< draft-werner-nsis-natfw-nslp-statemachine-03.txt   draft-werner-nsis-natfw-nslp-statemachine-04.txt >
NSIS C. Werner NSIS C. Werner
Internet-Draft X. Fu Internet-Draft N. Steinleitner, Ed.
Expires: December 27, 2006 Univ. Goettingen Expires: September 6, 2007 X. Fu
Univ. Goettingen
H. Tschofenig H. Tschofenig
Siemens Siemens
C. Aoun C. Aoun
ENST ENST
N. Steinleitner, Ed. March 5, 2007
Univ. Goettingen
June 25, 2006
NAT/FW NSLP State Machine NAT/FW NSLP State Machine
draft-werner-nsis-natfw-nslp-statemachine-03.txt draft-werner-nsis-natfw-nslp-statemachine-04.txt
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 40 skipping to change at page 1, line 39
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on December 27, 2006. This Internet-Draft will expire on September 6, 2007.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2006). Copyright (C) The IETF Trust (2007).
Abstract Abstract
This document describes the state machines for the NSIS Signaling This document describes the state machines for the NSIS Signaling
Layer Protocol for Network Address Translation/Firewall signaling Layer Protocol for Network Address Translation/Firewall signaling
(NAT/FW NSLP). A set of state machines for NAT/FW NSLP entities at (NAT/FW NSLP). A set of state machines for NAT/FW NSLP entities at
different locations of a signaling path are presented in order to different locations of a signaling path are presented in order to
illustrate how NAT/FW NSLP may be implemented. illustrate how NAT/FW NSLP may be implemented.
Table of Contents Table of Contents
skipping to change at page 2, line 28 skipping to change at page 2, line 27
6. State machine for the NAT/FW NI/NR+ . . . . . . . . . . . . . 9 6. State machine for the NAT/FW NI/NR+ . . . . . . . . . . . . . 9
7. State machine for the NAT/FW NF . . . . . . . . . . . . . . . 11 7. State machine for the NAT/FW NF . . . . . . . . . . . . . . . 11
8. State machine for the NAT/FW NR/NI+ . . . . . . . . . . . . . 15 8. State machine for the NAT/FW NR/NI+ . . . . . . . . . . . . . 15
9. Security Considerations . . . . . . . . . . . . . . . . . . . 18 9. Security Considerations . . . . . . . . . . . . . . . . . . . 18
10. Open Issues . . . . . . . . . . . . . . . . . . . . . . . . . 18 10. Open Issues . . . . . . . . . . . . . . . . . . . . . . . . . 18
11. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 18 11. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 18
12. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 18 12. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 18
13. References . . . . . . . . . . . . . . . . . . . . . . . . . . 18 13. References . . . . . . . . . . . . . . . . . . . . . . . . . . 18
13.1. Normative References . . . . . . . . . . . . . . . . . . . 18 13.1. Normative References . . . . . . . . . . . . . . . . . . . 18
13.2. Informative References . . . . . . . . . . . . . . . . . . 18 13.2. Informative References . . . . . . . . . . . . . . . . . . 18
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 20 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 19
Intellectual Property and Copyright Statements . . . . . . . . . . 21 Intellectual Property and Copyright Statements . . . . . . . . . . 21
1. Introduction 1. Introduction
This document describes the state machines for NAT/FW NSLP [1], This document describes the state machines for NAT/FW NSLP [1],
trying to show how NAT/FW NSLP can be implemented to support its trying to show how NAT/FW NSLP can be implemented to support its
deployment. The state machines described in this document are deployment. The state machines described in this document are
illustrative of how the NAT/FW NSLP protocol defined in [1] may be illustrative of how the NAT/FW NSLP protocol defined in [1] may be
implemented for the first NAT/FW NSLP node in the signaling path, implemented for the first NAT/FW NSLP node in the signaling path,
intermediate NAT/FW NSLP nodes with Firewall and/or NAT intermediate NAT/FW NSLP nodes with Firewall and/or NAT
skipping to change at page 3, line 24 skipping to change at page 3, line 24
Where there are differences [1] are authoritative. The state Where there are differences [1] are authoritative. The state
machines are informative only. Implementations may achieve the same machines are informative only. Implementations may achieve the same
results using different methods. results using different methods.
The messages used in the NAT/FW NSLP protocol can be summarized as The messages used in the NAT/FW NSLP protocol can be summarized as
follows: follows:
Requesting message Responding message Requesting message Responding message
------------------------+--------------------------- ------------------------+---------------------------
CREATE |RESPONSE CREATE |RESPONSE
REA |RESPONSE EXT |RESPONSE
TRACE |RESPONSE
RESPONSE |NONE RESPONSE |NONE
NOTIFY |NONE NOTIFY |NONE
------------------------+--------------------------- ------------------------+---------------------------
We describe a set of state machines for different roles of entities We describe a set of state machines for different roles of entities
running NAT/FW NSLP to illustrate how NAT/FW NSLP may be implemented. running NAT/FW NSLP to illustrate how NAT/FW NSLP may be implemented.
