TOC 
NSIS Working GroupR. Bless
Internet-DraftKIT
Intended status: ExperimentalJune 16, 2010
Expires: December 18, 2010 


An Explicit Signaling Target Message Routing Method (EST-MRM) for the General Internet Signaling Transport (GIST) Protocol
draft-bless-nsis-est-mrm-02

Abstract

The standard operation of the General Internet Signaling Transport (GIST) Protocol uses a path-coupled message routing method (PC-MRM) to find nodes interested in signaling message exchanges. This specification proposes an Explicit Signaling Target Message Routing Method (EST-MRM) to allow for transmission of signaling messages to explicit targets. While the PC-MRM implicitly addresses signaling nodes by an interception method, the EST-MRM allows to explicitly address signaling nodes.

Status of this Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as “work in progress.”

This Internet-Draft will expire on December 18, 2010.

Copyright Notice

Copyright (c) 2010 IETF Trust and the persons identified as the document authors. All rights reserved.

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.



Table of Contents

1.  Introduction
2.  Explicit Signaling Target MRM
    2.1.  Explicit Signaling Target MRI
    2.2.  Implementation
    2.3.  MRM Requirements
3.  Security Considerations
4.  IANA Considerations
5.  Acknowledgments
6.  References
    6.1.  Normative References
    6.2.  Informative References
Appendix A.  Change History
§  Author's Address




 TOC 

1.  Introduction

The standard operation of the General Internet Signaling Transport (GIST) Protocol [I‑D.ietf‑nsis‑ntlp] (Schulzrinne, H. and M. Stiemerling, “GIST: General Internet Signalling Transport,” June 2009.) uses a path-coupled message routing method (PC-MRM) to find nodes interested in signaling message exchanges. The assumption is that signaling involves the manipulation of state held in network elements along the flow's data path. The path-coupled signaling paradigm tries to ensure the alignment of control functions to the actual data path by letting intermediate on-path nodes intercept the corresponding signaling messages.

For mobility environments seamless handovers are a desirable objective. If signaling takes place after a handover was performed, it will take some time until the state update has been completed. Thus, there exist proposals to start the signaling before the handover takes place and to use the current point of attachment for completion of the signaling process. This "anticipated handover" enables a pre-reservation of resources in a quality-of-service context for instance, i.e., for QoS NSLP signaling applications [I‑D.ietf‑nsis‑qos‑nslp] (Manner, J., Karagiannis, G., and A. McDonald, “NSLP for Quality-of-Service Signaling,” January 2010.). Therefore, a resource reservation can be used immediately after the handover was performed.

With the path-coupled MRM, however, such kind of optimization is impossible, since state should be established or manipulated along a data path that is not used yet, but probably will be in the future. Therefore, in order to support anticipated handovers a signaling message routing is required that is not strictly on path.

In Figure 1 an example for an anticipated handover scenario is shown. If the mobile node (MN) is a data sender for flow f_o and has information that it may change its point of attachment from access A to access B, it starts signaling for resources along the new path that begins at B. First, the MN sends signaling messages to A and A will signal to B. B can then use path-coupled signaling in order to find the correct data path for the potential new flow f_n towards the CN. Since signaling messages are sent to A, but concerning f_n, a PC-MRM cannot be used. Similarly, the signaling between A and B is not path related and must be done explicitly.



     CN
     |
  +-----+
 /   |   \
|    |    |
|    |    | Domain 4
 \   |   /
  +--|--+
     |
  +--|--+
 /   |   \
|    #%   |
|    # %  | Domain 3
 \   #   %
  +--#--+  %
     #       %
  +--#--+      %   +-----+
 /   #   \       %/       \
|    #    |      | %       |
|    #    |      |   %     |
 \   #   /        \   %   /
  +-[A]-+          +-[B]-+
     # Domain 1          Domain 2
     #          data flow f_o ##: MN->A->CN
     MN         data flow f_n %%: MN->B->CN
                [A]: Access router A
                [B]: Access router B

A handover scenario

 Figure 1 

Figure 2 indicates the related signaling flows:

(a):
MN signals for flow f_n via its current access router A
(b):
Access router A signals towards the candidate access router B
(c):
On-path signaling for flow f_n starting from access router B (proxy mode)

It is out of scope of this specification how the addressing information about the future flow f_n is obtained by the MN or how A determines the address of the candidate router B that must be signaled next. One possibility is to use the CARD protocol [RFC4066] (Liebsch, M., Singh, A., Chaskar, H., Funato, D., and E. Shim, “Candidate Access Router Discovery (CARD),” July 2005.) or that some additional addressing information (such as MAC addresses of access points) is carried in the NSLP. Thus, it is also allowed to let the source address of f_n being unspecified if the MN has no knowledge about its actual future address. Since it can be assumed that B has enough information to determine the required address, it is then up to B to fill in the missing information for the flow before continuing with the path-coupled signaling in (c).



