This is a purely informative rendering of an RFC that includes verified errata. This rendering may not be used as a reference.

The following 'Verified' errata have been incorporated in this document: EID 3140, EID 3141
Network Working Group                                 S. Gundavelli, Ed.
Request for Comments: 5213                                      K. Leung
Category: Standards Track                                          Cisco
                                                          V. Devarapalli
                                                                Wichorus
                                                            K. Chowdhury
                                                        Starent Networks
                                                                B. Patil
                                                                   Nokia
                                                             August 2008


                           Proxy Mobile IPv6

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Abstract

   Network-based mobility management enables IP mobility for a host
   without requiring its participation in any mobility-related
   signaling.  The network is responsible for managing IP mobility on
   behalf of the host.  The mobility entities in the network are
   responsible for tracking the movements of the host and initiating the
   required mobility signaling on its behalf.  This specification
   describes a network-based mobility management protocol and is
   referred to as Proxy Mobile IPv6.

Table of Contents

   1.  Introduction .................................................  4
   2.  Conventions and Terminology  .................................  5
     2.1.  Conventions Used in This Document  .......................  5
     2.2.  Terminology  .............................................  5
   3.  Proxy Mobile IPv6 Protocol Overview  .........................  9
   4.  Proxy Mobile IPv6 Protocol Security  ......................... 15
     4.1.  Peer Authorization Database (PAD) Example Entries  ....... 16
     4.2.  Security Policy Database (SPD) Example Entries ........... 17
   5.  Local Mobility Anchor Operation  ............................. 17
     5.1.  Extensions to Binding Cache Entry Data Structure ......... 18
     5.2.  Supported Home Network Prefix Models ..................... 19
     5.3.  Signaling Considerations ................................. 20
       5.3.1.  Processing Proxy Binding Updates ..................... 20
       5.3.2.  Initial Binding Registration (New Mobility Session) .. 22
       5.3.3.  Binding Lifetime Extension (No Handoff)  ............. 23
       5.3.4.  Binding Lifetime Extension (After Handoff) ........... 24
       5.3.5.  Binding De-Registration  ............................. 24
       5.3.6.  Constructing the Proxy Binding Acknowledgement
               Message  ............................................. 25
     5.4.  Multihoming Support  ..................................... 27
       5.4.1.  Binding Cache Entry Lookup Considerations  ........... 28
     5.5.  Timestamp Option for Message Ordering  ................... 34
     5.6.  Routing Considerations ................................... 37
       5.6.1.  Bi-Directional Tunnel Management ..................... 37
       5.6.2.  Forwarding Considerations  ........................... 38
       5.6.3.  Explicit Congestion Notification (ECN)
               Considerations for Proxy Mobile IPv6 Tunnels ......... 39
     5.7.  Local Mobility Anchor Address Discovery  ................. 40
     5.8.  Mobile Prefix Discovery Considerations ................... 40
     5.9.  Route Optimization Considerations  ....................... 41
   6.  Mobile Access Gateway Operation  ............................. 41
     6.1.  Extensions to Binding Update List Entry Data Structure ... 42
     6.2.  Mobile Node's Policy Profile ............................. 43
     6.3.  Supported Access Link Types  ............................. 44
     6.4.  Supported Address Configuration Modes  ................... 44
     6.5.  Access Authentication and Mobile Node Identification ..... 45
     6.6.  Acquiring Mobile Node's Identifier ....................... 45
     6.7.  Home Network Emulation ................................... 46
     6.8.  Link-local and Global Address Uniqueness ................. 46
     6.9.  Signaling Considerations ................................. 48
       6.9.1.  Binding Registrations  ............................... 48
       6.9.2.  Router Solicitation Messages ......................... 56
       6.9.3.  Default-Router ....................................... 57
       6.9.4.  Retransmissions and Rate Limiting  ................... 58
       6.9.5.  Path MTU Discovery ................................... 59
     6.10. Routing Considerations ................................... 60

       6.10.1. Transport Network  ................................... 60
       6.10.2. Tunneling and Encapsulation Modes  ................... 61
       6.10.3. Local Routing  ....................................... 62
       6.10.4. Tunnel Management  ................................... 62
       6.10.5. Forwarding Rules ..................................... 62
     6.11. Supporting DHCP-Based Address Configuration on the
           Access Link  ............................................. 64
     6.12. Home Network Prefix Renumbering  ......................... 66
     6.13. Mobile Node Detachment Detection and Resource Cleanup  ... 66
     6.14. Allowing Network Access to Other IPv6 Nodes  ............. 67
   7.  Mobile Node Operation  ....................................... 67
     7.1.  Moving into a Proxy Mobile IPv6 Domain ................... 67
     7.2.  Roaming in the Proxy Mobile IPv6 Domain  ................. 69
   8.  Message Formats  ............................................. 69
     8.1.  Proxy Binding Update Message ............................. 69
     8.2.  Proxy Binding Acknowledgement Message  ................... 71
     8.3.  Home Network Prefix Option ............................... 72
     8.4.  Handoff Indicator Option ................................. 73
     8.5.  Access Technology Type Option  ........................... 74
     8.6.  Mobile Node Link-layer Identifier Option ................. 76
     8.7.  Link-local Address Option  ............................... 77
     8.8.  Timestamp Option ......................................... 77
     8.9.  Status Values  ........................................... 78
   9.  Protocol Configuration Variables ............................. 80
     9.1.  Local Mobility Anchor - Configuration Variables  ......... 80
     9.2.  Mobile Access Gateway - Configuration Variables  ......... 81
     9.3.  Proxy Mobile IPv6 Domain - Configuration Variables ....... 82
   10. IANA Considerations  ......................................... 83
   11. Security Considerations  ..................................... 84
   12. Acknowledgements ............................................. 85
   13. References ................................................... 86
     13.1. Normative References ..................................... 86
     13.2. Informative References ................................... 87
   Appendix A.  Proxy Mobile IPv6 Interactions with AAA
                Infrastructure  ..................................... 89
   Appendix B.  Routing State ....................................... 89

1.  Introduction

   IP mobility for IPv6 hosts is specified in Mobile IPv6 [RFC3775].
   Mobile IPv6 requires client functionality in the IPv6 stack of a
   mobile node.  Exchange of signaling messages between the mobile node
   and home agent enables the creation and maintenance of a binding
   between the mobile node's home address and its care-of address.
   Mobility as specified in [RFC3775] requires the IP host to send IP
   mobility management signaling messages to the home agent, which is
   located in the network.

   Network-based mobility is another approach to solving the IP mobility
   challenge.  It is possible to support mobility for IPv6 nodes without
   host involvement by extending Mobile IPv6 [RFC3775] signaling
   messages between a network node and a home agent.  This approach to
   supporting mobility does not require the mobile node to be involved
   in the exchange of signaling messages between itself and the home
   agent.  A proxy mobility agent in the network performs the signaling
   with the home agent and does the mobility management on behalf of the
   mobile node attached to the network.  Because of the use and
   extension of Mobile IPv6 signaling and home agent functionality, this
   protocol is referred to as Proxy Mobile IPv6 (PMIPv6).

   Network deployments that are designed to support mobility would be
   agnostic to the capability in the IPv6 stack of the nodes that it
   serves.  IP mobility for nodes that have mobile IP client
   functionality in the IPv6 stack as well as those nodes that do not,
   would be supported by enabling Proxy Mobile IPv6 protocol
   functionality in the network.  The advantages of developing a
   network-based mobility protocol based on Mobile IPv6 are:

   o  Reuse of home agent functionality and the messages/format used in
      mobility signaling.  Mobile IPv6 is a mature protocol with several
      implementations that have undergone interoperability testing.

   o  A common home agent would serve as the mobility agent for all
      types of IPv6 nodes.

   The problem statement and the need for a network-based mobility
   protocol solution has been documented in [RFC4830].  Proxy Mobile
   IPv6 is a solution that addresses these issues and requirements.

2.  Conventions and Terminology

2.1.  Conventions Used in This Document

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119 [RFC2119].

2.2.  Terminology

   All the general mobility-related terms used in this document are to
   be interpreted as defined in the Mobile IPv6 base specification
   [RFC3775].

   This document adopts the terms, Local Mobility Anchor (LMA) and
   Mobile Access Gateway (MAG) from the NETLMM Goals document [RFC4831].
   This document also provides the following context-specific
   explanation to the following terms used in this document.

   Proxy Mobile IPv6 Domain (PMIPv6-Domain)

      Proxy Mobile IPv6 domain refers to the network where the mobility
      management of a mobile node is handled using the Proxy Mobile IPv6
      protocol as defined in this specification.  The Proxy Mobile IPv6
      domain includes local mobility anchors and mobile access gateways
      between which security associations can be set up and
      authorization for sending Proxy Binding Updates on behalf of the
      mobile nodes can be ensured.

   Local Mobility Anchor (LMA)

      Local Mobility Anchor is the home agent for the mobile node in a
      Proxy Mobile IPv6 domain.  It is the topological anchor point for
      the mobile node's home network prefix(es) and is the entity that
      manages the mobile node's binding state.  The local mobility
      anchor has the functional capabilities of a home agent as defined
      in Mobile IPv6 base specification [RFC3775] with the additional
      capabilities required for supporting Proxy Mobile IPv6 protocol as
      defined in this specification.

   Mobile Access Gateway (MAG)

      Mobile Access Gateway is a function on an access router that
      manages the mobility-related signaling for a mobile node that is
      attached to its access link.  It is responsible for tracking the
      mobile node's movements to and from the access link and for
      signaling the mobile node's local mobility anchor.

   Mobile Node (MN)

      Throughout this document, the term mobile node is used to refer to
      an IP host or router whose mobility is managed by the network.
      The mobile node may be an IPv4-only node, IPv6-only node, or a
      dual-stack node and is not required to participate in any IP
      mobility related signaling for achieving mobility for an IP
      address that is obtained in that Proxy Mobile IPv6 domain.

   LMA Address (LMAA)

      The global address that is configured on the interface of the
      local mobility anchor and is the transport endpoint of the bi-
      directional tunnel established between the local mobility anchor
      and the mobile access gateway.  This is the address to which the
      mobile access gateway sends the Proxy Binding Update messages.
      When supporting IPv4 traversal, i.e., when the network between the
      local mobility anchor and the mobile access gateway is an IPv4
      network, this address will be an IPv4 address and will be referred
      to as IPv4-LMAA, as specified in [IPV4-PMIP6].

   Proxy Care-of Address (Proxy-CoA)

      Proxy-CoA is the global address configured on the egress interface
      of the mobile access gateway and is the transport endpoint of the
      tunnel between the local mobility anchor and the mobile access
      gateway.  The local mobility anchor views this address as the
      care-of address of the mobile node and registers it in the Binding
      Cache entry for that mobile node.  When the transport network
      between the mobile access gateway and the local mobility anchor is
      an IPv4 network and if the care-of address that is registered at
      the local mobility anchor is an IPv4 address, the term, IPv4-
      Proxy-CoA is used, as specified in [IPV4-PMIP6].

   Mobile Node's Home Network Prefix (MN-HNP)

      The MN-HNP is a prefix assigned to the link between the mobile
      node and the mobile access gateway.  More than one prefix can be
      assigned to the link between the mobile node and the mobile access
      gateway, in which case, all of the assigned prefixes are managed
      as a set associated with a mobility session.  The mobile node
      configures its interface with one or more addresses from its home
      network prefix(es).  If the mobile node connects to the Proxy
      Mobile IPv6 domain through multiple interfaces, simultaneously,
      each of the attached interfaces will be assigned a unique set of
      home network prefixes, and all the prefixes assigned to a given
      interface of a mobile node will be managed under one mobility
      session.  For example, home network prefixes P1 and P2 assigned to

      interface I1 will be managed under one mobility session and
      prefixes P3, P4, and P5 assigned to interface I2 of the mobile
      node will be managed under a different mobility session.
      Additionally, in some configurations the assigned prefix can be of
      128-bit prefix length.

   Mobile Node's Home Address (MN-HoA)

      MN-HoA is an address from a mobile node's home network prefix.
      The mobile node will be able to use this address as long as it is
      attached to the access network that is in the scope of that Proxy
      Mobile IPv6 domain.  If the mobile node uses more than one address
      from its home network prefix(es), any one of these addresses is
      referred to as mobile node's home address.  Unlike in Mobile IPv6
      where the home agent is aware of the home address of the mobile
      node, in Proxy Mobile IPv6, the mobility entities are only aware
      of the mobile node's home network prefix(es) and are not always
      aware of the exact address(es) that the mobile node configured on
      its interface from its home network prefix(es).  However, in some
      configurations and based on the enabled address configuration
      modes on the access link, the mobility entities in the network can
      be certain about the exact address(es) configured by the mobile
      node.

   Mobile Node's Home Link

      This is the link on which the mobile node obtained its layer-3
      address configuration for the attached interface after it moved
      into that Proxy Mobile IPv6 domain.  This is the link that
      conceptually follows the mobile node.  The network will ensure the
      mobile node always sees this link with respect to the layer-3
      network configuration, on any access link that it attaches to in
      that Proxy Mobile IPv6 domain.

   Multihomed Mobile Node

      A mobile node that connects to the same Proxy Mobile IPv6 domain
      through more than one interface and uses these interfaces
      simultaneously is referred to as a multihomed mobile node.

   Mobile Node Identifier (MN-Identifier)

      The identity of a mobile node in the Proxy Mobile IPv6 domain.
      This is the stable identifier of a mobile node that the mobility
      entities in a Proxy Mobile IPv6 domain can always acquire and use
      for predictably identifying a mobile node.  This is typically an
      identifier such as a Network Access Identifier (NAI) [RFC4282] or
      other identifier such as a Media Access Control (MAC) address.

   Mobile Node Link-layer Identifier (MN-LL-Identifier)

      An identifier that identifies the attached interface of a mobile
      node.  For those interfaces that have a link-layer identifier,
      this identifier can be based on that.  The link-layer identifier,
      in some cases, is generated by the mobile node and conveyed to the
      mobile access gateway.  This identifier of the attached interface
      must be stable, as seen by any of the mobile access gateways in a
      given Proxy Mobile IPv6 domain.  In some other cases, there might
      not be any link-layer identifier associated with the mobile node's
      interface.  An identifier value of ALL_ZERO is not considered a
      valid identifier and cannot be used as an interface identifier.

   Policy Profile

      Policy Profile is an abstract term for referring to a set of
      configuration parameters that are configured for a given mobile
      node.  The mobility entities in the Proxy Mobile IPv6 domain
      require access to these parameters for providing the mobility
      management to a given mobile node.  The specific details on how
      the network entities obtain this policy profile is outside the
      scope of this document.

   Proxy Binding Update (PBU)

      A request message sent by a mobile access gateway to a mobile
      node's local mobility anchor for establishing a binding between
      the mobile node's home network prefix(es) assigned to a given
      interface of a mobile node and its current care-of address (Proxy-
      CoA).

   Proxy Binding Acknowledgement (PBA)

      A reply message sent by a local mobility anchor in response to a
      Proxy Binding Update message that it received from a mobile access
      gateway.

   Per-MN-Prefix and Shared-Prefix Models

      The term Per-MN-Prefix model is used to refer to an addressing
      model where there is a unique network prefix or prefixes assigned
      for each node.  The term Shared-Prefix model is used to refer to
      an addressing model where the prefix(es) are shared by more than
      one node.  This specification supports the Per-MN-Prefix model and
      does not support the Shared-Prefix model.

   Mobility Session

      In the context of Proxy Mobile IPv6 specification, the term
      mobility session refers to the creation or existence of state
      associated with the mobile node's mobility binding on the local
      mobility anchor and on the serving mobile access gateway.

   DHCP

      Throughout this document, the acronym DHCP refers to DHCP for
      IPv6, as defined in [RFC3315].

   ALL_ZERO and NON_ZERO

      Protocol message fields initialized with value 0 in each byte of
      the field.  For example, an 8-byte link-layer identifier field
      with the value set to 0 in each of the 8 bytes, or an IPv6 address
      with the value 0 in all of the 16 bytes.  Conversely, the term
      NON_ZERO is used to refer to any value other than an ALL_ZERO
      value.

3.  Proxy Mobile IPv6 Protocol Overview

   This specification describes a network-based mobility management
   protocol.  It is called Proxy Mobile IPv6 and is based on Mobile IPv6
   [RFC3775].

   Proxy Mobile IPv6 protocol is intended for providing network-based IP
   mobility management support to a mobile node, without requiring the
   participation of the mobile node in any IP mobility related
   signaling.  The mobility entities in the network will track the
   mobile node's movements and will initiate the mobility signaling and
   set up the required routing state.

   The core functional entities in the NETLMM infrastructure are the
   Local Mobility Anchor (LMA) and the Mobile Access Gateway (MAG).  The
   local mobility anchor is responsible for maintaining the mobile
   node's reachability state and is the topological anchor point for the
   mobile node's home network prefix(es).  The mobile access gateway is
   the entity that performs the mobility management on behalf of a
   mobile node, and it resides on the access link where the mobile node
   is anchored.  The mobile access gateway is responsible for detecting
   the mobile node's movements to and from the access link and for
   initiating binding registrations to the mobile node's local mobility
   anchor.  There can be multiple local mobility anchors in a Proxy
   Mobile IPv6 domain each serving a different group of mobile nodes.
   The architecture of a Proxy Mobile IPv6 domain is shown in Figure 1.

              +----+                +----+
              |LMA1|                |LMA2|
              +----+                +----+
       LMAA1 -> |                      | <-- LMAA2
                |                      |
                \\                    //\\
                 \\                  //  \\
                  \\                //    \\
               +---\\------------- //------\\----+
              (     \\  IPv4/IPv6 //        \\    )
              (      \\  Network //          \\   )
               +------\\--------//------------\\-+
                       \\      //              \\
                        \\    //                \\
                         \\  //                  \\
             Proxy-CoA1--> |                      | <-- Proxy-CoA2
                        +----+                 +----+
                        |MAG1|-----{MN2}       |MAG2|
                        +----+    |            +----+
                          |       |               |
             MN-HNP1 -->  |     MN-HNP2           | <-- MN-HNP3, MN-HNP4
                        {MN1}                   {MN3}

                    Figure 1: Proxy Mobile IPv6 Domain

   When a mobile node enters a Proxy Mobile IPv6 domain and attaches to
   an access link, the mobile access gateway on that access link, after
   identifying the mobile node and acquiring its identity, will
   determine if the mobile node is authorized for the network-based
   mobility management service.

   If the network determines that the mobile node is authorized for
   network-based mobility service, the network will ensure that the
   mobile node using any of the address configuration mechanisms
   permitted by the network will be able to obtain the address
   configuration on the connected interface and move anywhere in that
   Proxy Mobile IPv6 domain.  The obtained address configuration
   includes the address(es) from its home network prefix(es), the
   default-router address on the link, and other related configuration
   parameters.  From the perspective of each mobile node, the entire
   Proxy Mobile IPv6 domain appears as a single link, the network
   ensures that the mobile node does not detect any change with respect
   to its layer-3 attachment even after changing its point of attachment
   in the network.

   The mobile node may be an IPv4-only node, IPv6-only node, or a dual-
   stack (IPv4/v6) node.  Based on the policy profile information that
   indicates the type of address or prefixes to be assigned for the
   mobile node in the network, the mobile node will be able to obtain an
   IPv4, IPv6, or dual IPv4/IPv6 address and move anywhere in that Proxy
   Mobile IPv6 domain.  However, this specification only supports IPv6
   address/prefix mobility with the transport network being IPv6.  The
   support for IPv4 addressing or an IPv4 transport network is specified
   in the companion document [IPV4-PMIP6].

   If the mobile node connects to the Proxy Mobile IPv6 domain through
   multiple interfaces and over multiple access networks, the network
   will allocate a unique set of home network prefixes for each of the
   connected interfaces.  The mobile node will be able to configure
   address(es) on those interfaces from the respective home network
   prefix(es).  However, if the mobile node performs a handoff by moving
   its address configuration from one interface to the other, and if the
   local mobility anchor receives a handoff hint from the serving mobile
   access gateway about the same, the local mobility anchor will assign
   the same home network prefix(es) that it previously assigned prior to
   the handoff.  The mobile node will also be able to perform a handoff
   by changing its point of attachment from one mobile access gateway to
   a different mobile access gateway using the same interface and will
   be able to retain the address configuration on the attached
   interface.