2. Terminology 2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
skipping to change at page 6, line 22 skipping to change at page 6, line 20
<variable> = <expression1> | <expression2> | ... <variable> = <expression1> | <expression2> | ...
Execution of a statement of this form will result in <variable> Execution of a statement of this form will result in <variable>
having a value of exactly one of the expressions. The logic for having a value of exactly one of the expressions. The logic for
which of those expressions gets executed is outside of the state which of those expressions gets executed is outside of the state
machine and could be environmental, configurable, or based on machine and could be environmental, configurable, or based on
another state machine such as that of the method. another state machine such as that of the method.
4. State Machine Symbols 4. State Machine Symbols
( ) Used to force the precedence of operators in Boolean expressions ( ) Used to force the precedence of operators in Boolean expressions
and to delimit the argument(s) of actions within state boxes. and to delimit the argument(s) of actions within state boxes.
; Used as a terminating delimiter for actions within state boxes. ; Used as a terminating delimiter for actions within state boxes.
Where a state box contains multiple actions, the order of Where a state box contains multiple actions, the order of
execution follows the normal language conventions for reading execution follows the normal language conventions for reading
text. text.
= Assignment action. The value of the expression to the right of = Assignment action. The value of the expression to the right of
the operator is assigned to the variable to the left of the the operator is assigned to the variable to the left of the
operator. Where this operator is used to define multiple operator. Where this operator is used to define multiple
assignments, e.g., a = b = X the action causes the value of the assignments, e.g., a = b = X the action causes the value of the
expression following the right-most assignment operator to be expression following the right-most assignment operator to be
assigned to all of the variables that appear to the left of the assigned to all of the variables that appear to the left of the
right-most assignment operator. right-most assignment operator.
! Logical NOT operator. ! Logical NOT operator.
&& Logical AND operator. && Logical AND operator.
|| Logical OR operator. || Logical OR operator.
if...then... Conditional action. If the Boolean expression following if...then... Conditional action. If the Boolean expression
the if evaluates to TRUE, then the action following the then is following the if evaluates to TRUE, then the action following the
executed. then is executed.
{ statement 1, ... statement N } Compound statement. Braces are used { statement 1, ... statement N } Compound statement. Braces are
to group statements that are executed together as if they were a used to group statements that are executed together as if they
single statement. were a single statement.
!= Inequality. Evaluates to TRUE if the expression to the left of != Inequality. Evaluates to TRUE if the expression to the left of
the operator is not equal in value to the expression to the right. the operator is not equal in value to the expression to the right.
== Equality. Evaluates to TRUE if the expression to the left of the == Equality. Evaluates to TRUE if the expression to the left of the
operator is equal in value to the expression to the right. operator is equal in value to the expression to the right.
> Greater than. Evaluates to TRUE if the value of the expression to > Greater than. Evaluates to TRUE if the value of the expression to
the left of the operator is greater than the value of the the left of the operator is greater than the value of the
expression to the right. expression to the right.
<= Less than or equal to. Evaluates to TRUE if the value of the <= Less than or equal to. Evaluates to TRUE if the value of the
expression to the left of the operator is either less than or expression to the left of the operator is either less than or
equal to the value of the expression to the right. equal to the value of the expression to the right.
++ Increment the preceding integer operator by 1. ++ Increment the preceding integer operator by 1.
5. Common Rules 5. Common Rules
Throughout the document we use terms defined in the [1], such as NI, Throughout the document we use terms defined in the [1], such as NI,
NF, NR, CREATE, REA or RESPONSE. NF, NR, CREATE, EXT or RESPONSE.
5.1. Common Procedures 5.1. Common Procedures
tx_CREATE(): Transmit a CREATE message tx_CREATE(): Transmit a CREATE message
tx_CREATE(LIFETIME>0): Transmit CREATE message with lifetime object tx_CREATE(LIFETIME>0): Transmit CREATE message with lifetime object
greater than 0 for session creation. greater than 0 for session creation.
tx_CREATE(LIFETIME=0): Transmit CREATE message with lifetime object tx_CREATE(LIFETIME=0): Transmit CREATE message with lifetime object
explicitly set to 0 for session deletion. explicitly set to 0 for session deletion.
tx_RESPONSE(code,type): Transmit RESPONSE message with specified code tx_RESPONSE(code,type): Transmit RESPONSE message with specified
(SUCCESS or ERROR) and result type (related to a specific request code (SUCCESS or ERROR) and result type (related to a specific
type message: CREATE or REA). A code or result type may be request type message: CREATE or EXT). A code or result type may
omitted, typically when forwarding received RESPONSE messages. be omitted, typically when forwarding received RESPONSE messages.
