[core] Implications of IP address / port changes for CoAP & Co
Hannes Tschofenig <hannes.tschofenig@gmx.net> Wed, 31 August 2016 10:36 UTC
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 03BEC12D099 for <core@ietfa.amsl.com>; Wed, 31 Aug 2016 03:36:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.149
X-Spam-Level:
X-Spam-Status: No, score=-3.149 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, RP_MATCHES_RCVD=-0.548, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QNv1UVlNivaT for <core@ietfa.amsl.com>; Wed, 31 Aug 2016 03:36:48 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.15]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CF295120727 for <core@ietf.org>; Wed, 31 Aug 2016 03:36:47 -0700 (PDT)
Received: from [192.168.91.132] ([90.127.74.115]) by mail.gmx.com (mrgmx001) with ESMTPSA (Nemesis) id 0MhhwJ-1bRcUw2Ac7-00MrWe for <core@ietf.org>; Wed, 31 Aug 2016 12:36:45 +0200
To: "core@ietf.org WG" <core@ietf.org>
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Message-ID: <4a70a2b1-b998-b0c1-c42a-2ceb634b9945@gmx.net>
Date: Wed, 31 Aug 2016 12:36:30 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Provags-ID: V03:K0:JwvcJXOKI4avFOXPkZNWdxWUp1R2VrEktdONQq8GeZD1uMRPUwM sT4uDcCXk6o0Bhwnv58PqCohWJzfcwNgVNt1T42cG5d5XumtjOGPEb9UieIrCRaxh9AWqf6 KBJOPpCH1mSnlc9G9pYokSL3RKSTUzVBwEl/T+xlDhTO0WtBM39hf2NF93PT8hYAgE/qQv+ cb8APxUbCNN4nE+i0OwRQ==
X-UI-Out-Filterresults: notjunk:1;V01:K0:lCIJnDusagA=:yE+CECNE8PxeD1XsPujniO G5bawXK8Rm+QDQeQ1R3NLioPGVihEg2FuKdKVC21rjUPM2QEUObxmg+4ikfZ7CKMvnE8XquRn uEHguJGAjz9VjwwuJjpynjTxFAWPnwuJQj3rZp2Vucd82IqWm4bBrZ3BXRXNSctN8WXbkReDV kaDa7jX8VpluIAVZWKWa/RY2cQTjq+hfHWdCjB0QDBMU278HWccOyPGMLSoKq2giy4s9Wy+c5 Uow/bFh6AO29ql6eubDkP9tX+oR3C1waf/rLsyhJ4yT6uPl8PdFCWGGRPBfRGoh+PfmvUKW1L 1tmpXIlWAS7wDGTUKdmY5m7WIR56AJXaPlFkgaW2f4HEBxARpzpVhEHkUKZSamPG2QRcXWB5S 4Db4yxeWNRu4kDVpEko5jesXMZlDIwWZ35rRwEGVPnAisCkgG90k/lgRx/jWZxdrsIpGGIVB2 A5xNS+La8lV4314X+swIt0/XgFPAhuNGWzWnjzD+APWJIEO3ew8ApAdmVHnMpj+deOi/9uKxY EOV+h2hiXOPBFEAbG/EsQJglFeH3FlovZN7+MKoo0nf1eo14qhA5w5RsAh3DQsHN0KdFc+6kM h29A4cGjDPouESPv4Gicl974UTffHIN/MOdyV7ZDxy7C7NSPLP4f7+acN6qdk1OcnFfCI/PSI CRa8qOnEQwDOSX2DA6K+OdAlsdLhqjf5AQxqplijKnqLvupR0nsJ2fw/E8AbcUFqI1TAHwuB3 J4JkUoLfTHvrGEW7zpZGGF+ik6C6klU7Ldd0D8PFcnitgZZNZ/VCYuSqUmkTfVO3P4YbpDKgE wreSfPM
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/hBwiotLHyYvhPPTG9eXzXC1XpZI>
Subject: [core] Implications of IP address / port changes for CoAP & Co
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Aug 2016 10:36:50 -0000
Hi all, in the OMA device management group we have been discussing the implications of IP address and/or port number changes of devices (particularly with devices that sleep for an extended period of time). The challenge from a protocol point of view is to use an identifier that does not depend on the IP address and port. Of course, when a IP packet has to be sent to a specific node then IP address and port information has to be used from somewhere but my expectation is that at least the protocol machinery shouldn't break when an IP address changes (or there should be a story for how to recover). In CoAP the 'endpoint' appears to be an important identifier. In an attempt to define what an endpoint is the CoAP specification is a bit confusing: Section 1.2 says: " Endpoint An entity participating in the CoAP protocol. Colloquially, an endpoint lives on a "Node", although "Host" would be more consistent with Internet standards usage, and is further identified by transport-layer multiplexing information that can include a UDP port number and a security association (Section 4.1). " Section 4.1 of RFC 7252 says: " A CoAP endpoint is the source or destination of a CoAP message. The specific definition of an endpoint depends on the transport being used for CoAP. For the transports defined in this specification, the endpoint is identified depending on the security mode used (see Section 9): With no security, the endpoint is solely identified by an IP address and a UDP port number. With other security modes, the endpoint is identified as defined by the security mode. " The two definitions do not appear to be in sync, particularly when using DTLS to secure CoAP since the DTLS record layer adds nothing with respect to additional multiplexing. I also did not find text that describes what the