One document matched: draft-ietf-pcp-proxy-03.xml
<?xml version="1.0" encoding="US-ASCII"?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd">
<?rfc toc="yes"?>
<?rfc symrefs="yes"?>
<?rfc sortrefs="yes"?>
<?rfc comments="yes"?>
<?rfc inline="yes"?>
<?rfc compact="yes"?>
<rfc category="std" docName="draft-ietf-pcp-proxy-03" ipr="trust200902">
<front>
<title abbrev="PCP Proxy">Port Control Protocol (PCP) Proxy
Function</title>
<author fullname="Mohamed Boucadair" initials="M." surname="Boucadair">
<organization>France Telecom</organization>
<address>
<postal>
<street></street>
<city>Rennes</city>
<code>35000</code>
<country>France</country>
</postal>
<email>mohamed.boucadair@orange.com</email>
</address>
</author>
<author fullname="Reinaldo Penno" initials="R." surname="Penno">
<organization>Cisco</organization>
<address>
<postal>
<street></street>
<code></code>
<country>USA</country>
</postal>
<email>repenno@cisco.com</email>
</address>
</author>
<author fullname="Dan Wing" initials="D." surname="Wing">
<organization abbrev="Cisco">Cisco Systems, Inc.</organization>
<address>
<postal>
<street>170 West Tasman Drive</street>
<city>San Jose</city>
<region>California</region>
<code>95134</code>
<country>USA</country>
</postal>
<email>dwing@cisco.com</email>
</address>
</author>
<date day="18" month="June" year="2013" />
<workgroup>PCP Working Group</workgroup>
<keyword>PCP, proxy</keyword>
<abstract>
<t>This document specifies a new PCP functional element denoted as PCP
Proxy. The PCP Proxy relays PCP requests received from PCP Clients to
upstream PCP Server(s). This function is mandatory when PCP Clients can
not be configured with the address of the PCP Server located more than
one hop.</t>
</abstract>
</front>
<middle>
<section title="Introduction">
<t><?rfc subcompact="no" ?>This document defines a new PCP <xref
target="RFC6887"></xref> function element, called PCP Proxy, which is
meant to facilitate the communication between a PCP Client and upstream
PCP Server(s). The PCP Proxy acts as a PCP Server receiving PCP requests
on internal interfaces, and as a PCP Client forwarding accepted PCP
requests on an external interface to a PCP Server. The PCP Server in
turn sends PCP responses to the PCP Proxy external interface which are
finally forwarded to PCP Clients. A reference architecture is depicted
in <xref target="Reference_Architecture"></xref>.</t>
<t>A PCP Proxy can be for instance embedded in a CP (Customer Premises)
router while the PCP Server is located in a network operated by an ISP
(Internet Service Provider). It is out of scope of this document to list
all deployment scenarios requiring a PCP Proxy to be involved.</t>
<t>The PCP Proxy can be simple (i.e., a single-homed entity which
implement as transparent/minimal processing as possible) or it can
support advanced features (see <xref target="advanced"></xref>). A PCP
Proxy can be co-located with UPnP IGD <xref
target="I-D.ietf-pcp-upnp-igd-interworking"></xref> or/and NAT-PMP <xref
target="I-D.bpw-pcp-nat-pmp-interworking"></xref> Interworking Function
(IWF).</t>
<t><figure align="center" anchor="Reference_Architecture"
title="Reference Architecture">
<artwork><![CDATA[
+------------+
| PCP Client |-----+
+--(Host 1)--+ | +-----------+ +----------+
+---| | | |
| PCP Proxy |-------|PCP Server|
+---| | | |
+------------+ | +-----------+ +----------+
| PCP Client |-----+
+--(Host 2)--+
Internal PCP Clients
]]></artwork>
</figure></t>
<t></t>
</section>
<section title="Requirements Language">
<t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in <xref
target="RFC2119">RFC 2119</xref>.</t>
</section>
<section title="PCP Server Discovery and Provisioning">
<t>The PCP Proxy MUST follow the procedure defined in Section 8.1 of
<xref target="RFC6887"></xref> to discover its PCP Server.</t>
<t>The address of the PCP Proxy is provisioned to internal PCP Clients
(see <xref target="Reference_Architecture"></xref>) as their default PCP
Server: If the PCP DHCP option <xref target="RFC6887"></xref> is
supported by an internal PCP Client, it will retrieve the PCP Server IP
address to use from its local DHCP server; otherwise internal PCP
Clients will assume their default router being the PCP Server.</t>
</section>
<section title="PCP Proxy as a PCP Server">
<t>The PCP Proxy acts as a PCP Server for internal hosts and accepts PCP
requests on the interface(s) facing them.</t>