tx_REA(): Transmit a REA message tx_EXT(): Transmit a EXT message
rx_RESPONSE(code, type): Evaluates to TRUE if a RESPONSE message has rx_RESPONSE(code, type): Evaluates to TRUE if a RESPONSE message has
been received with the specified code (SUCCESS or ERROR) and been received with the specified code (SUCCESS or ERROR) and
result type (related to a specific request type message: CREATE or result type (related to a specific request type message: CREATE or
REA). If the code or type is omitted, any received RESPONSE EXT). If the code or type is omitted, any received RESPONSE
message which is only matching the given code or type will message which is only matching the given code or type will
evaluate this procedure to TRUE. evaluate this procedure to TRUE.
rx_CREATE(): Evaluates to TRUE if a CREATE message has been received. rx_CREATE(): Evaluates to TRUE if a CREATE message has been
rx_CREATE(Lifetime > 0): Evaluates to TRUE if a CREATE message with received.
rx_CREATE(Lifetime > 0): Evaluates to TRUE if a CREATE message with
lifetime object greater than 0 has been received. lifetime object greater than 0 has been received.
rx_CREATE(Lifetime == 0): Evaluates to TRUE if a CREATE message with rx_CREATE(Lifetime == 0): Evaluates to TRUE if a CREATE message with
lifetime object explicitly set to 0 has been received. lifetime object explicitly set to 0 has been received.
rx_REA(): Evaluates to TRUE if a REA message has been received. rx_EXT(): Evaluates to TRUE if a EXT message has been received.
rx_REA(Lifetime > 0): Evaluates to TRUE if a REA message with rx_EXT(Lifetime > 0): Evaluates to TRUE if a EXT message with
lifetime object greater than 0 has been received. lifetime object greater than 0 has been received.
rx_REA(Lifetime == 0): Evaluates to TRUE if a REA message with rx_EXT(Lifetime == 0): Evaluates to TRUE if a EXT message with
lifetime object explicitly set to 0 has been received. lifetime object explicitly set to 0 has been received.
CHECK_AA(): Checks Authorization and Authentication of the received CHECK_AA(): Checks Authorization and Authentication of the received
message. Evaluates to TRUE if the check is successful, otherwise message. Evaluates to TRUE if the check is successful, otherwise
it evaluates to FALSE. This check is performed on all received it evaluates to FALSE. This check is performed on all received
messages hence it will only be shown within the state machine when messages hence it will only be shown within the state machine when
the check has failed. This CHECK_AA also MAY include a local the check has failed. This CHECK_AA also MAY include a local
policy check for the received message. policy check for the received message.
CreateSession(): Installs all session related states, variables, CreateSession(): Installs all session related states, variables,
bindings, policies. bindings, policies.
DeleteSession(): Removes all session related states, variables, DeleteSession(): Removes all session related states, variables,
bindings, policies. bindings, policies.
CreatePinhole(): Installs a pinhole for the new session. CreatePinhole(): Installs a pinhole for the new session.
DeletePinhole(): Removes a previously installed pinhole. DeletePinhole(): Removes a previously installed pinhole.
CreateReservations(): Creates a matching based on the MRI and open CreateReservations(): Creates a matching based on the MRI and open
pinholes for the signaling traffic. pinholes for the signaling traffic.
DeleteReservations(): Deletes previously installed matchings and DeleteReservations(): Deletes previously installed matchings and
pinholes for the signaling traffic. pinholes for the signaling traffic.
CreateBinding(): Creates a public/private network translation binding CreateBinding(): Creates a public/private network translation
on a NAT device for the requesting entity. binding on a NAT device for the requesting entity.
DeleteBinding(): Deletes a previously created a public/private DeleteBinding(): Deletes a previously created a public/private
network translation binding on a NAT device for the requesting network translation binding on a NAT device for the requesting
entity. entity.
StartTimer(identifier): This procedure starts a timer with a certain StartTimer(identifier): This procedure starts a timer with a certain
timespan, which is up to the specific implementation. The timespan, which is up to the specific implementation. The
parameter 'identifier' identifies this timer uniquely. Any parameter 'identifier' identifies this timer uniquely. Any
subsequent StartTimer(identifier), StopTimer(identifier), subsequent StartTimer(identifier), StopTimer(identifier),
(identifier)_TIMEOUT refer to the same timer labeled x. This (identifier)_TIMEOUT refer to the same timer labeled x. This
timer is required to time the lifetime of state, which means that timer is required to time the lifetime of state, which means that
when it times out, it indicates the current machine state should when it times out, it indicates the current machine state should
be left or its validation has expired. This procedure starts the be left or its validation has expired. This procedure starts the
timer 'identifier'. If a timer with the same 'identifier' has timer 'identifier'. If a timer with the same 'identifier' has
already been started and not yet stopped, the timer is now stopped already been started and not yet stopped, the timer is now stopped
and restarted. After the timer has timed out, the procedure and restarted. After the timer has timed out, the procedure
(identifier)_TIMEOUT evaluates to TRUE. The timer does not (identifier)_TIMEOUT evaluates to TRUE. The timer does not
restart automatically, but must be started again with a restart automatically, but must be started again with a
StartTimer(identifier). Used identifier are STATE, REFRESH, StartTimer(identifier). Used identifier are STATE, REFRESH,
CREATE, REA or RESPONSE. CREATE, EXT or RESPONSE.
