One document matched: draft-ietf-dccp-udpencap-00.txt
Datagram Congestion Control T. Phelan
Protocol Sonus
Internet-Draft February 11, 2010
Intended status: Experimental
Expires: August 15, 2010
Datagram Congestion Control Protocol (DCCP) Encapsulation for NAT
Traversal (DCCP-NAT)
draft-ietf-dccp-udpencap-00
Abstract
This document specifies an alternative encapsulation of the Datagram
Congestion Control Protocol (DCCP), referred to as DCCP-NAT. This
encapsulation will allow DCCP to be carried through the current
generation of Network Address Translation (NAT) middleboxes without
modification of those middleboxes.
Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on August 15, 2010.
Copyright Notice
Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Phelan Expires August 15, 2010 [Page 1]
Internet-Draft DCCP-NAT Encapsulation February 2010
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. DCCP-NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
3.1. UDP Header . . . . . . . . . . . . . . . . . . . . . . . . 4
3.2. DCCP-NAT Generic Header . . . . . . . . . . . . . . . . . 5
3.3. DCCP-NAT Checksum Procedures . . . . . . . . . . . . . . . 5
3.3.1. Minimum Checksum Coverage Feature . . . . . . . . . . 5
3.4. Explicit Congestion Notification . . . . . . . . . . . . . 6
3.5. Path Maximum Transmission Unit Discovery . . . . . . . . . 6
3.6. Other DCCP Headers and Options . . . . . . . . . . . . . . 7
3.7. Service Codes and the DCCP Port Registry . . . . . . . . . 7
4. DCCP-NAT and Higher-Layer Protocols . . . . . . . . . . . . . 7
5. Signaling the Use of DCCP-NAT . . . . . . . . . . . . . . . . 8
5.1. SDP for RTP over DCCP . . . . . . . . . . . . . . . . . . 8
6. Security Considerations . . . . . . . . . . . . . . . . . . . 9
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10
8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 11
Phelan Expires August 15, 2010 [Page 2]
Internet-Draft DCCP-NAT Encapsulation February 2010
1. Introduction
The Datagram Congestion Control Protocol (DCCP), specified in
[RFC4340], is a transport-layer protocol that provides upper layers
with the capability of using unreliable but congestion controlled
flows. According to [RFC4340], DCCP packets are directly
encapsulated in IPv4 or IPv6 packets.
In order for the [RFC4340] encapsulation to pass through Network
Address Translation (NAT) devices, these devices must be updated to
recognize and properly modify DCCP. This is the long-term objective
for DCCP, and work is underway to specify the necessary operations.
However, in the short term it would be useful to have an
encapsulation for DCCP that would be compatible with NAT devices
conforming to [RFC4787]. This document specifies that encapsulation,
which is referred to as DCCP-NAT. For convenience, the [RFC4340]
encapsulation is referred to as DCCP-STD.
The DCCP-NAT encapsulation specified here supports all of the
features contained in DCCP-STD. However, support of partial
checksums and ECN might be impractical for some implementations.
Those implementations MAY choose to not support one or both of these
features.
2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
3. DCCP-NAT
The basic approach here is to insert a UDP ([RFC0768]) "shim" layer
between the IP header and a DCCP packet with a modified generic
header (modified to eliminate redundancies between UDP and DCCP).
Note that this is not strictly a tunneling approach. The IP
addresses of the communicating end systems are carried in the IP
header (which could be modified by NAT devices) and there are no
other IP addresses embedded.
Devices offering or using DCCP services via DCCP-NAT encapsulation
listen on a UDP port (default port awaiting IANA action) for incoming
packets and pass received packets along to the DCCP protocol. DCCP
implementations MAY allow services to be simultaneously offered over
any or all combinations of DCCP-STD and DCCP-NAT encapsulations with
Phelan Expires August 15, 2010 [Page 3]
Internet-Draft DCCP-NAT Encapsulation February 2010
IPv4 and IPv6.
