One document matched: draft-ietf-martini-reqs-01.xml
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
<!ENTITY rfc2119 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml">
<!ENTITY rfc3261 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3261.xml">
<!ENTITY rfc3263 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3263.xml">
<!ENTITY rfc3325 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3325.xml">
<!ENTITY rfc3327 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3327.xml">
<!ENTITY rfc3455 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3455.xml">
<!ENTITY rfc4244 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4244.xml">
<!ENTITY rfc5626 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5626.xml">
<!ENTITY rfc5627 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5627.xml">
<!ENTITY draft-mixing-problems SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.draft-kaplan-martini-mixing-problems-00.xml">
]>
<?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?>
<?rfc toc="yes" ?>
<?rfc symrefs="yes" ?>
<?rfc iprnotified="no" ?>
<?rfc strict="yes" ?>
<?rfc compact="yes" ?>
<?rfc subcompact="no" ?>
<?rfc sortrefs="no" ?>
<?rfc colonspace='yes' ?>
<?rfc tocindent='yes' ?>
<rfc category="info" docName="draft-ietf-martini-reqs-01.txt" ipr="trust200811" obsoletes="" updates="">
<front>
<title abbrev="Multiple AOR reachability in SIP">Requirements for multiple address of record (AOR) reachability information in the Session Initiation Protocol (SIP)</title>
<author fullname="John Elwell" initials="J." surname="Elwell">
<organization>Siemens Enterprise Communications</organization>
<address>
<phone>+44 1908 855608</phone>
<email>john.elwell@siemens-enterprise.com</email>
</address>
</author>
<author fullname="Hadriel Kaplan" initials="H." surname="Kaplan">
<organization>Acme Packet</organization>
<address>
<postal>
<street>71 Third Ave.</street>
<city>Burlington</city>
<region>MA</region>
<code>01803</code>
<country>USA</country>
</postal>
<email>hkaplan@acmepacket.com</email>
</address>
</author>
<date year="2010"></date>
<area>RAI</area>
<workgroup>MARTINI WG</workgroup>
<keyword>I-D</keyword>
<keyword>Internet-Draft</keyword>
<keyword>SIP</keyword>
<keyword>Implicit-Registration</keyword>
<abstract>
<t> This document states requirements for a standardized SIP registration mechanism for multiple addresses of record, the mechanism being suitable for deployment by SIP service providers on a large scale in support of small to medium sized PBXs. The requirements are for a solution that can, as a minimum, support AORs based on E.164 numbers.</t>
<t>This work is being discussed on the martini@ietf.org mailing list.</t>
</abstract>
</front>
<middle>
<section title="Introduction">
<t>The Session Initiation Protocol (SIP) <xref target="RFC3261"/>, together with its extensions, supports multiple means of obtaining the connection information necessary to deliver out-of-dialog SIP requests to their intended targets. When a SIP proxy needs to send a request to a target address of record (AOR) within its domain, it can use a location service to obtain the registered contact URI(s), together with any associated path information <xref target="RFC3327"/>, and build a route set to reach each target user agent (UA). The SIP REGISTER method can be used to register contact URIs and path information. SIP-outbound <xref target="RFC5626"/> enhances this mechanism to cater for UAs behind NATs and firewalls. When a entity needs to send a request to a target for which it is not authoritative, the entity can follow <xref target="RFC3263"/> procedures for using the Domain Name System (DNS) to obtain the next-hop connection information.</t>
<t>In practice, many small and medium-sized businesses use a SIP-PBX that is authoritative for tens or hundreds of SIP AORs. This SIP-PBX acts as a registrar/proxy for these AORs for clients hosted by the SIP-PBX. UAs register with the SIP-PBX on behalf of the AORs concerned. A SIP Service Provider (SSP) provides SIP peering/trunking capability to the SIP PBX. The SIP-PBX needs to be reachable from the SSP so that the SSP can handle inbound out-of-dialog SIP requests targeted at these AORs, routing these requests to the SIP-PBX for onward delivery to registered UAs.</t>
<t>Experience has shown that existing mechanisms are not always sufficient to support SIP-PBXs for small/medium businesses. In particular, RFC 3263 procedures are generally inappropriate, except for some larger SIP-PBXs. In current deployments, mechanisms for the dynamic provision of reachability information based on the SIP REGISTER method are commonly used. However, implementations of this mechanism vary in detail, leading to interoperability issues between SIP-PBXs and SSPs, and the need for equipment to support different variants. A more detailed statement of the problem is given in section <xref target="problem-statement"/>.</t>