StopTimer(identifier): This procedure stops the timer labeled StopTimer(identifier): This procedure stops the timer labeled
'identifier'. If it has already been stopped, this procedure has 'identifier'. If it has already been stopped, this procedure has
no effect. If the timer has already timed out, this procedure no effect. If the timer has already timed out, this procedure
removes the timeout-state from the timer 'identifier', so removes the timeout-state from the timer 'identifier', so
subsequent calls to (identifier)_TIMEOUT evaluate to FALSE. A subsequent calls to (identifier)_TIMEOUT evaluate to FALSE. A
timeout cannot occur until the timer 'identifier' has been timeout cannot occur until the timer 'identifier' has been
(re-)started. (re-)started.
(identifier)_TIMEOUT: This procedure evaluates to TRUE if the (identifier)_TIMEOUT: This procedure evaluates to TRUE if the
(identifier)-timer has timed out and indicates a state lifetime (identifier)-timer has timed out and indicates a state lifetime
expiration. This procedure cannot evaluate to TRUE if the timer expiration. This procedure cannot evaluate to TRUE if the timer
has been stopped. Used timers are STATE_TIMEOUT, REFRESH_TIMEOUT, has been stopped. Used timers are STATE_TIMEOUT, REFRESH_TIMEOUT,
CREATE_TIMEOUT, REA_TIMEOUT or RESPONSE_TIMEOUT. CREATE_TIMEOUT, EXT_TIMEOUT or RESPONSE_TIMEOUT.
tg_CREATE: External trigger to send a CREATE message (typically tg_CREATE: External trigger to send a CREATE message (typically
triggered by the application). triggered by the application).
tg_TEARDOWN: External trigger to delete a previously created session tg_TEARDOWN: External trigger to delete a previously created session
(typically triggered by the application) (typically triggered by the application)
tg_REA: External trigger to send a REA message towards an tg_EXT: External trigger to send a EXT message towards an
opportunistic address (typically triggered by the application) opportunistic address (typically triggered by the application)
tg_CREATE_PROXY: Internal trigger to send a CREATE message (used in tg_CREATE_PROXY: Internal trigger to send a CREATE message (used in
proxy mode, triggered by corresponding NAT/FW NSLP session). proxy mode, triggered by corresponding NAT/FW NSLP session).
tg_TEARDOWN_PROXY: Internal trigger to delete a previously created tg_TEARDOWN_PROXY: Internal trigger to delete a previously created
session (used in proxy mode, triggered by corresponding NAT/FW session (used in proxy mode, triggered by corresponding NAT/FW
NSLP session). NSLP session).
5.2. Common Variables 5.2. Common Variables
IS_EDGE: Boolean flag which evaluates to TRUE if the node is on the IS_EDGE: Boolean flag which evaluates to TRUE if the node is on the
network edge, otherwise it evaluates to FALSE. network edge, otherwise it evaluates to FALSE.
IS_PUBLICSIDE: Boolean flag which evaluates to TRUE if the (CREATE- IS_PUBLICSIDE: Boolean flag which evaluates to TRUE if the (CREATE-
or REA-) message has been received on the public side of the or EXT-) message has been received on the public side of the
network. network.
CREATE(LIFETIME): Gets the value of the LIFETIME object in the CREATE CREATE(LIFETIME): Gets the value of the LIFETIME object in the
message. CREATE message.
counter(CREATE): Denotes the current number of retries of CREATE counter(CREATE): Denotes the current number of retries of CREATE
message which has been re-transmitted due to previous message which has been re-transmitted due to previous
RESPONSE_ERROR message. If the number of counter(CREATE) equals RESPONSE_ERROR message. If the number of counter(CREATE) equals
the value of counterLimit(CREATE), the current session creation the value of counterLimit(CREATE), the current session creation
attempt is aborted and the application is being notified. attempt is aborted and the application is being notified.
counter(REA): Denotes the current number of retries of REA message counter(EXT): Denotes the current number of retries of EXT message
which has been re-transmitted due to previous RESPONSE_ERROR which has been re-transmitted due to previous RESPONSE_ERROR
message. If the number of counter(REA) equals the value of message. If the number of counter(EXT) equals the value of
counterLimit(REA), the current session creation attempt is aborted counterLimit(EXT), the current session creation attempt is aborted
and the application is being notified. and the application is being notified.