     CN
     |
  +-----+
 /   |   \
|    |    |
|    |    | Domain 4
 \   |   /
  +--|--+
     |
  +--|--+
 /   |   \
|    #    |
|    # \\ | Domain 3
 \   #   \\
  +--#--+  \\
     #       \\
  +--#--+      \\  +-----+
 /   #   \       \\       \
|    #    |      | \\      |
|    #    |      |   (c)   |
 \   #   /        \   ||  /
  +-[A]=====(b)=====>[B]-+
    /$\
     $ Domain 1          Domain 2
     $
    (a)     $$: signaling flow (a)
     $      ==: signaling flow (b)
     $      ||: signaling flow (c)
     MN

Signaling in a handover scenario

 Figure 2 

Moreover, the path-coupled MRM uses the router alert option for interception of signaling messages in intermediate nodes. This raised some concerns on the wide applicability of NSIS signaling, since packets with router alert options are normally processed by the control processor (i.e., in the slow path) of the router. The herein defined Explicit Signaling Target Message Routing Method (EST-MRM) does not use a router alert option in Query packets and may be used for direct signaling to dedicated signaling proxies or for relaying signaling messages after the signaling messages have been properly authorized by such dedicated systems.

The Hypath proposal [I‑D.cordeiro‑nsis‑hypath] (Cordeiro, L., “GIST Extension for Hybrid On-path Off-path Signaling (HyPath),” July 2007.) defined a similar MRM for QoS signaling between off-path resource control elements like bandwidth brokers. It is for further study, how the EST-MRM can be unified with the Hypath proposal.



 TOC 

2.  Explicit Signaling Target MRM

In order to support cases like the ones described in the introduction, this document proposes the specification of an Explicit Signaling Target MRM (EST-MRM).

The EST-MRM uses a normal encapsulation for Query messages, i.e., UDP encapsulation with the destination default port for GIST and the destination IP address set to the next signaling hop. The source IP address SHOULD be set to the signaling source address of the node who is sending the message. EST-MRM routed Query messages do not have to be intercepted but are explicitly routed to their next (or final) signaling destination. In contrast to the EST-MRM, the path-coupled MRM requires Query messages to be sent with Q-mode encapsulation that is using a router alert option. Furthermore, implementations must be aware, that Query messages may use with a different encapsulation method than Q-mode encapsulation, i.e., the check for wrong encapsulation MUST consider the particular MRM that is being used.

The EST MRM defines an EST Message Routing Information (EST-MRI) object that contains information about the actual data flow that is being signaled as well as addressing information for the signaling message routing and transport itself.

A node receiving a GIST message with an EST-MRI must check whether it has one local address that matches the destination signaling address. If it is not the case, it should forward the GIST message basically unchanged towards the signaling destination address, only with a decremented GIST Hop Count. Thus, even if the message gets intercepted by accident, it will be forwarded to the final signaling destination.

It is up to the signaling application's logic to determine the next signaling hop. Usually, it will be related somehow to the given data flow, e.g., the signaling target will be along a flows data path. In the particular example of the anticipated handover, signaling targets are the current access router as well as the candidate access router that is presumably the next ingress node for the data flow.

When transmitting a signaling message with the EST-MRI, the outer IP destination address SHOULD be set to the destination signaling address of the EST-MRI. In principle it is also possible to forward the signaling message to a node that is not the final destination signaling node. In this case, the destination signaling address and the IP destination address are not the same. This allows to let the signaling take multiple intermediate hops. This mechanisms is, however, for further study and its use is currently not recommended.