  +-----+                +-----+                +-----+
  | MN  |                | MAG |                | LMA |
  +-----+                +-----+                +-----+
     |                      |                      |
 MN Attached                |                      |
     |                      |                      |
     |       MN Attached Event from MN/Network     |
     |        (Acquire MN-Id and Profile)          |
     |                      |                      |
     |--- Rtr Sol --------->|                      |
     |                      |                      |
     |                      |--- PBU ------------->|
     |                      |                      |
     |                      |                  Accept PBU
     |                      | (Allocate MN-HNP(s), Setup BCE and Tunnel)
     |                      |                      |
     |                      |<------------- PBA ---|
     |                      |                      |
     |                 Accept PBA                  |
     |          (Set Up Tunnel and Routing)        |
     |                      |                      |
     |                      |==== Bi-Dir Tunnel ===|
     |                      |                      |
     |<--------- Rtr Adv ---|                      |
     |                      |                      |
  IP Address                |                      |
 Configuration              |                      |
     |                      |                      |

          Figure 2: Mobile Node Attachment - Signaling Call Flow

   Figure 2 shows the signaling call flow when the mobile node enters
   the Proxy Mobile IPv6 domain.  The Router Solicitation message from
   the mobile node may arrive at any time after the mobile node's
   attachment and has no strict ordering relation with the other
   messages in the call flow.

   For updating the local mobility anchor about the current location of
   the mobile node, the mobile access gateway sends a Proxy Binding
   Update message to the mobile node's local mobility anchor.  Upon
   accepting this Proxy Binding Update message, the local mobility
   anchor sends a Proxy Binding Acknowledgement message including the
   mobile node's home network prefix(es).  It also creates the Binding
   Cache entry and sets up its endpoint of the bi-directional tunnel to
   the mobile access gateway.

   The mobile access gateway on receiving the Proxy Binding
   Acknowledgement message sets up its endpoint of the bi-directional
   tunnel to the local mobility anchor and also sets up the forwarding
   for the mobile node's traffic.  At this point, the mobile access
   gateway has all the required information for emulating the mobile
   node's home link.  It sends Router Advertisement messages to the
   mobile node on the access link advertising the mobile node's home
   network prefix(es) as the hosted on-link prefix(es).

   The mobile node, on receiving these Router Advertisement messages on
   the access link, attempts to configure its interface using either
   stateful or stateless address configuration modes, based on the modes
   that are permitted on that access link as indicated in Router
   Advertisement messages.  At the end of a successful address
   configuration procedure, the mobile node has one or more addresses
   from its home network prefix(es).

   After address configuration, the mobile node has one or more valid
   addresses from its home network prefix(es) at the current point of
   attachment.  The serving mobile access gateway and the local mobility
   anchor also have proper routing states for handling the traffic sent
   to and from the mobile node using any one or more of the addresses
   from its home network prefix(es).

   The local mobility anchor, being the topological anchor point for the
   mobile node's home network prefix(es), receives any packets that are
   sent to the mobile node by any node in or outside the Proxy Mobile
   IPv6 domain.  The local mobility anchor forwards these received
   packets to the mobile access gateway through the bi-directional
   tunnel.  The mobile access gateway on other end of the tunnel, after
   receiving the packet, removes the outer header and forwards the
   packet on the access link to the mobile node.  However, in some
   cases, the traffic sent from a correspondent node that is locally
   connected to the mobile access gateway may not be received by the
   local mobility anchor and may be routed locally by the mobile access
   gateway (refer to Section 6.10.3).

   The mobile access gateway acts as the default router on the point-to-
   point link shared with the mobile node.  Any packet that the mobile
   node sends to any correspondent node will be received by the mobile
   access gateway and will be sent to its local mobility anchor through
   the bi-directional tunnel.  The local mobility anchor on the other
   end of the tunnel, after receiving the packet, removes the outer
   header and routes the packet to the destination.  However, in some
   cases, the traffic sent to a correspondent node that is locally
   connected to the mobile access gateway may be locally routed by the
   mobile access gateway (refer to Section 6.10.3).

    +-----+          +-----+          +-----+          +-----+
    | MN  |          |p-MAG|          | LMA |          |n-MAG|
    +-----+          +-----+          +-----+          +-----+
       |                |                |                |
       |                |==Bi-Dir Tunnel=|                |
   MN Detached          |                |                |
       |         MN Detached Event       |                |
       |                |                |                |
       |                |-- DeReg PBU -->|                |
       |                |                |                |
       |                |            Accept PBU           |
       |                |   (Start MinDelayBeforeBCEDelete Timer)
       |                |                |                |
       |                |<-------- PBA --|                |
       |                |                |                |
   MN Attached          |                |                |
       |                |                |   MN Attached event received
       |                |                |     from MN or from network
       |                |                |   (Acquire MN-Id and Profile)
       |                |                |                |
       |--- Rtr Sol ------------------------------------->|
                               ....
                                    Registration steps as in Fig. 2.
                               ....
       |                |                |==Bi-Dir Tunnel=|
       |                |                |                |
       |<------------------------------------ Rtr Adv ----|
       |                |                |                |
   MN retains HoA/HNP(s)
       |                |                |                |

            Figure 3: Mobile Node Handoff - Signaling Call Flow

   Figure 3 shows the signaling call flow for the mobile node's handoff
   from the previously attached mobile access gateway (p-MAG) to the
   newly attached mobile access gateway (n-MAG).  This call flow only
   reflects a specific message ordering, it is possible the registration
   message from the n-MAG may arrive before the de-registration message
   from the p-MAG arrives.

   After obtaining the initial address configuration in the Proxy Mobile
   IPv6 domain, if the mobile node changes its point of attachment, the
   mobile access gateway on the previous link will detect the mobile
   node's detachment from the link.  It will signal the local mobility
   anchor and will remove the binding and routing state for that mobile
   node.  The local mobility anchor, upon receiving this request, will
   identify the corresponding mobility session for which the request was

   received, and accepts the request after which it waits for a certain
   amount of time to allow the mobile access gateway on the new link to
   update the binding.  However, if it does not receive any Proxy
   Binding Update message within the given amount of time, it will
   delete the binding cache entry.

   The mobile access gateway on the new access link, upon detecting the
   mobile node on its access link, will signal the local mobility anchor
   to update the binding state.  After completion of the signaling, the
   serving mobile access gateway will send the Router Advertisements
   containing the mobile node's home network prefix(es), and this will
   ensure the mobile node will not detect any change with respect to the
   layer-3 attachment of its interface.

4.  Proxy Mobile IPv6 Protocol Security

   The signaling messages, Proxy Binding Update, and Proxy Binding
   Acknowledgement, exchanged between the mobile access gateway and the
   local mobility anchor, MUST be protected using end-to-end security
   association(s) offering integrity and data origin authentication.

   The mobile access gateway and the local mobility anchor MUST
   implement IPsec for protecting the Proxy Mobile IPv6 signaling
   messages [RFC4301].  IPsec is a mandatory-to-implement security
   mechanism.  However, additional documents may specify alternative
   mechanisms and the mobility entities can enable a specific mechanism
   for securing Proxy Mobile IPv6 signaling messages, based on either a
   static configuration or after a dynamic negotiation using any
   standard security negotiation protocols.  As in Mobile IPv6
   [RFC3775], the use of IPsec for protecting a mobile node's data
   traffic is optional.

   IPsec Encapsulating Security Payload (ESP) [RFC4303] in transport
   mode with mandatory integrity protection SHOULD be used for
   protecting the signaling messages.  Confidentiality protection of
   these messages is not required.

   IPsec ESP [RFC4303] in tunnel mode MAY be used to protect the mobile
   node's tunneled data traffic, if protection of data traffic is
   required.

   Internet Key Exchange Protocol version 2 (IKEv2) [RFC4306] SHOULD be
   used to set up security associations between the mobile access
   gateway and the local mobility anchor to protect the Proxy Binding
   Update and Proxy Binding Acknowledgement messages.  The mobile access
   gateway and the local mobility anchor can use any of the
   authentication mechanisms, as specified in [RFC4306], for mutual
   authentication.

   The Mobile IPv6 specification [RFC3775] requires the home agent to
   prevent a mobile node from creating security associations or creating
   binding cache entries for another mobile node's home address.  In the
   protocol described in this document, the mobile node is not involved
   in creating security associations for protecting the signaling
   messages or sending binding updates.  Therefore, the local mobility
   anchor MUST restrict the creation and manipulation of proxy bindings
   to specifically authorized mobile access gateways and prefixes.  The
   local mobility anchor MUST be locally configurable to authorize such
   specific combinations.  Additional mechanisms, such as a policy store
   or Authentication, Authorization, and Accounting (AAA) may be
   employed, but these are outside the scope of this specification.

   Unlike in Mobile IPv6 [RFC3775], these signaling messages do not
   carry either the Home Address destination option or the Type 2
   Routing header, and hence the policy entries and security association
   selectors stay the same and require no special IPsec related
   considerations.

4.1.  Peer Authorization Database (PAD) Example Entries

   This section describes PAD entries [RFC4301] on the mobile access
   gateway and the local mobility anchor.  The PAD entries are only
   example configurations.  Note that the PAD is a logical concept and a
   particular mobile access gateway or a local mobility anchor
   implementation can implement the PAD in any implementation-specific
   manner.  The PAD state may also be distributed across various
   databases in a specific implementation.

   In the example shown below, the identity of the local mobility anchor
   is assumed to be lma_identity_1 and the identity of the mobile access
   gateway is assumed to be mag_identity_1.

       mobile access gateway PAD:
         - IF remote_identity = lma_identity_1
              Then authenticate (shared secret/certificate/EAP)
              and authorize CHILD_SAs for remote address lma_address_1

       local mobility anchor PAD:
         - IF remote_identity = mag_identity_1
              Then authenticate (shared secret/certificate/EAP)
              and authorize CHILD_SAs for remote address mag_address_1

                           Figure 4: PAD Entries

   The list of authentication mechanisms in the above examples is not
   exhaustive.  There could be other credentials used for authentication
   stored in the PAD.

4.2.  Security Policy Database (SPD) Example Entries

   This section describes the security policy entries [RFC4301] on the
   mobile access gateway and the local mobility anchor required to
   protect the Proxy Mobile IPv6 signaling messages.  The SPD entries
   are only example configurations.  A particular mobile access gateway
   or a local mobility anchor implementation could configure different
   SPD entries as long as they provide the required security.

   In the example shown below, the identity of the mobile access gateway
   is assumed to be mag_identity_1, the address of the mobile access
   gateway is assumed to be mag_address_1, and the address of the local
   mobility anchor is assumed to be lma_address_1.  The acronym MH
   represents the protocol number for the Mobility Header [RFC3775],
   while the terms local_mh_type and remote_mh_type stand for local
   mobility header type and remote mobility header type, respectively.

      mobile access gateway SPD-S:
        - IF local_address = mag_address_1 &
             remote_address = lma_address_1 &
             proto = MH & (local_mh_type = BU | remote_mh_type = BA)
          Then use SA ESP transport mode
          Initiate using IDi = mag_identity_1 to address lma_address_1

      local mobility anchor SPD-S:
        - IF local_address = lma_address_1 &
             remote_address = mag_address_1 &
             proto = MH & (local_mh_type = BA | remote_mh_type = BU)
          Then use SA ESP transport mode

                           Figure 5: SPD Entries

5.  Local Mobility Anchor Operation

   The local mobility anchor MUST support the home agent function as
   defined in [RFC3775] and the extensions defined in this
   specification.  A home agent with these modifications and enhanced
   capabilities for supporting the Proxy Mobile IPv6 protocol is
   referred to as a local mobility anchor.

   This section describes the operational details of the local mobility
   anchor.

5.1.  Extensions to Binding Cache Entry Data Structure

   Every local mobility anchor MUST maintain a Binding Cache entry for
   each currently registered mobile node.  A Binding Cache entry is a
   conceptual data structure, described in Section 9.1 of [RFC3775].

   For supporting this specification, the Binding Cache Entry data
   structure needs to be extended with the following additional fields.

   o  A flag indicating whether or not this Binding Cache entry is
      created due to a proxy registration.  This flag is set to value 1
      for Binding Cache entries that are proxy registrations and is set
      to value 0 for all other entries.

   o  The identifier of the registered mobile node, MN-Identifier.  This
      identifier is obtained from the Mobile Node Identifier Option
      [RFC4283] present in the received Proxy Binding Update message.

   o  The link-layer identifier of the mobile node's connected interface
      on the access link.  This identifier can be acquired from the
      Mobile Node Link-layer Identifier option, present in the received
      Proxy Binding Update message.  If the option was not present in
      the request, this variable length field MUST be set to two
      (octets) and MUST be initialized to a value of ALL_ZERO.

   o  The link-local address of the mobile access gateway on the point-
      to-point link shared with the mobile node.  This is generated by
      the local mobility anchor after accepting the initial Proxy
      Binding Update message.

   o  A list of IPv6 home network prefixes assigned to the mobile node's
      connected interface.  The home network prefix(es) may have been
      statically configured in the mobile node's policy profile, or,
      they may have been dynamically allocated by the local mobility
      anchor.  Each one of these prefix entries will also include the
      corresponding prefix length.

   o  The tunnel interface identifier (tunnel-if-id) of the bi-
      directional tunnel between the local mobility anchor and the
      mobile access gateway where the mobile node is currently anchored.
      This is internal to the local mobility anchor.  The tunnel
      interface identifier is acquired during the tunnel creation.

   o  The access technology type, by which the mobile node is currently
      attached.  This is obtained from the Access Technology Type
      option, present in the Proxy Binding Update message.

   o  The 64-bit timestamp value of the most recently accepted Proxy
      Binding Update message sent for this mobile node.  This is the
      time of day on the local mobility anchor, when the message was
      received.  If the Timestamp option is not present in the Proxy
      Binding Update message (i.e., when the sequence-number-based
      scheme is in use), the value MUST be set to ALL_ZERO.

   Typically, any one of the mobile node's home network prefixes from
   its mobility session may be used as a key for locating its Binding
   Cache entry in all cases except when there has been a handoff of the
   mobile node's session to a new mobile access gateway, and that mobile
   access gateway is unaware of the home network prefix(es) assigned to
   that mobility session.  In such handoff cases, the Binding Cache
   entry can be located under the considerations specified in Section
   5.4.1.

5.2.  Supported Home Network Prefix Models

   This specification supports the Per-MN-Prefix model and does not
   support the Shared-Prefix model.  According to the Per-MN-Prefix
   model, home network prefix(es) assigned to a mobile node are for that
   mobile node's exclusive use and no other node shares an address from
   that prefix (other than the Subnet-Router anycast address [RFC4291]
   that is used by the mobile access gateway hosting that prefix on that
   link).

   There may be more than one prefix assigned to a given interface of
   the mobile node; all of those assigned prefixes MUST be unique to
   that mobile node, and all are part of exactly one mobility session.
   If the mobile node simultaneously attaches to the Proxy Mobile IPv6
   domain through multiple interfaces, each of the attached interfaces
   MUST be assigned one or more unique prefixes.  Prefixes that are not
   assigned to the same interface MUST NOT be managed under the same
   mobility session.

   The mobile node's home network prefix(es) assigned to a given
   interface of a mobile node (part of a mobility session) will be
   hosted on the access link where the mobile node is attached (using
   that interface).  The local mobility anchor is not required to
   perform any proxy Neighbor Discovery (ND) operations [RFC4861] for
   defending the mobile node's home address(es), as the prefixes are not
   locally hosted on the local mobility anchor.  However, from the
   routing perspective, the home network prefix(es) is topologically
   anchored on the local mobility anchor.

5.3.  Signaling Considerations

   This section provides the rules for processing the signaling
   messages.  The processing rules specified in this section and other
   related sections are chained and are in a specific order.  When
   applying these considerations for processing the signaling messages,
   the specified order MUST be maintained.

5.3.1.  Processing Proxy Binding Updates

   1.   The received Proxy Binding Update message (a Binding Update
        message with the (P) flag set to value of 1, format specified in
        Section 8.1) MUST be authenticated as described in Section 4.
        When IPsec is used for message authentication, the Security
        Parameter Index (SPI) in the IPsec header [RFC4306] of the
        received packet is needed for locating the security association,
        for authenticating the Proxy Binding Update message.

   2.   The local mobility anchor MUST observe the rules described in
        Section 9.2 of [RFC3775] when processing the Mobility Header in
        the received Proxy Binding Update message.

   3.   The local mobility anchor MUST ignore the check, specified in
        Section 10.3.1 of [RFC3775], related to the presence of the Home
        Address destination option in the Proxy Binding Update message.

   4.   The local mobility anchor MUST identify the mobile node from the
        identifier present in the Mobile Node Identifier option
        [RFC4283] of the Proxy Binding Update message.  If the Mobile
        Node Identifier option is not present in the Proxy Binding
        Update message, the local mobility anchor MUST reject the
        request and send a Proxy Binding Acknowledgement message with
        Status field set to MISSING_MN_IDENTIFIER_OPTION (Missing Mobile
        Node Identifier option) and the identifier in the Mobile Node
        Identifier option carried in the message MUST be set to a zero
        length identifier.

   5.   The local mobility anchor MUST apply the required policy checks,
        as explained in Section 4, to verify that the sender is a
        trusted mobile access gateway authorized to send Proxy Binding
        Update messages on behalf of this mobile node.

   6.   If the local mobility anchor determines that the requesting node
        is not authorized to send Proxy Binding Update messages for the
        identified mobile node, it MUST reject the request and send a
        Proxy Binding Acknowledgement message with the Status field set
        to MAG_NOT_AUTHORIZED_FOR_PROXY_REG (not authorized to send
        proxy binding updates).

   7.   If the local mobility anchor cannot identify the mobile node
        based on the identifier present in the Mobile Node Identifier
        option [RFC4283] of the Proxy Binding Update message, it MUST
        reject the request and send a Proxy Binding Acknowledgement
        message with the Status field set to
        NOT_LMA_FOR_THIS_MOBILE_NODE (Not a local mobility anchor for
        this mobile node).

   8.   If the local mobility anchor determines that the mobile node is
        not authorized for the network-based mobility management
        service, it MUST reject the request and send a Proxy Binding
        Acknowledgement message with the Status field set to
        PROXY_REG_NOT_ENABLED (Proxy Registration not enabled).

   9.   The local mobility anchor MUST apply the considerations
        specified in Section 5.5 for processing the Sequence Number
        field and the Timestamp option (if present) in the Proxy Binding
        Update message.

   10.  If there is no Home Network Prefix option(s) (with any value)
        present in the Proxy Binding Update message, the local mobility
        anchor MUST reject the request and send a Proxy Binding
        Acknowledgement message with the Status field set to
        MISSING_HOME_NETWORK_PREFIX_OPTION (Missing Home Network Prefix
        option).

   11.  If the Handoff Indicator option is not present in the Proxy
        Binding Update message, the local mobility anchor MUST reject
        the request and send a Proxy Binding Acknowledgement message
        with the Status field set to MISSING_HANDOFF_INDICATOR_OPTION
        (Missing Handoff Indicator option).

   12.  If the Access Technology Type option is not present in the Proxy
        Binding Update message, the local mobility anchor MUST reject
        the request and send a Proxy Binding Acknowledgement message
        with the Status field set to MISSING_ACCESS_TECH_TYPE_OPTION
        (Missing Access Technology Type option).

   13.  Considerations specified in Section 5.4.1 MUST be applied for
        performing the Binding Cache entry existence test.  If those
        checks specified in Section 5.4.1 result in associating the
        received Proxy Binding Update message to a new mobility session
        creation request, considerations from Section 5.3.2 (Initial
        Binding Registration - New Mobility Session), MUST be applied.
        If those checks result in associating the request to an existing
        mobility session, the following checks determine the next set of
        processing rules that need to be applied.

        *  If the received Proxy Binding Update message has the lifetime
           value of zero, considerations from Section 5.3.5 (Binding De-
           Registration) MUST be applied.

        *  If the Proxy-CoA in the Binding Cache entry matches the
           source address of the request (or the address in the
           Alternate Care-of Address option, if the option is present),
           considerations from Section 5.3.3 (Binding LIfetime Extension
           - No handoff) MUST be applied.

        *  For all other cases, considerations from Section 5.3.4
           (Binding Lifetime Extension - After handoff) MUST be applied.

   14.  When sending the Proxy Binding Acknowledgement message with any
        Status field value, the message MUST be constructed as specified
        in Section 5.3.6.

