idnits 2.17.1 draft-boucadair-pcp-extensions-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (April 25, 2012) is 4383 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-29) exists of draft-ietf-pcp-base-24 ** Obsolete normative reference: RFC 6145 (Obsoleted by RFC 7915) Summary: 1 error (**), 0 flaws (~~), 2 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group M. Boucadair 3 Internet-Draft France Telecom 4 Intended status: Standards Track R. Penno 5 Expires: October 27, 2012 D. Wing 6 Cisco 7 April 25, 2012 9 Some Extensions to Port Control Protocol (PCP) 10 draft-boucadair-pcp-extensions-03 12 Abstract 14 This document extends Port Control Protocol (PCP) with new 15 functionalities. 17 Requirements Language 19 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 20 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 21 document are to be interpreted as described in RFC 2119 [RFC2119]. 23 Status of this Memo 25 This Internet-Draft is submitted in full conformance with the 26 provisions of BCP 78 and BCP 79. 28 Internet-Drafts are working documents of the Internet Engineering 29 Task Force (IETF). Note that other groups may also distribute 30 working documents as Internet-Drafts. The list of current Internet- 31 Drafts is at http://datatracker.ietf.org/drafts/current/. 33 Internet-Drafts are draft documents valid for a maximum of six months 34 and may be updated, replaced, or obsoleted by other documents at any 35 time. It is inappropriate to use Internet-Drafts as reference 36 material or to cite them other than as "work in progress." 38 This Internet-Draft will expire on October 27, 2012. 40 Copyright Notice 42 Copyright (c) 2012 IETF Trust and the persons identified as the 43 document authors. All rights reserved. 45 This document is subject to BCP 78 and the IETF Trust's Legal 46 Provisions Relating to IETF Documents 47 (http://trustee.ietf.org/license-info) in effect on the date of 48 publication of this document. Please review these documents 49 carefully, as they describe your rights and restrictions with respect 50 to this document. Code Components extracted from this document must 51 include Simplified BSD License text as described in Section 4.e of 52 the Trust Legal Provisions and are provided without warranty as 53 described in the Simplified BSD License. 55 Table of Contents 57 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 58 2. DESCRIPTION . . . . . . . . . . . . . . . . . . . . . . . . . 3 59 3. DSCP_POLICY . . . . . . . . . . . . . . . . . . . . . . . . . 4 60 4. CAPABILITY . . . . . . . . . . . . . . . . . . . . . . . . . . 5 61 5. REPORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 62 6. CLIENT_IDENTIFIER . . . . . . . . . . . . . . . . . . . . . . 9 63 7. Security Considerations . . . . . . . . . . . . . . . . . . . 10 64 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 65 9. Normative References . . . . . . . . . . . . . . . . . . . . . 11 66 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 11 68 1. Introduction 70 This document extends the base PCP [I-D.ietf-pcp-base] with various 71 PCP Options. 73 Some of these options may be defined as new PCP OpCodes. 75 The main goal of this document is to kick-off discussions on the need 76 to define some useful PCP options which are not part of base PCP. 78 2. DESCRIPTION 80 This option (Code TBA, Figure 1) MAY be included in a PCP MAP request 81 to include a description associated with a requested mapping. This 82 option is optional to be supported by PCP Servers and PCP Clients. 83 The maximum length SHOULD be a configurable option in the PCP Server. 84 If a PCP Client includes a Description PCP option with a length 85 exceeding the maximum length supported by the PCP Server, only the 86 portion of the Description field fitting that maximum length is 87 stored by the PCP Server. 