The basic format of a DCCP-NAT packet is:
+-----------------------------------+
| IP Header (IPv4 or IPv6) | Variable length
+-----------------------------------+
| UDP Header | 8 bytes
+-----------------------------------+
| DCCP-NAT Generic Header | 12 bytes
+-----------------------------------+
| Additional (type-specific) Fields | Variable length (could be 0)
+--------------------------------------+
| DCCP Options | Variable length (could be 0)
+-----------------------------------+
| Application Data Area | Variable length (could be 0)
+-----------------------------------+
3.1. UDP Header
The format of the UDP header is taken from [RFC0768]:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source Port | Dest Port |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Length | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
For DCCP-NAT, the fields are interpreted as follows:
Source and Dest(ination) Ports: 16 bits each
These fields identify the UDP ports on which the source and
destination (respectively) of the packet are listening for
incoming DCCP-NAT packets (normally both are the default port to
be assigned by IANA). Note that they do not identify the DCCP
source and destination ports.
Length: 16 bits
This field is the length of the portion of the UDP datagram,
including the UDP header and the payload (which for DCCP-NAT is
the DCCP-NAT datagram) that is covered by the UDP Checksum.
Checksum: 16 bits
Phelan Expires August 15, 2010 [Page 4]
Internet-Draft DCCP-NAT Encapsulation February 2010
This field is the Internet checksum of a network-layer
pseudoheader and Length bytes of the UDP packet.
3.2. DCCP-NAT Generic Header
Unlike the DCCP-STD generic header, the DCCP-NAT generic header takes
only one form; it does not support short sequence numbers. Its
format is as follows:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source Port | Dest Port |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data Offset | CCVal | Type | Sequence Number (high bits) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
. Sequence Number (low bits) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
All DCCP-NAT generic header fields function as specified in
[RFC4340].
3.3. DCCP-NAT Checksum Procedures
For DCCP-NAT, the functions of the DCCP-STD generic header fields
Checksum and CsCov are performed by the UDP Checksum and Length
fields.
If the UDP Length field is less than 20 (UDP Header length and
minimum DCCP-NAT header length), the packet MUST be dropped.
If the UDP Checksum field, computed using standard UDP methods except
including only UDP Length bytes of the UDP packet, is invalid, the
packet MUST be dropped.
If the UDP Length field in a received packet is less than the length
of the UDP header plus the entire DCCP-NAT header (including the
generic header and type-specific fields and options, if present), or
the UDP Length field is greater than the length of the packet from
the beginning of the UDP header to the end of the packet, that packet
MUST be dropped.
3.3.1. Minimum Checksum Coverage Feature
The Minimum Checksum Coverage Feature lets a DCCP endpoint determine
whether its peer is willing to accept packets with partial checksum
coverage. It takes values from 0 to 15. For DCCP-NAT the feature
values are interpreted as follows:
Phelan Expires August 15, 2010 [Page 5]
Internet-Draft DCCP-NAT Encapsulation February 2010
o Minimum Checksum Coverage = 0, the peer will not accept packets
with partial checksum. If the UDP Length field is less than the
length of the entire UDP packet, then the packet has unacceptable
Checksum Coverage, as defined in DCCP-STD section 9.2.1.
o Minimum Checksum Coverage > 0, the peer will accept packets with
partial checksum. If the UDP Length field is less than the size
of the UDP Header (8 bytes) plus the size of the DCCP-NAT header
(including type-specific fields and options) plus (Minimum
Checksum Coverage - 1)*4, then the packet has unacceptable
Checksum Coverage.
As defined in DCCP-STD section 9.2.1, peers MAY refuse to process
packets with unacceptable Checksum Coverage.
It might be impractical for an implementation to set the UDP Length
field to less than the full length in outgoing packets or to receive
incoming packets with UDP Length less than the full length (e.g.,
user-space implementations using the socket interface). These
implementations MAY choose to not support Minimum Checksum Coverage
values other than 0. Implementations that make this choice MUST
always answer a "Change R(Minimum Checksum Coverage, any value)" with
a "Confirm L(Minimum Checksum Coverage, 0)". These implementations
MAY choose to drop packets with UDP Length less than the full packet
length, rather invoke the procedures of DCCP-STD section 9.2.1.
3.4. Explicit Congestion Notification
DCCP-NAT implementations SHOULD follow the procedures of DCCP-STD
section 12 by setting the ECN fields in the IP Headers of outgoing
packets and examining the values received in the ECN fields of
incoming packets.