<t>This document states requirements for a standardized SIP registration mechanism for multiple AORs, the mechanism being suitable for deployment by SSPs on a large scale in support of small to medium sized PBXs. The requirements are for a solution that can, as a minimum, support AORs based on E.164 numbers. The ability to handle other forms of AOR is outside the scope of this document, although a solution that can handle other forms of AOR is not precluded if it does not lead to significant additional complexity or a delay in producing the standard.</t>
</section>
<section title="Terminology">
<t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in <xref target="RFC2119"/>.</t>
<t>The terms address of record (AOR), proxy, REGISTER, registrar, request and user agent (UA) are to be interpreted as described in <xref target="RFC3261"/>.</t>
</section>
<section title="Problem statement" anchor="problem-statement">
<t>A number of other standards organizations have addressed the issue of a SIP-PBX registering with its SSP, notably ETSI <xref target="ETSI"/> and 3GPP <xref target="3GPP"/>. Also various SSPs have produced proprietary specifications for use with their own offerings. The reader is encouraged to review the documents produced by those organizations.</t>
<t>A short summary of the general concept is as follows.</t>
<t>In virtually all models, the SIP-PBX generates a SIP REGISTER request using a mutually agreed-upon SIP AOR - typically based on the SIP-PBX's main attendant/reception-desk number. The AOR is almost always in the domain of the SSP, and both the To and From URIs used for the REGISTER request identify that AOR. In all respects, it appears on the wire as a "normal" first-party SIP REGISTER request, as if from a typical subscriber UA. However, it generally implicitly registers other AORs associated with the SIP-PBX.</t>
<t>For both 3GPP and ETSI mechanisms, the 200 OK response to the REGISTER request, sent after a successful authentication challenge, contains a P-Associated-URI (PAU) <xref target="RFC3455"/> header field listing the other SIP or TEL URI Identities (i.e., phone numbers) of the SIP-PBX, which are implicitly Registered AORs. The registered reachability information from the REGISTER request will be used to reach not only the single explicitly-registered AOR but also each of the implicitly-registered AORS. In order to reduce the number of PAU entries, a "wildcard" syntax model is defined, which uses a regular expression syntax in the user field of the URI to express multiple AORs in a compressed manner.</t>
<t>For routing requests for any of the explicitly or implicitly registered AORs from the SSP to the SIP-PBX, the Request-URI is typically replaced with the registered Contact-URI. In the case of 3GPP and ETSI, the SSP has the option of using loose-routing instead, and inserting the registered Contact-URI as a loose-route Route header field value while leaving the Request-URI alone. This decision is made based upon manually provisioned information in the registrar's database (i.e., the Home Subscriber Server, HSS).</t>
<section title="Issues with the REGISTER transaction">
<section title="No explicit indicator">
<t>None of the currently available mechanisms indicate that the REGISTER request or response is any different from a "normal" REGISTER request or response. This has caused issues when middleboxes between the SIP-PBX and the registrar serve both SIP-PBXs and normal subscriber UAs yet need to apply different policies to the two cases.</t>
<t>Furthermore, some middleboxes expect the registrar to follow normal [RFC3261] procedures of Request-URI replacement with the registered Contact-URI for routing subsequent requests to the SIP-PBX. If the registrar adopts a different practice for requests to SIP-PBXs, this can cause the middlebox to fail to route such requests correctly, because there is no indication that the registration was any different.</t>
<t>Lastly, lack of an indication of implicit registration makes troubleshooting more difficult because the on-the-wire messages are indistinguishable from "normal" registrations. Note that even the existence of a PAU header field in the response does not indicate that implicit registration for a SIP-PBX has occurred, since the PAU header field is also used for subscriber UAs with multiple identities.</t>