 TOC 

2.1.  Explicit Signaling Target MRI

The EST-MRI object (Figure 3) starts with the common MRI header (cf. section A.3.1 of [I‑D.ietf‑nsis‑ntlp] (Schulzrinne, H. and M. Stiemerling, “GIST: General Internet Signalling Transport,” June 2009.)) and carries a data flow address description that is identical to the one that is defined in the Path-coupled MRI (PC-MRI). In addition to that it carries at least information about the origin signaling address and the destination signaling address, which are usually identical to the IP source and IP destination address of the UDP encapsulated signaling message. Furthermore, it may contain an additional IP address of a network node where the data flow, which is described by the PC-MRI, enters the network. It is necessary to provide this information in some cases since the currently deployed routing protocols can only determine the next hop in direction towards the destination, but not backwards towards the source. Thus, this information must be provided to the next hop in most cases.

The EST-MRI object has the following layout:


EST-MRI= MRI-header
         PC-MRI
         EST-Control
         Origin-Signaling-Address
         Destination-Signaling-Address
         [ Ingress-Node-Address ]

Layout of the Explicit Signaling Target Message Routing Information

 Figure 3 

The binary representation is shown in Figure 4. First, it contains the normal data flow address descriptor that is required for path-coupled signaling. The latter is necessary so that a Resource Management Function (RMF) can determine the path of the data flow that is being signaled for. If the initiator cannot predict its future address, it is allowed to set the source IP address in the PC-MRI to unspecified (either 0.0.0.0 or ::). After the PC-MRI, an EST-Control field is provided, that provides further information on the following fields or their interpretation respectively. In addition to this description three IP addresses may be provided. The Origin Signaling Address is the address of the node who initiated the signaling. The Destination Signaling Address is the address of the signaling peer that should receive the signaling message. Both Origin Signaling Address and Destination Signaling Address are mandatory to specify. They may be both either IPv4 or IPv6. The actual type is given by the version field (IPVerS) in the high order EST-Control word. Currently, unicast, anycast, or multicast addresses are allowed for the Destination Signaling Address, whereas only unicast addresses are allowed for the Origin Signaling Address. The same is true for the IP addresses of the outer UDP packet that contains the Query message. Providing the signaling addresses explicitly has several advantages: it can be detected if the outer addresses are rewritten by a NAT or if the path-directed signaling is relayed via several hops before arriving at the final peer.

The Ingress Node Address is optional to specify. When not present, the version field (IPVerI) of the low order word in the EST-Control field must be set to 0. Otherwise IPVerI indicates the IP version of the address. It may have a different type than the Origin Signaling Address or the Destination Signaling Address, but MUST have the same type as the address pair in the PC-MRI flow address descriptor. Mismatching versions must be rejected with an "MRI ValidationFailure" error message with subcode 1 ("IP Version Mismatch"). The Ingress Node Address is necessary to specify in some scenarios, because the RMF cannot determine a flow path in the reverse direction, except for very simple topologies.



 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
                                +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                                |IP-Ver |P|T|F|S|A|B|D|Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
//                       Source Address                        //
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
//                      Destination Address                    //
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source Prefix |  Dest Prefix  |   Protocol    | DS-field  |Rsv|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
:       Reserved        |              Flow Label               :
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
:                              SPI                              :
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
:          Source Port          :       Destination Port        :
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IPVerS| Reserved              | IPVerI| Reserved              |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
//                   Origin Signaling Address                  //
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
//                Destination Signaling Address                //
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
//                     Ingress Node Address                    //
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 Figure 4 

The MRI common header carries the N-flag and SHOULD be set to 0 for this MRM. A NAT may have to translate at least one of the Origin Signaling Address, the Destination Signaling Address, or the Ingress Node Address. Depending on the signaling scenario it may also have to translate the contained PC-MRI information (for signaling messages along (a) and (b) in Figure 2 this is usually not required).



 TOC 

2.2.  Implementation

The EST-MRI was implemented and tested successfully in the GIST-ka implementation [gistka] (Bless, R., “NSIS-ka - A free C++ implementation of NSIS protocols,” June 2010.). Thanks to the object oriented design of the protocol itself and also the implementation, the implementation effort was quite low. It was shown that even MA re-use works across PC-MRM and EST-MRM flows, i.e., if some flows are signaled path-coupled and some are signaled explicitly, further signaling for both types can re-use existing messaging associations.



 TOC 

2.3.  MRM Requirements

Section 3.3. of [I‑D.ietf‑nsis‑ntlp] (Schulzrinne, H. and M. Stiemerling, “GIST: General Internet Signalling Transport,” June 2009.) mentions requirements on the content of an MRM definition, that are discussed in this section.