89 This option can be used by a user to indicate a description 90 associated with a given mapping such as "My mapping for my FTP 91 server" or "My remote access to my CP router", etc. In addition, in 92 the some deployment scenarios, this field can be used for 93 troubleshooting purposes and can be used to convey values as the ones 94 listed hereafter: 96 o "This is the mapping for my specific IPsec implementation" 98 o "This is the mapping for subscriber bob@example.com" 100 o "This is the mapping for special subscriber 101 adsl-line-1234@example.com" 103 o "This is the mapping that failed before due to XYZ" 105 Issues related to the usage of this field for troubleshooting or for 106 any further usage are out of scope of this document. 108 This Option: 110 Option Name: Description Option (DESCRIPTION) 111 Number: TBA (IANA) 112 Purpose: Used to associate a text description with a mapping 113 Valid for Opcodes: MAP 114 Length: Variable 115 May appear in: both request and response 116 Maximum occurrences: 1 118 0 1 2 3 119 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 120 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 121 | DESCRIPTION | Reserved | Length | 122 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 123 | Description | 124 : : 125 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 127 Figure 1: Description Option 129 3. DSCP_POLICY 131 In some scenarios, the DSCP marking in the internal interface (i.e., 132 customer-facing interface) and the external one (i.e., Internet- 133 facing interface) of the PCP-controlled device may be distinct. A 134 Service Provider MAY allow its customers to configure their DSCP 135 marking policies in an upstream device. Distinct DSCP marking 136 policies can be implemented in the internal and external sides of the 137 PCP-controlled device. A PCP Client MAY issue a PCP MAP request 138 indicating its internal DS code point and the external DSCP value. 139 Instructed forwarding policies are applied only for packets marked 140 with a given DSCP value. 142 A Service Provider may not support DSCP re-marking feature and adopt 143 a transparent scheme to QoS policy enforcement, that is, not 144 controllable by subscribers. Generic QoS enforcement policies can be 145 enforced for all customers: such as leave DSCP field values 146 unchanged. 148 This option is mandatory to process. 150 This option (Code TBA, Figure 2) allows to: 152 o Re-write any DSCP value to a specific value; 153 o Re-write a specific DSCP value to another specific value. 155 This Option: 157 Option Name: PCP DSCP Marking Policy Option (DSCP_POLICY) 158 Number: TBA (IANA); mandatory to process 159 Purpose: Associated a DSCP re-marking policy with a mapping 160 Valid for Opcodes: MAP, PEER 161 Length: 0x04 162 May appear in: both request and response 163 Maximum occurrences: 1 165 0 1 2 3 166 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 167 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 168 | DSCP_POLICY | Reserved | 0x04 | 169 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 170 |DIR| Int DSCP | Ext DSCP | 00...00 | 171 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 173 DIR : Indicates the direction: 174 0 Inbound 175 1 Outbound 176 2 Both 177 Int DSCP: Indicates the DSCP value in the customer-faced interface. 178 0x3F is used to indicate ANY value. 179 Ext DSCP: Indicates the DSCP value in the Internet-faced interface. 180 0x3F is used to indicate ANY value. 182 Figure 2: DSCP Marking option 184 4. CAPABILITY 186 The CAPABILITY option (Code: TBA, Figure 3) is used by a PCP Server 187 to indicate to a requesting PCP Client the capabilities it supports 188 with regards to port forwarding operations. Several Capability 189 options MAY be conveyed in the same PCP response message if several 190 functions are co-located in the same PCP-controlled device (e.g., 191 NAT44 and NAT64, NAT44 and ports set assignment capability, etc.). 193 This option, when received from a PCP Server, is used by a PCP Client 194 to constraint the content of its requests and therefore avoid errors. 