</section>
<section title="Undefined behaviour on PAU mismatch">
<t>There is no defined behavior for the SIP-PBX if the PAU header field's list of URIs does not match what the SIP-PBX expects it to be. It is not clear if the SIP-PBX should de-register, re-register, or ignore the difference; nor is there a way for the SIP-PBX to indicate the error in signaling.</t>
</section>
<section title="REGISTER response growth">
<t>If an SIP-PBX represents many AORs, the PAU list in the response can grow the SIP message size beyond the limits for UDP.</t>
</section>
<section title="Illegal wildcarding syntax">
<t>The current syntax for "wildcarded" PAUs is illegal for TEL URIs, based on the ABNF rules for TEL URIs.</t>
</section>
</section>
<section title="Issues with routing requests">
<section title="Loss of target information">
<t>If the proxy-registrar follows [RFC3261] for registration resolution of requests targeted at one of the SIP-PBX's AORs, and thus replaces the Request-URI with the registered Contact-URI, it is not clear which AOR is the intended target of the request. The To-URI, for example, may not contain the intended target AOR if the request was forwarded/retargeted prior to reaching the proxy-registrar. Some middleboxes between the registrar and SIP-PBX will overwrite the Request-URI specifically to try to fix this issue. In some cases, a P-Called-Party-ID header field <xref target="RFC3455"/> will contain the intended target AOR; and in some cases the History-Info header field <xref target="RFC4244"/> will contain it. The SIP-PBX needs to know where to look to find the required information, and in the case of History-Info needs to identify the particular element containing the required information.</t>
</section>
<section title="Request-URI vs. loose-route mismatches">
<t>Some SIP-PBXs expect that inbound SIP requests from the SSP will have the registered Contact-URI in the Request-URI, and thus not interoperate with the loose-route scheme of 3GPP and ETSI. Other SIP-PBXs are fine with the Request-URI being the intended target, but cannot handle receiving a Route header field identifying their registered Contact-URI as a loose-route entry.</t>
</section>
<section title="Request-URI mis-routing">
<t>Although many SIP-PBXs support registration with an SSP, they do not consider themselves authoritative for the explicitly or implicitly registered AORs if the domain portion still identifies the SSP's domain. They expect the domain portion to be their own IP Address, FQDN, or domain. Currently middleboxes have to fix that issue.</t>
</section>
</section>
<section title="Policy-related issues">
<t>The following are largely policy matters for the SSP, but it should be noted the policies described below will not work in some situations. A mechanism for solving the SIP-PBX registration problem will not solve these policy issues directly, although when specifying the mechanism the opportunity can be taken to highlight the impact of such policies.</t>
<section title="Authorization policy mismatches">
<t>Many SSPs perform a first-order level of authorization for requests from the SIP-PBX by checking the URI in the From, P-Asserted- Identity (PAI), or P-Preferred-Identity (PPI) <xref target="RFC3325"/> header field for one matching either an explicitly or implicitly Registered AOR for the same Contact-URI and/or Layer-3 IP Address. If no match is found, the request is rejected. However, some SIP-PBXs change the Contact-URI they use for non-REGISTER requests to be different from the one they explicitly Registered. For example they change the user portion of the Contact-URI, or even the host portion. This is particularly true for a PBX operating as a proxy and forwarding the contact URI from the UA behind the SIP-PBX (the SIP-PBX typically being identified in a Record-Route header field), rather than acting as a B2BUA and substituting its own Contact URI.</t>
</section>
<section title="PAI or PPI URI mismatches">
<t>Some SSPs expect the PAI or PPI URI in SIP requests received from the SIP-PBX to match one of the explicitly or implicitly Registered AORs, whereas some SIP-PBXs generate the URIs using their local IP Address, hostname, or domain name. This triggers request rejection or PAI overwriting.</t>
<t>Some SSPs expect the PAI or PPI URI in SIP requests received from the SIP-PBX to be the explicitly registered AOR only, as it is the main billing number, instead of the implicitly registered AOR of the calling party.</t>