5.3.2.  Initial Binding Registration (New Mobility Session)

   1.  If there is at least one instance of the Home Network Prefix
       option present in the Proxy Binding Update message with the
       prefix value set to ALL_ZERO, the local mobility anchor MUST
       allocate one or more home network prefixes to the mobile node and
       assign it to the new mobility session created for the mobile
       node.  The local mobility anchor MUST ensure the allocated
       prefix(es) is not in use by any other node or mobility session.
       The decision on how many prefixes to be allocated for the
       attached interface can be based on a global policy or a policy
       specific to that mobile node.  However, when stateful address
       autoconfiguration using DHCP is supported on the link,
       considerations from Section 6.11 MUST be applied for the prefix
       assignment.

   2.  If the local mobility anchor is unable to allocate any home
       network prefix for the mobile node, it MUST reject the request
       and send a Proxy Binding Acknowledgement message with the Status
       field set to 130 (Insufficient resources).

   3.  If there are one or more Home Network Prefix options present in
       the Proxy Binding Update message (with each of the prefixes set
       to a NON_ZERO value), the local mobility anchor, before accepting
       that request, MUST ensure each one of those prefixes is owned by
       the local mobility anchor, and further that the mobile node is
       authorized to use these prefixes.  If the mobile node is not
       authorized to use any one or more of those prefixes, the local
       mobility anchor MUST reject the request and send a Proxy Binding

       Acknowledgement message with the Status field set to
       NOT_AUTHORIZED_FOR_HOME_NETWORK_PREFIX (mobile node not
       authorized for one or more of the requesting home network
       prefixes).

   4.  Upon accepting the request, the local mobility anchor MUST create
       a Binding Cache entry for the mobile node.  It must set the
       fields in the Binding Cache entry to the accepted values for that
       registration.

   5.  If there is no existing bi-directional tunnel to the mobile
       access gateway that sent the request, the local mobility anchor
       MUST establish a bi-directional tunnel to that mobile access
       gateway.  Considerations from Section 5.6.1 MUST be applied for
       managing the dynamically created bi-directional tunnel.

   6.  The local mobility anchor MUST create a prefix route(s) over the
       tunnel to the mobile access gateway for forwarding any traffic
       received for the mobile node's home network prefix(es) associated
       with this mobility session.  The created tunnel and the routing
       state MUST result in the forwarding behavior on the local
       mobility anchor as specified in Section 5.6.2.

   7.  The local mobility anchor MUST send the Proxy Binding
       Acknowledgement message with the Status field set to 0 (Proxy
       Binding Update Accepted).  The message MUST be constructed as
       specified in Section 5.3.6.

5.3.3.  Binding Lifetime Extension (No Handoff)

   1.  Upon accepting the Proxy Binding Update message for extending the
       binding lifetime, received from the same mobile access gateway
       (if the Proxy-CoA in the Binding Cache entry is the same as the
       Proxy-CoA in the request) that last updated the binding, the
       local mobility anchor MUST update the Binding Cache entry with
       the accepted registration values.

   2.  The local mobility anchor MUST send the Proxy Binding
       Acknowledgement message with the Status field set to 0 (Proxy
       Binding Update Accepted).  The message MUST be constructed as
       specified in Section 5.3.6.

5.3.4.  Binding Lifetime Extension (After Handoff)

   1.  Upon accepting the Proxy Binding Update message for extending the
       binding lifetime, received from a new mobile access gateway (if
       the Proxy-CoA in the Binding Cache entry does not match the
       Proxy-CoA in the request) where the mobile node's mobility
       session is handed off, the local mobility anchor MUST update the
       Binding Cache entry with the accepted registration values.

   2.  The local mobility anchor MUST remove the previously created
       route(s) for the mobile node's home network prefix(es) associated
       with this mobility session.  Additionally, if there are no other
       mobile nodes sharing the dynamically created bi-directional
       tunnel to the previous mobile access gateway, the tunnel SHOULD
       be deleted, applying considerations from section 5.6.1 (if the
       tunnel is a dynamically created tunnel and not a fixed pre-
       established tunnel).

   3.  If there is no existing bi-directional tunnel to the mobile
       access gateway that sent the request, the local mobility anchor
       MUST establish a bi-directional tunnel to that mobile access
       gateway.  Considerations from Section 5.6.1 MUST be applied for
       managing the dynamically created bi-directional tunnel.

   4.  The local mobility anchor MUST create prefix route(s) over the
       tunnel to the mobile access gateway for forwarding any traffic
       received for the mobile node's home network prefix(es) associated
       with that mobility session.  The created tunnel and routing state
       MUST result in the forwarding behavior on the local mobility
       anchor as specified in Section 5.6.2.

   5.  The local mobility anchor MUST send the Proxy Binding
       Acknowledgement message with the Status field set to 0 (Proxy
       Binding Update Accepted).  The message MUST be constructed as
       specified in Section 5.3.6.

5.3.5.  Binding De-Registration

   1.  If the received Proxy Binding Update message with the lifetime
       value of zero, has a Source Address in the IPv6 header (or the
       address in the Alternate Care-of Address option, if the option is
       present) different from what is present in the Proxy-CoA field in
       the Binding Cache entry, the local mobility anchor MUST ignore
       the request.

   2.  Upon accepting the Proxy Binding Update message, with the
       lifetime value of zero, the local mobility anchor MUST wait for
       MinDelayBeforeBCEDelete amount of time, before it deletes the

       Binding Cache entry.  However, it MUST send the Proxy Binding
       Acknowledgement message with the Status field set to 0 (Proxy
       Binding Update Accepted).  The message MUST be constructed as
       specified in Section 5.3.6.

       *  During this wait period, the local mobility anchor SHOULD drop
          the mobile node's data traffic.

       *  During this wait period, if the local mobility anchor receives
          a valid Proxy Binding Update message for the same mobility
          session with the lifetime value of greater than zero, and if
          that request is accepted, then the Binding Cache entry MUST
          NOT be deleted, but must be updated with the newly accepted
          registration values, and the wait period should be ended.

       *  By the end of this wait period, if the local mobility anchor
          did not receive any valid Proxy Binding Update messages for
          this mobility session, then it MUST delete the Binding Cache
          entry and remove the routing state created for that mobility
          session.  The local mobility anchor can potentially reassign
          the prefix(es) associated with this mobility session to other
          mobile nodes.

5.3.6.  Constructing the Proxy Binding Acknowledgement Message

   o  The local mobility anchor, when sending the Proxy Binding
      Acknowledgement message to the mobile access gateway, MUST
      construct the message as specified below.

          IPv6 header (src=LMAA, dst=Proxy-CoA)
            Mobility header
               - BA    /* P flag must be set to value of 1 */
              Mobility Options
               - Mobile Node Identifier option            (mandatory)
               - Home Network Prefix option(s)            (mandatory)
               - Handoff Indicator option                 (mandatory)
               - Access Technology Type option            (mandatory)
               - Timestamp option                         (optional)
               - Mobile Node Link-layer Identifier option (optional)
               - Link-local Address option                (optional)

            Figure 6: Proxy Binding Acknowledgement Message Format

   o  The Source Address field in the IPv6 header of the message MUST be
      set to the destination address of the received Proxy Binding
      Update message.

   o  The Destination Address field in the IPv6 header of the message
      MUST be set to the source address of the received Proxy Binding
      Update message.  When there is no Alternate Care-of Address option
      present in the request, the destination address is the same as the
      Proxy-CoA; otherwise, the address may not be the same as the
      Proxy-CoA.

   o  The Mobile Node Identifier option [RFC4283] MUST be present.  The
      identifier field in the option MUST be copied from the Mobile Node
      Identifier option in the received Proxy Binding Update message.
      If the option was not present in the request, the identifier in
      the option MUST be set to a zero length identifier.

   o  At least one Home Network Prefix option MUST be present.

      *  If the Status field is set to a value greater than or equal to
         128, i.e., if the Proxy Binding Update is rejected, all the
         Home Network Prefix options that were present in the request
         (along with their prefix values) MUST be present in the reply.
         But, if there was no Home Network Prefix option present in the
         request, then there MUST be only one Home Network Prefix option
         with the value in the option set to ALL_ZERO.

      *  For all other cases, there MUST be a Home Network Prefix option
         for each of the assigned home network prefixes (for that
         mobility session), and with the prefix value in the option set
         to the allocated prefix value.

   o  The Handoff Indicator option MUST be present.  The handoff
      indicator field in the option MUST be copied from the Handoff
      Indicator option in the received Proxy Binding Update message.  If
      the option was not present in the request, the value in the option
      MUST be set to zero.

   o  The Access Technology Type option MUST be present.  The access
      technology type field in the option MUST be copied from the Access
      Technology Type option in the received Proxy Binding Update
      message.  If the option was not present in the request, the value
      in the option MUST be set to zero.

   o  The Timestamp option MUST be present only if the same option was
      present in the received Proxy Binding Update message and MUST NOT
      be present otherwise.  Considerations from Section 5.5 must be
      applied for constructing the Timestamp option.

   o  The Mobile Node Link-layer Identifier option MUST be present only
      if the same option was present in the received Proxy Binding
      Update message and MUST NOT be present otherwise.  The link-layer

      identifier value MUST be copied from the Mobile Node Link-layer
      Identifier option present in the received Proxy Binding Update
      message.

   o  The Link-local Address option MUST be present only if the same
      option was present in the received Proxy Binding Update message
      and MUST NOT be present otherwise.  If the Status field in the
      reply is set to a value greater than or equal to 128, i.e., if the
      Proxy Binding Update is rejected, then the link-local address from
      the request MUST be copied to the Link-local Address option in the
      reply, otherwise the following considerations apply.

      *  If the received Proxy Binding Update message has the Link-local
         Address option with ALL_ZERO value and if there is an existing
         Binding Cache entry associated with this request, then the
         link-local address from the Binding Cache entry MUST be copied
         to the Link-local Address option in the reply.

      *  If the received Proxy Binding Update message has the Link-local
         Address option with ALL_ZERO value and if there is no existing
         Binding Cache entry associated with this request, then the
         local mobility anchor MUST generate the link-local address that
         the mobile access gateway can use on the point-to-point link
         shared with the mobile node.  This generated address MUST be
         copied to the Link-local Address option in the reply.  The same
         address MUST also be copied to the link-local address field of
         Binding Cache entry created for this mobility session.

      *  If the received Proxy Binding Update message has the Link-local
         Address option with NON_ZERO value, then the link-local address
         from the request MUST be copied to the Link-local Address
         option in the reply.  The same address MUST also be copied to
         the link-local address field of the Binding Cache entry
         associated with this request (after creating the Binding Cache
         entry, if one does not exist).

   o  If IPsec is used for protecting the signaling messages, the
      message MUST be protected using the security association existing
      between the local mobility anchor and the mobile access gateway.

   o  Unlike in Mobile IPv6 [RFC3775], the Type 2 Routing header MUST
      NOT be present in the IPv6 header of the packet.

5.4.  Multihoming Support

   This specification allows mobile nodes to connect to a Proxy Mobile
   IPv6 domain through multiple interfaces for simultaneous access.  The
   following are the key aspects of this multihoming support.

   o  When a mobile node connects to a Proxy Mobile IPv6 domain through
      multiple interfaces for simultaneous access, the local mobility
      anchor MUST allocate a mobility session for each of the attached
      interfaces.  Each mobility session should be managed under a
      separate Binding Cache entry and with its own lifetime.

   o  The local mobility anchor MAY allocate more than one home network
      prefix for a given interface of the mobile node.  However, all the
      prefixes associated with a given interface MUST be managed as part
      of one mobility session, associated with that interface.

   o  The local mobility anchor MUST allow for a handoff between two
      different interfaces of a mobile node.  In such a scenario, all
      the home network prefixes associated with one interface (part of
      one mobility session) will be associated with a different
      interface of the mobile node.  The decision on when to create a
      new mobility session and when to update an existing mobility
      session MUST be based on the Handover hint present in the Proxy
      Binding Update message and under the considerations specified in
      this section.

5.4.1.  Binding Cache Entry Lookup Considerations

   There can be multiple Binding Cache entries for a given mobile node.
   When doing a lookup for a mobile node's Binding Cache entry for
   processing a received Proxy Binding Update message, the local
   mobility anchor MUST apply the following multihoming considerations
   (in the below specified order, starting with Section 5.4.1.1).  These
   rules are chained with the processing rules specified in Section 5.3.

5.4.1.1.  Home Network Prefix Option (NON_ZERO Value) Present in the
          Request

 +=====================================================================+
 |                Registration/De-Registration Message                 |
 +=====================================================================+
 |             At least one HNP Option with NON_ZERO Value             |
 +=====================================================================+
 |                                 ATT                                 |
 +=====================================================================+
 |   MN-LL-Identifier Opt Present   | MN-LL-Identifier Opt Not Present |
 +=====================================================================+
 |                                 HI                                  |
 +==================================+==================================+
 | BCE Lookup Key: Any of the Home Network Prefixes from the request   |
 +=====================================================================+

   Figure 7: Binding Cache Entry (BCE) Lookup Using Home Network Prefix

   If there is at least one Home Network Prefix option present in the
   request with a NON_ZERO prefix value and irrespective of the presence
   of the Mobile Node Link-layer Identifier option in the request, the
   following considerations MUST be applied.  If there is more than one
   instance of the Home Network Prefix option, any one of the Home
   Network Prefix options present in the request (with NON_ZERO prefix
   value) can be used for locating the Binding Cache entry.

   1.  The local mobility anchor MUST verify if there is an existing
       Binding Cache entry with one of its home network prefixes
       matching the prefix value in one of the Home Network Prefix
       options of the received Proxy Binding Update message.

   2.  If a Binding Cache entry does not exist (with one of its home
       network prefixes in the Binding Cache entry matching the prefix
       value in one of the Home Network Prefix options of the received
       Proxy Binding Update message), the request MUST be considered as
       a request for creating a new mobility session.

   3.  If there exists a Binding Cache entry (with one of its home
       network prefixes in the Binding Cache entry matching the prefix
       value in one of the Home Network Prefix options of the received
       Proxy Binding Update message), but if the mobile node identifier
       in the entry does not match the mobile node identifier in the
       Mobile Node Identifier option of the received Proxy Binding
       Update message, the local mobility anchor MUST reject the request
       with the Status field value set to
       NOT_AUTHORIZED_FOR_HOME_NETWORK_PREFIX (mobile node is not
       authorized for one or more of the requesting home network
       prefixes).

   4.  If there exists a Binding Cache entry (matching MN-Identifier and
       one of its home network prefixes in the Binding Cache entry
       matching the prefix value in one of the Home Network Prefix
       options of the received Proxy Binding Update message), but if all
       the prefixes in the request do not match all the prefixes in the
       Binding Cache entry, or if they do not match in count, then the
       local mobility anchor MUST reject the request with the Status
       field value set to BCE_PBU_PREFIX_SET_DO_NOT_MATCH (all the home
       network prefixes listed in the BCE do not match all the prefixes
       in the received PBU).

   5.  If there exists a Binding Cache entry (matching MN-Identifier and
       all the home network prefixes in the Binding Cache entry matching
       all the home network prefixes in the received Proxy Binding
       Update message) and if any one or more of these below stated
       conditions are true, the request MUST be considered as a request
       for updating that Binding Cache entry.

       *  If there is a Mobile Node Link-layer Identifier option present
          in the request and if the link-layer identifier in the option
          matches the link-layer identifier of the Binding Cache entry
          and the access technology type in the Access Technology Type
          option present in the request matches the access technology
          type in the Binding Cache entry.

       *  If the Handoff Indicator field in the Handoff Indicator option
          present in the request is set to a value of 2 (Handoff between
          two different interfaces of the mobile node).

       *  If there is no Mobile Node Link-layer Identifier option
          present in the request, the link-layer identifier value in the
          Binding Cache entry is set to ALL_ZERO, the access technology
          type field in the Access Technology Type option present in the
          request matches the access technology type in the Binding
          Cache entry, and if the Handoff Indicator field in the Handoff
          Indicator option present in the request is set to a value of 3
          (Handoff between mobile access gateways for the same
          interface).

       *  If the Proxy-CoA in the Binding Cache entry matches the source
          address of the request (or the address in the Alternate
          Care-of Address option, if the option is present) and if the
          access technology type field in the Access Technology Type
          option present in the request matches the access technology
          type in the Binding Cache entry.

   6.  For all other cases, the message MUST be considered as a request
       for creating a new mobility session.  However, if the received
       Proxy Binding Update message has the lifetime value of zero and
       if the request cannot be associated with any existing mobility
       session, the message MUST be silently ignored.

5.4.1.2.  Mobile Node Link-layer Identifier Option Present in the
          Request

 +=====================================================================+
 |                   Registration/De-Registration Message              |
 +=====================================================================+
 |                  No HNP option with a NON_ZERO Value                |
 +=====================================================================+
 |                                 ATT                                 |
 +=====================================================================+
 |         MN-LL-Identifier Option Present (NON_ZERO Value)            |
 +=====================================================================+
 |                                 HI                                  |
 +==================================+==================================+
 |  BCE Lookup Keys: (MN-Identifier + ATT + MN-LL-Identifier)          |
 +=====================================================================+

             Figure 8: BCE Lookup Using Link-layer Identifier

   If there is no Home Network Prefix option present in the request with
   a NON_ZERO prefix value, but if there is a Mobile Node Link-layer
   Identifier option present in the request, then the following
   considerations MUST be applied for locating the Binding Cache entry.

   1.  The local mobility anchor MUST verify if there is an existing
       Binding Cache entry, with the mobile node identifier matching the
       identifier in the received Mobile Node Identifier option, access
       technology type matching the value in the received Access
       Technology Type option, and the link-layer identifier value
       matching the identifier in the received Mobile Node Link-layer
       Identifier option.

   2.  If there exists a Binding Cache entry (matching MN-Identifier,
       Access Technology Type (ATT), and MN-LL-Identifier), the request
       MUST be considered as a request for updating that Binding Cache
       entry.

   3.  If there does not exist a Binding Cache entry (matching MN-
       Identifier, ATT, and MN-LL-Identifier) and the Handoff Indicator
       field in the Handoff Indicator option present in the request is
       set to a value of 2 (Handoff between two different interfaces of
       the mobile node).  The local mobility anchor MUST apply the
       following additional considerations.

       *  The local mobility anchor MUST verify if there exists one and
          only one Binding Cache entry with the mobile node identifier
          matching the identifier in the Mobile Node Identifier option
          present in the request and for any link-layer identifier

          value.  If there exists only one such entry (matching the MN-
          Identifier), the request MUST be considered as a request for
          updating that Binding Cache entry.

   4.  If there does not exist a Binding Cache entry (matching MN-
       Identifier, ATT, and MN-LL-Identifier) and if the Handoff
       Indicator field in the Handoff Indicator option present in the
       request is set to a value of 4 (Handoff state unknown), the local
       mobility anchor MUST apply the following additional
       considerations.

       *  The local mobility anchor MUST verify if there exists one and
          only one Binding Cache entry with the mobile node identifier
          matching the identifier in the Mobile Node Identifier option
          present in the request and for any link-layer identifier
          value.  If there exists only one such entry (matching the MN-
          Identifier), the local mobility anchor SHOULD wait until the
          existing Binding Cache entry is de-registered by the
          previously serving mobile access gateway, before the request
          can be considered as a request for updating that Binding Cache
          entry.  However, if there is no de-registration message that
          is received within MaxDelayBeforeNewBCEAssign amount of time,
          the local mobility anchor, upon accepting the request, MUST
          consider the request as a request for creating a new mobility
          session.  The local mobility anchor MAY also choose to create
          a new mobility session without waiting for a de-registration
          message, and this should be configurable on the local mobility
          anchor.

   5.  For all other cases, the message MUST be considered as a request
       for creating a new mobility session.  However, if the received
       Proxy Binding Update message has the lifetime value of zero and
       if the request cannot be associated with any existing mobility
       session, the message MUST be silently ignored.

5.4.1.3.  Mobile Node Link-layer Identifier Option Not Present in the
          Request

 +=====================================================================+
 |                 Registration/De-Registration Message                |
 +=====================================================================+
 |                 No HNP option with a NON_ZERO Value                 |
 +=====================================================================+
 |                                 ATT                                 |
 +=====================================================================+
 |                 MN-LL-Identifier Option Not Present                 |
 +=====================================================================+
 |                                 HI                                  |
 +==================================+==================================+
 |                   BCE Lookup Key: (MN-Identifier)                   |
 +=====================================================================+

             Figure 9: BCE Lookup Using Mobile Node Identifier

   If there is no Home Network Prefix option present in the request with
   a NON_ZERO prefix value and if there is also no Mobile Node Link-
   layer Identifier option present in the request, then the following
   considerations MUST be applied for locating the Binding Cache entry.

