idnits 2.17.1 draft-tsou-pcp-natcoord-10.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (February 22, 2013) is 4075 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) No issues found here. Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Internet Engineering Task Force Q. Sun 3 Internet-Draft China Telecom 4 Intended status: Standards Track M. Boucadair 5 Expires: August 26, 2013 France Telecom 6 S. Sivakumar 7 Cisco Systems 8 C. Zhou 9 Huawei Technologies 10 T. Tsou 11 Huawei Technologies (USA) 12 S. Perreault 13 Viagenie 14 February 22, 2013 16 Port Control Protocol (PCP) Extension for Port Set Allocation 17 draft-tsou-pcp-natcoord-10 19 Abstract 21 This document defines an extension to PCP allowing clients to 22 manipulate sets of ports as a whole. This is accomplished by a new 23 MAP option: PORT_SET. 25 Status of This Memo 27 This Internet-Draft is submitted in full conformance with the 28 provisions of BCP 78 and BCP 79. 30 Internet-Drafts are working documents of the Internet Engineering 31 Task Force (IETF). Note that other groups may also distribute 32 working documents as Internet-Drafts. The list of current Internet- 33 Drafts is at http://datatracker.ietf.org/drafts/current/. 35 Internet-Drafts are draft documents valid for a maximum of six months 36 and may be updated, replaced, or obsoleted by other documents at any 37 time. It is inappropriate to use Internet-Drafts as reference 38 material or to cite them other than as "work in progress." 40 This Internet-Draft will expire on August 26, 2013. 42 Copyright Notice 44 Copyright (c) 2013 IETF Trust and the persons identified as the 45 document authors. All rights reserved. 47 This document is subject to BCP 78 and the IETF Trust's Legal 48 Provisions Relating to IETF Documents 49 (http://trustee.ietf.org/license-info) in effect on the date of 50 publication of this document. Please review these documents 51 carefully, as they describe your rights and restrictions with respect 52 to this document. Code Components extracted from this document must 53 include Simplified BSD License text as described in Section 4.e of 54 the Trust Legal Provisions and are provided without warranty as 55 described in the Simplified BSD License. 57 Table of Contents 59 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 60 1.1. Lightweight 4over6 . . . . . . . . . . . . . . . . . . . 2 61 1.2. Applications Using Port Sets . . . . . . . . . . . . . . 3 62 1.3. Firewall Control . . . . . . . . . . . . . . . . . . . . 3 63 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 64 3. The need for PORT_SET . . . . . . . . . . . . . . . . . . . . 3 65 4. The PORT_SET Option . . . . . . . . . . . . . . . . . . . . . 4 66 4.1. Client Behavior . . . . . . . . . . . . . . . . . . . . . 5 67 4.2. Server Behavior . . . . . . . . . . . . . . . . . . . . . 6 68 4.3. Port Set Renewal and Deletion . . . . . . . . . . . . . . 6 69 5. Operational Considerations . . . . . . . . . . . . . . . . . 7 70 6. Security Considerations . . . . . . . . . . . . . . . . . . . 7 71 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 72 8. Authors List . . . . . . . . . . . . . . . . . . . . . . . . 7 73 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 8 74 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 75 10.1. Normative References . . . . . . . . . . . . . . . . . . 9 76 10.2. informative References . . . . . . . . . . . . . . . . . 9 77 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9 79 1. Introduction 81 This section describes a few (and non-exhaustive) envisioned use 82 cases. Note that the PCP extension defined in this document is 83 generic and is expected to be applicable to other use cases. 85 1.1. Lightweight 4over6 87 In the Lightweight 4over6 [I-D.cui-softwire-b4-translated-ds-lite] 88 architecture, shared global addresses can be allocated to customers. 89 It allows moving the Network Address Translation (NAT) function, 90 otherwise accomplished by a Carrier-Grade NAT (CGN) 91 [I-D.ietf-behave-lsn-requirements], to the Customer-Premises 92 Equipment (CPE). This provides more control over the NAT function to 93 the user, and more scalability to the ISP. 95 In the lw4o6 architecture, the PCP-controlled device corresponds to 96 the lwAFTR, and the PCP client corresponds to the lwB4. The client 97 sends a PCP MAP request containing a PORT_SET option to trigger 98 shared address allocation on the lwAFTR. The PCP response contains 99 the shared address information, including the port set allocated to 100 the lwB4. 