5.3. Constants 5.3. Constants
counterLimit(CREATE): Contains the maximum number of retransmission counterLimit(CREATE): Contains the maximum number of retransmission
attempts of a CREATE message after it is aborted and the attempts of a CREATE message after it is aborted and the
application is being notified. application is being notified.
counterLimit(REA): Contains the maximum number of retransmission counterLimit(EXT): Contains the maximum number of retransmission
attempts of a REA message after it is aborted and the application attempts of a EXT message after it is aborted and the application
is being notified. is being notified.
6. State machine for the NAT/FW NI/NR+ 6. State machine for the NAT/FW NI/NR+
This section presents the state machine for the NSIS initator which This section presents the state machine for the NSIS initator which
is capable of NAT/FW NSLP signaling. is capable of NAT/FW NSLP signaling.
----------- -----------
State: INITIALIZE State: INITIALIZE
----------- -----------
skipping to change at page 12, line 14 skipping to change at page 12, line 14
----------------------------+-----------------------------+---------- ----------------------------+-----------------------------+----------
----------- -----------
State: IDLE State: IDLE
Entry: DeleteSession(); Entry: DeleteSession();
Exit : CreateSession(); Exit : CreateSession();
----------- -----------
Condition Action State Condition Action State
----------------------------+-----------------------------+---------- ----------------------------+-----------------------------+----------
(rx_REA) && (IS_PUBLICSIDE) |tx_RESPONSE(ERROR, REA); | IDLE (rx_EXT) && (IS_PUBLICSIDE) |tx_RESPONSE(ERROR, EXT); | IDLE
| | | |
(rx_CREATE(Lifetime > 0)) |tx_CREATE(); | CREATE_ (rx_CREATE(Lifetime > 0)) |tx_CREATE(); | CREATE_
| | WAITRESP | | WAITRESP
| | | |
((rx_REA) && (!IS_EDGE) |tx_REA(); | NONEDGE_ ((rx_EXT) && (!IS_EDGE) |tx_EXT(); | NONEDGE_
&& (!IS_PUBLICSIDE)) | | REA && (!IS_PUBLICSIDE)) | | EXT
| | | |
((rx_REA) && (IS_EDGE) |tx_RESPONSE(SUCCESS,REA); | EDGE_REA ((rx_EXT) && (IS_EDGE) |tx_RESPONSE(SUCCESS,EXT); | EDGE_EXT
&& (!IS_PUBLICSIDE)) |tx_CREATE; | && (!IS_PUBLICSIDE)) |tx_CREATE; |
|if(proxy_object) then | |if(proxy_object) then |
| (tg_CREATE_PROXY);| | (tg_CREATE_PROXY);|
----------------------------+-----------------------------+---------- ----------------------------+-----------------------------+----------
----------- -----------
State: CREATE_WAITRESP State: CREATE_WAITRESP
Entry: StartTimer(STATE); Entry: StartTimer(STATE);
Exit : StopTimer(STATE); Exit : StopTimer(STATE);
----------- -----------
skipping to change at page 13, line 5 skipping to change at page 13, line 5
|ReportAsyncEvent(); | |ReportAsyncEvent(); |
| | | |
STATE_TIMEOUT |tx_RESPONSE(ERROR,CREATE); | IDLE STATE_TIMEOUT |tx_RESPONSE(ERROR,CREATE); | IDLE
|ReportAsyncEvent(); | |ReportAsyncEvent(); |
| | | |
(rx_CREATE(Lifetime == 0)) |tx_CREATE(Lifetime=0); | IDLE (rx_CREATE(Lifetime == 0)) |tx_CREATE(Lifetime=0); | IDLE
| | | |
rx_RESPONSE(SUCCESS,CREATE) |tx_RESPONSE(SUCCESS,CREATE); | SESSION rx_RESPONSE(SUCCESS,CREATE) |tx_RESPONSE(SUCCESS,CREATE); | SESSION
----------------------------+-----------------------------+---------- ----------------------------+-----------------------------+----------
----------- -----------
State: NONEDGE_REA State: NONEDGE_EXT
Entry: StartTimer(REA); Entry: StartTimer(EXT);
CreateReservations(); CreateReservations();
Exit : StopTimer(REA); Exit : StopTimer(EXT);
DeleteReservations(); DeleteReservations();
----------- -----------
Condition Action State Condition Action State
----------------------------+-----------------------------+---------- ----------------------------+-----------------------------+----------
(rx_REA(Lifetime > 0)) |StopTimer(REA); | NONEDGE_ (rx_EXT(Lifetime > 0)) |StopTimer(EXT); | NONEDGE_