   1.  The local mobility anchor MUST verify if there exists one and
       only one Binding Cache entry with the mobile node identifier
       matching the identifier in the Mobile Node Identifier option
       present in the request.

   2.  If there exists only one such entry (matching the MN-Identifier)
       and the Handoff Indicator field in the Handoff Indicator option
       present in the request is set to a value of 2 (Handoff between
       two different interfaces of the mobile node) or set to a value of
       3 (Handoff between mobile access gateways for the same
       interface), then the request MUST be considered as a request for
       updating that Binding Cache entry.

   3.  If there exists only one such entry (matching the MN-Identifier)
       and the Handoff Indicator field in the Handoff Indicator option
       present in the request is set to a value of 4 (Handoff state
       unknown), the local mobility anchor SHOULD wait until the
       existing Binding Cache entry is de-registered by the previously
       serving mobile access gateway before the request can be
       considered as a request for updating that Binding Cache entry.
       However, if there is no de-registration message that is received
       within MaxDelayBeforeNewBCEAssign amount of time, the local
       mobility anchor, upon accepting the request, MUST consider the
       request as a request for creating a new mobility session.  The

       local mobility anchor MAY also choose to create a new mobility
       session without waiting for a de-registration message, and this
       should be configurable on the local mobility anchor.

   4.  For all other cases, the message MUST be considered as a request
       for creating a new mobility session.  However, if the received
       Proxy Binding Update message has the lifetime value of zero and
       if the request cannot be associated with any existing mobility
       session, the message MUST be silently ignored.

5.5.  Timestamp Option for Message Ordering

   Mobile IPv6 [RFC3775] uses the Sequence Number field in binding
   registration messages as a way for the home agent to process the
   binding updates in the order they were sent by a mobile node.  The
   home agent and the mobile node are required to manage this counter
   over the lifetime of a binding.  However, in Proxy Mobile IPv6, as
   the mobile node moves from one mobile access gateway to another and
   in the absence of mechanisms such as context transfer between the
   mobile access gateways, the serving mobile access gateway will be
   unable to determine the sequence number that it needs to use in the
   signaling messages.  Hence, the sequence number scheme, as specified
   in [RFC3775], will be insufficient for Proxy Mobile IPv6.

   If the local mobility anchor cannot determine the sending order of
   the received Proxy Binding Update messages, it may potentially
   process an older message sent by a mobile access gateway where the
   mobile node was previously anchored, but delivered out of order,
   resulting in incorrectly updating the mobile node's Binding Cache
   entry and creating a routing state for tunneling the mobile node's
   traffic to the previous mobile access gateway.

   For solving this problem, this specification adopts two alternative
   solutions.  One is based on timestamps and the other based on
   sequence numbers, as defined in [RFC3775].

   The basic principle behind the use of timestamps in binding
   registration messages is that the node generating the message inserts
   the current time of day, and the node receiving the message checks
   that this timestamp is greater than all previously accepted
   timestamps.  The timestamp-based solution may be used when the
   serving mobile access gateways in a Proxy Mobile IPv6 domain do not
   have the ability to obtain the last sequence number that was sent in
   a Proxy Binding Update message for updating a given mobile node's
   binding.

   Clock drift reduces the effectiveness of the timestamp mechanism.
   The time required for reconnection is the total of the time required
   for the mobile node to roam between two mobile access gateways and
   the time required for the serving mobile access gateway to detect the
   mobile node on its access link and construct the Proxy Binding Update
   message.  If the clock skew on any one of these two neighboring
   mobile access gateways (relative to the common time source used for
   clock synchronization) is more than half this reconnection time, the
   timestamp solution will not predictably work in all cases and hence
   SHOULD NOT be used.

   As an alternative to the Timestamp-based approach, the specification
   also allows the use of Sequence-Number-based scheme, as specified in
   [RFC3775].  However, for this scheme to work, the serving mobile
   access gateway in a Proxy Mobile IPv6 domain MUST have the ability to
   obtain the last sequence number that was sent in a binding
   registration message for that mobility session.  The sequence number
   MUST be maintained on a mobile node's per mobility session basis and
   MUST be available to the serving mobile access gateway.  This may be
   achieved by using context transfer schemes or by maintaining the
   sequence number in a policy store.  However, the specific details on
   how the mobile node's sequence number is made available to the
   serving mobile access gateway prior to sending the Proxy Binding
   Update message is outside the scope of this document.

   Using the Timestamp-Based Approach:

   1.  A local mobility anchor implementation MUST support the Timestamp
       option.  If the Timestamp option is present in the received Proxy
       Binding Update message, then the local mobility anchor MUST
       include a valid Timestamp option in the Proxy Binding
       Acknowledgement message that it sends to the mobile access
       gateway.

   2.  All the mobility entities in a Proxy Mobile IPv6 domain that are
       exchanging binding registration messages using the Timestamp
       option MUST have adequately synchronized time-of-day clocks.
       This is the essential requirement for this solution to work.  If
       this requirement is not met, the solution will not predictably
       work in all cases.

   3.  The mobility entities in a Proxy Mobile IPv6 domain SHOULD
       synchronize their clocks to a common time source.  For
       synchronizing the clocks, the nodes MAY use the Network Time
       Protocol [RFC4330].  Deployments MAY also adopt other approaches
       suitable for that specific deployment.  Alternatively, if there
       is a mobile node generated timestamp that is increasing at every
       attachment to the access link and if that timestamp is available

       to the mobile access gateway (e.g., the Timestamp option in the
       SEND [RFC3971] messages that the mobile node sends), the mobile
       access gateway can use this timestamp or sequence number in the
       Proxy Binding Update messages and does not have to depend on any
       external clock source.  However, the specific details on how this
       is achieved are outside the scope of this document.

   4.  When generating the timestamp value for building the Timestamp
       option, the mobility entities MUST ensure that the generated
       timestamp is the elapsed time past the same reference epoch, as
       specified in the format for the Timestamp option (Section 8.8).

   5.  If the Timestamp option is present in the received Proxy Binding
       Update message, the local mobility anchor MUST ignore the
       sequence number field in the message.  However, it MUST copy the
       sequence number from the received Proxy Binding Update message to
       the Proxy Binding Acknowledgement message.

   6.  Upon receipt of a Proxy Binding Update message with the Timestamp
       option, the local mobility anchor MUST check the timestamp field
       for validity.  In order for it to be considered valid, the
       following MUST be true.

       *  The timestamp value contained in the Timestamp option MUST be
          close enough (within TimestampValidityWindow amount of time
          difference) to the local mobility anchor's time-of-day clock.
          However, if the flag MobileNodeGeneratedTimestampInUse is set
          to a value of 1, the local mobility anchor MUST ignore this
          check and perform only the following check.

       *  The timestamp MUST be greater than all previously accepted
          timestamps in the Proxy Binding Update messages sent for that
          mobile node.

   7.  If the timestamp value in the received Proxy Binding Update is
       valid (validity as specified in the above considerations) or if
       the flag MobileNodeGeneratedTimestampInUse is set to value of 1,
       the local mobility anchor MUST return the same timestamp value in
       the Timestamp option included in the Proxy Binding
       Acknowledgement message that it sends to the mobile access
       gateway.

   8.  If the timestamp value in the received Proxy Binding Update is
       lower than the previously accepted timestamp in the Proxy Binding
       Update messages sent for that mobility binding, the local
       mobility anchor MUST reject the Proxy Binding Update message and
       send a Proxy Binding Acknowledgement message with the Status
       field set to TIMESTAMP_LOWER_THAN_PREV_ACCEPTED (Timestamp lower

       than previously accepted timestamp).  The message MUST also
       include the Timestamp option with the value set to the current
       time of day on the local mobility anchor.

   9.  If the timestamp value in the received Proxy Binding Update is
       not valid (validity as specified in the above considerations),
       the local mobility anchor MUST reject the Proxy Binding Update
       and send a Proxy Binding Acknowledgement message with the Status
       field set to TIMESTAMP_MISMATCH (Timestamp mismatch).  The
       message MUST also include the Timestamp option with the value set
       to the current time of day on the local mobility anchor.

   Using the Sequence-Number-Based Approach:

   1.  If the Timestamp option is not present in the received Proxy
       Binding Update message, the local mobility anchor MUST fall back
       to the Sequence-Number-based scheme.  It MUST process the
       sequence number field as specified in [RFC3775].  Also, it MUST
       NOT include the Timestamp option in the Proxy Binding
       Acknowledgement messages that it sends to the mobile access
       gateway.

   2.  An implementation MUST support the Sequence-Number-based scheme,
       as specified in [RFC3775].

   3.  The Sequence-Number-based approach can be used only when there is
       some mechanism (such as context transfer procedure between mobile
       access gateways) that allows the serving mobile access gateway to
       obtain the last sequence number that was sent in a Proxy Binding
       Update message for updating a given mobile node's binding.

5.6.  Routing Considerations

5.6.1.  Bi-Directional Tunnel Management

   The bi-directional tunnel MUST be used for routing the mobile node's
   data traffic between the mobile access gateway and the local mobility
   anchor.  A tunnel hides the topology and enables a mobile node to use
   address(es) from its home network prefix(es) from any access link in
   that Proxy Mobile IPv6 domain.  A tunnel may be created dynamically
   when needed and removed when not needed.  However, implementations
   MAY choose to use static pre-established tunnels instead of
   dynamically creating and tearing them down on a need basis.  The
   following considerations MUST be applied when using dynamically
   created tunnels.

   o  A bi-directional tunnel MUST be established between the local
      mobility anchor and the mobile access gateway and the local
      mobility anchor with IPv6-in-IPv6 encapsulation, as described in
      [RFC2473].  The tunnel endpoints are the Proxy-CoA and LMAA.
      However, when using IPv4 transport, the endpoints of the tunnel
      are IPv4-LMAA and IPv4-Proxy-CoA with the encapsulation mode as
      specified in [IPV4-PMIP6].

   o  Implementations MAY use a software timer for managing the tunnel
      lifetime and a counter for keeping a count of all the mobile nodes
      that are sharing the tunnel.  The timer value can be set to the
      accepted binding lifetime and can be updated after each periodic
      re-registration for extending the lifetime.  If the tunnel is
      shared for multiple mobile nodes, the tunnel lifetime must be set
      to the highest binding lifetime that is granted to any one of
      those mobile nodes sharing that tunnel.

   o  The tunnel SHOULD be deleted when either the tunnel lifetime
      expires or when there are no mobile nodes sharing the tunnel.

5.6.2.  Forwarding Considerations

   Intercepting Packets Sent to the Mobile Node's Home Network:

   o  When the local mobility anchor is serving a mobile node, it MUST
      be able to receive packets that are sent to the mobile node's home
      network.  In order for it to receive those packets, it MUST
      advertise a connected route in to the Routing Infrastructure for
      the mobile node's home network prefix(es) or for an aggregated
      prefix with a larger scope.  This essentially enables IPv6 routers
      in that network to detect the local mobility anchor as the last-
      hop router for the mobile node's home network prefix(es).

   Forwarding Packets to the Mobile Node:

   o  On receiving a packet from a correspondent node with the
      destination address matching a mobile node's home network
      prefix(es), the local mobility anchor MUST forward the packet
      through the bi-directional tunnel set up for that mobile node.

   o  The format of the tunneled packet is shown below.  Considerations
      from [RFC2473] MUST be applied for IPv6 encapsulation.  However,
      when using IPv4 transport, the format of the packet is as
      described in [IPV4-PMIP6].

        IPv6 header (src= LMAA, dst= Proxy-CoA  /* Tunnel Header */
           IPv6 header (src= CN, dst= MN-HOA )  /* Packet Header */
              Upper layer protocols             /* Packet Content*/

                  Figure 10: Tunneled Packet from LMA to MAG

   o  The format of the tunneled packet is shown below, when payload
      protection using IPsec is enabled for the mobile node's data
      traffic.  However, when using IPv4 transport, the format of the
      packet is as described in [IPV4-PMIP6].

        IPv6 header (src= LMAA, dst= Proxy-CoA     /* Tunnel Header */
           ESP Header in tunnel mode               /* ESP Header */
              IPv6 header (src= CN, dst= MN-HoA )  /* Packet Header */
                 Upper layer protocols             /* Packet Content*/

      Figure 11: Tunneled Packet from LMA to MAG with Payload Protection

   Forwarding Packets Sent by the Mobile Node:

   o  All the reverse tunneled packets that the local mobility anchor
      received from the mobile access gateway, after removing the tunnel
      header MUST be routed to the destination specified in the inner
      packet header.  These routed packets will have the Source Address
      field set to the mobile node's home address.  Considerations from
      [RFC2473] MUST be applied for IPv6 decapsulation.

5.6.3.  Explicit Congestion Notification (ECN) Considerations for Proxy
        Mobile IPv6 Tunnels

   This section describes how the ECN information needs to be handled by
   the mobility agents at the tunnel entry and exit points.  The ECN
   considerations for IP tunnels are specified in [RFC3168], and the
   same considerations apply to Proxy Mobile IPv6 tunnels (using IPv6-
   in-IPv6 encapsulation mode).  Specifically, the full-functionality
   option MUST be supported.  The relevant ECN considerations from
   [RFC3168] are summarized here for convenience.

   Encapsulation Considerations:

   o  If the Explicit Congestion Notification (ECN) field in the inner
      header is set to ECT(0) or ECT(1), where ECT stands for ECN-
      Capable Transport (ECT), the ECN field from the inner header MUST
      be copied to the outer header.  Additionally, when payload
      protection using IPsec is enabled for the mobile node's data
      traffic, the ECN considerations from [RFC4301] MUST be applied.

   Decapsulation Considerations:

   o  If the Explicit Congestion Notification (ECN) field in the inner
      header is set to ECT(0) or ECT(1), and if the ECN field in the
      outer header is set to Congestion Experienced (CE), then the ECN
      field in the inner header MUST be set to CE.  Otherwise, the ECN
      field in the inner header MUST NOT be modified.  Additionally,
      when payload protection using IPsec is enabled for the mobile
      node's data traffic, the ECN considerations from [RFC4301] MUST be
      applied.

5.7.  Local Mobility Anchor Address Discovery

   Dynamic Home Agent Address Discovery (DHAAD), as explained in Section
   10.5 of [RFC3775], allows a mobile node to discover all the home
   agents on its home link by sending an ICMP Home Agent Address
   Discovery Request message to the Mobile IPv6 Home Agent's anycast
   address, derived from its home network prefix.

   The DHAAD message in the current form cannot be used in Proxy Mobile
   IPv6 for discovering the address of the mobile node's local mobility
   anchor.  In Proxy Mobile IPv6, the local mobility anchor will not be
   able to receive any messages sent to the Mobile IPv6 Home Agent's
   anycast address corresponding to the mobile node's home network
   prefix(es), as the prefix(es) is not hosted on any of its interfaces.
   Further, the mobile access gateway will not predictably be able to
   locate the serving local mobility anchor that has the mobile node's
   binding cache entry.  Hence, this specification does not support
   Dynamic Home Agent Address Discovery protocol.

   In Proxy Mobile IPv6, the address of the local mobility anchor
   configured to serve a mobile node can be discovered by the mobility
   access gateway entity via other means.  The LMA to be assigned to a
   mobile node may be a configured entry in the mobile node's policy
   profile, or it may be obtained through mechanisms outside the scope
   of this document.

5.8.  Mobile Prefix Discovery Considerations

   This specification does not support mobile prefix discovery.  The
   mobile prefix discovery mechanism as specified in [RFC3775] is not
   applicable to Proxy Mobile IPv6.

5.9.  Route Optimization Considerations

   The Route Optimization in Mobile IPv6, as defined in [RFC3775],
   enables a mobile node to communicate with a correspondent node
   directly using its care-of address and further the Return Routability
   procedure enables the correspondent node to have reasonable trust
   that the mobile node is reachable at both its home address and
   care-of address.

   This specification does not support the Route Optimization specified
   in Mobile IPv6 [RFC3775].  However, this specification does support
   another form of route optimization, as specified in Section 6.10.3.

6.  Mobile Access Gateway Operation

   The Proxy Mobile IPv6 protocol described in this document introduces
   a new functional entity, the mobile access gateway (MAG).  The mobile
   access gateway is the entity that is responsible for detecting the
   mobile node's movements to and from the access link and sending the
   Proxy Binding Update messages to the local mobility anchor.  In
   essence, the mobile access gateway performs mobility management on
   behalf of a mobile node.

   The mobile access gateway is a function that typically runs on an
   access router.  However, implementations MAY choose to split this
   function and run it across multiple systems.  The specifics on how
   that is achieved or the signaling interactions between those
   functional entities are beyond the scope of this document.

   The mobile access gateway has the following key functional roles:

   o  It is responsible for detecting the mobile node's movements on the
      access link and for initiating the mobility signaling with the
      mobile node's local mobility anchor.

   o  Emulation of the mobile node's home link on the access link by
      sending Router Advertisement messages containing the mobile node's
      home network prefix(es), each prefix carried using the Prefix
      Information option [RFC4861].

   o  Responsible for setting up the forwarding for enabling the mobile
      node to configure one or more addresses from its home network
      prefix(es) and use it from the attached access link.

6.1.  Extensions to Binding Update List Entry Data Structure

   Every mobile access gateway MUST maintain a Binding Update List.
   Each entry in the Binding Update List represents a mobile node's
   mobility binding with its local mobility anchor.  The Binding Update
   List is a conceptual data structure, described in Section 11.1 of
   [RFC3775].

   For supporting this specification, the conceptual Binding Update List
   entry data structure needs be extended with the following additional
   fields.

   o  The identifier of the attached mobile node, MN-Identifier.  This
      identifier is acquired during the mobile node's attachment to the
      access link through mechanisms outside the scope of this document.

   o  The link-layer identifier of the mobile node's connected
      interface.  This can be acquired from the received Router
      Solicitation messages from the mobile node or during the mobile
      node's attachment to the access network.  This is typically a
      link-layer identifier conveyed by the mobile node; however, the
      specific details on how that is conveyed is out of scope for this
      specification.  If this identifier is not available, this variable
      length field MUST be set to two (octets) and MUST be initialized
      to a value of ALL_ZERO.

   o  A list of IPv6 home network prefixes assigned to the mobile node's
      connected interface.  The home network prefix(es) may have been
      statically configured in the mobile node's policy profile, or, may
      have been dynamically allocated by the local mobility anchor.
      Each of these prefix entries will also include the corresponding
      prefix length.

   o  The Link-local address of the mobile access gateway on the access
      link shared with the mobile node.

   o  The IPv6 address of the local mobility anchor serving the attached
      mobile node.  This address is acquired from the mobile node's
      policy profile or from other means.

   o  The interface identifier (if-id) of the point-to-point link
      between the mobile node and the mobile access gateway.  This is
      internal to the mobile access gateway and is used to associate the
      Proxy Mobile IPv6 tunnel to the access link where the mobile node
      is attached.

   o  The tunnel interface identifier (tunnel-if-id) of the bi-
      directional tunnel between the mobile node's local mobility anchor
      and the mobile access gateway.  This is internal to the mobile
      access gateway.  The tunnel interface identifier is acquired
      during the tunnel creation.

6.2.  Mobile Node's Policy Profile

   A mobile node's policy profile contains the essential operational
   parameters that are required by the network entities for managing the
   mobile node's mobility service.  These policy profiles are stored in
   a local or a remote policy store.  The mobile access gateway and the
   local mobility anchor MUST be able to obtain a mobile node's policy
   profile.  The policy profile MAY also be handed over to a serving
   mobile access gateway as part of a context transfer procedure during
   a handoff or the serving mobile access gateway MAY be able to
   dynamically generate this profile.  The exact details on how this
   achieved is outside the scope of this document.  However, this
   specification requires that a mobile access gateway serving a mobile
   node MUST have access to its policy profile.

