, the application should consider the use of graceful replacement IP addresses.

Similarly, the OS may also associated IP addresses with a lifetime. Upon receiving a request for a given type of IP address, after some time, the OS should request a new address to the network even if it already has one IP address available with the requested type. This includes any type of IP address. Addresses of type graceful replacement or non persistent IP addresses should be regularly renewed by the OS.

The lifetime of an IP address may be expressed in number of seconds or in umber of bytes sent through this IP address.


Session lasting IP address could be used to avoid tracking and should be preferred. However, there should be a way to specify between one session lasting or if the IP address can last multiple sessions.


8.  IANA Considerations

   This document has no IANA considerations.

9.  Contributors

   This document was merged with [I-D.sijeon-dmm-use-cases-api-source].

   We would like to acknowledge the contribution of the following people

   to that document as well:

   Sergio Figueiredo

   Altran Research, France


   Younghan Kim

   Soongsil University, Korea


   John Kaippallimalil

   Huawei, USA


10.  Acknowledgements

   We would like to thank Wu-chi Feng, Alexandru Petrescu, Jouni

   Korhonen, Sri Gundavelli, Dave Dolson and Lorenzo Colitti for their

   valuable comments and suggestions on this work.

11.  References

Yegin, et al.           Expires January 27, 2019               [Page 14]

Internet-Draft             On Demand Mobility                  July 2018

11.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate

              Requirement Levels", BCP 14, RFC 2119,

              DOI 10.17487/RFC2119, March 1997,


   [RFC5014]  Nordmark, E., Chakrabarti, S., and J. Laganier, "IPv6

              Socket API for Source Address Selection", RFC 5014,

              DOI 10.17487/RFC5014, September 2007,


11.2.  Informative References


              Jeon, S., Figueiredo, S., Kim, Y., and J. Kaippallimalil,

              "Use Cases and API Extension for Source IP Address

              Selection", draft-sijeon-dmm-use-cases-api-source-07 (work

              in progress), September 2017.

   [RFC3261]  Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston,

              A., Peterson, J., Sparks, R., Handley, M., and E.

              Schooler, "SIP: Session Initiation Protocol", RFC 3261,

              DOI 10.17487/RFC3261, June 2002,


   [RFC5213]  Gundavelli, S., Ed., Leung, K., Devarapalli, V.,

              Chowdhury, K., and B. Patil, "Proxy Mobile IPv6",

              RFC 5213, DOI 10.17487/RFC5213, August 2008,


   [RFC5563]  Leung, K., Dommety, G., Yegani, P., and K. Chowdhury,

              "WiMAX Forum / 3GPP2 Proxy Mobile IPv4", RFC 5563,

              DOI 10.17487/RFC5563, February 2010,


   [RFC5944]  Perkins, C., Ed., "IP Mobility Support for IPv4, Revised",

              RFC 5944, DOI 10.17487/RFC5944, November 2010,


   [RFC6275]  Perkins, C., Ed., Johnson, D., and J. Arkko, "Mobility

              Support in IPv6", RFC 6275, DOI 10.17487/RFC6275, July

              2011, <>.

   [RFC6824]  Ford, A., Raiciu, C., Handley, M., and O. Bonaventure,

              "TCP Extensions for Multipath Operation with Multiple

              Addresses", RFC 6824, DOI 10.17487/RFC6824, January 2013,


Yegin, et al.           Expires January 27, 2019               [Page 15]

Internet-Draft             On Demand Mobility                  July 2018

   [RFC7333]  Chan, H., Ed., Liu, D., Seite, P., Yokota, H., and J.

              Korhonen, "Requirements for Distributed Mobility

              Management", RFC 7333, DOI 10.17487/RFC7333, August 2014,


Authors' Addresses

   Alper Yegin





   Danny Moses

   Intel Corporation

   Petah Tikva



   Kisuk Kweon



   South Korea


   Jinsung Lee



   South Korea


   Jungshin Park



   South Korea


Yegin, et al.           Expires January 27, 2019               [Page 16]

Internet-Draft             On Demand Mobility                  July 2018

   Seil Jeon

   Sungkyunkwan University


   South Korea


Yegin, et al.           Expires January 27, 2019               [Page 17]


dmm mailing list<>
A member of the Intel Corporation group of companies

This e-mail and any attachments may contain confidential material for
the sole use of the intended recipient(s). Any review or distribution
by others is strictly prohibited. If you are not the intended
recipient, please contact the sender and delete all copies.