One document matched: draft-ietf-dccp-udpencap-03.xml
<?xml version="1.0" encoding="US-ASCII"?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd">
<rfc category="std" docName="draft-ietf-dccp-udpencap-03" ipr="trust200902">
<?rfc toc="yes"?>
<!-- generate a table of contents -->
<?rfc symrefs="yes"?>
<!-- use anchors instead of numbers for references -->
<?rfc sortrefs="yes" ?>
<!-- alphabetize the references -->
<?rfc compact="yes" ?>
<!-- conserve vertical whitespace -->
<?rfc subcompact="no" ?>
<!-- but keep a blank line between list items -->
<front>
<title abbrev="DCCP-UDP Encapsulation">Datagram Congestion Control
Protocol (DCCP) Encapsulation for NAT Traversal (DCCP-UDP)</title>
<author fullname="Tom Phelan" initials="T." surname="Phelan">
<organization abbrev="Sonus">Sonus Networks</organization>
<address>
<postal>
<street>7 Technology Dr.</street>
<city>Westford</city>
<region>MA</region>
<code>01886</code>
<country>US</country>
</postal>
<phone>+1 978 614 8456</phone>
<email>tphelan@sonusnet.com</email>
</address>
</author>
<author fullname="Godred Fairhurst" initials="G." surname="Fairhurst">
<organization abbrev="University of Aberdeen">University of
Aberdeen</organization>
<address>
<postal>
<street>School of Engineeeing</street>
<city>Aberdeen</city>
<region>Scotland</region>
<code>AB24 3UE</code>
<country>UK</country>
</postal>
<phone></phone>
<email>gorry@erg.abdn.ac.uk</email>
</address>
</author>
<date year="2010" />
<area>Transport</area>
<workgroup>Datagram Congestion Control Protocol</workgroup>
<abstract>
<t>This document specifies an alternative encapsulation of the Datagram
Congestion Control Protocol (DCCP), referred to as DCCP-UDP. This
encapsulation allows DCCP to be carried through the current generation
of Network Address Translation (NAT) middleboxes without modification of
those middleboxes. This documents also updates the SDP information for
DCCP defined in RFC 5762.</t>
</abstract>
</front>
<middle>
<section title="Introduction" toc="include">
<t>The Datagram Congestion Control Protocol (DCCP), specified in <xref
target="RFC4340"></xref>, is a transport-layer protocol that provides
upper layers with the ability to use non-reliable congestion-controlled
flows. The current specification for DCCP <xref target="RFC4340"></xref>
specifies a direct encapsulation in IPv4 or IPv6 packets.</t>
<t><xref target="RFC5597"></xref> specifies how DCCP should be handled
by devices that use Network Address Translation (NAT) or Network Address
and Port Translation (NAPT). However, there is a significant installed
base of NAT/NAPT devices that do not support <xref
target="RFC5597"></xref>. In the short term, it would be useful to have
an encapsulation for DCCP that is compatible with this installed base of
NAT/NAPT devices that supports <xref target="RFC4787"></xref>, but do
not support <xref target="RFC5597"></xref>. This document specifies that
encapsulation, which is referred to as DCCP-UDP. For convenience, the
standard encapsulation for DCCP <xref target="RFC4340"></xref>
(including <xref target="RFC5596"></xref> as required) is referred to as
DCCP-STD.</t>
<t>The document also provides an updated SDP specification for DCCP,
and, in this respect only, it updates the method in <xref
target="RFC5762"></xref>.</t>
<t>The DCCP-UDP encapsulation specified in this document supports all of
the features contained in DCCP-STD, but with limited functionality for
partial checksums.</t>
</section>
<section title="Terminology" toc="include">
<t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in <xref
target="RFC2119"></xref>.</t>
</section>
<section title="DCCP-UDP" toc="include">