102 1.2. Applications Using Port Sets 104 Some applications require not just one port, but a port set. One 105 example is a Session Initiation Protocol (SIP) User Agent Server 106 (UAS) [RFC3261] expecting to handle multiple concurrent calls, 107 including media termination. When it receives a call, it needs to 108 signal media port numbers to its peer. Generating individual PCP MAP 109 requests for each of the media ports during call setup would 110 introduce unwanted latency. Instead, the server can pre-allocate a 111 set of ports such that no PCP exchange is needed during call setup. 113 Using PORT_SET, an application can manipulate port sets much more 114 efficiently than with individual MAP requests. 116 1.3. Firewall Control 118 Port sets are often used in firewall rules. For example, defining a 119 range for RTP [RFC3550] traffic is common practice. The MAP request 120 can already be used for firewall control. The PORT_SET option brings 121 the additional ability to manipulate firewall rules operating on port 122 sets instead of single ports. 124 2. Terminology 126 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 127 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 128 document are to be interpreted as described in [RFC2119]. 130 3. The need for PORT_SET 132 Multiple MAP requests can be used to manipulate a set of ports, 133 having roughly the same effect as a single use of a MAP request with 134 a PORT_SET option. However, use of the PORT_SET option is more 135 efficient when considering the following aspects: 137 Network Traffic: A single request uses less network resources than 138 multiple requests. 140 Latency: Even though MAP requests can be sent in parallel, we can 141 expect the total processing time to be longer for multiple 142 requests than a single one. 144 Client-side simplicity: The logic that is necessary for maintaining 145 a set of ports using a single port set entity is much simpler than 146 that required for maintaining individual ports, especially when 147 considering failures, retransmissions, lifetime expiration, and 148 re-allocations. 150 Server-side efficiency: Some PCP-controlled devices can allocate 151 port sets in a manner such that data passing through the device is 152 processed much more efficiently than the equivalent using 153 individual port allocations. For example, a CGN having a "bulk" 154 port allocation scheme (see [I-D.ietf-behave-lsn-requirements] 155 section 5) often has this property. 157 Server-side scalability: The number of mapping entries in PCP- 158 controlled devices is often a limiting factor. Allocating port 159 sets in a single request can result in a single mapping entry 160 being used, therefore allowing greater scalability. 162 Therefore, while it is functionally possible to obtain the same 163 results using plain MAP, the extension proposed in this document 164 allows greater efficiency, scalability, and simplicity, while 165 lowering latency and necessary network traffic. In a nutshell, 166 PORT_SET is a necessary optimization. 168 In addition, PORT_SET supports parity preservation. Some protocols 169 (e.g. RTP [RFC3550]) assign meaning to a port number's parity. When 170 mapping sets of ports for the purpose of using such kind of protocol, 171 preserving parity can be necessary. 173 4. The PORT_SET Option 175 Option Name: PORT_SET 177 Number: TBD 179 Purpose: To map sets of ports. 181 Valid for Opcodes: MAP 183 Length: 2 bytes 185 May appear in: Both requests and responses 187 Maximum occurrences: 1 189 NOTE TO IANA (to be removed prior to publication as an RFC): The 190 number is to be assigned by IANA in the range 1-63 (i.e., 191 mandatory to process and created via Standards Action). 193 The PORT_SET Option indicates that the client wishes to reserve a set 194 of ports. The requested number of ports in that set is indicated in 195 the option. 197 The PORT_SET Option is formatted as shown in Figure 1. 