However, some implementations might find it impractical to set or
receive the ECN fields (e.g., user-space implementations using the
socket interface). These implementations MUST follow the procedures
in DCCP-STD section 12.1 for implementations that are not ECN
capable.
3.5. Path Maximum Transmission Unit Discovery
DCCP-NAT implementations should follow DCCP-STD section 14 with
regard to maximum packet size and Path Maximum Transmission Unit
Discovery (PMTUD).
Phelan Expires August 15, 2010 [Page 6]
Internet-Draft DCCP-NAT Encapsulation February 2010
3.6. Other DCCP Headers and Options
All type-specific DCCP headers are as in DCCP-STD, except that the
short sequence number version of the acknowledgement header is not
supported. All option and feature encodings are as in DCCP-STD.
3.7. Service Codes and the DCCP Port Registry
There is one Service Code registry and one DCCP port registry and
they apply to all combinations of encapsulation and IP version. A
DCCP Service Code specifies an application using DCCP regardless of
the combination of DCCP encapsulation and IP version. An application
MAY choose not to support some combinations of encapsulation and IP
version, but its Service Code will remain registered for those
combinations and MUST NOT be used by other applications. An
application SHOULD NOT register different Service Codes for different
combinations of encapsulation and IP version.
Similarly, a port registration is applicable to all combinations of
encapsulation and IP version. Again, an application MAY choose not
to support some combinations of encapsulation and IP version on its
registered port, although the port will remain registered for those
combinations. Applications SHOULD NOT register different ports just
for the purpose of using different encapsulation combinations. Since
the port registry supports multiple applications registering the same
port (as long as the Service Codes are different), other applications
MAY register on the same port, but those registrations are also
applicable to all combinations of encapsulation and IP version.
4. DCCP-NAT and Higher-Layer Protocols
In general, the encapsulation of a higher-layer protocol within DCCP
SHOULD be the same in both DCCP-STD and DCCP-NAT. At this time,
encapsulations of DTLS over DCCP, defined in [RFC5238] and RTP over
DCCP, defined in [I-D.ietf-dccp-rtp], have been already defined. The
encapsulations of those protocols in DCCP-NAT SHALL be the same as
specified in those documents.
Higher-layer protocols that require different encapsulations for
different DCCP modes MUST justify the reasons for the difference and
MUST specify the encapsulations for both DCCP-STD and DCCP-NAT. If a
document does not specify different encapsulations for DCCP-STD and
DCCP-NAT, the specified encapsulation SHALL apply to both DCCP-STD
and DCCP-NAT.
Phelan Expires August 15, 2010 [Page 7]
Internet-Draft DCCP-NAT Encapsulation February 2010
5. Signaling the Use of DCCP-NAT
Applications often signal transport connection parameters through
outside means, such as the Session Description Protocol (SDP).
Applications that define such methods for DCCP MUST define how the
DCCP encapsulation is chosen, and MUST allow either type of
encapsulation to be signaled.
5.1. SDP for RTP over DCCP
[I-D.ietf-dccp-rtp] defines SDP extensions for signaling RTP over
DCCP connections. Since it predates this document, it does not
define a method for determining the DCCP encapsulation type. This
document updates [I-D.ietf-dccp-rtp] to add a method for determining
the DCCP encapsulation type.
A new SDP attribute "dccp-encap" is defined for signaling the DCCP
encapsulation according to the following ABNF [RFC5234]:
dccp-encap-attr = %x61 "=dccp-in-udp" [":" udp-port-num]
udp-port-num = *DIGIT
where *DIGIT is as defined in [RFC5234].
The presence of "a=dccp-in-udp" in an SDP offer indicates that the
offerer is listening for DCCP-NAT connections on the indicated UDP
port (if udp-port-num is included) or on the IANA allocated port for
the DCCP-NAT service if no port is included.
The absence of "a=dccp-in-udp" in an SDP offer indicates that the
offerer is listening for DCCP-STD connections. The presence of
"a=dccp-in-udp" conveys no information about whether or not the
offerer is listening for DCCP-STD connections.