<t>Again, these are policy matters for the SSP, but drawbacks should be noted. For example, rejection of requests can rule out requests from sources beyond the SIP-PBX (e.g., calls forwarded by the SIP-PBX), unless the SIP-PBX changes the PAI or PPI URI to a value acceptable to the SSP (in which case it will no longer identify the calling user). If the SSP changes the PAI or PPI URI, again the request will fail to identify the calling user.</t>
</section>
</section>
</section>
<section title="Requirements">
<t>The following are requirements of the mechanism.</t>
<t>REQ1 - The mechanism MUST allow a SIP-PBX to enter into a trunking arrangement with an SSP whereby the two parties have agreed on a set of telephone numbers deemed to have been assigned to the SIP-PBX.</t>
<t>REQ2 - The mechanism MUST allow a set of assigned telephone numbers to comprise E.164 numbers, which can be in contiguous ranges, discrete, or in any combination of the two.</t>
<t>REQ3 - The mechanism MUST allow a SIP-PBX to register reachability information with its SSP, in order to enable the SSP to route to the SIP-PBX inbound requests targeted at assigned telephone numbers.</t>
<t>REQ4 - The mechanism MUST NOT prevent UAs attached to a SIP-PBX registering with the SIP-PBX on behalf of AORs based on assigned telephone numbers in order to receive requests targeted at those telephone numbers, without needing to involve the SSP in the registration process.</t>
<t>REQ5 - The mechanism MUST allow a SIP-PBX to handle internally requests originating at its own UAs and targeted at its assigned telephone numbers, without routing those requests to the SSP.</t>
<t>REQ6 - The mechanism MUST allow a SIP-PBX to receive requests to its assigned telephone numbers originating outside the SIP-PBX and arriving via the SSP, so that the PBX can route those requests onwards to its UAs, as it would for internal requests to those telephone numbers.</t>
<t>REQ7 - The mechanism MUST provide a means whereby a SIP-PBX knows which of its assigned telephone numbers an inbound request from its SSP is targeted at.</t>
<t>REQ8 - The mechanism MUST provide a means of avoiding problems due to one side using the mechanism and the other side not.
<list>
<t>In other words, the mechanism is required to avoid the situation where one side believes it is using the mechanism and the other side believes it is not, e.g., the SIP-PBX believes it is performing registration of multiple telephone numbers, but the SSP believes a single AOR is being registered.</t>
</list></t>
<t>REQ9 - The mechanism MUST observe SIP backwards compatibility principles.
<list>
<t>In other words, the mechanism is required to provide a graceful means of recovery or fall-back if either side does not support the mechanism. For example, this might involve the use of an option tag.</t>
</list></t>
<t>REQ10 - The mechanism MUST work in the presence of intermediate SIP entities on the SSP side of the SIP-PBX-to-SSP interface (i.e., between the SIP-PBX and the SSP's domain proxy), where those intermediate SIP entities need to be on the path of inbound requests to the PBX.
<list>
<t>These intermediate SIP entities can be edge proxies, session border controllers, etc..</t>
</list></t>
<t>REQ11 - The mechanism MUST work when a SIP-PBX obtains its IP address dynamically.</t>
<t>REQ12 - The mechanism MUST work without requiring the SIP-PBX to have a domain name or the ability to publish its domain name in the DNS.</t>
<t>REQ13 - For a given SIP-PBX and its SSP, there MUST be no impact on other domains, which are expected to be able to use normal RFC 3263 procedures to route requests, including requests needing to be routed via the SSP in order to reach the SIP-PBX.</t>
<t>REQ14 - The mechanism MUST be able to operate over a transport that provides integrity protection and confidentiality.</t>
<t>REQ15 - The mechanism MUST support authentication of the SIP-PBX by the SSP and vice versa.</t>
<t>REQ16 - The mechanism MUST allow the SIP-PBX to provide its UAs with public or temporary Globally Routable UA URIs (GRUUs) <xref target="RFC5627"/>.</t>
<t>REQ17 - The mechanism MUST NOT preclude the ability of the SIP-PBX to route on-PBX requests directly, without hair-pinning the signalling through the SSP.</t>
<t>REQ18 - The mechanism MUST work over any existing transport specified for SIP, including UDP.</t>
</section>
<section title="Desirables">
<t>The following are desirable properties of the mechanism.</t>
<t>DES1 - The mechanism SHOULD allow an SSP to exploit its mechanisms for providing SIP service to ordinary subscribers in order to provide a SIP trunking service to SIP-PBXs.</t>
<t>DES2 - The mechanism SHOULD scale to SIP-PBXs of several thousand assigned telephone numbers.