196 This Option: 198 Option Name: PCP Capabilities Option (CAPABILITY) 199 Number: TBA (IANA) 200 Purpose: Retrieve the capabilities of a PCP-controlled device 201 Valid for Opcodes: can be returned in a error message 202 Length: 0x01 203 May appear in: both request and response 204 Maximum occurrences: None 206 0 1 2 3 207 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 208 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 209 | CAPABILITY | Reserved | 0x01 | 210 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 211 |F T P A S C I O| 00...00 | 212 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 214 Figure 3: Capability option 216 Below is provided a description of the F, T, P, A, S, C, I and O 217 bits: 219 Name Description 220 ---- ---------------------------------------------------------------- 221 F This bit indicates the address family of the source address 222 issued by internal hosts 223 T This bit indicates the address family of the source address of 224 the packets forwarded in the external side of the PCP-controlled 225 device 226 P This bit indicates whether the source port number is translated 227 or not. 228 A This bit indicates whether the source IP address is translated 229 or not. 230 S This bit indicates whether the controlled device supports the 231 ability to assign a set or ports 232 C This bit indicates whether the PCP-controlled devices inspects 233 the received packets and if it can block them 234 I This bit indicates whether incoming packets are rejected unless 235 an explicit rule is enforced in the PCP-controlled device 236 O This bit indicates whether outbound packets are inspected or not 237 before being granted to leave the internal realm. 239 The value of the F, T, P, A, S, C, I and O bits are as follows: 241 Position Name Meaning 242 -------- ------------------ ------------------------------ 243 1 From (F) 0=from IPv4, 1=from IPv6 244 2 To (T) 0=to IPv4, 1=to IPv6 245 3 Port-Xlate (P) 1=translated, 0=not translated 246 4 Addr-Xlate (A) 1=translated, 0=not translated 247 5 Port-Set (S) 1=enabled, 0=not supported 248 6 Packet-Control (C) 1=enabled, 0=not supported 249 7 Direction-Out (I) 1=enabled, 0=disabled 250 8 Direction-In (O) 1=enabled, 0=disabled 252 A stateless NAT64 [RFC6145] would have the following values: 254 From=0 (IPv4) 255 To=1 (IPv6) 256 Port-Xlate=0 (No) 257 Addr-Xlate=1 (Yes) 258 Port-Set=0 (No) 259 Packet-control=0 (No) 260 Direction-out (0) (No) 261 Direction-In=0 (No) 263 A stateful NAT64 [RFC6146] would have the following values: 265 From=0 (IPv4) 266 To=1 (IPv6) 267 Port-Xlate=1 (Yes) 268 Addr-Xlate=1 (Yes) 269 Port-Set=0 (No) 270 Packet-control=0 (No) 271 Direction-out (0) (No) 272 Direction-In=0 (No) 274 A NAT44 would be characterized as follows: 276 From=0 (IPv4) 277 To=0 (IPv4) 278 Port-Xlate=1 (Yes) 279 Addr-Xlate=1 (Yes) 280 Port-Set=0 (No) 281 Packet-control=0 (No) 282 Direction-out (0) (No) 283 Direction-In=0 (No) 285 5. REPORT 287 The Report PCP Option (Code TBA, Figure 4) is used by a PCP Client to 288 report a set of useful information to the PCP Server. Several Report 289 Options with distinct Report Sub-Code values MAY be conveyed in the 290 same PCP message. Only report data associated with the PCP Server to 291 which this option is sent MUST be included in a Report Option. 293 This option can be used for troubleshooting or diagnose purposes. 295 This Option: 297 Option Name: PCP Report Option (REPORT) 298 Number: TBA (IANA) 299 Purpose: Send a set of report data 300 Valid for Opcodes: MAP 301 Length: Variable 302 May appear in: both request and response 303 Maximum occurrences: Multiple 305 0 1 2 3 306 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 307 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 308 | SCOPE | Reserved | Length | 309 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 310 | Report Sub-Code | 00...00 | 311 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 312 | Report Data | 313 : : 314 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 316 Figure 4: Report Option 318 The following Report Sub-Code values are defined: 320 Position Meaning 321 -------- ------------------------------------------------------------ 322 0x00 Time since last reboot/boot 323 0x01 Count of transmitted PCP messages to the PCP Server since 324 last boot 325 0x02 Count of retransmitted PCP messages to the PCP Server since 326 last boot 327 0x03 Count of received PCP Error messages from the PCP Server 329 6. CLIENT_IDENTIFIER 331 PCP CLIENT_ID (Code TBA, Figure 5) is a token randomly [RFC4086] 332 generated by the PCP Client. Only one CLIENT_ID Option MUST be 333 present in a PCP message. The PCP Client and PCP Server MUST store 334 the value included in this Option in a PCP MAP request. 