<t>The basic approach is to insert a UDP <xref target="RFC0768"></xref>
header between the IP header and the DCCP packet. Note that this is not
a tunneling approach. The IP addresses of the communicating end systems
are carried in the IP header. The method does not embed additional IP
addresses.</t>
<t>The method is designed to support use when these addresses are
modified by a device that implements NAT/NAPT. A NAT translates the IP
addresses, which impacts the transport-layer checksum. A NAPT device may
also translate the port values (usually the source port). In both cases,
the outer transport header that includes these values would need to be
updated by the NAT/NAPT.</t>
<t>Devices offering or using DCCP services via DCCP-UDP encapsulation
listens on a UDP port (default port, XXX IANA PORT XXX), or may bind to
a specified port utilising out-of-band signalling, such as the Session
Description Protocol (SDP). The DCCP-UDP server accepts incoming packets
over the UDP transport and passes the received packets to the DCCP
protocol module, after removing the UDP encapsulation.</t>
<t>A DCCP implementation MAY allow services to be simultaneously offered
over any or all combinations of DCCP-STD and DCCP-UDP encapsulations
with IPv4 and IPv6.</t>
<t>The basic format of a DCCP-UDP packet is:</t>
<figure>
<artwork><![CDATA[
+-----------------------------------+
| IP Header (IPv4 or IPv6) | Variable length
+-----------------------------------+
| UDP Header | 8 bytes
+-----------------------------------+
| DCCP Generic Header | 12 or 16 bytes
+-----------------------------------+
| Additional (type-specific) Fields | Variable length (could be 0)
+-----------------------------------+
| DCCP Options | Variable length (could be 0)
+-----------------------------------+
| Application Data Area | Variable length (could be 0)
+-----------------------------------+
]]></artwork>
</figure>
<section title="The UDP Header" toc="include">
<t>The format of the UDP header is specified in <xref
target="RFC0768"></xref>:</t>
<figure>
<artwork><![CDATA[
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source Port | Dest Port |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Length | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
]]></artwork>
</figure>
<t>For DCCP-UDP, the fields are interpreted as follows:</t>
<t>Source and Dest(ination) Ports: 16 bits each</t>
<t><list style="empty">
<t>These fields identify the UDP ports on which the source and
destination (respectively) of the packet are listening for
incoming DCCP-UDP packets (both may be the default port assigned
by IANA). The UDP port values do not identify the DCCP source and
destination ports.</t>
</list></t>
<t>Length: 16 bits</t>
<t><list stye="empty" style="empty">
<t>This field is the length of the UDP datagram, including the UDP
header and the payload (for DCCP-UDP, the payload is a DCCP-UDP
datagram).</t>
</list></t>
<t>Checksum: 16 bits</t>
<t><list style="empty">
<t>This field is the Internet checksum of a network-layer
pseudoheader and Length bytes of the UDP packet [RFC0768]. The UDP
checksum must not be zero for a UDP packet that carries
DCCP-UDP.</t>
</list></t>
</section>
<section title="The DCCP Generic Header" toc="include">
<t>The DCCP Generic Header <xref target="RFC4340" /> takes two forms,
one with long sequence numbers (48 bits) and the other with short
sequence numbers (24 bits).</t>
<figure>
<artwork><![CDATA[
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source Port | Dest Port |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data Offset | CCVal | CsCov | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | |X| | .
| Res | Type |=| Reserved | Sequence Number (high bits) .