   The following are the mandatory fields of the policy profile:

   o  The mobile node's identifier (MN-Identifier)

   o  The IPv6 address of the local mobility anchor (LMAA)

   The following are the optional fields of the policy profile:

   o  The mobile node's IPv6 home network prefix(es) assigned to the
      mobile node's connected interface.  These prefixes have to be
      maintained on a per-interface basis.  There can be multiple unique
      entries for each interface of the mobile node.  The specific
      details on how the network maintains this association between the
      prefix set and the interfaces, specially during the mobility
      session handoff between interfaces, is outside the scope of this
      document.

   o  The mobile node's IPv6 home network Prefix lifetime.  This
      lifetime will be the same for all the hosted prefixes on the link,
      as they all are part of one mobility session.  This value can also
      be the same for all the mobile node's mobility sessions.

   o  Supported address configuration procedures (Stateful, Stateless,
      or both) for the mobile node in the Proxy Mobile IPv6 domain

6.3.  Supported Access Link Types

   This specification supports only point-to-point access link types,
   and thus, it assumes that the mobile node and the mobile access
   gateway are the only two nodes on the access link.  The link is
   assumed to have multicast capability.

   This protocol may also be used on other link types, as long as the
   link is configured in such a way that it emulates point-to-point
   delivery between the mobile node and the mobile access gateway for
   all the protocol traffic.

   It is also necessary to be able to identify mobile nodes attaching to
   the link.  Requirements relating to this are covered in Section 6.6.

   Finally, while this specification can operate without link-layer
   indications of node attachment and detachment to the link, the
   existence of such indications either on the network or mobile node
   side improves the resulting performance.

6.4.  Supported Address Configuration Modes

   A mobile node in the Proxy Mobile IPv6 domain can configure one or
   more global IPv6 addresses on its interface (using Stateless,
   Stateful address autoconfiguration procedures or manual address
   configuration) from the hosted prefix(es) on that link.  The Router
   Advertisement messages sent on the access link specify the address
   configuration methods permitted on that access link for that mobile
   node.  However, the advertised flags, with respect to the address
   configuration, will be consistent for a mobile node, on any of the
   access links in that Proxy Mobile IPv6 domain.  Typically, these
   configuration settings will be based on the domain-wide policy or
   based on a policy specific to each mobile node.

   When stateless address autoconfiguration is supported on the access
   link, the mobile node can generate one or more IPv6 addresses from
   the hosted prefix(es) by standard IPv6 mechanisms such as Stateless
   Autoconfiguration [RFC4862] or Privacy extensions [RFC4941].

   When stateful address autoconfiguration is supported on the link, the
   mobile node can obtain the address configuration from the DHCP server
   located in the Proxy Mobile IPv6 domain, by standard DHCP mechanisms,
   as specified in [RFC3315].  The obtained address(es) will be from its
   home network prefix(es).  Section 6.11 specifies the details on how
   this configuration can be achieved.

   Additionally, other address configuration mechanisms specific to the
   access link between the mobile node and the mobile access gateway may
   also be used for delivering the address configuration to the mobile
   node.  This specification does not modify the behavior of any of the
   standard IPv6 address configuration mechanisms.

6.5.  Access Authentication and Mobile Node Identification

   When a mobile node attaches to an access link connected to the mobile
   access gateway, the deployed access security protocols on that link
   SHOULD ensure that the network-based mobility management service is
   offered only after authenticating and authorizing the mobile node for
   that service.  The exact specifics on how this is achieved or the
   interactions between the mobile access gateway and the access
   security service are outside the scope of this document.  This
   specification goes with the stated assumption of having an
   established trust between the mobile node and the mobile access
   gateway before the protocol operation begins.

6.6.  Acquiring Mobile Node's Identifier

   All the network entities in a Proxy Mobile IPv6 domain MUST be able
   to identify a mobile node, using its MN-Identifier.  This identifier
   MUST be stable and unique across the Proxy Mobile IPv6 domain.  The
   mobility entities in the Proxy Mobile IPv6 domain MUST be able to use
   this identifier in the signaling messages and unambiguously identify
   a given mobile node.  The following are some of the considerations
   related to this MN-Identifier.

   o  The MN-Identifier is typically obtained as part of the access
      authentication or from a notified network attachment event.  In
      cases where the user identifier authenticated during access
      authentication uniquely identifies a mobile node, the MN-
      Identifier MAY be the same as the user identifier.  However, the
      user identifier MUST NOT be used if it identifies a user account
      that can be used from more than one mobile node operating in the
      same Proxy Mobile IPv6 domain.

   o  In some cases, the obtained identifier, as part of the access
      authentication, can be a temporary identifier and further that
      temporary identifier may be different at each re-authentication.
      However, the mobile access gateway MUST be able to use this
      temporary identifier and obtain the mobile node's stable
      identifier from the policy store.  For instance, in AAA-based
      systems, the Remote Authentication Dial-In User Service (RADIUS)
      attribute, Chargeable-User-Identifier [RFC4372] may be used, as
      long as it uniquely identifies a mobile node, and not a user
      account that can be used with multiple mobile nodes.

   o  In some cases and for privacy reasons, the MN-Identifier that the
      policy store delivers to the mobile access gateway may not be the
      true identifier of the mobile node.  However, the mobility access
      gateway MUST be able to use this identifier in the signaling
      messages exchanged with the local mobility anchor.

   o  The mobile access gateway MUST be able to identify the mobile node
      by its MN-Identifier, and it MUST be able to associate this
      identity to the point-to-point link shared with the mobile node.

6.7.  Home Network Emulation

   One of the key functions of a mobile access gateway is to emulate the
   mobile node's home network on the access link.  It must ensure the
   mobile node does not detect any change with respect to its layer-3
   attachment even after it changes its point of attachment in that
   Proxy Mobile IPv6 domain.

   For emulating the mobile node's home link on the access link, the
   mobile access gateway must be able to send Router Advertisement
   messages advertising the mobile node's home network prefix(es)
   carried using the Prefix Information option(s) [RFC4861] and with
   other address configuration parameters consistent with its home link
   properties.  Typically, these configuration settings will be based on
   the domain-wide policy or based on a policy specific to each mobile
   node.

   Typically, the mobile access gateway learns the mobile node's home
   network prefix(es) details from the received Proxy Binding
   Acknowledgement message, or it may obtain them from the mobile node's
   policy profile.  However, the mobile access gateway SHOULD send the
   Router Advertisements advertising the mobile node's home network
   prefix(es) only after successfully completing the binding
   registration with the mobile node's local mobility anchor.

   When advertising the home network prefix(es) in the Router
   Advertisement messages, the mobile access gateway MAY set the prefix
   lifetime value for the advertised prefix(es) to any chosen value at
   its own discretion.  An implementation MAY choose to tie the prefix
   lifetime to the mobile node's binding lifetime.  The prefix lifetime
   can also be an optional configuration parameter in the mobile node's
   policy profile.

6.8.  Link-local and Global Address Uniqueness

   A mobile node in the Proxy Mobile IPv6 domain, as it moves from one
   mobile access gateway to the other, will continue to detect its home
   network and does not detect a change of layer-3 attachment.  Every

   time the mobile node attaches to a new link, the event related to the
   interface state change will trigger the mobile node to perform
   Duplicate Address Detection (DAD) operation on the link-local and
   global address(es).  However, if the mobile node is Detecting Network
   Attachment in IPv6 (DNAv6) enabled, as specified in [DNAV6], it may
   not detect the link change due to DNAv6 optimizations and may not
   trigger the duplicate address detection (DAD) procedure for its
   existing addresses, which may potentially lead to address collisions
   after the mobile node's handoff to a new link.

   The issue of address collision is not relevant to the mobile node's
   global address(es).  Since the assigned home network prefix(es) are
   for the mobile node's exclusive usage, no other node shares an
   address (other than Subnet-Router anycast address that is configured
   by the mobile access gateway) from the prefix(es), and so the
   uniqueness for the mobile node's global address is assured on the
   access link.

   The issue of address collision is however relevant to the mobile
   node's link-local addresses since the mobile access gateway and the
   mobile node will have link-local addresses configured from the same
   link-local prefix (FE80::/64).  This leaves a room for link-local
   address collision between the two neighbors (i.e., the mobile node
   and the mobile access gateway) on that access link.  For solving this
   problem, this specification requires that the link-local address that
   the mobile access gateway configures on the point-to-point link
   shared with a given mobile node be generated by the local mobility
   anchor and be stored in the mobile node's Binding Cache entry.  This
   address will not change for the duration of that mobile node's
   mobility session and can be provided to the serving mobile access
   gateway at every mobile node's handoff, as part of the Proxy Mobile
   IPv6 signaling messages.  The specific method by which the local
   mobility anchor generates the link-local address is out of scope for
   this specification.

   It is highly desirable that the access link on the mobile access
   gateway shared with the mobile node be provisioned in such a way that
   before the mobile node completes the DAD operation [RFC4862] on its
   link-local address, the mobile access gateway on that link is aware
   of its own link-local address provided by the local mobility anchor
   that it needs to use on that access link.  This essentially requires
   a successful completion of the Proxy Mobile IPv6 signaling by the
   mobile access gateway before the mobile node completes the DAD
   operation.  This can be achieved by ensuring that link-layer
   attachment does not complete until the Proxy Mobile IPv6 signaling is

   completed.  Alternatively, network and local mobility anchor capacity
   and signaling retransmission timers can be provisioned in such a way
   that signaling is likely to complete during the default waiting
   period associated with the DAD process.

   Optionally, implementations MAY choose to configure a fixed link-
   local address across all the access links in a Proxy Mobile IPv6
   domain and without a need for carrying this address from the local
   mobility anchor to the mobile access gateway in the Proxy Mobile IPv6
   signaling messages.  The configuration variable
   FixedMAGLinkLocalAddressOnAllAccessLinks determines the enabled mode
   in that Proxy Mobile IPv6 domain.

6.9.  Signaling Considerations

6.9.1.  Binding Registrations

6.9.1.1.  Mobile Node Attachment and Initial Binding Registration

   1.   After detecting a new mobile node on its access link, the mobile
        access gateway MUST identify the mobile node and acquire its MN-
        Identifier.  If it determines that the network-based mobility
        management service needs to be offered to the mobile node, it
        MUST send a Proxy Binding Update message to the local mobility
        anchor.

   2.   The Proxy Binding Update message MUST include the Mobile Node
        Identifier option [RFC4283], carrying the MN-Identifier for
        identifying the mobile node.

   3.   The Home Network Prefix option(s) MUST be present in the Proxy
        Binding Update message.  If the mobile access gateway learns the
        mobile node's home network prefix(es) either from its policy
        store or from other means, the mobile access gateway MAY choose
        to request the local mobility anchor to allocate the specific
        prefix(es) by including a Home Network Prefix option for each of
        those requested prefixes.  The mobile access gateway MAY also
        choose to include just one Home Network Prefix option with the
        prefix value of ALL_ZERO, for requesting the local mobility
        anchor to do the prefix assignment.  However, when including a
        Home Network Prefix option with the prefix value of ALL_ZERO,
        there MUST be only one instance of the Home Network prefix
        option in the request.

   4.   The Handoff Indicator option MUST be present in the Proxy
        Binding Update message.  The Handoff Indicator field in the
        Handoff Indicator option MUST be set to a value indicating the
        handoff hint.

        *  The Handoff Indicator field MUST be set to a value of 1
           (Attachment over a new interface) if the mobile access
           gateway determines (under the Handoff Indicator
           considerations specified in this section) that the mobile
           node's current attachment to the network over this interface
           is not as a result of a handoff of an existing mobility
           session (over the same interface or through a different
           interface), but as a result of an attachment over a new
           interface.  This essentially serves as a request to the local
           mobility anchor to create a new mobility session and not
           update any existing Binding Cache entry created for the same
           mobile node connected to the Proxy Mobile IPv6 domain through
           a different interface.

        *  The Handoff Indicator field MUST be set to a value of 2
           (Handoff between two different interfaces of the mobile node)
           if the mobile access gateway definitively knows the mobile
           node's current attachment is due to a handoff of an existing
           mobility session between two different interfaces of the
           mobile node.

        *  The Handoff Indicator field MUST be set to a value of 3
           (Handoff between mobile access gateways for the same
           interface) if the mobile access gateway definitively knows
           the mobile node's current attachment is due to a handoff of
           an existing mobility session between two mobile access
           gateways and for the same interface of the mobile node.

        *  The Handoff Indicator field MUST be set to a value of 4
           (Handoff state unknown) if the mobile access gateway cannot
           determine if the mobile node's current attachment is due to a
           handoff of an existing mobility session.

   5.   The mobile access gateway MUST apply the below considerations
        when choosing the value for the Handoff Indicator field.

        *  The mobile access gateway can choose to use the value 2
           (Handoff between two different interfaces of the mobile
           node), only when it knows that the mobile node has, on
           purpose, switched from one interface to another, and the
           previous interface is going to be disabled.  It may know this
           due to a number of factors.  For instance, most cellular
           networks have controlled handovers where the network knows
           that the host is moving from one attachment to another.  In
           this situation, the link-layer mechanism can inform the
           mobility functions that this is indeed a movement, not a new
           attachment.

        *  Some link layers have link-layer identifiers that can be used
           to distinguish (a) the movement of a particular interface to
           a new attachment from (b) the attachment of a new interface
           from the same host.  Option value 3 (Handoff between mobile
           access gateways for the same interface) is appropriate in
           case (a) and a value of 1 (Attachment over a new interface)
           in case (b).

        *  The mobile access gateway MUST NOT set the option value to 2
           (Handoff between two different interfaces of the mobile node)
           or 3 (Handoff between mobile access gateways for the same
           interface) if it cannot be determined that the mobile node
           can move the address between the interfaces involved in the
           handover or that it is the same interface that has moved.
           Otherwise, Proxy Mobile IPv6-unaware hosts that have multiple
           physical interfaces to the same domain may suffer unexpected
           failures.

        *  Where no support from the link layer exists, the host and the
           network would need to inform each other about the intended
           movement.  The Proxy Mobile IPv6 protocol does not specify
           this and simply requires that knowledge about movements can
           be derived either from the link-layer or from somewhere else.
           The method by which this is accomplished is outside the scope
           of this specification.

   6.   Either the Timestamp option or a valid sequence number
        maintained on a per mobile node's mobility session basis as
        specified in [RFC3775] (if the Sequence-Number-based scheme is
        in use) MUST be present.  This can be determined based on the
        value of the configuration flag TimestampBasedApproachInUse.
        When Timestamp option is added to the message, the mobile access
        gateway SHOULD also set the Sequence Number field to a value of
        a monotonically increasing counter (maintained at each mobile
        access gateway and not to be confused with the per mobile node
        sequence number specified in [RFC3775]).  The local mobility
        anchor will ignore this field when there is a Timestamp option
        present in the request, but will return the same value in the
        Proxy Binding Acknowledgement message.  This will be useful for
        matching the reply to the request message.

   7.   The Mobile Node Link-layer Identifier option carrying the link-
        layer identifier of the currently attached interface MUST be
        present in the Proxy Binding Update message, if the mobile
        access gateway is aware of the same.  If the link-layer
        identifier of the currently attached interface is not known or
        if the identifier value is ALL_ZERO, this option MUST NOT be
        present.

   8.   The Access Technology Type option MUST be present in the Proxy
        Binding Update message.  The access technology type field in the
        option SHOULD be set to the type of access technology by which
        the mobile node is currently attached to the mobile access
        gateway.

   9.   The Link-local Address option MUST be present in the Proxy
        Binding Update message only if the value of the configuration
        variable FixedMAGLinkLocalAddressOnAllAccessLinks is set to a
        value of ALL_ZERO; otherwise, the Link-local Address option MUST
        NOT be present in the request.  Considerations from Section 6.8
        MUST be applied when using the Link-local Address option.

        *  For querying the local mobility anchor to provide the link-
           local address that it should use on the point-to-point link
           shared with the mobile node, this option MUST be set to
           ALL_ZERO value.  This essentially serves as a request to the
           local mobility anchor to provide the link-local address that
           it can use on the access link shared with the mobile node.

   10.  The Proxy Binding Update message MUST be constructed as
        specified in Section 6.9.1.5.

   11.  If there is no existing Binding Update List entry for that
        mobile node, the mobile access gateway MUST create a Binding
        Update List entry for the mobile node upon sending the Proxy
        Binding Update message.

6.9.1.2.  Receiving Proxy Binding Acknowledgement

   On receiving a Proxy Binding Acknowledgement message (format
   specified in Section 8.2) from the local mobility anchor, the mobile
   access gateway MUST process the message as specified below.

   1.   The received Proxy Binding Acknowledgement message (a Binding
        Acknowledgement message with the (P) flag set to value of 1)
        MUST be authenticated as described in Section 4.  When IPsec is
        used for message authentication, the SPI in the IPsec header
        [RFC4306] of the received packet is needed for locating the
        security association, for authenticating the Proxy Binding
        Acknowledgement message.

   2.   The mobile access gateway MUST observe the rules described in
        Section 9.2 of [RFC3775] when processing Mobility Headers in the
        received Proxy Binding Acknowledgement message.

   3.   The mobile access gateway MUST apply the considerations
        specified in Section 5.5 for processing the Sequence Number
        field and the Timestamp option (if present) in the message.

   4.   The mobile access gateway MUST ignore any checks, specified in
        [RFC3775], related to the presence of a Type 2 Routing header in
        the Proxy Binding Acknowledgement message.

   5.   The mobile access gateway MAY use the mobile node identifier
        present in the Mobile Node Identifier option for matching the
        response to the request messages that it sent recently.
        However, if there is more than one request message in its
        request queue for the same mobile node, the sequence number
        field can be used for identifying the exact message from those
        messages.  There are other ways to achieve this and
        implementations are free to adopt the best approach that suits
        their implementation.  Additionally, if the received Proxy
        Binding Acknowledgement message does not match any of the Proxy
        Binding Update messages that it sent recently, the message MUST
        be ignored.

   6.   If the received Proxy Binding Acknowledgement message has any
        one or more of the following options, Handoff Indicator option,
        Access Technology Type option, Mobile Node Link-layer Identifier
        option, Mobile Node Identifier option, carrying option values
        that are different from the option values present in the
        corresponding request (Proxy Binding Update) message, the
        message MUST be ignored as the local mobility anchor is expected
        to echo back all these listed options and with the same option
        values in the reply message.  In this case, the mobile access
        gateway MUST NOT retransmit the Proxy Binding Update message
        until an administrative action is taken.

   7.   If the received Proxy Binding Acknowledgement message has the
        Status field value set to PROXY_REG_NOT_ENABLED (Proxy
        registration not enabled for the mobile node), the mobile access
        gateway SHOULD NOT send a Proxy Binding Update message again for
        that mobile node until an administrative action is taken.  It
        MUST deny the mobility service to that mobile node.

   8.   If the received Proxy Binding Acknowledgement message has the
        Status field value set to TIMESTAMP_LOWER_THAN_PREV_ACCEPTED
        (Timestamp value lower than previously accepted value), the
        mobile access gateway SHOULD try to register again to reassert
        the mobile node's presence on its access link.  The mobile
        access gateway is not specifically required to synchronize its
        clock upon receiving this error code.

   9.   If the received Proxy Binding Acknowledgement message has the
        Status field value set to TIMESTAMP_MISMATCH (Invalid timestamp
        value), the mobile access gateway SHOULD try to register again
        only after it has synchronized its clock to a common time source
        that is used by all the mobility entities in that domain for
        their clock synchronization.  The mobile access gateway SHOULD
        NOT synchronize its clock to the local mobility anchor's system
        clock, based on the timestamp present in the received message.

   10.  If the received Proxy Binding Acknowledgement message has the
        Status field value set to NOT_AUTHORIZED_FOR_HOME_NETWORK_PREFIX
        (The mobile node is not authorized for one or more of the
        requesting home network prefixes), the mobile access gateway
        SHOULD NOT request the same prefix(es) again, but MAY request
        the local mobility anchor to do the assignment of prefix(es) by
        including only one Home Network Prefix option with the prefix
        value set to ALL_ZERO.

   11.  If the received Proxy Binding Acknowledgement message has the
        Status field value set to any value greater than or equal to 128
        (i.e., if the binding is rejected), the mobile access gateway
        MUST NOT advertise the mobile node's home network prefix(es) in
        the Router Advertisement messages sent on that access link and
        MUST deny the mobility service to the mobile node by not
        forwarding any packets received from the mobile node using an
        address from the home network prefix(es).  It MAY also tear down
        the point-to-point link shared with the mobile node.

   12.  If the received Proxy Binding Acknowledgement message has the
        Status field value set to 0 (Proxy Binding Update accepted), the
        mobile access gateway MUST establish a bi-directional tunnel to
        the local mobility anchor (if there is no existing bi-
        directional tunnel to that local mobility anchor).
        Considerations from Section 5.6.1 MUST be applied for managing
        the dynamically created bi-directional tunnel.