different endpoint definition is when DTLS is used. In any case, when DTLS is used an IP address / port change at the client will prevent the CoAP server from finding the right security context and a new (hopefully abbreviated) handshake has to be run. Luckily the implications of an IP address/port change are quite minimal for CoAP itself since the only impact (as far as I can tell) is with regards to the use of request/response exchange, as described in Section 5.3.2 "Request/Response Matching Rules". The likelihood that a client changes IP address in the middle of a request/response interaction are IMHO minimal. The story is more interesting when we look at extensions to CoAP, like CoAP Observe. Section 4.1 of https://tools.ietf.org/html/rfc7641 says: " The entry in the list of observers is keyed by the client endpoint and the token specified by the client in the request. If an entry with a matching endpoint/token pair is already present in the list (which, for example, happens when the client wishes to reinforce its interest in a resource), the server MUST NOT add a new entry but MUST replace or update the existing one. " With Observe a token is used for demultiplexing (in addition to the endpoint info). I assume that the spec uses the same definition of endpoint as in CoAP. While the spec does not say what is actually being updated or replaced one can assume that a client sending a request with a new IP address and port (which corresponds to the endpoint definition in CoAP) gets at least that information updated. The spec is IMHO unclear what should happen in case of an IP address/port change. I suspect that an implementation would send a new register message and the server would update state. Of course, when the IP address / port of the client is not in sync with what is being stored at the server then the notifications sent by the server will not reach the client. The story for RD appears to be different again. First, there appears to be a different definition of endpoint being used (which I prefer more). For multiplexing it does not use IP address & port information. Of course, RD will still have to maintain this information but at least one can be sure that packets are not dropped after the IP address and/or port at the client change. Section 11.1 of draft-ietf-core-resource-directory-08 says: " An Endpoint is determined to be unique by an RD by the Endpoint identifier parameter included during Registration, and any associated TLS or DTLS security bindings. An Endpoint MUST NOT be identified by its protocol, port or IP address as these may change over the lifetime of an Endpoint. " It appears that the way how state is indexed is different throughout the specifications developed in the CORE working group and I am curious whether someone else has been looking at the implications of IP address and/or port changes on the protocol operation. I would certainly appreciate your thoughts on this topic. Ciao Hannes
- [core] Implications of IP address / port changes … Hannes Tschofenig
- Re: [core] Implications of IP address / port chan… Kraus Achim (INST/ESY1)
- Re: [core] Implications of IP address / port chan… Hudalla Kai (INST/ESY1)
- Re: [core] Implications of IP address / port chan… Fossati, Thomas (Nokia - GB)
- Re: [core] Implications of IP address / port chan… Lauri Piikivi
- Re: [core] Implications of IP address / port chan… Oliver Kleine
- Re: [core] Implications of IP address / port chan… Dave Thaler
- Re: [core] Implications of IP address / port chan… Stephen Farrell
- Re: [core] Implications of IP address / port chan… Mohit Sethi
- Re: [core] Implications of IP address / port chan… Carsten Bormann
- Re: [core] Implications of IP address / port chan… Stephen Farrell
- Re: [core] Implications of IP address / port chan… Dave Thaler
- Re: [core] Implications of IP address / port chan… Peter Saint-Andre - Filament
- Re: [core] Implications of IP address / port chan… Stephen Farrell
- Re: [core] Implications of IP address / port chan… Stephen Farrell
- Re: [core] Implications of IP address / port chan… Peter Saint-Andre - Filament
- Re: [core] Implications of IP address / port chan… Stephen Farrell
- Re: [core] Implications of IP address / port chan… Peter Saint-Andre - Filament
- Re: [core] Implications of IP address / port chan… Peter Saint-Andre - Filament