<list>
<t> This will probably preclude any mechanism involving a separate REGISTER transaction per assigned telephone number.</t>
<t>In practice, the mechanism is more likely to be used on PBXs with up to a few hundred telephone numbers, but it is impossible to give a precise limit, and hence the desire to be able to support several thousand.</t>
</list></t>
<t>DES3 - The mechanism SHOULD scale to support several thousand SIP-PBXs on a single SSP.</t>
<t>DES4 - The mechanism SHOULD require relatively modest changes to a substantial population of existing SSP and SIP-PBX implementations, in order to encourage a fast market adoption of the standardized mechanism.
<list>
<t>Ease of market adoption is paramount here. Many SIP-PBXs and SSPs have implemented mechanisms based on the REGISTER method, and the need for substantial changes to those implementations will discourage convergence on a single standard in the foreseeable future.</t>
</list></t>
</section>
<section title="Non-requirements">
<t>The means by which a third domain can route a request to the SSP for onward delivery to the SIP-PBX is outside the scope of this work. This is related to REQ13, which requires normal routing based on RFC 3263 to be used.</t>
<t>Provisioning is outside the scope of this work. In particular, a SSP will need to assign a set of numbers to a SIP-PBX, and a SIP-PBX will need to be aware of the set of assigned numbers and allocate those numbers to its users. Automated means for a SIP-PBX to obtain, from its SSP, the set of assigned telephone numbers is considered to be a provisioning topic.</t>
</section>
<section title="IANA considerations">
<t>This document requires no IANA actions.</t>
</section>
<section title="Security considerations" anchor="section-security">
<t>Security of signaling between the SIP-PBX and the SSP is important. Some of the requirements above already address this.</t>
<t>In particular, it is important that an entity acting as a SIP-PBX cannot register with an SSP and receive inbound requests to which it is not entitled. The SSP is assumed to have procedures for ensuring that a SIP-PBX is entitled to use a set of E.164 telephone numbers prior to entering into agreement with that SIP-PBX for using those telephone numbers with this mechanism. Furthermore, by authenticating the SIP-PBX when it provides reachability information, the SSP can be sure that it delivers inbound requests only to the correct destination.</t>
</section>
<section title="Acknowledgements">
<t>The contents of the document have been compiled from extensive discussions within the MARTINI WG, the individuals concerned being too numerous to mention.</t>
</section>
</middle>
<back>
<references title="Normative References">
&rfc2119;
&rfc3261;
&rfc3263;
</references>
<references title="Informative References">
&rfc3325;
&rfc3327;
&rfc3455;
&rfc4244;
&rfc5626;
&rfc5627;
<reference anchor="3GPP">
<front>
<title>3GPP TS 24.229 "3rd Generation Partnership Project; Technical Specification Group Core Network and Terminals; IP multimedia call control protocol based on Session Initiation Protocol (SIP) and Session Description Protocol (SDP); Stage 3"</title>
<author>
<organization></organization>
</author>
</front>
</reference>
<reference anchor="ETSI">
<front>
<title>ETSI TS 182 025 "Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); Business trunking; Architecture and functional description"</title>
<author>
<organization></organization>
</author>
</front>
</reference>
</references>
</back>
</rfc>
| PAFTECH AB 2003-2026 | 2026-04-24 06:44:31 |