   13.  The mobile access gateway MUST set up the route for forwarding
        the packets received from the mobile node using address(es) from
        its home network prefix(es) through the bi-directional setup for
        that mobile node.  The created tunnel and the routing state MUST
        result in the forwarding behavior on the mobile access gateway
        as specified in Section 6.10.5.

   14.  The mobile access gateway MUST also update the Binding Update
        List entry to reflect the accepted binding registration values.
        It MUST also advertise the mobile node's home network prefix(es)
        as the hosted on-link prefixes, by including them in the Router
        Advertisement messages that it sends on that access link.

   15.  If the received Proxy Binding Acknowledgement message has the
        address in the Link-local Address option set to a NON_ZERO
        value, the mobile access gateway SHOULD configure that link-
        local address on that point-to-point link and SHOULD NOT
        configure any other link-local address without performing a DAD
        operation [RFC4862].  This will avoid any potential link-local
        address collisions on that access link.  However, if the link-
        local address generated by the local mobility anchor happens to
        be already in use by the mobile node on that link, the mobile
        access gateway MUST NOT use that address, but SHOULD configure a
        different link-local address.  It SHOULD also upload this link-
        local address to the local mobility anchor by immediately
        sending a Proxy Binding Update message and by including this
        address in the Link-local Address option.

6.9.1.3.  Extending Binding Lifetime

   1.  For extending the lifetime of a currently registered mobile node
       (i.e., after a successful initial binding registration from the
       same mobile access gateway), the mobile access gateway can send a
       Proxy Binding Update message to the local mobility anchor with a
       new lifetime value.  This re-registration message MUST be
       constructed with the same set of options as the initial Proxy
       Binding Update message, under the considerations specified in
       Section 6.9.1.1.  However, the following exceptions apply.

   2.  There MUST be a Home Network Prefix option for each of the
       assigned home network prefixes assigned for that mobility session
       and with the prefix value in the option set to that respective
       prefix value.

   3.  The Handoff Indicator field in the Handoff Indicator option MUST
       be set to a value of 5 (Handoff state not changed - Re-
       Registration).

6.9.1.4.  Mobile Node Detachment and Binding De-Registration

   1.  If at any point the mobile access gateway detects that the mobile
       node has moved away from its access link, or if it decides to
       terminate the mobile node's mobility session, it SHOULD send a
       Proxy Binding Update message to the local mobility anchor with
       the lifetime value set to zero.  This de-registration message
       MUST be constructed with the same set of options as the initial
       Proxy Binding Update message, under the considerations specified
       in Section 6.9.1.1.  However, the following exceptions apply.

   2.  There MUST be a Home Network Prefix option for each of the
       assigned home network prefixes assigned for that mobility session
       and with the prefix value in the option set to the respective
       prefix value.

   3.  The Handoff Indicator field in the Handoff Indicator option MUST
       be set to a value of 4 (Handoff state unknown).

   Either upon receipt of a Proxy Binding Acknowledgement message from
   the local mobility anchor with the Status field set to 0 (Proxy
   Binding Update Accepted), or after INITIAL_BINDACK_TIMEOUT [RFC3775]
   timeout waiting for the reply, the mobile access gateway MUST do the
   following:

   1.  It MUST remove the Binding Update List entry for the mobile node
       from its Binding Update List.

   2.  It MUST remove the created routing state for tunneling the mobile
       node's traffic.

   3.  If there is a dynamically created tunnel to the mobile node's
       local mobility anchor and if there are not other mobile nodes for
       which the tunnel is being used, then the tunnel MUST be deleted.

   4.  It MUST tear down the point-to-point link shared with the mobile
       node.  This action will force the mobile node to remove any IPv6
       address configuration on the interface connected to this point-
       to-point link.

6.9.1.5.  Constructing the Proxy Binding Update Message

   o  The mobile access gateway, when sending the Proxy Binding Update
      message to the local mobility anchor, MUST construct the message
      as specified below.

          IPv6 header (src=Proxy-CoA, dst=LMAA)
            Mobility header
               - BU /* P & A flags MUST be set to value 1 */
              Mobility Options
               - Mobile Node Identifier option            (mandatory)
               - Home Network Prefix option(s)            (mandatory)
               - Handoff Indicator option                 (mandatory)
               - Access Technology Type option            (mandatory)
               - Timestamp option                         (optional)
               - Mobile Node Link-layer Identifier option (optional)
               - Link-local Address option                (optional)

                Figure 12: Proxy Binding Update Message Format

   o  The Source Address field in the IPv6 header of the message MUST be
      set to the global address configured on the egress interface of
      the mobile access gateway.  When there is no Alternate Care-of
      Address option present in the request, this address will be
      considered as the Proxy-CoA for this Proxy Binding Update message.
      However, when there is an Alternate Care-of Address option present
      in the request, this address will be not be considered as the
      Proxy-CoA, but the address in the Alternate Care-of Address option
      will be considered as the Proxy-CoA.

   o  The Destination Address field in the IPv6 header of the message
      MUST be set to the local mobility anchor address.

   o  The Mobile Node Identifier option [RFC4283] MUST be present.

   o  At least one Home Network Prefix option MUST be present.

   o  The Handoff Indicator option MUST be present.

   o  The Access Technology Type option MUST be present.

   o  The Timestamp option MAY be present.

   o  The Mobile Node Link-layer Identifier option MAY be present.

   o  The Link-local Address option MAY be present.

   o  If IPsec is used for protecting the signaling messages, the
      message MUST be protected, using the security association existing
      between the local mobility anchor and the mobile access gateway.

   o  Unlike in Mobile IPv6 [RFC3775], the Home Address option [RFC3775]
      MUST NOT be present in the IPv6 Destination Options extension
      header of the Proxy Binding Update message.

6.9.2.  Router Solicitation Messages

   A mobile node may send a Router Solicitation message on the access
   link shared with the mobile access gateway.  The Router Solicitation
   message that the mobile node sends is as specified in [RFC4861].  The
   mobile access gateway, on receiving the Router Solicitation message
   or before sending a Router Advertisement message, MUST apply the
   following considerations.

   1.  The mobile access gateway, on receiving the Router Solicitation
       message, SHOULD send a Router Advertisement message containing
       the mobile node's home network prefix(es) as the on-link
       prefix(es).  However, before sending the Router Advertisement

       message containing the mobile node's home network prefix(es), it
       SHOULD complete the binding registration process with the mobile
       node's local mobility anchor.

   2.  If the local mobility anchor rejects the Proxy Binding Update
       message, or, if the mobile access gateway failed to complete the
       binding registration process for whatever reason, the mobile
       access gateway MUST NOT advertise the mobile node's home network
       prefix(es) in the Router Advertisement messages that it sends on
       the access link.  However, it MAY choose to advertise a local
       visited network prefix to enable the mobile node for regular IPv6
       access.

   3.  The mobile access gateway SHOULD add the MTU option, as specified
       in [RFC4861], to the Router Advertisement messages that it sends
       on the access link.  This will ensure the mobile node on the link
       uses the advertised MTU value.  The MTU value SHOULD reflect the
       tunnel MTU for the bi-directional tunnel between the mobile
       access gateway and the local mobility anchor.  Considerations
       from Section 6.9.5 SHOULD be applied for determining the tunnel
       MTU value.

6.9.3.  Default-Router

   In Proxy Mobile IPv6, the mobile access gateway is the IPv6 default-
   router for the mobile node on the access link.  However, as the
   mobile node moves from one access link to another, the serving mobile
   access gateway on those respective links will send the Router
   Advertisement messages.  If these Router Advertisements are sent
   using a different link-local address or a different link-layer
   address, the mobile node will always detect a new default-router
   after every handoff.  For solving this problem, this specification
   requires all the mobile access gateways in the Proxy Mobile IPv6
   domain to use the same link-local and link-layer address on any of
   the access links wherever the mobile node attaches.  These addresses
   can be fixed addresses across the entire Proxy Mobile IPv6 domain,
   and all the mobile access gateways can use these globally fixed
   address on any of the point-to-point links.  The configuration
   variables FixedMAGLinkLocalAddressOnAllAccessLinks and
   FixedMAGLinkLayerAddressOnAllAccessLinks SHOULD be used for this
   purpose.  Additionally, this specification allows the local mobility
   anchor to generate the link-local address and provide it to the
   mobile access gateway as part of the signaling messages.

   However, both of these approaches (a link-local address generated by
   the local mobility anchor or when using a globally fixed link-local
   address) have implications on the deployment of SEcure Neighbor
   Discovery (SEND) [RFC3971].  In SEND, routers have certificates and

   public key pairs, and their Router Advertisements are signed with the
   private keys of these key pairs.  When a number of different routers
   use the same addresses, the routers either all have to be able to
   construct these signatures for the same key pair, or the used key
   pair and the router's cryptographic identity must change after a
   movement.  Both approaches are problematic.  Sharing of private key
   information across multiple nodes in a PMIP6 domain is poor design
   from a security perspective.  And changing even the cryptographic
   identity of the router goes against the general idea of the Proxy
   Mobile IPv6 being as invisible to the hosts as possible.

   There is, however, ongoing work in the IETF to revise the SEND
   specifications.  It is suggested that these revisions also address
   the above problem.  Other revisions are needed to deal with other
   problematic cases (such as Neighbor Discovery proxies) before wide-
   spread deployment of SEND.

6.9.4.  Retransmissions and Rate Limiting

   The mobile access gateway is responsible for retransmissions and rate
   limiting the Proxy Binding Update messages that it sends to the local
   mobility anchor.  The Retransmission and the Rate Limiting rules are
   as specified in [RFC3775].  However, the following considerations
   MUST be applied.

   1.  When the mobile access gateway sends a Proxy Binding Update
       message, it should use the constant, INITIAL_BINDACK_TIMEOUT
       [RFC3775], for configuring the retransmission timer, as specified
       in Section 11.8 [RFC3775].  However, the mobile access gateway is
       not required to use a longer retransmission interval of
       InitialBindackTimeoutFirstReg, as specified in [RFC3775], for the
       initial Proxy Binding Update message.

   2.  If the mobile access gateway fails to receive a valid matching
       response for a registration or re-registration message within the
       retransmission interval, it SHOULD retransmit the message until a
       response is received.  However, the mobile access gateway MUST
       ensure the mobile node is still attached to the connected link
       before retransmitting the message.

   3.  As specified in Section 11.8 of [RFC3775], the mobile access
       gateway MUST use an exponential back-off process in which the
       timeout period is doubled upon each retransmission, until either
       the node receives a response or the timeout period reaches the
       value MAX_BINDACK_TIMEOUT [RFC3775].  The mobile access gateway
       MAY continue to send these messages at this slower rate
       indefinitely.

   4.  If the Timestamp-based scheme is in use, the retransmitted Proxy
       Binding Update messages MUST use the latest timestamp.  If the
       Sequence Number scheme is in use, the retransmitted Proxy Binding
       Update messages MUST use a Sequence Number value greater than
       that was used for the previous transmission of this Proxy Binding
       Update message, just as specified in [RFC3775].

6.9.5.  Path MTU Discovery

   It is important that mobile node, mobile access gateway, and local
   mobility anchor have a correct understanding of MTUs.  When the
   mobile node uses the correct MTU, it can send packets that do not
   exceed the local link MTU and do not cause the tunneled packets from
   the mobile access gateway to be fragmented.  This is important both
   from the perspective of efficiency, as well as preventing hard-to-
   diagnose MTU problems.  The following are some of the considerations
   related to Path MTU discovery.

   o  The local mobility anchor and mobile access gateway MAY use the
      Path MTU discovery mechanisms, as specified in [RFC1981] or in
      [RFC4821], for determining the Path MTU (PMTU) for the (LMA-MAG)
      paths.  The specific discovery mechanism to be used in a given
      deployment can be configurable.

   o  The mobility entities MUST implement and SHOULD support ICMP-based
      Path MTU discovery mechanism, as specified in [RFC1981].  However,
      this mechanism may not work correctly if the Proxy Mobile IPv6
      network does not deliver or process ICMP Packet Too Big messages.

   o  The mobility entities MAY implement Packetization Layer Path MTU
      discovery mechanisms, as specified in [RFC4821], and use any
      application traffic as a payload for the PMTU discovery.  Neither
      the Proxy Mobile IPv6 protocol or the tunnel between the mobile
      access gateway and local mobility agent can easily be used for
      this purpose.  However, implementations SHOULD support at least
      the use of an explicit ICMP Echo Request/Response for this
      purpose.

   o  The mobility entities MAY choose to perform Path MTU discovery for
      all the (LMA-MAG) paths at the boot time and may repeat this
      operation periodically to ensure the Path MTU values have not
      changed for those paths.  If the dynamic PMTU discovery mechanisms
      fail to determine the Path MTU, an administratively configured
      default value MUST be used.

   o  The IPv6 tunnel MTU for an established tunnel between the local
      mobility anchor and the mobile access gateway MUST be computed
      based on the determined Path MTU value for that specific path and
      the computation should be as specified in Section 6.7 of
      [RFC2473].

   o  The mobile access gateway SHOULD use the determined tunnel Path
      MTU value (for the tunnel established with the mobile node's local
      mobility anchor) as the MTU value in the MTU option that it sends
      in the Router Advertisements on the access link shared with the
      mobile node.  But, if the MTU value of the access link shared with
      the mobile node is lower than the determined Path MTU value, then
      the MTU of the access link MUST be used in the MTU option.

   o  If the mobile access gateway detects a change in the MTU value for
      any of the paths (LMA-MAG) and at any point of time, the
      corresponding tunnel MTU value MUST be updated to reflect the
      change in Path MTU value.  The adjusted tunnel MTU value (lower of
      the Path MTU and the access link MTU) SHOULD be notified to the
      impacted mobile nodes by sending additional Router Advertisement
      messages.  Additionally, the adjusted tunnel MTU value MUST be
      used in all the subsequent Router Advertisement messages as well.

6.10.  Routing Considerations

   This section describes how the mobile access gateway handles the
   traffic to/from the mobile node that is attached to one of its access
   interfaces.

                 Proxy-CoA                   LMAA
                    |                          |
    +--+          +---+                      +---+          +--+
    |MN|----------|MAG|======================|LMA|----------|CN|
    +--+          +---+                      +---+          +--+
                            IPv6 Tunnel

                    Figure 13: Proxy Mobile IPv6 Tunnel

6.10.1.  Transport Network

   As per this specification, the transport network between the local
   mobility anchor and the mobile access gateway is an IPv6 network.
   The document [IPV4-PMIP6] specifies the required extensions for
   negotiating IPv4 transport and the corresponding encapsulation mode.

6.10.2.  Tunneling and Encapsulation Modes

   An IPv6 address that a mobile node uses from its home network
   prefix(es) is topologically anchored at the local mobility anchor.
   For a mobile node to use this address from an access network attached
   to a mobile access gateway, proper tunneling techniques have to be in
   place.  Tunneling hides the network topology and allows the mobile
   node's IPv6 datagram to be encapsulated as a payload of another IPv6
   packet and to be routed between the local mobility anchor and the
   mobile access gateway.  The Mobile IPv6 base specification [RFC3775]
   defines the use of IPv6-over-IPv6 tunneling [RFC2473] between the
   home agent and the mobile node, and this specification extends the
   use of the same tunneling mechanism for use between the local
   mobility anchor and the mobile access gateway.

   On most operating systems, a tunnel is implemented as a virtual
   point-to-point interface.  The source and the destination address of
   the two endpoints of this virtual interface along with the
   encapsulation mode are specified for this virtual interface.  Any
   packet that is routed over this interface gets encapsulated with the
   outer header as specified for that point-to-point tunnel interface.

   For creating a point-to-point tunnel to any local mobility anchor,
   the mobile access gateway may implement a tunnel interface with the
   Source Address field set to a global address on its egress interface
   (Proxy-CoA) and the destination address field set to the global
   address of the local mobility anchor (LMAA).

   The following is the supported packet encapsulation mode that can be
   used by the mobile access gateway and the local mobility anchor for
   routing mobile node's IPv6 datagrams.

   o  IPv6-In-IPv6 - IPv6 datagram encapsulated in an IPv6 packet
      [RFC2473].

   The companion document [IPV4-PMIP6] specifies other encapsulation
   modes for supporting IPv4 transport.

   o  IPv6-In-IPv4 - IPv6 datagram encapsulation in an IPv4 packet.  The
      details on how this mode is negotiated are specified in
      [IPV4-PMIP6].

   o  IPv6-In-IPv4-UDP - IPv6 datagram encapsulation in an IPv4 UDP
      packet.  This mode is specified in [IPV4-PMIP6].

   o  IPv6-In-IPv4-UDP-TLV - IPv6 datagram encapsulation in an IPv4 UDP
      packet with a TLV header.  This mode is specified in [IPV4-PMIP6].

6.10.3.  Local Routing

   If there is data traffic between a visiting mobile node and a
   correspondent node that is locally attached to an access link
   connected to the mobile access gateway, the mobile access gateway MAY
   optimize on the delivery efforts by locally routing the packets and
   by not reverse tunneling them to the mobile node's local mobility
   anchor.  The flag EnableMAGLocalRouting MAY be used for controlling
   this behavior.  However, in some systems, this may have an
   implication on the mobile node's accounting and policy enforcement as
   the local mobility anchor is not in the path for that traffic and it
   will not be able to apply any traffic policies or do any accounting
   for those flows.

   This decision of path optimization SHOULD be based on the policy
   configured on the mobile access gateway, but enforced by the mobile
   node's local mobility anchor.  The specific details on how this is
   achieved are beyond of the scope of this document.

6.10.4.  Tunnel Management

   All the considerations mentioned in Section 5.6.1 for the tunnel
   management on the local mobility anchor apply for the mobile access
   gateway as well.

6.10.5.  Forwarding Rules

   Forwarding Packets Sent to the Mobile Node's Home Network:

   o  On receiving a packet from the bi-directional tunnel established
      with the mobile node's local mobility anchor, the mobile access
      gateway MUST use the destination address of the inner packet for
      forwarding it on the interface where the destination network
      prefix is hosted.  The mobile access gateway MUST remove the outer
      header before forwarding the packet.  Considerations from
      [RFC2473] MUST be applied for IPv6 decapsulation.  If the mobile
      access gateway cannot find the connected interface for that
      destination address, it MUST silently drop the packet.  For
      reporting an error in such a scenario, in the form of an ICMP
      control message, the considerations from [RFC2473] MUST be
      applied.

   o  On receiving a packet from a correspondent node that is connected
      to the mobile access gateway as a regular IPv6 host (see Section
      6.14) destined to a mobile node that is also locally attached, the
      mobile access gateway MUST check the flag EnableMAGLocalRouting to
      determine if the packet can be delivered directly to the mobile
      node.  If the mobile access gateway is not allowed to route the

      packet directly, it MUST route the packet towards the local
      mobility anchor where the destination address is topologically
      anchored, else it can route the packet directly to the mobile
      node.

   Forwarding Packets Sent by the Mobile Node:

   o  On receiving a packet from a mobile node connected to its access
      link, the mobile access gateway MUST ensure that there is an
      established binding for that mobile node with its local mobility
      anchor before forwarding the packet directly to the destination or
      before tunneling the packet to the mobile node's local mobility
      anchor.

   o  On receiving a packet from a mobile node connected to its access
      link for a destination that is locally connected, the mobile
      access gateway MUST check the flag EnableMAGLocalRouting, to
      ensure the mobile access gateway is allowed to route the packet
      directly to the destination.  If the mobile access gateway is not
      allowed to route the packet directly, it MUST route the packet
      through the bi-directional tunnel established between itself and
      the mobile node's local mobility anchor.  Otherwise, it MUST route
      the packet directly to the destination.

   o  On receiving a packet from a mobile node connected to its access
      link, to a destination that is not directly connected, the packet
      MUST be forwarded to the local mobility anchor through the bi-
      directional tunnel established between itself and the mobile
      node's local mobility anchor.  However, the packets that are sent
      with the link-local source address MUST NOT be forwarded.

   o  The format of the tunneled packet is shown below.  Considerations
      from [RFC2473] MUST be applied for IPv6 encapsulation.  However,
      when using IPv4 transport, the format of the tunneled packet is as
      described in [IPV4-PMIP6].