"The format of the information that describes the path that the signalling should take, the Message Routing Information (MRI).": This specification describes the MRI format in Section 2.1 (Explicit Signaling Target MRI). Since this signaling message routing method is using an explicit target address for the signaling destination (the Destination Signaling Address), as well as the Flow Identifier of the data flow, it contains sufficient information to determine the signaling path. The adjacent peer may use the Flow Identifier information to determine the next explicit signaling hop.

"A specification of the IP-level encapsulation of the messages which probe the network to discover the adjacent peers. A downstream encapsulation must be defined; an upstream encapsulation is optional": This MRM is using an explicit target address for the signaling destination, i.e., the adjacent peer. The IP-level encapsulation is based on UDP normal encapsulation, i.e., the address of the adjacent peer is explicitly written in the outer IP header. There is no such thing as a downstream encapsulation since the EST MRM may be used to route the signaling data 'sideways' if compared to the direction of the data flow (cf. forwarding of signaling messages along (b) in Figure 2).

"A specification of what validation checks GIST should apply to the probe messages, for example to protect against IP address spoofing attacks. The checks may be dependent on the direction (upstream or downstream) of the message.": This specification requires that a node receiving a GIST message with an EST-MRI must check whether it has one local address that matches the destination signaling address. Other specific validation checks cannot be provided within this specification as they depend on the determination algorithm of the next signaling hop. Validation checks should be applied if possible, but they are probably only possible within the NSLP.

"The mechanism(s) available for route change detection, i.e. any change in the neighbour relationships that the MRM discovers. The default case for any MRM is soft-state refresh, but additional supporting techniques may be possible;" Basically, this MRM also uses soft-state refresh and the NLI as indicator whether the adjacent peer has changed. However, since signaling messages routed with the EST MRM are explicitly addressed to nodes and not intercepted there should be no re-routing events as GIST level. Re-routing events at IP-level will be transparent unless they lead to disconnection of the signaling target.



 TOC 

3.  Security Considerations

Basically, the security considerations of GIST apply. The main change is that Query messages are not sent using Q-mode encapsulation and that they contain a different MRI object. Since normal encapsulation is already considered by GIST, no new security considerations are necessary. Even for initial Query messages with an EST-MRI, the usual mechanisms like authorized peer database checking and late state installation mechanisms apply.



 TOC 

4.  IANA Considerations

According to section 9 of [I‑D.ietf‑nsis‑ntlp] (Schulzrinne, H. and M. Stiemerling, “GIST: General Internet Signalling Transport,” June 2009.) this specification requires assignment of a new MRI-ID. Until an assignment happens by IANA, it is suggested to use MRI-ID 125 for the EST-MRM.



 TOC 

5.  Acknowledgments

Part of this work was funded by Deutsche Telekom Laboratories and developed in cooperation with T-Systems within the ScaleNet project.



 TOC 

6.  References



 TOC 

6.1. Normative References

[I-D.ietf-nsis-ntlp] Schulzrinne, H. and M. Stiemerling, “GIST: General Internet Signalling Transport,” draft-ietf-nsis-ntlp-20 (work in progress), June 2009 (TXT).


 TOC 

6.2. Informative References

[I-D.cordeiro-nsis-hypath] Cordeiro, L., “GIST Extension for Hybrid On-path Off-path Signaling (HyPath),” draft-cordeiro-nsis-hypath-04 (work in progress), July 2007 (TXT).
[I-D.ietf-nsis-qos-nslp] Manner, J., Karagiannis, G., and A. McDonald, “NSLP for Quality-of-Service Signaling,” draft-ietf-nsis-qos-nslp-18 (work in progress), January 2010 (TXT).
[RFC4066] Liebsch, M., Singh, A., Chaskar, H., Funato, D., and E. Shim, “Candidate Access Router Discovery (CARD),” RFC 4066, July 2005 (TXT).
[gistka] Bless, R., “NSIS-ka - A free C++ implementation of NSIS protocols,” June 2010.


 TOC 

Appendix A.  Change History

Changes from -00 to -01:

Changes from -01 to -02:



 TOC 

Author's Address

  Roland Bless
  Karlsruhe Institute of Technology
  Institute of Telematics
  Zirkel 2, Building 20.20
  Karlsruhe 76131
  Germany
Phone:  +49 721 608 6413
Email:  roland.bless@kit.edu
URI:  http://tm.kit.edu/~bless