<t>When the topology makes a routing loop possible, the PCP Proxy MAY
check it is not the source of a PCP message it received.</t>
</section>
<section title="Control of the Firewall">
<t>A security policy to accept PCP messages from the provisioned PCP
Server(s) is to be enabled on the device embedding the PCP Proxy. This
policy can be for instance triggered by DHCP configuration or by
outbound PCP requests issued from the PCP Proxy to the provisioned PCP
Server.</t>
<t>In order to accept inbound and outbound traffic associated with PCP
mappings instantiated in the upstream PCP Server, appropriate security
policies are to be configured on the firewall.</t>
<t>For instance if the firewall rules have a lifetime, PCP response can
be snooped in order to instantiate the corresponding firewall rules with
the same lifetime. If they have no lifetime, an explicit dynamic mapping
table can be kept in the PCP Proxy state in order to instantiate and
remove corresponding firewall rules.</t>
<t>FILTER Options can be installed into the local firewall, forwarded to
the PCP Server so installed into the remote NAT/firewall or both.</t>
</section>
<section title="No NAT is Co-located with the PCP Proxy">
<t>When no NAT is co-located with the PCP Proxy, the port numbers
included in received PCP messages (from the PCP Server or PCP Client(s))
are not altered by the PCP Proxy. Nevertheless, the PCP Client IP
Address MUST be changed to the address of the PCP Proxy and a
THIRD_PARTY Option inserted to carry the IP address of the source PCP
Client.</t>
<t>Because no NAT is invoked, there is no reachability failure risk to
relay to the PCP Server unknown Options and OpCodes which carry an IP
address.</t>
</section>
<section anchor="embedded_NAT"
title="PCP Proxy Co-located with a NAT Function">
<t>When the PCP Proxy is co-located with a NAT function, it MUST update
the content of received requests with the mapped port number and the
address belonging to the external interface of the PCP Proxy (i.e.,
after the NAT operation) and not as initially conveyed by the PCP
Client. For the reverse path, PCP responses MUST be updated by the PCP
Proxy to replace the internal port number to what has been initially
positioned by the PCP Client. For this purpose the PCP Proxy MUST have
an access to the local NAT state maintained locally.</t>
<t>By default, the PCP Proxy MUST relay unknown OpCodes and
mandatory-to-process unknown Options. Rejecting unknown Options and
OpCodes has the drawback of preventing a PCP Client to make use of new
capabilities offered by the PCP Server but not supported by the PCP
Proxy even if no IP address and/or port is included in the
Option/OpCode.</t>
<t>Because PCP messages with an unknown OpCode or mandatory-to-process
unknown Options can carry a hidden internal address or internal port
which will not be translated, A PCP Proxy MUST be configurable to
disable relaying unknown OpCodes and mandatory-to-process unknown
Options. If the PCP Proxy is configured to disable relaying unknown
OpCodes and mandatory-to-process unknown Options, the PCP Proxy MUST
behave as follows:<list style="symbols">
<t>a PCP Proxy co-located with a NAT MUST reject by an UNSUPP_OPCODE
error response a received request with an unknown OpCode.</t>
<t>a PCP Proxy co-located with a NAT MUST reject by an UNSUPP_OPTION
error response a received request with a mandatory-to-process
unknown Option.</t>
</list></t>
<t>When a PCP request is received and accepted by the PCP Proxy the
corresponding mapping (explicit dynamic mapping for a MAP request,
implicit dynamic mapping for a PEER request) is looked for in the local
NAT state and temporary created if it does not exist. "Temporary" means
it is deleted if no SUCCESS response is received, either explicitly or
because of its short lifetime at creation.</t>
<t>If the local NAT associates explicit dynamic mappings to a lifetime,
the requested lifetime in MAP requests SHOULD be adjusted to be in the
accepted range of the local NAT, and the assigned lifetime copied from
MAP responses to the corresponding mapping in the local NAT. The same
processing applies to implicit dynamic mappings and PEER
requests/responses.</t>
<t>Otherwise explicit dynamic mappings have an undefined lifetime in the
local NAT and the PCP Proxy SHOULD maintain an explicit dynamic mapping
table and SHOULD delete corresponding explicit dynamic mappings in the