199 0 1 2 3 200 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 201 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 202 | Option Code=? | Reserved |P| Option Length=2 | 203 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 204 | Port Set Size | 205 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 207 Figure 1: PORT_SET Option 209 The fields are as follows: 211 P: 1 if parity preservation is requested, 0 otherwise. 213 Port Set Size: Number of ports requested. MUST NOT be zero nor one. 215 NOTE: In its current form, PORT_SET does not support allocating 216 discontinuous port sets. That feature could be added in the 217 future depending on input from the working group. 219 The Internal Port Set is defined as being the range of Port Set Size 220 ports starting from the Internal Port. The External Port Set is 221 respectively defined as being the range of Port Set Size ports 222 starting from the Assigned External Port. The two ranges always have 223 the same size (i.e., the Port Set Size returned by the server). 225 4.1. Client Behavior 227 To retrieve a set of ports, the PCP client adds a PORT_SET option to 228 its PCP MAP request. If port preservation is required, the PCP 229 Client MUST set the parity bit (to 1) to ask the server to preserve 230 the port parity (i.e., the Assigned External Port and Internal Port 231 have the same parity). The PCP client MUST indicate a suggested Port 232 Set Size. A non-null value MUST be used. 234 The PCP Client MUST NOT include more than one PORT_SET option in a 235 MAP request. If several port sets are needed, the PCP client MUST 236 issue as many MAP requests each of them include a PORT_SET option. 237 These individual MAP request MUST include distinct Internal Port. 239 If the PORT_SET option is not supported by the server, the PCP client 240 will have to issue individual MAP requests with no PORT_SET option. 242 4.2. Server Behavior 244 In addition to regular MAP request processing, the following checks 245 are made upon receipt of a PORT_SET option with non-zero Requested 246 Lifetime: 248 o If multiple PORT_SET options are present in a single MAP request, 249 a MALFORMED_OPTION error is returned. 251 o If the Port Set Size is zero or one, a MALFORMED_OPTION error is 252 returned. 254 If the PREFER_FAILURE option is present and the server is unable to 255 map all ports in the requested External Port Set or is unable to 256 preserve parity (P = 1), the CANNOT_PROVIDE_EXTERNAL error is 257 returned. 259 If the PREFER_FAILURE option is absent, the server MAY map fewer 260 ports than the value of Port Set Size from the request. It MUST NOT 261 map more ports than the client asked for. In any case, the Internal 262 Port Set MUST always begin from the Internal Port indicated by the 263 client. In particular, if the port mapping failed either because of 264 the unavailability of ports, the PCP Server SHOULD reserve only one 265 external port (i.e., the PCP server ignores the PORT_SET option). If 266 the server ends up mapping only a single port, for any reason, the 267 PORT_SET option MUST NOT be present in the response. 269 If the PREFER_FAILURE option is absent and port parity preservation 270 is requested (P = 1), the server MAY preserve port parity. In that 271 case, the External Port is set to a value having the same parity as 272 the Internal Port. 274 If a mapping already exists and the PORT_SET option can be honored, 275 the PCP server updates the mapping with port set information and 276 sends back a positive answer to the requesting PCP client. 278 If the mapping is successful, the MAP response's Assigned External 279 Port is set to the first port in the External Port Set, and the 280 PORT_SET option's Port Set Size is set to number of ports in the 281 mapped port set. 283 4.3. Port Set Renewal and Deletion 285 Port set mappings are renewed and deleted as a single entity. That 286 is, the lifetime of all port mappings in the set is set to the 287 Assigned Lifetime at once. 289 The PORT_SET option MUST be present in a renewal or deletion request. 290 If a server receives a MAP request without a PORT_SET option and 291 whose Internal Port is inside a mapped Internal Port Set, it replies 292 with a MALFORMED_REQUEST error. 