336 o The CLIENT_ID MUST be generated by the PCP Client and not the PCP 337 Server; 339 o Upon change of the IP address of the PCP Client (or a third party 340 on behalf of which a mapping has been created), the CLIENT_ID is 341 used to update related mappings (e.g., PCP MAP delete request and 342 PCP MAP create request); 344 o The same CLIENT_ID MUST be used for all requested mappings, unless 345 a new CLIENT_ID is generated by the PCP Client (e.g., reboot, OS 346 crash, etc.); 348 o The CLIENT_ID is stored by the PCP Server for all mappings 349 (persistent storage); 350 This Option: 352 Option Name: PCP Client Identifier Option (CLIENT_ID) 353 Number: TBA (IANA); mandatory to process option 354 Purpose: Associate an identifier with the mappings 355 Valid for Opcodes: MAP 356 Length: Variable 357 May appear in: both request and response 358 Maximum occurrences: 1 360 0 1 2 3 361 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 362 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 363 | CLIENT_ID | Reserved | Length | 364 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 365 | Client Identifier | 366 : : 367 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 369 Figure 5: CLIENT_ID PCP Option 371 The length of the CLIENT_ID is encoded in the Length field in bytes. 372 The length of the CLIENT_ID MUST be at least 4 bytes and MUST NOT 373 exceed 16 bytes. 375 The RECOMMENDED value is 16 bytes so as to have a robust random 376 CLIENT_ID. If a CLIENT_ID longer than 16 bytes or shorter than 4 377 bytes is received, the PCP Server MUST issue a PCP Error message with 378 an error cause equal to "Invalid Client-ID". 380 For sanity checks, a PCP Server maintains the same CLIENT_ID value 381 (which is used in the latest PCP request) for a given PCP Client for 382 all mappings associated with the same internal IP address belonging 383 to the same subscriber. Indeed, the PCP Server maintains an 384 additional identifier denoted as subscriber-Id. A subscriber-is can 385 be an IP address, IPv6 prefix or a subscriber identifier configured 386 locally. 388 7. Security Considerations 390 Security considerations discussed in [I-D.ietf-pcp-base] must be 391 considered. The use of CLIENT_ID option allows to soften issues 392 related to stale mappings. 394 8. IANA Considerations 396 The following PCP Option Codes are to be allocated: 398 DESCRIPTION 400 DSCP_POLICY: The "O" bit MUST be set to 1. 402 CAPABILITY 404 REPORT 406 CLIENT_IDENTIFIER: The "O" bit MUST be set to 1. 408 9. Normative References 410 [I-D.ietf-pcp-base] 411 Wing, D., Cheshire, S., Boucadair, M., Penno, R., and P. 412 Selkirk, "Port Control Protocol (PCP)", 413 draft-ietf-pcp-base-24 (work in progress), March 2012. 415 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 416 Requirement Levels", BCP 14, RFC 2119, March 1997. 418 [RFC4086] Eastlake, D., Schiller, J., and S. Crocker, "Randomness 419 Requirements for Security", BCP 106, RFC 4086, June 2005. 421 [RFC6145] Li, X., Bao, C., and F. Baker, "IP/ICMP Translation 422 Algorithm", RFC 6145, April 2011. 424 [RFC6146] Bagnulo, M., Matthews, P., and I. van Beijnum, "Stateful 425 NAT64: Network Address and Protocol Translation from IPv6 426 Clients to IPv4 Servers", RFC 6146, April 2011. 428 Authors' Addresses 430 Mohamed Boucadair 431 France Telecom 432 Rennes, 35000 433 France 435 Email: mohamed.boucadair@orange.com 436 Reinaldo Penno 437 Cisco 438 USA 440 Email: repenno@cisco.com 442 Dan Wing 443 Cisco Systems, Inc. 444 170 West Tasman Drive 445 San Jose, California 95134 446 USA 448 Email: dwing@cisco.com