local NAT when they expire or are deleted by the MAP request with a zero
requested lifetime.</t>
</section>
<section anchor="proxy" title="MAP/PEER Handling">
<t>A simple PCP Proxy performs minimal modifications to PCP requests and
responses, in particular it does not change the Nonce value in requests
and the Epoch value in responses. A simple PCP Proxy is assumed to
handle only one PCP Server.</t>
<t>For handling THIRD_PARTY option, the PCP Proxy MUST follow the PCP
Server behavior specified in Section 13.1 of <xref
target="RFC6887"></xref>.</t>
<t>The detailed behavior at the reception of a PCP request on an
internal interface is as follows: <list style="symbols">
<t>Check if the source IP address and the PCP Client IP Address are
the same.</t>
<t>Apply security controls (e.g., THIRD_PARTY filtering).</t>
<t>If the request is rejected, build a synthetic error response and
send it back to the PCP Client.</t>
<t>If the request is accepted, adjust it (e.g., adding a THIRD_PARTY
Option, updating the PCP Client IP Address and Internal Port to
their translated values as specified in <xref
target="embedded_NAT"></xref> and forward it on a fresh UDP socket
connected to the PCP Server).</t>
<t>Wait for the response during a reasonable delay.</t>
<t>When the response is received from the PCP Server, adjust it back
(e.g., removing the THIRD_PARTY Option added previously, updating
the PCP Client IP Address and Internal Port to their initial values
as specified in <xref target="embedded_NAT"></xref>), forward it to
the source PCP Client and close the socket to the PCP Server.</t>
<t>On a hard error on the UDP socket, build a synthetic ICMP error
and send it to the source PCP Client.</t>
</list></t>
<t>The reasonable delay minimum value is 20 seconds, request
retransmission is handled by PCP clients.</t>
<t>For each pending request, the proxy MUST maintain in a data record:
<list style="symbols">
<t>the request payload</t>
<t>the interface where the request was received</t>
<t>the source IP address of the request</t>
<t>the source UDP port of the request</t>
<t>the UDP socket connected to the PCP server</t>
<t>an expire timeout</t>
</list></t>
<t>Receiving interfaces can be implemented by a set of servicing
sockets, each socket bound to an address of an internal interface.
Interface, source address and port are used to send back packets to the
source PCP Client. The request payload is used to generate synthetic
ICMP. Responses are received on the UDP socket.</t>
<t>Too large requests SHOULD be forwarded to the PCP Server in order to
relay back the error response, i.e., the PCP Proxy is not in charge to
enforce the message size limit and in general the PCP Proxy SHOULD NOT
generate error response for a reason other than security controls. No
behavior is specified in the case the PCP Proxy processing (e.g., adding
a THIRD_PARTY Option) makes a valid request too large when it is sent to
the PCP Server.</t>
</section>
<section title="Mapping Repair">
<t>ANNOUNCE requests received from PCP Clients are handled locally; as
such these requests MUST NOT be relayed to the provisioned PCP
Server.</t>
<t>Upon receipt of an unsolicited ANNOUNCE response from a PCP Server,
the PCP Proxy proceeds to renewing the mappings and checks whether there
are changes compared to a local cache if it is maintained by the PCP
Proxy. If no change is detected, no unsolicited ANNOUNCE is generated
towards PCP Clients. If a change is detected, the PCP Proxy MUST
generate unsolicited ANNOUNCE message(s) to appropriate PCP Clients. If
the PCP Proxy does not maintain a local cache for the mappings,
unsolicited ANNOUNCE messages are relayed to PCP Clients.</t>
<t>Unsolicited PCP MAP/PEER responses received from a PCP Server are
handled as any normal MAP/PEER response. To handle unsolicited PCP
MAP/PEER responses, the PCP Proxy is required to maintain a local cache
of instantiated mappings in the PCP Server (<xref
target="full"></xref>).</t>
<t>Upon change of its external IP address, the PCP Proxy SHOULD renew
the mappings it maintained. If the PCP Server assigns a different
external port, the PCP Proxy SHOULD follow the mapping repair procedure
defined in <xref target="RFC6887"></xref>. This can be achieved only if
a full state table is maintained by the PCP Proxy.</t>
</section>
<section anchor="advanced" title="Advanced Functions">
<t>Below are listed a set of advanced features which may be supported by
