idnits 2.17.1 draft-boucadair-core-hop-limit-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 5 instances of too long lines in the document, the longest one being 3 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (August 16, 2018) is 2079 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFCXXXX' is mentioned on line 157, but not defined == Outdated reference: A later version (-41) exists of draft-ietf-dots-signal-channel-22 Summary: 1 error (**), 0 flaws (~~), 3 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 CORE M. Boucadair 3 Internet-Draft Orange 4 Intended status: Standards Track T. Reddy 5 Expires: February 17, 2019 McAfee 6 J. Shallow 7 NCC Group 8 August 16, 2018 10 Constrained Application Protocol (CoAP) Hop Limit Option 11 draft-boucadair-core-hop-limit-00 13 Abstract 15 The presence of Constrained Application Protocol (CoAP) proxies may 16 lead to infinite forwarding loops, which is undesirable. To prevent 17 and detect such loops, this document specifies the Hop-Limit CoAP 18 option. 20 Status of This Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at https://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on February 17, 2019. 37 Copyright Notice 39 Copyright (c) 2018 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (https://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 55 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 2 56 3. Hop-Limit Option . . . . . . . . . . . . . . . . . . . . . . 3 57 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 3 58 4.1. CoAP Response Code . . . . . . . . . . . . . . . . . . . 3 59 4.2. CoAP Option Number . . . . . . . . . . . . . . . . . . . 4 60 5. Security Considerations . . . . . . . . . . . . . . . . . . . 4 61 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 4 62 6.1. Normative References . . . . . . . . . . . . . . . . . . 4 63 6.2. Informative References . . . . . . . . . . . . . . . . . 4 64 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 5 66 1. Introduction 68 More and more applications are using Constrained Application Protocol 69 (CoAP) [RFC7252] as a communication protocol between involved 70 application agents. For example, [I-D.ietf-dots-signal-channel] 71 specifies how CoAP is used as a distributed denial-of-service (DDoS) 72 attack signaling protocol seeking for help from DDoS mitigation 73 providers. In such contexts, a CoAP client can communicate directly 74 with a server or indirectly via a proxy. 76 When multiple proxies are involved, infinite forwarding loops may be 77 experienced. To prevent such loops, this document defines a new CoAP 78 option, called Hop-Limit, which is inserted by on-path proxies. 79 Also, the document defines a new CoAP Response Code to report loops 80 together with relevant diagnostic information to ease 81 troubleshooting. 83 2. Terminology 85 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 86 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 87 "OPTIONAL" in this document are to be interpreted as described in 88 [RFC2119]. 90 Readers should be familiar with the terms and concepts defined in 91 [RFC7252]. 93 3. Hop-Limit Option 95 Hop-Limit option (see Section 4.2) is used to detect and prevent 96 infinite loops when proxies are involved. Only one single instance 97 of the option is allowed in a message. 99 The length of the Hop-Limit option is 1 byte. The value of the Hop- 100 Limit option is encoded as an unsigned integer (see Section 3.2 of 101 [RFC7252]). 103 Each intermediate proxy involved in the handling of a CoAP message 104 MUST decrement the Hop-Limit option value by 1 prior to forwarding 105 upstream if this parameter exists. 107 CoAP messages MUST NOT be forwarded if the Hop-Limit option is set to 108 '0' after decrement. Messages that cannot be forwarded because of 109 exhausted Hop-Limit SHOULD be logged with a 5.06 (Hop Limit Reached) 110 error message sent back to the CoAP peer. It is RECOMMENDED that 111 CoAP agents support means to alert administrators about loop errors 112 so that appropriate actions are undertaken. 114 To ease debugging and troubleshooting, the CoAP proxy which detects a 115 loop SHOULD include its information (e.g., server name, server alias, 116 IP address) in the diagnostic payload under the conditions detailed 117 in Section 5.5.2 of [RFC7252]. 119 Each intermediate proxy involved in relaying a 5.06 (Hop Limit 120 Reached) error message SHOULD prepend its own information in the 121 diagnostic payload with a space character used as separator. Only 122 one information per proxy MUST appear in the diagnostic payload. 124 The initial Hop-Limit value SHOULD be configurable. If no initial 125 value is explicitly provided, the default initial Hop-Limit value of 126 16 MUST be used. Because forwarding errors may occur if inadequate 127 Hop-Limit values are used, proxies at the boundaries of an 128 administrative domain MAY be instructed to rewrite the value of Hop- 129 Limit carried in received messages (that is, ignore the value of Hop- 130 Limit received in a message). 132 4. IANA Considerations 134 4.1. CoAP Response Code 136 IANA is requested to add the following entries to the "CoAP Response 137 Codes" sub-registry available at https://www.iana.org/assignments/ 138 core-parameters/core-parameters.xhtml#response-codes: 140 +------+------------------+-----------+ 141 | Code | Description | Reference | 142 +------+------------------+-----------+ 143 | 5.06 | Hop Limit Reached| [RFCXXXX] | 144 +------+------------------+-----------+ 146 Table 1: CoAP Response Codes 148 4.2. CoAP Option Number 150 IANA is requested to add the following entry to the "CoAP Option 151 Numbers" sub-registry available at https://www.iana.org/assignments/ 152 core-parameters/core-parameters.xhtml#option-numbers: 154 +--------+---+---+---+---+------------------+-----------+ 155 | Number | C | U | N | R | Name | Reference | 156 +--------+---+---+---+---+------------------+-----------+ 157 | 2 | | x | - | | Hop-Limit | [RFCXXXX] | 158 +--------+---+---+---+---+------------------+-----------+ 159 C=Critical, U=Unsafe, N=NoCacheKey, R=Repeatable 161 Table 2: CoAP Option Number 163 5. Security Considerations 165 Security considerations related to CoAP proxying are discussed in 166 Section 11.2 of [RFC7252]. 168 6. References 170 6.1. Normative References 172 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 173 Requirement Levels", BCP 14, RFC 2119, 174 DOI 10.17487/RFC2119, March 1997, 175 . 177 [RFC7252] Shelby, Z., Hartke, K., and C. Bormann, "The Constrained 178 Application Protocol (CoAP)", RFC 7252, 179 DOI 10.17487/RFC7252, June 2014, 180 . 182 6.2. Informative References 184 [I-D.ietf-dots-signal-channel] 185 Reddy, T., Boucadair, M., Patil, P., Mortensen, A., and N. 186 Teague, "Distributed Denial-of-Service Open Threat 187 Signaling (DOTS) Signal Channel Specification", draft- 188 ietf-dots-signal-channel-22 (work in progress), August 189 2018. 191 Authors' Addresses 193 Mohamed Boucadair 194 Orange 195 Rennes 35000 196 France 198 Email: mohamed.boucadair@orange.com 200 Tirumaleswar Reddy 201 McAfee, Inc. 202 Embassy Golf Link Business Park 203 Bangalore, Karnataka 560071 204 India 206 Email: kondtir@gmail.com 208 Jon Shallow 209 NCC Group 210 United Kingdom 212 Email: jon.shallow@nccgroup.trust