294 5. Operational Considerations 296 It is totally up to the PCP server to determine the port-set quota 297 for each PCP client. In addition, when the PCP-controlled device 298 supports multiple port-sets delegation for a given PCP client, the 299 PCP client MAY re-initiate a PCP request to get another port set when 300 it has exhausted all the ports within the port-set. 302 If the PCP server is configured to allocate multiple port-set 303 allocation for one subscriber, the same Assigned External IP Address 304 SHOULD be assigned to one subscriber in multiple port-set requests. 306 To optimize the number of mapping entries maintained by the PCP 307 server, it is RECOMMENDED to configure the server to assign the 308 maximum allowed port set in a single response. This policy SHOULD be 309 configurable. 311 The failover mechanism in MAP [section 14 in [I-D.ietf-pcp-base]] and 312 [I-D.boucadair-pcp-failure] can also be applied to port sets. 314 6. Security Considerations 316 It is believed that no additional security considerations beyond 317 those discussed in [I-D.ietf-pcp-base] apply to this extension. 319 7. IANA Considerations 321 IANA shall allocate a code in the range 1-63 for the new PCP option 322 defined in Section 4. 324 8. Authors List 326 The following are extended authors who contributed to the effort: 328 Yunqing Chen 330 China Telecom 332 Room 502, No.118, Xizhimennei Street 334 Beijing 100035 336 P.R.China 337 Chongfeng Xie 339 China Telecom 341 Room 502, No.118, Xizhimennei Street 343 Beijing 100035 345 P.R.China 347 Yong Cui 349 Tsinghua University 351 Beijing 100084 353 P.R.China 355 Phone: +86-10-62603059 357 Email: yong@csnet1.cs.tsinghua.edu.cn 359 Qi Sun 361 Tsinghua University 363 Beijing 100084 365 P.R.China 367 Phone: +86-10-62785822 369 Email: sunqibupt@gmail.com 371 Gabor Bajko 373 Nokia 375 Email: gabor.bajko@nokia.com 377 Xiaohong Deng 379 France Telecom 381 Email: xiaohong.deng@orange-ftgroup.com 383 9. Acknowledgements 384 The authors would like to show sincere appreciation to Alain Durand, 385 Dan Wing, Dave Thaler, Reinaldo Penno, Sam Hartman, and Yoshihiro 386 Ohba, for their useful comments and suggestions. 388 10. References 390 10.1. Normative References 392 [I-D.ietf-pcp-base] 393 Wing, D., "Port Control Protocol (PCP)", October 2012. 395 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 396 Requirement Levels", BCP 14, RFC 2119, March 1997. 398 10.2. informative References 400 [I-D.boucadair-pcp-failure] 401 Boucadair, M., Dupont, F., and R. Penno, "Port Control 402 Protocol (PCP) Failure Scenarios", August 2012. 404 [I-D.cui-softwire-b4-translated-ds-lite] 405 Cui, Y., Sun, Q., Boucadair, M., Tsou, T., and Y. Lee, 406 "Lightweight 4over6: An Extension to DS-Lite 407 Architecture", Feb 2012. 409 [I-D.ietf-behave-lsn-requirements] 410 Perreault, S., Yamagata, I., Miyakawa, S., Nakagawa, A., 411 and H. Ashida, "Common requirements for Carrier Grade NATs 412 (CGNs)", draft-ietf-behave-lsn-requirements-10 (work in 413 progress), December 2012. 415 [RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, 416 A., Peterson, J., Sparks, R., Handley, M., and E. 417 Schooler, "SIP: Session Initiation Protocol", RFC 3261, 418 June 2002. 420 [RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V. 421 Jacobson, "RTP: A Transport Protocol for Real-Time 422 Applications", STD 64, RFC 3550, July 2003. 424 Authors' Addresses 426 Qiong Sun 427 China Telecom 428 P.R.China 430 Phone: 86 10 58552936 431 Email: sunqiong@ctbri.com.cn 432 Mohamed Boucadair 433 France Telecom 434 Rennes 35000 435 France 437 Email: mohamed.boucadair@orange.com 439 Senthil Sivakumar 440 Cisco Systems 441 7100-8 Kit Creek Road 442 Research Triangle Park, North Carolina 27709 443 USA 445 Phone: +1 919 392 5158 446 Email: ssenthil@cisco.com 448 Cathy Zhou 449 Huawei Technologies 450 Bantian, Longgang District 451 Shenzhen 518129 452 P.R. China 454 Email: cathy.zhou@huawei.com 456 Tina Tsou 457 Huawei Technologies (USA) 458 2330 Central Expressway 459 Santa Clara, CA 95050 460 USA 462 Phone: +1 408 330 4424 463 Email: Tina.Tsou.Zouting@huawei.com 465 Simon Perreault 466 Viagenie 467 246 Aberdeen 468 Quebec, QC G1R 2E1 469 Canada 471 Phone: +1 418 656 9254 472 Email: simon.perreault@viagenie.ca