        IPv6 header (src= Proxy-CoA, dst= LMAA  /* Tunnel Header */
           IPv6 header (src= MN-HoA, dst= CN )  /* Packet Header */
              Upper layer protocols             /* Packet Content*/

                  Figure 14: Tunneled Packet from MAG to LMA

   o  The format of the tunneled packet is shown below, when payload
      protection using IPsec is enabled for the mobile node's data
      traffic.  However, when using IPv4 transport, the format of the
      packet is as described in [IPV4-PMIP6].

        IPv6 header (src= Proxy-CoA, dst= LMAA     /* Tunnel Header */
           ESP Header in tunnel mode               /* ESP Header */
              IPv6 header (src= MN-HoA, dst= CN )  /* Packet Header */
                 Upper layer protocols             /* Packet Content*/

      Figure 15: Tunneled Packet from MAG to LMA with Payload Protection

6.11.  Supporting DHCP-Based Address Configuration on the Access Link

   This section explains how Stateful Address Configuration using DHCP
   support can be enabled in a Proxy Mobile IPv6 domain.  It also
   identifies the required configuration in DHCP and mobility
   infrastructures for supporting this address configuration mode and
   also identifies the protocol interactions between these two systems.

   o  For supporting Stateful Address Configuration using DHCP, the DHCP
      relay agent [RFC3315] service MUST be supported on all the mobile
      access gateways in the Proxy Mobile IPv6 domain.  Further, as
      specified in Section 20 of [RFC3315], the DHCP relay agent should
      be configured to use a list of destination addresses, which MAY
      include unicast addresses, the All_DHCP_Servers multicast address,
      or other addresses as required in a given deployment.

   o  The DHCP infrastructure needs to be configured to assign addresses
      from each of the prefixes assigned to a link in that Proxy Mobile
      IPv6 domain.  The DHCP relay agent indicates the link to which the
      mobile node is attached by including an IPv6 address from any of
      the prefixes assigned to that link in the link-address field of
      the Relay Forward message.  Therefore, for each link in the Mobile
      IPv6 domain, the DHCP infrastructure will:

      *  be configured with a list of all of the prefixes associated
         with that link;

      *  identify the link to which the mobile node is attached by
         looking up the prefix for the link-address field in the Relay
         Forward message in the list of prefixes associated with each
         link;

      *  assign to the host an address from each prefix associated with
         the link to which the mobile node is attached.

      This DHCP infrastructure configuration requirement is identical to
      other IPv6 networks; other than receiving DHCP messages from a
      mobile node through different relay agents (MAGs) over time, the
      DHCP infrastructure will be unaware of the mobile node's
      capability with respect to mobility support.

   o  The local mobility anchor needs to have the same awareness with
      respect to the links along with the associated prefixes in a Proxy
      Mobile IPv6 domain.  When a local mobility anchor assigns
      prefix(es) to a mobile node, it MUST assign all the prefixes
      associated with a given link and all of those assigned prefixes
      will remain as the home network prefixes for that mobile node
      throughout the life of that mobility session.  The serving mobile
      access gateway that hosts these prefixes is physically connected
      to that link and can function as the DHCP relay agent.  This
      common understanding between DHCP and mobility entities about all
      the links in the domain along with the associated prefixes
      provides the required coordination for allowing mobility entities
      to perform prefix assignment dynamically to a mobile node and
      still allow the DHCP infrastructure to perform address assignment
      for that mobile node only from its home network prefixes.

   o  When a mobile node sends a DHCP request message, the DHCP relay
      agent function on the mobile access gateway will set the link-
      address field in the DHCP message to an address in the mobile
      node's home network prefix (any one of the mobile node's home
      network prefixes assigned to that mobile node's attached
      interface).  The mobile access gateway can generate an
      autoconfiguration address from one of the mobile node's home
      network prefixes [RFC4862] and can use this address link-address
      option, so as to provide a hint to the DHCP Server for the link
      identification.  The DHCP server, on receiving the request from
      the mobile node, will allocate addresses from all the prefixes
      associated with that link (identified using the link-address field
      of the request).

   o  Once the mobile node obtains address(es), moves to a different
      link, and sends a DHCP request (at any time) for extending the
      DHCP lease, the DHCP relay agent on the new link will set the
      link-address field in the DHCP Relay Forward message to one of the
      mobile node's home network prefixes.  The DHCP server will
      identify the client from the Client-DUID option and will identify
      the link from the link-address option present in the request and
      will allocate the same address(es) as before.

   o  For correct operation of the model of network-based mobility
      management in which the host does not participate in any mobility
      management, the mobile node MUST always be assigned an identical
      set of IPv6 addresses regardless of the access link to which the
      mobile node is attached.  For example, the mobile access gateways

      in the Proxy Mobile IPv6 domain should be configured so that DHCP
      messages from a mobile node will always be handled by the same
      DHCP server or by a server from the same group of coordinated DHCP
      servers serving that domain.  DHCP-based address configuration is
      not recommended for deployments in which the local mobility anchor
      and the mobile access gateway are located in different
      administrative domains.

6.12.  Home Network Prefix Renumbering

   If the mobile node's home network prefix(es) gets renumbered or
   becomes invalid during the middle of a mobility session, the mobile
   access gateway MUST withdraw the prefix(es) by sending a Router
   Advertisement message on the access link with zero prefix lifetime
   for the prefix(es) that is being renumbered.  Also, the local
   mobility anchor and the mobile access gateway MUST delete the created
   routing state for the renumbered prefix(es).  However, the specific
   details on how the local mobility anchor notifies the mobile access
   gateway about the mobile node's home network prefix(es) renumbering
   are outside the scope of this document.

6.13.  Mobile Node Detachment Detection and Resource Cleanup

   Before sending a Proxy Binding Update message to the local mobility
   anchor for extending the lifetime of a currently existing binding of
   a mobile node, the mobile access gateway MUST make sure the mobile
   node is still attached to the connected link by using some reliable
   method.  If the mobile access gateway cannot predictably detect the
   presence of the mobile node on the connected link, it MUST NOT
   attempt to extend the registration lifetime of the mobile node.
   Further, in such a scenario, the mobile access gateway SHOULD
   terminate the binding of the mobile node by sending a Proxy Binding
   Update message to the mobile node's local mobility anchor with
   lifetime value set to 0.  It MUST also remove any local state such as
   the Binding Update List entry created for that mobile node.

   The specific detection mechanism of the loss of a visiting mobile
   node on the connected link is specific to the access link between the
   mobile node and the mobile access gateway and is outside the scope of
   this document.  Typically, there are various link-layer-specific
   events specific to each access technology that the mobile access
   gateway can depend on for detecting the node loss.  In general, the
   mobile access gateway can depend on one or more of the following
   methods for the detection presence of the mobile node on the
   connected link:

   o  Link-layer event specific to the access technology

   o  Session termination event on point-to-point link types

   o  IPv6 Neighbor Unreachability Detection event from IPv6 stack

   o  Notification event from the local mobility anchor

6.14.  Allowing Network Access to Other IPv6 Nodes

   In some Proxy Mobile IPv6 deployments, network operators may
   provision the mobile access gateway to offer network-based mobility
   management service only to some visiting mobile nodes and enable just
   regular IP access to some other nodes.  This requires the network to
   have control on when to enable network-based mobility management
   service to a mobile node and when to enable regular IPv6 access.
   This specification does not disallow such configuration.

   Upon detecting a mobile node on its access link and after policy
   considerations, the mobile access gateway MUST determine if network-
   based mobility management service should be offered to that mobile
   node.  If the mobile node is entitled to network-based mobility
   management service, then the mobile access gateway must ensure the
   mobile node does not detect any change with respect to its layer-3
   attachment, as explained in various sections of this specification.

   If the mobile node is not entitled to the network-based mobility
   management service, as determined from the policy considerations, the
   mobile access gateway MAY choose to offer regular IPv6 access to the
   mobile node, and in such a scenario, the normal IPv6 considerations
   apply.  If IPv6 access is enabled, the mobile node SHOULD be able to
   obtain IPv6 address(es) using the normal IPv6 address configuration
   procedures.  The obtained address(es) must be from a local visitor
   network prefix(es).  This essentially ensures that the mobile access
   gateway functions as a normal access router to a mobile node attached
   to its access link and without impacting its host-based mobility
   protocol operation.

7.  Mobile Node Operation

   This non-normative section explains the mobile node's operation in a
   Proxy Mobile IPv6 domain.

7.1.  Moving into a Proxy Mobile IPv6 Domain

   When a mobile node enters a Proxy Mobile IPv6 domain and attaches to
   an access network, the mobile access gateway on the access link
   detects the attachment of the mobile node and completes the binding

   registration with the mobile node's local mobility anchor.  If the
   binding update operation is successfully performed, the mobile access
   gateway will create the required state and set up the forwarding for
   the mobile node's data traffic.

   When a mobile node attaches to the access link, it will typically
   send a Router Solicitation message [RFC4861].  The mobile access
   gateway on the access link will respond to the Router Solicitation
   message with a Router Advertisement message.  The Router
   Advertisement message will carry the mobile node's home network
   prefix(es), default-router address, and other address configuration
   parameters.

   If the mobile access gateway on the access link receives a Router
   Solicitation message from the mobile node, before it completes the
   signaling with the mobile node's local mobility anchor, the mobile
   access gateway may not know the mobile node's home network prefix(es)
   and may not be able to emulate the mobile node's home link on the
   access link.  In such a scenario, the mobile node may notice a delay
   before it receives a Router Advertisement message.  This will also
   affect mobile nodes that would be capable of handling their own
   mobility, or mobile nodes that do not need to maintain the same IP
   address through movements.

   If the received Router Advertisement message has the Managed Address
   Configuration flag set, the mobile node, as it would normally do,
   will send a DHCP Request [RFC3315].  The DHCP relay service enabled
   on that access link will ensure the mobile node can obtain one or
   more addresses from its home network prefix(es).

   If the received Router Advertisement message does not have the
   Managed Address Configuration flag set and if the mobile node is
   allowed to use autoconfigured address(es), the mobile node will be
   able to obtain IPv6 address(es) from each of its home network
   prefixes using any of the standard IPv6 address configuration
   mechanisms permitted for that mode.

   If the mobile node is IPv4-enabled and if the network permits, it
   will be able to obtain the IPv4 address configuration, as specified
   in the companion document [IPV4-PMIP6].

   Once the address configuration is complete, the mobile node can
   continue to use this address configuration as long as it is attached
   to the network that is in the scope of that Proxy Mobile IPv6 domain.

7.2.  Roaming in the Proxy Mobile IPv6 Domain

   After obtaining the address configuration in the Proxy Mobile IPv6
   domain, as the mobile node moves and changes its point of attachment
   from one mobile access gateway to the other, it can still continue to
   use the same address configuration.  As long as the attached access
   link is in the scope of that Proxy Mobile IPv6 domain, the mobile
   node will always detect the same router advertising itself as a
   default-router and advertising the mobile node's home network
   prefix(es) on each connected link.  If the mobile node has address
   configuration that it obtained using DHCP, it will be able to retain
   the address configuration and extend the lease lifetime.

8.  Message Formats

   This section defines extensions to the Mobile IPv6 [RFC3775] protocol
   messages.

8.1.  Proxy Binding Update Message

       0               1               2               3
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
                                      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                                      |            Sequence #         |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |A|H|L|K|M|R|P|  Reserved       |            Lifetime           |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                                                               |
      .                                                               .
      .                        Mobility options                       .
      .                                                               .

      |                                                               |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   A Binding Update message that is sent by a mobile access gateway to a
   local mobility anchor is referred to as the "Proxy Binding Update"
   message.  A new flag (P) is included in the Binding Update message.
   The rest of the Binding Update message format remains the same as
   defined in [RFC3775] and with the additional (R) and (M) flags, as
   specified in [RFC3963] and [RFC4140], respectively.

   Proxy Registration Flag (P)

      A new flag (P) is included in the Binding Update message to
      indicate to the local mobility anchor that the Binding Update
      message is a proxy registration.  The flag MUST be set to the
      value of 1 for proxy registrations and MUST be set to 0 for direct
      registrations sent by a mobile node.

   Mobility Options

      Variable-length field of such length that the complete Mobility
      Header is an integer multiple of 8 octets long.  This field
      contains zero or more TLV-encoded mobility options.  The encoding
      and format of defined options are described in Section 6.2 of
      [RFC3775].  The local mobility anchor MUST ignore and skip any
      options that it does not understand.

          As per this specification, the following mobility options are 
      valid in a Proxy Binding Update message.  These options can be
      present in the message in any order.  There can be one or more
      instances of the Home Network Prefix options present in the
      message.  However, there cannot be more than one instance of any
      of the following options.

         Mobile Node Identifier option

         Handoff Indicator option

         Access Technology Type option

         Timestamp option

         Mobile Node Link-layer Identifier option

         Link-local Address option
EID 3140 (Verified) is as follows:

Section: 8.1

Original Text:

    As per this specification, the following mobility options are
      valid in a Proxy Binding Update message.  These options can be
      present in the message in any order.  There can be one or more
      instances of the Home Network Prefix options present in the
      message.  However, there cannot be more than one instance of any
      of the following options.

         Mobile Node Identifier option

         Home Network Prefix option

         Handoff Indicator option

         Access Technology Type option

         Timestamp option

         Mobile Node Link-layer Identifier option

         Link-local Address option

Corrected Text:

    As per this specification, the following mobility options are
      valid in a Proxy Binding Update message.  These options can be
      present in the message in any order.  There can be one or more
      instances of the Home Network Prefix options present in the
      message.  However, there cannot be more than one instance of any
      of the following options.

         Mobile Node Identifier option

         Handoff Indicator option

         Access Technology Type option

         Timestamp option

         Mobile Node Link-layer Identifier option

         Link-local Address option
Notes:
There can be more than one instance of Home Network Prefix. So the list should not include Home Network Prefix
Additionally, there can be one or more instances of the Vendor- Specific Mobility option [RFC5094]. For descriptions of other fields present in this message, refer to Section 6.1.7 of [RFC3775]. 8.2. Proxy Binding Acknowledgement Message 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Status |K|R|P|Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sequence # | Lifetime | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | . . . Mobility options . . . | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ A Binding Acknowledgement message that is sent by a local mobility anchor to a mobile access gateway is referred to as the "Proxy Binding Acknowledgement" message. A new flag (P) is included in the Binding Acknowledgement message. The rest of the Binding Acknowledgement message format remains the same as defined in [RFC3775] and with the additional (R) flag as specified in [RFC3963]. Proxy Registration Flag (P) A new flag (P) is included in the Binding Acknowledgement message to indicate that the local mobility anchor that processed the corresponding Proxy Binding Update message supports proxy registrations. The flag is set to a value of 1 only if the corresponding Proxy Binding Update had the Proxy Registration Flag (P) set to value of 1. Mobility Options A variable-length field of such length that the complete Mobility Header is an integer multiple of 8 octets long. This field contains zero or more TLV-encoded mobility options. The encoding and format of defined options are described in Section 6.2 of [RFC3775]. The mobile access gateway MUST ignore and skip any options that it does not understand. As per this specification, the following mobility options are valid in a Proxy Binding Acknowledgement message. These options can be present in the message in any order. There can be one or more instances of the Home Network Prefix options present in the message. However, there cannot be more than one instance of any of the following options. Mobile Node Identifier option Handoff Indicator option Access Technology Type option Timestamp option Mobile Node Link-layer Identifier option Link-local Address option
EID 3141 (Verified) is as follows:

Section: 8.2

Original Text:

As per this specification, the following mobility options are
      valid in a Proxy Binding Acknowledgement message.  These options
      can be present in the message in any order.  There can be one or
      more instances of the Home Network Prefix options present in the
      message.  However, there cannot be more than one instance of any
      of the following options.

         Mobile Node Identifier option

         Home Network Prefix option

         Handoff Indicator option

         Access Technology Type option

         Timestamp option

         Mobile Node Link-layer Identifier option

         Link-local Address option

Corrected Text:

As per this specification, the following mobility options are
      valid in a Proxy Binding Acknowledgement message.  These options
      can be present in the message in any order.  There can be one or
      more instances of the Home Network Prefix options present in the
      message.  However, there cannot be more than one instance of any
      of the following options.