For example (adapted from examples in [I-D.ietf-dccp-rtp]):
An offerer at 192.0.2.47 signals its availability for an H.261 video
session, using RTP/AVP over DCCP with service code "RTPV" (using the
hexadecimal encoding of the service code in the SDP). RTP and RTCP
packets are multiplexed onto a single DCCP connection and DCCP-NAT
encapsulation is supported:
Phelan Expires August 15, 2010 [Page 8]
Internet-Draft DCCP-NAT Encapsulation February 2010
v=0
o=alice 1129377363 1 IN IP4 192.0.2.47
s=-
c=IN IP4 192.0.2.47
t=0 0
m=video 5004 DCCP/RTP/AVP 99
a=rtcp-mux
a=rtpmap:99 h261/90000
a=dccp-service-code:SC=x52545056
a=setup:passive
a=connection:new
a=dccp-in-udp
An answerer at 192.0.2.128 receives this offer and responds with the
following answer:
v=0
o=bob 1129377364 1 IN IP4 192.0.2.128
s=-
c=IN IP4 192.0.2.128
t=0 0
m=video 9 DCCP/RTP/AVP 99
a=rtcp-mux
a=rtpmap:99 h261/90000
a=dccp-service-code:SC:RTPV
a=setup:active
a=connection:new
a=dccp-in-udp
The end point at 192.0.2.128 then initiates a DCCP-NAT connection to
UDP port to-be-allocated and DCCP port 5004 at 192.0.2.47. DCCP port
5004 is used for both the RTP and RTCP data, and port 5005 is unused.
The textual encoding of the service code is used in the answer, and
represents the same service code as in the offer.
6. Security Considerations
DCCP-NAT provides all of the security risk-mitigation measures
present in DCCP-STD, and also all of the security risks, except those
associated with short sequence numbers (since DCCP-NAT does not
support that feature).
The purpose of DCCP-NAT is to allow DCCP to pass through NAT devices,
and therefore it exposes DCCP to the risks associated with passing
through NAT devices. It does not create any new risks with regard to
NAT devices.
Phelan Expires August 15, 2010 [Page 9]
Internet-Draft DCCP-NAT Encapsulation February 2010
DCCP-NAT may also allow DCCP applications to pass through existing
firewall devices, if the administrators of the devices so choose.
The option is a binary one however; either allow all DCCP
applications or allow none. Proper control of DCCP application-by-
application will require enhancements to firewalls.
7. IANA Considerations
A port allocation request will be placed with IANA for the dccp-nat
service port in UDP.
The following new SDP attribute ("att-field") is to be registered:
Contact name: Tom Phelan <tphelan@sonusnet.com>
Attribute name: dccp-in-udp
Long-form attribute name in English: DCCP in UDP Encapsulation
Type of attribute: Media level
Subject to charset attribute? No
Purpose of the attribute: See this document section Section 5.1
Allowed attribute values: See this document section Section 5.1
8. References
[I-D.ietf-dccp-rtp]
Perkins, C., "RTP and the Datagram Congestion Control
Protocol (DCCP)", draft-ietf-dccp-rtp-07 (work in
progress), June 2007.
[RFC0768] Postel, J., "User Datagram Protocol", STD 6, RFC 768,
August 1980.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC4340] Kohler, E., Handley, M., and S. Floyd, "Datagram
Congestion Control Protocol (DCCP)", RFC 4340, March 2006.
[RFC4787] Audet, F. and C. Jennings, "Network Address Translation
(NAT) Behavioral Requirements for Unicast UDP", BCP 127,
RFC 4787, January 2007.
Phelan Expires August 15, 2010 [Page 10]
Internet-Draft DCCP-NAT Encapsulation February 2010
[RFC5234] Crocker, D. and P. Overell, "Augmented BNF for Syntax
Specifications: ABNF", STD 68, RFC 5234, January 2008.
[RFC5238] Phelan, T., "Datagram Transport Layer Security (DTLS) over
the Datagram Congestion Control Protocol (DCCP)",
RFC 5238, May 2008.
Author's Address
Tom Phelan
Sonus Networks
7 Technology Dr.
Westford, MA 01886
US
Phone: +1 978 614 8456
Email: tphelan@sonusnet.com
Phelan Expires August 15, 2010 [Page 11]
| PAFTECH AB 2003-2026 | 2026-04-22 15:08:24 |