|StartTimer(REA); | REA |StartTimer(EXT); | EXT
|tx_REA(); | |tx_EXT(); |
| | | |
rx_RESPONSE(SUCCESS, REA) |tx_RESPONSE(SUCCESS,REA); | NONEDGE_ rx_RESPONSE(SUCCESS, EXT) |tx_RESPONSE(SUCCESS,EXT); | NONEDGE_
| | REA | | EXT
| | | |
rx_RESPONSE(ERROR, REA) |tx_RESPONSE(ERROR,REA); | IDLE rx_RESPONSE(ERROR, EXT) |tx_RESPONSE(ERROR,EXT); | IDLE
|ReportAsyncEvent(); | |ReportAsyncEvent(); |
| | | |
(rx_REA(Lifetime == 0)) |tx_REA(Lifetime=0); | IDLE (rx_EXT(Lifetime == 0)) |tx_EXT(Lifetime=0); | IDLE
|ReportAsyncEvent(); | |ReportAsyncEvent(); |
| | | |
REA_TIMEOUT |ReportAsyncEvent(); | IDLE EXT_TIMEOUT |ReportAsyncEvent(); | IDLE
----------------------------+-----------------------------+---------- ----------------------------+-----------------------------+----------
----------- -----------
State: EDGE_REA State: EDGE_EXT
Entry: StartTimer(REA); Entry: StartTimer(EXT);
CreateReservations(); CreateReservations();
Exit : StopTimer(REA); Exit : StopTimer(EXT);
DeleteReservations(); DeleteReservations();
----------- -----------
Condition Action State Condition Action State
----------------------------+-----------------------------+---------- ----------------------------+-----------------------------+----------
(rx_REA(Lifetime > 0)) |StopTimer(REA); | EDGE_REA (rx_EXT(Lifetime > 0)) |StopTimer(EXT); | EDGE_EXT
|StartTimer(REA); | |StartTimer(EXT); |
|tx_RESPONSE(SUCCESS, REA); | |tx_RESPONSE(SUCCESS, EXT); |
| | | |
(rx_REA(Lifetime == 0)) |tx_REA(Lifetime=0); | IDLE (rx_EXT(Lifetime == 0)) |tx_EXT(Lifetime=0); | IDLE
|ReportAsyncEvent(); | |ReportAsyncEvent(); |
|if(proxy_mode) then | |if(proxy_mode) then |
| (tg_TEARDOWN_PROXY);| | (tg_TEARDOWN_PROXY);|
| | | |
REA_TIMEOUT |ReportAsyncEvent(); | IDLE EXT_TIMEOUT |ReportAsyncEvent(); | IDLE
|if(proxy_mode) then | |if(proxy_mode) then |
| (tg_TEARDOWN_PROXY);| | (tg_TEARDOWN_PROXY);|
----------------------------+-----------------------------+---------- ----------------------------+-----------------------------+----------
----------- -----------
State: SESSION State: SESSION
Entry: StartTimer(CREATE) Entry: StartTimer(CREATE)
CreatePinhole(); CreatePinhole();
CreateBinding(); CreateBinding();
Exit : StopTimer(RESPONSE); Exit : StopTimer(RESPONSE);
StopTimer(CREATE); StopTimer(CREATE);
DeletePinhole(); DeletePinhole();
DeleteBinding(); DeleteBinding();
----------- -----------
Condition Action State Condition Action State
----------------------------+-----------------------------+---------- ----------------------------+-----------------------------+----------
RESPONSE_TIMEOUT |StopTimer(RESPONSE); | SESSION RESPONSE_TIMEOUT |StopTimer(RESPONSE); | SESSION
|tx_RESPONSE(ERROR,CREATE); | |tx_RESPONSE(ERROR,CREATE); |
| | | |
(rx_REA(Lifetime > 0)) |StopTimer(CREATE); | SESSION (rx_EXT(Lifetime > 0)) |StopTimer(CREATE); | SESSION
|StartTimer(RESPONSE); | |StartTimer(RESPONSE); |
|tx_CREATE(); | |tx_CREATE(); |
| | | |
rx_RESPONSE(SUCCESS,CREATE) |StopTimer(RESPONSE); | SESSION rx_RESPONSE(SUCCESS,CREATE) |StopTimer(RESPONSE); | SESSION
|StartTimer(CREATE); | |StartTimer(CREATE); |
|tx_RESPONSE(SUCCESS,CREATE); | |tx_RESPONSE(SUCCESS,CREATE); |
| | | |
CREATE_TIMEOUT |ReportAsyncEvent(); | IDLE CREATE_TIMEOUT |ReportAsyncEvent(); | IDLE
| | | |
(rx_REA(Lifetime == 0)) |tx_CREATE(Lifetime=0); | IDLE (rx_EXT(Lifetime == 0)) |tx_CREATE(Lifetime=0); | IDLE
----------------------------+-----------------------------+---------- ----------------------------+-----------------------------+----------
8. State machine for the NAT/FW NR/NI+ 8. State machine for the NAT/FW NR/NI+
This section presents the state machines for the NSIS responder which This section presents the state machines for the NSIS responder which
is capable of NSLP NAT/FW signaling. is capable of NSLP NAT/FW signaling.