the PCP Proxy.</t>
<section title="Multiple PCP Servers">
<t>A PCP Proxy MAY handle multiple PCP Servers at the same time, each
PCP Server is associated to each own handled Epoch value according to
<xref target="epoch_handling"></xref>. PCP Clients are not aware of
the presence of multiple PCP Servers.</t>
<t>According to <xref target="I-D.ietf-pcp-dhcp"></xref>, if several
PCP Names are configured to the PCP Proxy, it will contact in parallel
all these PCP Servers.</t>
<t>In some contexts (e.g., PCP-controlled CGNs), the PCP Proxy MAY
load balance the PCP Client among available PCP Servers. The PCP Proxy
MUST ensure requests of a given PCP Client are relayed to the same PCP
Server.</t>
<t>In other deployment scenarios (e.g., presence of multiple
PCP-controlled firewalls), the PCP Proxy MUST relay PCP requests to
all these PCP Servers.</t>
<t>The PCP Proxy MAY rely on some fields (e.g., Zone ID <xref
target="I-D.penno-pcp-zones"></xref>) in the PCP request to redirect
the request to a given PCP Server.</t>
</section>
<section anchor="epoch_handling" title="Epoch Handling">
<t>A PCP Proxy MAY use its own internal timers and not blindly copy
them from PCP responses. There should be no advantages to have more
than one managed Epoch per PCP Server.</t>
<t>The Epoch MUST be reset when explicit dynamic mappings are lost,
i.e.: <list style="symbols">
<t>at startup if the PCP Proxy can't recover the state.</t>
<t>when the WAN address is changed or any similar events which
show any previous state is no longer valid.</t>
<t>when the Epoch value in a PCP response is too small (cf. Epoch
value validation rules in <xref target="RFC6887"></xref>).</t>
<t>when the External IP Address has changed.</t>
</list>The last two rules are per PCP Server, a PCP Proxy MAY check
these conditions in all received responses for a PCP Server.</t>
</section>
<section title="Request/Response Caching">
<t>A PCP Proxy providing request/response caching checks each time it
receives a PCP request if it has already seen the same request
recently and got the corresponding PCP response. In this case, it
sends back directly the cached response with the proper Epoch value
and not forward the request to the PCP Server.</t>
</section>
<section title="Retransmission Handling">
<t>An extension of the previous service is to manage the
retransmission of pending requests to the PCP Server internally, i.e.,
no longer driven by the PCP Client. A cache entry SHOULD be expired
after a delay short enough to keep it easy to distinguish it from a
replay.</t>
</section>
<section anchor="full" title="Full State">
<t>A PCP Proxy MAY keep the full state, i.e., an image of all active
explicit dynamic mappings is kept in memory. When this service is
supported the state SHOULD be recovered in case of failures (e.g.,
according to <xref target="I-D.boucadair-pcp-failure"></xref>).</t>
</section>
</section>
<section anchor="IANA" title="IANA Considerations">
<t>This document makes no request of IANA.</t>
</section>
<section anchor="Security" title="Security Considerations">
<t>The PCP Proxy MUST follow the security considerations elaborated in
<xref target="RFC6887"></xref> for both the client and server side.</t>
<t>A received request carrying an unknown OpCode or Option SHOULD be
dropped (or in the case of an unknown Option which is not
mandatory-to-process the Option be removed) if it is not a priori
compatible with security controls or correct processing.</t>
<t>The device embedding the PCP Proxy MAY block PCP requests directly
sent to the PCP Server. This can be enforced using access control lists
(ACLs).</t>
</section>
<section anchor="Acknowledgements" title="Acknowledgements">
<t>Many thanks to C. Zhou and T. Reddy for their review and
comments.</t>
<t>Special thanks to F. Dupont who contributed to this document.</t>
</section>
</middle>
<back>
<references title="Normative References">
<?rfc include="reference.RFC.2119"?>
<?rfc include="reference.RFC.6887"?>
</references>
<references title="Informative References">
<?rfc include="reference.I-D.ietf-pcp-upnp-igd-interworking"?>
<?rfc include="reference.I-D.ietf-pcp-dhcp"?>
<?rfc include="reference.I-D.boucadair-pcp-failure"?>
<?rfc include="reference.I-D.bpw-pcp-nat-pmp-interworking"?>
<?rfc include='reference.I-D.penno-pcp-zones'?>
</references>
</back>
</rfc>
| PAFTECH AB 2003-2026 | 2026-04-23 14:19:25 |