| | |1| | .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number (low bits) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
]]></artwork>
</figure>
and
<figure>
<artwork><![CDATA[
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source Port | Dest Port |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data Offset | CCVal | CsCov | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | |X| |
| Res | Type |=| Sequence Number (low bits) |
| | |0| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
]]></artwork>
</figure>
<t>All generic header fields, except for Checksum field, have the
meaning specified in <xref target="RFC4340" /> updated by <xref
target="RFC5596" />.</t>
</section>
<section title="DCCP-UDP Checksum Procedures" toc="include">
<t>DCCP-UDP employs a checksum at the UDP level and eliminates the use
of the DCCP checksum. This approach was chosen to enable use of
current NAT/NATP traversal methods developed for UDP. Such methods
will generally be unaware whether DCCP is being encapuslated and hence
do not update the inner checksum in the DCCP header. Use of
UDP-checksum is mandated, although this was known to increase
processing for lightweight systems, since standard DCCP processing
requires protection of the DCCP header fields. In addition, UDP NAT
traversal does not support partial checksums, and hence although this
is still permitted end-to-end in the encapsulated DCCP datagram, links
along the path will treat these as UDP packets and can not enable
special partial checksum processing.</t>
<t>For DCCP-UDP, the function of the DCCP Checksum field is performed
by the UDP checksum field. On transmit, the DCCP Checksum field SHOULD
be set to zero. On receive, the DCCP Checksum field MUST be
ignored.</t>
<t>The UDP checksum MUST NOT be zero for a UDP packet that is sent
using DCCP-UDP. If the received UDP Checksum field is zero, the packet
MUST be dropped.</t>
<t>If the UDP Length field is less than 20 (UDP Header length and
minimum DCCP-UDP header length), the packet MUST be dropped.</t>
<t>If the UDP Checksum field, computed using standard UDP methods, is
invalid, the packet MUST be dropped.</t>
<t>If the UDP Length field in a received packet is less than the
length of the UDP header plus the entire DCCP-UDP header (including
the generic header and type-specific fields and options, if present),
or the UDP Length field is greater than the length of the packet from
the beginning of the UDP header to the end of the packet, the packet
MUST be dropped.</t>
<section title="Partial Checksums and the Minimum Checksum Coverage Feature"
toc="include">
<t>DCCP-UDP supports the syntax of partial checksums. It also
supports negotiation of the Minimum Checksum Coverage feature and
settings of the CsCov field. However, since the UDP checksum field
in DCCP-UDP always covers the entire DCCP datagram, an application
that enables this feature will experience a service that is
functionally identical to using full checksum coverage.</t>
</section>
</section>
<section title="Network Layer Options" toc="include">
<t>A DCCP-UDP implementations MAY transfer network-layer options
intended for DCCP to the network-layer header of the encapsulating UDP
packet.</t>
<t>A DCCP-UDP endpoint that receives IP-options for the encapsulating
UDP packet MAY forward these to the DCCP protocol module. If teh
endpoints forwards a specific network layer option to the DCCP module,
it MUST also forward all susbequent packets with this option.
Consistent forwarding is essential for correct operation of many
end-to-end options.</t>
</section>
<section title="Explicit Congestion Notification" toc="default">
<t>A DCCP-UDP endpoint SHOULD follow the procedures of DCCP-STD
section 12 by setting the ECN fields in the IP Headers of outgoing
packets and examining the values received in the ECN fields of
incoming IP packets, relaying any packet markings to the DCCP
module.</t>
<t>Implementations that do not support ECN MUST follow the procedures
in DCCP-STD section 12.1 with regard to implementations that are not
ECN capable.</t>
</section>
<section title="ICMP handling for messages relating to DCCP-UDP"
toc="include">
<t>To allow ICMP messages to be demultiplexed by the receiving
endpoint, part of the original packet that resulted in the message is
included in the payload of the ICMP error message. The receiving
endpoint can therefore use this information to associate the ICMP
error with the transport protocol instance that resulted in the ICMP
message. When DCCP-UDP is used, the error message and the payload of
the ICMP error message relate to the UDP transport.</t>
<t>DCCP-UDP endpoints SHOULD forward ICMP messages relating to a UDP