----------- -----------
State: INITIALIZE State: INITIALIZE
----------- -----------
skipping to change at page 16, line 14 skipping to change at page 16, line 14
----------- -----------
State: IDLE State: IDLE
Entry: DeleteSession(); Entry: DeleteSession();
Exit : CreateSession(); Exit : CreateSession();
----------- -----------
Condition Action State Condition Action State
----------------------------+-----------------------------+---------- ----------------------------+-----------------------------+----------
(rx_CREATE) && !(CHECK_AA())|tx_RESPONSE(ERROR,CREATE); | IDLE (rx_CREATE) && !(CHECK_AA())|tx_RESPONSE(ERROR,CREATE); | IDLE
| | | |
tg_REA |tx_REA(); | REA_ tg_EXT |tx_EXT(); | EXT_
| | WAITRESP | | WAITRESP
| | | |
(rx_REA(Lifetime > 0)) |tx_RESPONSE(SUCCESS,CREATE); | SESSION (rx_EXT(Lifetime > 0)) |tx_RESPONSE(SUCCESS,CREATE); | SESSION
----------------------------+-----------------------------+---------- ----------------------------+-----------------------------+----------
----------- -----------
State: REA_WAITRESP State: EXT_WAITRESP
Entry: ResetCounter(REA); Entry: ResetCounter(EXT);
StartTimer(RESPONSE); StartTimer(RESPONSE);
Exit : StopTimer(RESPONSE); Exit : StopTimer(RESPONSE);
----------- -----------
Condition Action State Condition Action State
----------------------------+-----------------------------+---------- ----------------------------+-----------------------------+----------
RESPONSE_TIMEOUT && |counter(REA)++; | REA_ RESPONSE_TIMEOUT && |counter(EXT)++; | EXT_
(counter(REA) < |StartTimer(RESPONSE); | WAITRESP (counter(EXT) < |StartTimer(RESPONSE); | WAITRESP
counterLimit(REA)) |tx_REA(); | counterLimit(EXT)) |tx_EXT(); |
| | | |
rx_RESPONSE(SUCCESS,REA) |ReportAsyncEvent(); | REA rx_RESPONSE(SUCCESS,EXT) |ReportAsyncEvent(); | EXT
| | | |
RESPONSE_TIMEOUT && |ReportAsyncEvent(); | IDLE RESPONSE_TIMEOUT && |ReportAsyncEvent(); | IDLE
(counter(REA) == | | (counter(EXT) == | |
counterLimit(REA)) | | counterLimit(EXT)) | |
| | | |
rx_RESPONSE(ERROR,REA) |ReportAsyncEvent(); | IDLE rx_RESPONSE(ERROR,EXT) |ReportAsyncEvent(); | IDLE
| | | |
tg_TEARDOWN |tx_REA(Lifetime=0); | IDLE tg_TEARDOWN |tx_EXT(Lifetime=0); | IDLE
----------------------------+-----------------------------+---------- ----------------------------+-----------------------------+----------
----------- -----------
State: REA State: EXT
Entry: ResetCounter(REA); Entry: ResetCounter(EXT);
StartTimer(REFRESH); StartTimer(REFRESH);
Exit : StopTimer(RESPONSE); Exit : StopTimer(RESPONSE);
StopTimer(REFRESH); StopTimer(REFRESH);
----------- -----------
Condition Action State Condition Action State
----------------------------+-----------------------------+---------- ----------------------------+-----------------------------+----------
RESPONSE_TIMEOUT && |counter(REA)++; | REA RESPONSE_TIMEOUT && |counter(EXT)++; | EXT
(counter(REA) < |StartTimer(RESPONSE); | (counter(EXT) < |StartTimer(RESPONSE); |
counterLimit(REA)) |tx_REA(); | counterLimit(EXT)) |tx_EXT(); |
| | | |
rx_RESPONSE(SUCCESS,REA) |StartTimer(REFRESH); | REA rx_RESPONSE(SUCCESS,EXT) |StartTimer(REFRESH); | EXT
|StopTimer(RESPONSE); | |StopTimer(RESPONSE); |
|ResetCounter(REA); | |ResetCounter(EXT); |
| | | |
REFRESH_TIMEOUT |tx_REA(); | REA REFRESH_TIMEOUT |tx_EXT(); | EXT
|StartTimer(RESPONSE); | |StartTimer(RESPONSE); |
| | | |
RESPONSE_TIMEOUT && |ReportAsyncEvent(); | IDLE RESPONSE_TIMEOUT && |ReportAsyncEvent(); | IDLE
(counter(REA) == | | (counter(EXT) == | |
counterLimit(REA)) | | counterLimit(EXT)) | |
| | | |
rx_RESPONSE(ERROR,REA) |ReportAsyncEvent(); | IDLE rx_RESPONSE(ERROR,EXT) |ReportAsyncEvent(); | IDLE
| | | |
tg_TEARDOWN |tx_REA(Lifetime=0); | IDLE tg_TEARDOWN |tx_EXT(Lifetime=0); | IDLE
----------------------------+-----------------------------+---------- ----------------------------+-----------------------------+----------
----------- -----------
State: SESSION State: SESSION
Entry: StartTimer(STATE); Entry: StartTimer(STATE);
Exit : StopTimer(STATE); Exit : StopTimer(STATE);
----------- -----------
Condition Action State Condition Action State
----------------------------+-----------------------------+---------- ----------------------------+-----------------------------+----------
skipping to change at page 18, line 38 skipping to change at page 18, line 38
12. Acknowledgments 12. Acknowledgments
The authors would like to thank Martin Stiemerling for his valuable The authors would like to thank Martin Stiemerling for his valuable
comments and discussions. comments and discussions.