         Mobile Node Identifier option

         Handoff Indicator option

         Access Technology Type option

         Timestamp option

         Mobile Node Link-layer Identifier option

         Link-local Address option
Notes:
There can be more than one instance of Home Network Prefix option so the list should not contain Home Network Prefix.
Additionally, there can be one or more instances of the Vendor- Specific Mobility option [RFC5094]. Status An 8-bit unsigned integer indicating the disposition of the Proxy Binding Update. Values of the Status field less than 128 indicate that the Proxy Binding Update was accepted by the local mobility anchor. Values greater than or equal to 128 indicate that the Proxy Binding Update message was rejected by the local mobility anchor. Section 8.9 defines the Status values that can used in Proxy Binding Acknowledgement message. For descriptions of other fields present in this message, refer to Section 6.1.8 of [RFC3775]. 8.3. Home Network Prefix Option A new option, Home Network Prefix option is defined for use with the Proxy Binding Update and Proxy Binding Acknowledgement messages exchanged between a local mobility anchor and a mobile access gateway. This option is used for exchanging the mobile node's home network prefix information. There can be multiple Home Network Prefix options present in the message. The Home Network Prefix Option has an alignment requirement of 8n+4. Its format is as follows: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Reserved | Prefix Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | | + Home Network Prefix + | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type 22 Length 8-bit unsigned integer indicating the length of the option in octets, excluding the type and length fields. This field MUST be set to 18. Reserved (R) This 8-bit field is unused for now. The value MUST be initialized to 0 by the sender and MUST be ignored by the receiver. Prefix Length 8-bit unsigned integer indicating the prefix length of the IPv6 prefix contained in the option. Home Network Prefix A sixteen-byte field containing the mobile node's IPv6 Home Network Prefix. 8.4. Handoff Indicator Option A new option, Handoff Indicator option is defined for use with the Proxy Binding Update and Proxy Binding Acknowledgement messages exchanged between a local mobility anchor and a mobile access gateway. This option is used for exchanging the mobile node's handoff-related hints. The Handoff Indicator option has no alignment requirement. Its format is as follows: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Reserved (R) | HI | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type 23 Length 8-bit unsigned integer indicating the length of the option in octets, excluding the type and length fields. This field MUST be set to 2. Reserved (R) This 8-bit field is unused for now. The value MUST be initialized to 0 by the sender and MUST be ignored by the receiver. Handoff Indicator (HI) An 8-bit field that specifies the type of handoff. The values (0 - 255) will be allocated and managed by IANA. The following values are currently defined. 0: Reserved 1: Attachment over a new interface 2: Handoff between two different interfaces of the mobile node 3: Handoff between mobile access gateways for the same interface 4: Handoff state unknown 5: Handoff state not changed (Re-registration) 8.5. Access Technology Type Option A new option, Access Technology Type option is defined for use with the Proxy Binding Update and Proxy Binding Acknowledgement messages exchanged between a local mobility anchor and a mobile access gateway. This option is used for exchanging the type of the access technology by which the mobile node is currently attached to the mobile access gateway. The Access Technology Type Option has no alignment requirement. Its format is as follows: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Reserved (R) | ATT | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type 24 Length 8-bit unsigned integer indicating the length of the option in octets, excluding the type and length fields. This field MUST be set to 2. Reserved (R) This 8-bit field is unused for now. The value MUST be initialized to 0 by the sender and MUST be ignored by the receiver. Access Technology Type (ATT) An 8-bit field that specifies the access technology through which the mobile node is connected to the access link on the mobile access gateway. The values (0 - 255) will be allocated and managed by IANA. The following values are currently reserved for the below specified access technology types. 0: Reserved ("Reserved") 1: Virtual ("Logical Network Interface") 2: PPP ("Point-to-Point Protocol") 3: IEEE 802.3 ("Ethernet") 4: IEEE 802.11a/b/g ("Wireless LAN") 5: IEEE 802.16e ("WIMAX") 8.6. Mobile Node Link-layer Identifier Option A new option, Mobile Node Link-layer Identifier option is defined for use with the Proxy Binding Update and Proxy Binding Acknowledgement messages exchanged between a local mobility anchor and a mobile access gateway. This option is used for exchanging the mobile node's link-layer identifier. The format of the Link-layer Identifier option is shown below. Based on the size of the identifier, the option MUST be aligned appropriately, as per mobility option alignment requirements specified in [RFC3775]. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + Link-layer Identifier + . ... . | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type 25 Length 8-bit unsigned integer indicating the length of the option in octets, excluding the type and length fields. Reserved This field is unused for now. The value MUST be initialized to 0 by the sender and MUST be ignored by the receiver. Link-layer Identifier A variable length field containing the mobile node's link-layer identifier. The content and format of this field (including byte and bit ordering) is as specified in Section 4.6 of [RFC4861] for carrying link-layer addresses. On certain access links, where the link-layer address is not used or cannot be determined, this option cannot be used. 8.7. Link-local Address Option A new option, Link-local Address option is defined for use with the Proxy Binding Update and Proxy Binding Acknowledgement messages exchanged between a local mobility anchor and a mobile access gateway. This option is used for exchanging the link-local address of the mobile access gateway. The Link-local Address option has an alignment requirement of 8n+6. Its format is as follows: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | | + Link-local Address + | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type 26 Length 8-bit unsigned integer indicating the length of the option in octets, excluding the type and length fields. This field MUST be set to 16. Link-local Address A sixteen-byte field containing the link-local address. 8.8. Timestamp Option A new option, Timestamp option is defined for use in the Proxy Binding Update and Proxy Binding Acknowledgement messages. The Timestamp option has an alignment requirement of 8n+2. Its format is as follows: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + Timestamp + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type 27 Length 8-bit unsigned integer indicating the length in octets of the option, excluding the type and length fields. The value for this field MUST be set to 8. Timestamp A 64-bit unsigned integer field containing a timestamp. The value indicates the number of seconds since January 1, 1970, 00:00 UTC, by using a fixed point format. In this format, the integer number of seconds is contained in the first 48 bits of the field, and the remaining 16 bits indicate the number of 1/65536 fractions of a second. 8.9. Status Values This document defines the following new Status values for use in Proxy Binding Acknowledgement messages. These values are to be allocated from the same number space, as defined in Section 6.1.8 of [RFC3775]. Status values less than 128 indicate that the Proxy Binding Update message was accepted by the local mobility anchor. Status values greater than 128 indicate that the Proxy Binding Update was rejected by the local mobility anchor. PROXY_REG_NOT_ENABLED: 152 Proxy registration not enabled for the mobile node NOT_LMA_FOR_THIS_MOBILE_NODE: 153 Not local mobility anchor for this mobile node MAG_NOT_AUTHORIZED_FOR_PROXY_REG: 154 The mobile access gateway is not authorized to send proxy binding updates NOT_AUTHORIZED_FOR_HOME_NETWORK_PREFIX: 155 The mobile node is not authorized for one or more of the requesting home network prefixes TIMESTAMP_MISMATCH: 156 Invalid timestamp value (the clocks are out of sync) TIMESTAMP_LOWER_THAN_PREV_ACCEPTED: 157 The timestamp value is lower than the previously accepted value MISSING_HOME_NETWORK_PREFIX_OPTION: 158 Missing home network prefix option BCE_PBU_PREFIX_SET_DO_NOT_MATCH: 159 All the home network prefixes listed in the BCE do not match all the prefixes in the received PBU MISSING_MN_IDENTIFIER_OPTION: 160 Missing mobile node identifier option MISSING_HANDOFF_INDICATOR_OPTION: 161 Missing handoff indicator option MISSING_ACCESS_TECH_TYPE_OPTION: 162 Missing access technology type option Additionally, the following Status values defined in [RFC3775] can also be used in a Proxy Binding Acknowledgement message. 0 Proxy Binding Update accepted 128 Reason unspecified 129 Administratively prohibited 130 Insufficient resources 9. Protocol Configuration Variables 9.1. Local Mobility Anchor - Configuration Variables The local mobility anchor MUST allow the following variables to be configured by the system management. The configured values for these protocol variables MUST survive server reboots and service restarts. MinDelayBeforeBCEDelete This variable specifies the amount of time in milliseconds the local mobility anchor MUST wait before it deletes a Binding Cache entry of a mobile node, upon receiving a Proxy Binding Update message from a mobile access gateway with a lifetime value of 0. During this wait time, if the local mobility anchor receives a Proxy Binding Update for the same mobility binding, with a lifetime value greater than 0, then it must update the binding cache entry with the accepted binding values. By the end of this wait-time, if the local mobility anchor did not receive any valid Proxy Binding Update message for that mobility binding, it MUST delete the Binding Cache entry. This delay essentially ensures a mobile node's Binding Cache entry is not deleted too quickly and allows some time for the new mobile access gateway to complete the signaling for the mobile node. The default value for this variable is 10000 milliseconds. MaxDelayBeforeNewBCEAssign This variable specifies the amount of time in milliseconds the local mobility anchor MUST wait for the de-registration message for an existing mobility session before it decides to create a new mobility session. The default value for this variable is 1500 milliseconds. Note that there is a dependency between this value and the values used in the retransmission algorithm for Proxy Binding Updates. The retransmissions need to happen before MaxDelayBeforeNewBCEAssign runs out, as otherwise there are situations where a de-registration from a previous mobile access gateway may be lost, and the local mobility anchor creates, needlessly, a new mobility session and new prefixes for the mobile node. However, this affects situations where there is no information from the lower layers about the type of a handoff or other parameters that can be used for identifying the mobility session. TimestampValidityWindow This variable specifies the maximum amount of time difference in milliseconds between the timestamp in the received Proxy Binding Update message and the current time of day on the local mobility anchor, that is allowed by the local mobility anchor for the received message to be considered valid. The default value for this variable is 300 milliseconds. This variable must be adjusted to suit the deployments. 9.2. Mobile Access Gateway - Configuration Variables The mobile access gateway MUST allow the following variables to be configured by the system management. The configured values for these protocol variables MUST survive server reboots and service restarts. EnableMAGLocalRouting This flag indicates whether or not the mobile access gateway is allowed to enable local routing of the traffic exchanged between a visiting mobile node and a correspondent node that is locally connected to one of the interfaces of the mobile access gateway. The correspondent node can be another visiting mobile node as well, or a local fixed node. The default value for this flag is set to a value of 0, indicating that the mobile access gateway MUST reverse tunnel all the traffic to the mobile node's local mobility anchor. When the value of this flag is set to a value of 1, the mobile access gateway MUST route the traffic locally. This aspect of local routing MAY be defined as policy on a per mobile basis and when present will take precedence over this flag. 9.3. Proxy Mobile IPv6 Domain - Configuration Variables All the mobile entities (local mobility anchors and mobile access gateways) in a Proxy Mobile IPv6 domain MUST allow the following variables to be configured by the system management. The configured values for these protocol variables MUST survive server reboots and service restarts. These variables MUST be globally fixed for a given Proxy Mobile IPv6 domain resulting in the same values being enforced on all the mobility entities in that domain. TimestampBasedApproachInUse This flag indicates whether or not the timestamp-based approach for message ordering is in use in that Proxy Mobile IPv6 domain. When the value for this flag is set to 1, all the mobile access gateways in that Proxy Mobile IPv6 domain MUST apply the timestamp-based considerations listed in Section 5.5. When the value of this flag is set to 0, sequence-number-based considerations listed in Section 5.5 MUST be applied. The default value for this flag is set to value of 1, indicating that the timestamp-based mechanism is in use in that Proxy Mobile IPv6 domain. MobileNodeGeneratedTimestampInUse This flag indicates whether or not the mobile-node-generated timestamp approach is in use in that Proxy Mobile IPv6 domain. When the value for this flag is set to 1, the local mobility anchors and mobile access gateways in that Proxy Mobile IPv6 domain MUST apply the mobile node generated timestamp considerations as specified in Section 5.5. This flag is relevant only when timestamp-based approach is in use. The value for this flag MUST NOT be set to value of 1, if the value of the TimestampBasedApproachInUse flag is set to 0. The default value for this flag is set to value of 0, indicating that the mobile node generated timestamp mechanism is not in use in that Proxy Mobile IPv6 domain. FixedMAGLinkLocalAddressOnAllAccessLinks This variable indicates the link-local address value that all the mobile access gateways SHOULD use on any of the access links shared with any of the mobile nodes in that Proxy Mobile IPv6 domain. If this variable is initialized to ALL_ZERO value, it implies the use of fixed link-local address mode is not enabled for that Proxy Mobile IPv6 domain. FixedMAGLinkLayerAddressOnAllAccessLinks This variable indicates the link-layer address value that all the mobile access gateways SHOULD use on any of the access links shared with any of the mobile nodes in that Proxy Mobile IPv6 domain. For access technologies where there is no link-layer address, this variable MUST be initialized to ALL_ZERO value. 10. IANA Considerations This document defines six new Mobility Header options, the Home Network Prefix Option, Handoff Indicator Option, Access Technology Type Option, Mobile Node Link-layer Identifier Option, Link-local Address Option, and Timestamp Option. These options are described in Section 8. The Type value for these options has been assigned from the same numbering space as allocated for the other mobility options, as defined in [RFC3775]. The Handoff Indicator Option, defined in Section 8.4 of this document, introduces a new Handoff Indicator (HI) numbering space, where the values from 0 to 5 have been reserved by this document. Approval of new Handoff Indicator type values are to be made through IANA Expert Review. The Access Technology Type Option, defined in Section 8.5 of this document, introduces a new Access Technology type (ATT) numbering space, where the values from 0 to 5 have been reserved by this document. Approval of new Access Technology type values are to be made through IANA Expert Review. This document also defines new Binding Acknowledgement status values, as described in Section 8.9. The status values MUST be assigned from the same number space used for Binding Acknowledgement status values, as defined in [RFC3775]. The allocated values for each of these status values must be greater than 128. This document creates a new registry for the flags in the Binding Update message called the "Binding Update Flags". The following flags are reserved: (A) 0x8000 [RFC3775] (H) 0x4000 [RFC3775] (L) 0x2000 [RFC3775] (K) 0x1000 [RFC3775] (M) 0x0800 [RFC4140] (R) 0x0400 [RFC3963] This document reserves a new flag (P) as follows: (P) 0x0200 The rest of the values in the 16-bit field are reserved. New values can be assigned by Standards Action or IESG approval. This document also creates a new registry for the flags in the Binding Acknowledgment message called the "Binding Acknowledgment Flags". The following values are reserved. (K) 0x80 [RFC3775] (R) 0x40 [RFC3963] This document reserves a new flag (P) as follows: (P) 0x20 The rest of the values in the 8-bit field are reserved. New values can be assigned by Standards Action or IESG approval. 11. Security Considerations The potential security threats against any network-based mobility management protocol are described in [RFC4832]. This section explains how Proxy Mobile IPv6 protocol defends itself against those threats. Proxy Mobile IPv6 protocol recommends the signaling messages, Proxy Binding Update and Proxy Binding Acknowledgement, exchanged between the mobile access gateway and the local mobility anchor to be protected using IPsec using the established security association between them. This essentially eliminates the threats related to the impersonation of the mobile access gateway or the local mobility anchor. This specification allows a mobile access gateway to send binding registration messages on behalf of a mobile node. If proper authorization checks are not in place, a malicious node may be able to hijack a mobile node's mobility session or may carry out a denial- of-service attack. To prevent this attack, this specification requires the local mobility anchor to allow only authorized mobile access gateways that are part of that Proxy Mobile IPv6 domain to send Proxy Binding Update messages on behalf of a mobile node. To eliminate the threats on the interface between the mobile access gateway and the mobile node, this specification requires an established trust between the mobile access gateway and the mobile node and to authenticate and authorize the mobile node before it is allowed to access the network. Further, the established authentication mechanisms enabled on that access link will ensure that there is a secure binding between the mobile node's identity and its link-layer address. The mobile access gateway will definitively identify the mobile node from the packets that it receives on that access link. To address the threat related to a compromised mobile access gateway, the local mobility anchor, before accepting a Proxy Binding Update message for a given mobile node, may ensure that the mobile node is attached to the mobile access gateway that sent the Proxy Binding Update message. This may be accomplished by contacting a trusted entity, which is able to track the mobile node's current point of attachment. However, the specific details of the actual mechanisms for achieving this is outside the scope of this document. 12. Acknowledgements The authors would like to specially thank Jari Arkko, Julien Laganier, Christian Vogt, Dave Thaler, Pasi Eronen, Pete McCann, Brian Haley, Ahmad Muhanna, JinHyeock Choi, and Elwyn Davies for their thorough reviews of this document. The authors would also like to thank Alex Petrescu, Alice Qinxia, Alper Yegin, Ashutosh Dutta, Behcet Sarikaya, Charles Perkins, Domagoj Premec, Fred Templin, Genadi Velev, George Tsirtsis, Gerardo Giaretta, Henrik Levkowetz, Hesham Soliman, James Kempf, Jean-Michel Combes, John Jason Brzozowski, Jun Awano, John Zhao, Jong-Hyouk Lee, Jonne Soininen, Jouni Korhonen, Kalin Getov, Kilian Weniger, Lars Eggert, Magnus Westerlund, Marco Liebsch, Mohamed Khalil, Nishida Katsutoshi, Pierrick Seite, Phil Roberts, Ralph Droms, Ryuji Wakikawa, Sangjin Jeong, Suresh Krishnan, Tero Kauppinen, Uri Blumenthal, Ved Kafle, Vidya Narayanan, Youn-Hee Han, and many others for their passionate discussions in the working group mailing list on the topic of localized mobility management solutions. These discussions stimulated much of the thinking and shaped the document to the current form and we acknowledge that! The authors would also like to thank Ole Troan, Akiko Hattori, Parviz Yegani, Mark Grayson, Michael Hammer, Vojislav Vucetic, Jay Iyer, Tim Stammers, Bernie Volz, and Josh Littlefield for their input on this document. 13. References 13.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2473] Conta, A. and S. Deering, "Generic Packet Tunneling in IPv6 Specification", RFC 2473, December 1998. [RFC3168] Ramakrishnan, K., Floyd, S., and D. Black, "The Addition of Explicit Congestion Notification (ECN) to IP", RFC 3168, September 2001. [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., and M. Carney, "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", RFC 3315, July 2003. [RFC3775] Johnson, D., Perkins, C., and J. Arkko, "Mobility Support in IPv6", RFC 3775, June 2004. [RFC4282] Aboba, B., Beadles, M., Arkko, J., and P. Eronen, "The Network Access Identifier", RFC 4282, December 2005. [RFC4283] Patel, A., Leung, K., Khalil, M., Akhtar, H., and K. Chowdhury, "Mobile Node Identifier Option for Mobile IPv6 (MIPv6)", RFC 4283, November 2005. [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing Architecture", RFC 4291, February 2006. [RFC4301] Kent, S. and K. Seo, "Security Architecture for the Internet Protocol", RFC 4301, December 2005. [RFC4303] Kent, S., "IP Encapsulating Security Payload (ESP)", RFC 4303, December 2005. [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, September 2007. 13.2. Informative References [RFC1981] McCann, J., Deering, S., and J. Mogul, "Path MTU Discovery for IP version 6", RFC 1981, August 1996. [RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson, "Remote Authentication Dial In User Service (RADIUS)", RFC 2865, June 2000. [RFC3588] Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J. Arkko, "Diameter Base Protocol", RFC 3588, September 2003. [RFC3963] Devarapalli, V., Wakikawa, R., Petrescu, A., and P. Thubert, "Network Mobility (NEMO) Basic Support Protocol", RFC 3963, January 2005. [RFC3971] Arkko, J., Kempf, J., Zill, B., and P. Nikander, "SEcure Neighbor Discovery (SEND)", RFC 3971, March 2005. [RFC4140] Soliman, H., Castelluccia, C., El Malki, K., and L. Bellier, "Hierarchical Mobile IPv6 Mobility Management (HMIPv6)", RFC 4140, August 2005. [RFC4306] Kaufman, C., "Internet Key Exchange (IKEv2) Protocol", RFC 4306, December 2005. [RFC4330] Mills, D., "Simple Network Time Protocol (SNTP) Version 4 for IPv4, IPv6 and OSI", RFC 4330, January 2006. [RFC4372] Adrangi, F., Lior, A., Korhonen, J., and J. Loughney, "Chargeable User Identity", RFC 4372, January 2006. [RFC4821] Mathis, M. and J. Heffner, "Packetization Layer Path MTU Discovery", RFC 4821, March 2007. [RFC4830] Kempf, J., "Problem Statement for Network-Based Localized Mobility Management (NETLMM)", RFC 4830, April 2007. [RFC4831] Kempf, J., "Goals for Network-Based Localized Mobility Management (NETLMM)", RFC 4831, April 2007. [RFC4832] Vogt, C. and J. Kempf, "Security Threats to Network- Based Localized Mobility Management (NETLMM)", RFC 4832, April 2007. [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless Address Autoconfiguration", RFC 4862, September 2007. [RFC4941] Narten, T., Draves, R., and S. Krishnan, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6", RFC 4941, September 2007. [RFC5094] Devarapalli, V., Patel, A., and K. Leung, "Mobile IPv6 Vendor Specific Option", RFC 5094, December 2007. [IPV4-PMIP6] Wakikawa, R. and S. Gundavelli, "IPv4 Support for Proxy Mobile IPv6", Work in Progress, May 2008. [DNAV6] Narayanan, S., Ed., "Detecting Network Attachment in IPv6 Networks (DNAv6)", Work in Progress, February 2008. Appendix A. Proxy Mobile IPv6 Interactions with AAA Infrastructure Every mobile node that roams in a proxy Mobile IPv6 domain would typically be identified by an identifier, MN-Identifier, and that identifier will have an associated policy profile that identifies the mobile node's home network prefix(es) on a per-interface basis, permitted address configuration modes, roaming policy, and other parameters that are essential for providing network-based mobility management service. This information is typically configured in AAA. In some cases, the home network prefix(es) may be dynamically assigned to the mobile node's interface, after its initial attachment to the Proxy Mobile IPv6 domain over that interface and may not be configured in the mobile node's policy profile. The network entities in the proxy Mobile IPv6 domain, while serving a mobile node, will have access to the mobile node's policy profile and these entities can query this information using RADIUS [RFC2865] or DIAMETER [RFC3588] protocols. Appendix B. Routing State The following section explains the routing state created for a mobile node on the mobile access gateway. This routing state reflects only one specific way of implementation, and one MAY choose to implement it in other ways. The policy based route defined below acts as a traffic selection rule for routing a mobile node's traffic through a specific tunnel created between the mobile access gateway and that mobile node's local mobility anchor and with the specific encapsulation mode, as negotiated. The below example identifies the routing state for two visiting mobile nodes, MN1 and MN2, with their respective local mobility anchors, LMA1 and LMA2. For all traffic from the mobile node, identified by the mobile node's MAC address, ingress interface or source prefix (MN-HNP) to _ANY_DESTINATION_ route via interface tunnel0, next-hop LMAA. +==================================================================+ | Packet Source | Destination Address | Destination Interface | +==================================================================+ | MAC_Address_MN1, | _ANY_DESTINATION_ | Tunnel0 | | (IPv6 Prefix or |----------------------------------------------| | Input Interface) | Locally Connected | Tunnel0 | +------------------------------------------------------------------+ | MAC_Address_MN2, | _ANY_DESTINATION_ | Tunnel1 | + (IPv6 Prefix or -----------------------------------------------| | Input Interface | Locally Connected | direct | +------------------------------------------------------------------+ Example - Policy-Based Route Table +==================================================================+ | Interface | Source Address | Destination Address | Encapsulation | +==================================================================+ | Tunnel0 | Proxy-CoA | LMAA1 | IPv6-in-IPv6 | +------------------------------------------------------------------+ | Tunnel1 | Proxy-CoA | LMAA2 | IPv6-in-IPv6 | +------------------------------------------------------------------+ Example - Tunnel Interface Table Authors' Addresses Sri Gundavelli (editor) Cisco 170 West Tasman Drive San Jose, CA 95134 USA EMail: sgundave@cisco.com Kent Leung Cisco 170 West Tasman Drive San Jose, CA 95134 USA EMail: kleung@cisco.com Vijay Devarapalli Wichorus 3590 North First Street San Jose, CA 95134 USA EMail: vijay@wichorus.com Kuntal Chowdhury Starent Networks 30 International Place Tewksbury, MA EMail: kchowdhury@starentnetworks.com Basavaraj Patil Nokia 6000 Connection Drive Irving, TX 75039 USA EMail: basavaraj.patil@nokia.com Full Copyright Statement Copyright (C) The IETF Trust (2008). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Intellectual Property The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.

mirror server hosted at Truenetwork, Russian Federation.