packet that carry DCCP-UDP to the DCCP module. This may imply
translation of the payload of the ICMP message into a form that is
recognised by the DCCP stack. <xref target="ICMP"></xref> describes
precautions that are desirable before TCP acts on the receipt of an
ICMP message. Similar precautions are desirable prior to forwarding by
DCCP-UDP to the DCCP module.</t>
</section>
<section title="Path Maximum Transmission Unit Discovery" toc="include">
<t>DCCP-UDP implementations SHOULD follow DCCP-STD section 14 with
regard to determining the maximum packet size and the use of Path
Maximum Transmission Unit Discovery (PMTUD).</t>
</section>
<section title="Usage of the UDP port by DCCP-UDP" toc="include">
<t>A DCCP-UDP endpoint MAY use any UDP port number, providing the
active endpoint knows a valid UDP Destination Port on the passive
endpoint.</t>
<t>By default, the DCP-UDP client sets the source and destination
ports to the default port number. UDP port number XXX IANA PORT XXX
has been registered with IANA for this purpose.</t>
<t>A DCCP-UDP server (that is, an initially passive endpoint that
wishes to receive DCCP-Request packets [RFC4340] over DCCP-UDP) binds
a UDP port number for all encapsulated DCCP connections. If the
DCCP-UDP server binds to this default port, it SHOULD accept datagrams
from any UDP source port. For example, this would be needed if a NAPT
along the path had translated the original UDP source port.</t>
<t>There is a risk that the same DCCP source port number will be used
by two endpoints each behind a NAPT. A DCCP-UDP endpoint SHOULD
therefore demultiplex a DCCP-UDP flow using both the UDP source and
destination port numbers in addition to processing of the DCCP ports
by the DCCP module. Hence, the endpoint identifier for a DCCP-UDP
connection should be the 6-tuple <source address, UDP Source Port,
DCCP Source Port, destination address, UDP Destination Port, DCCP
Destination Port>, rather than a 4-tuple <source address, source
port, destination address, destination port> defined by
DCCP-STD.</t>
</section>
<section title="Service Codes and the DCCP Port Registry" toc="include">
<t>This section clarifies the usage of DCCP Service Codes or the
registration of server ports by DCCP-UDP. The section is not intended
to update the procedures for allocating Service Codes or server
ports.</t>
<t>There is one Service Code registry and one DCCP port registration
that apply to all combinations of encapsulation and IP version. A DCCP
Service Code specifies an application using DCCP regardless of the
combination of DCCP encapsulation and IP version. An application may
choose not to support some combinations of encapsulation and IP
version, but its Service Code will remain registered for those
combinations and the Service Code must not be used by other
applications. An application should not register different Service
Codes for different combinations of encapsulation and IP version.
<xref target="RFC5595"></xref> provides additional information about
DCCP Service Codes.</t>
<t>Similarly, a port registration is applicable to all combinations of
encapsulation and IP version. Again, an application may choose not to
support some combinations of encapsulation and IP version on its
registered port, although the port will remain registered for those
combinations. Applications should not register different ports just
for the purpose of using different combinations of encapsulation.</t>
</section>
</section>
<section title="DCCP-UDP and Higher-Layer Protocols" toc="include">
<t>In general, the encapsulation of a higher-layer protocol within DCCP
SHOULD be the same for both DCCP-STD and DCCP-UDP. Encapsulations of
DTLS over DCCP is defined in <xref target="RFC5238"></xref> and RTP over
DCCP is defined in <xref target="RFC5762"></xref>. This document does
not update these encapsulations when using DCCP-UDP.</t>
<t>Higher-layer protocols that require a different encapsulation for
DCCP-UDP MUST justify the reasons for the difference and MUST specify
the encapsulations for both DCCP-STD and DCCP-UDP. If a document does
not specify different encapsulations for DCCP-STD and DCCP-UDP, the
specified encapsulation SHALL apply to both DCCP-STD and DCCP-UDP.</t>
</section>
<section title="Signaling the Use of DCCP-UDP" toc="include">
<t>Applications often signal transport connection parameters through
outside means, such as SDP. Applications that define such methods for
DCCP MUST define how the DCCP encapsulation is chosen, and MUST allow
either encapsulation to be signaled.</t>
<section anchor="sdp" title="SDP support for DCCP-UDP" toc="include">
<t><xref target="RFC5762"></xref> defines SDP extensions for signaling