13. References 13. References
13.1. Normative References 13.1. Normative References
[1] Stiemerling, M., "NAT/Firewall NSIS Signaling Layer Protocol [1] Stiemerling, M., "NAT/Firewall NSIS Signaling Layer Protocol
(NSLP)", draft-ietf-nsis-nslp-natfw-11 (work in progress), (NSLP)", draft-ietf-nsis-nslp-natfw-13 (work in progress),
April 2006. October 2006.
[2] Bradner, S., "Key words for use in RFCs to Indicate Requirement [2] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", March 1997. Levels", March 1997.
13.2. Informative References 13.2. Informative References
[3] Fajardo, V., "State Machines for Protocol for Carrying [3] Fajardo, V., "State Machines for Protocol for Carrying
Authentication for Network Access (PANA)", Authentication for Network Access (PANA)",
draft-ietf-pana-statemachine-04 (work in progress), May 2006. draft-ietf-pana-statemachine-04 (work in progress), May 2006.
skipping to change at page 20, line 16 skipping to change at page 19, line 29
Constantin Werner Constantin Werner
University of Goettingen University of Goettingen
Telematics Group Telematics Group
Lotzestr. 16-18 Lotzestr. 16-18
Goettingen 37083 Goettingen 37083
Germany Germany
Email: werner@cs.uni-goettingen.de Email: werner@cs.uni-goettingen.de
Niklas Steinleitner (editor)
University of Goettingen
Telematics Group
Lotzestr. 16-18
Goettingen 37083
Germany
Email: steinleitner@cs.uni-goettingen.de
Xiaoming Fu Xiaoming Fu
University of Goettingen University of Goettingen
Telematics Group Telematics Group
Lotzestr. 16-18 Lotzestr. 16-18
Goettingen 37083 Goettingen 37083
Germany Germany
Email: fu@cs.uni-goettingen.de Email: fu@cs.uni-goettingen.de
Hannes Tschofenig Hannes Tschofenig
Siemens Siemens
Otto-Hahn-Ring 6 Otto-Hahn-Ring 6
Munich, Bayern 81739 Munich, Bayern 81739
Germany Germany
Email: Hannes.Tschofenig@siemens.com Email: Hannes.Tschofenig@siemens.com
Cedric Aoun Cedric Aoun
Ecole Nationale Superieure des Telecommunications Ecole Nationale Superieure des Telecommunications
Paris Paris
France France
Email: cedric@caoun.net Email: cedric@caoun.net
Niklas Steinleitner (editor) Full Copyright Statement
University of Goettingen
Telematics Group
Lotzestr. 16-18
Goettingen 37083
Germany
Email: steinleitner@cs.uni-goettingen.de Copyright (C) The IETF Trust (2007).
Intellectual Property Statement This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79. found in BCP 78 and BCP 79.
skipping to change at page 21, line 29 skipping to change at page 21, line 45
such proprietary rights by implementers or users of this such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr. http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at this standard. Please address the information to the IETF at
ietf-ipr@ietf.org. ietf-ipr@ietf.org.
Disclaimer of Validity
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Copyright Statement
Copyright (C) The Internet Society (2006). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights.
Acknowledgment Acknowledgment
Funding for the RFC Editor function is currently provided by the Funding for the RFC Editor function is provided by the IETF
Internet Society. Administrative Support Activity (IASA).
 End of changes. 82 change blocks. 
144 lines changed or deleted 142 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/