RTP over DCCP connections. Since it predates this document, it does
not define a method for determining the DCCP encapsulation type. This
document updates <xref target="RFC5762"></xref> to add a method for
determining the DCCP encapsulation type.</t>
<t>A new SDP attribute "dccp-encap" is defined for signaling the DCCP
encapsulation according to the following ABNF <xref
target="RFC5234"></xref>:</t>
<figure>
<artwork><![CDATA[
dccp-encap-attr = %x61 "=dccp-in-udp" [":" udp-port-num]
udp-port-num = *DIGIT
]]></artwork>
</figure>
<t>where *DIGIT is as defined in <xref target="RFC5234"></xref>.</t>
<t>The presence of "a=dccp-in-udp" in an SDP offer indicates that the
offerer is listening for DCCP-UDP connections on the indicated UDP
port (if udp-port-num is included) or on the default port for the
DCCP-UDP service if no port is included.</t>
<t>The absence of "a=dccp-in-udp" in an SDP offer indicates that the
offerer is listening for DCCP-STD connections. The presence of
"a=dccp-in-udp" conveys no information about whether or not the
offerer is listening for DCCP-STD connections.</t>
</section>
</section>
<section title="Security Considerations" toc="include">
<t>DCCP-UDP provides all of the security risk-mitigation measures
present in DCCP-STD, and also all of the security risks.</t>
<t>The purpose of DCCP-UDP is to allow DCCP to pass through NAT/NAPT
devices, and therefore it exposes DCCP to the risks associated with
passing through NAT devices. It does not create any new risks with
regard to NAT/NAPT devices.</t>
<t>The tunnel encapsulation recommends processing of ICMP messages
received for packets swent using DCCP-UDP and translation to allow use
by DCCP. <xref target="ICMP"></xref> describes precautions that are
desirable before TCP acts on receipt of ICMP messages. Similar
precautions are desirable for endpoints processing ICMP for
DCCP-UDP.</t>
<t>DCCP-UDP may also allow DCCP applications to pass through existing
firewall devices, if the administrators of the devices so choose. A
simple use may either allow all DCCP applications or allow none.</t>
<t>A firewall than interprets this specification could inspect the
encapsualted DCCP header to filter based on DCCP information. Full
control of DCCP conenctions by application will require enhancements to
firewalls, as discussed in <xref target="RFC4340"></xref> and related
RFCs (e.g. <xref target="RFC5595"></xref>).</t>
</section>
<section title="IANA Considerations" toc="include">
<t>This document requests IANA to allocate a UDP port for the dccp-udp
service.</t>
<t>XXX Note: IANA is requested to replace all occurrances of "XXX IANA
PORT XXX" by the allocated port value prior to publication. XXX</t>
<t>IANA is also requested to allocate the following new SDP attribute
("att-field"):</t>
<t><list style="empty">
<t>Contact name: Tom Phelan <tphelan@sonusnet.com></t>
<t>Attribute name: dccp-in-udp</t>
<t>Long-form attribute name in English: DCCP in UDP
Encapsulation</t>
<t>Type of attribute: Media level</t>
<t>Subject to charset attribute? No</t>
<t>Purpose of the attribute: See this document section <xref
target="sdp"></xref></t>
<t>Allowed attribute values: See this document section <xref
target="sdp"></xref></t>
</list></t>
</section>
<section title="Acknowledgments">
<t>This document was produced by the DCCP WG. The following contributed
during the working group last call:</t>
<t>Andrew Lenvorski, Lloyd Wood, Pasi Sarolahti, Gerrit Renker, Eddie
Kohler, Collin Perkins, Gorry Fairhurst and Tom Phelan.</t>
</section>
</middle>
<back>
<references title="Normative References">
<?rfc sortrefs="yes"?>
<?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml"?>
<?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.4340.xml"?>
<?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.0768.xml"?>
<?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.5234.xml"?>
<?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.5762.xml"?>
</references>
<references title="Informative References">
<?rfc sortrefs="yes"?>
<?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.4787.xml"?>
<?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.5238.xml"?>
<?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.5595.xml"?>
<?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.5596.xml"?>
<?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.5597.xml"?>
<reference anchor="ICMP">
<front>
<title>"ICMP attacks against TCP", IETF Work-in-Progress.</title>
<author fullname="F." surname="Gont">
<organization>Internet draft,
draft-gont-tcpm-icmp-attacks-05.txt</organization>
</author>
</front>
</reference>
</references>
</back>
</rfc>
| PAFTECH AB 2003-2026 | 2026-04-22 21:57:35 |