idnits 2.17.1 draft-ietf-conex-destopt-09.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == It seems as if not all pages are separated by form feeds - found 0 form feeds but 12 pages Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There is 1 instance of too long lines in the document, the longest one being 6 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords -- however, there's a paragraph with a matching beginning. Boilerplate error? (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document date (August 5, 2015) is 3180 days in the past. Is this intentional? Checking references for intended status: Experimental ---------------------------------------------------------------------------- == Missing Reference: 'ID.conex-tcp-modifications' is mentioned on line 85, but not defined == Missing Reference: 'RFCXXXX' is mentioned on line 464, but not defined == Unused Reference: 'RFC4302' is defined on line 501, but no explicit reference was found in the text == Unused Reference: 'RFC6789' is defined on line 512, but no explicit reference was found in the text ** Obsolete normative reference: RFC 2460 (Obsoleted by RFC 8200) == Outdated reference: A later version (-10) exists of draft-ietf-conex-tcp-modifications-08 Summary: 2 errors (**), 0 flaws (~~), 8 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 ConEx Working Group S. Krishnan 3 Internet-Draft Ericsson 4 Intended status: Experimental M. Kuehlewind 5 Expires: February 6, 2016 ETH Zurich 6 C. Ralli 7 Telefonica 8 August 5, 2015 10 IPv6 Destination Option for Congestion Exposure (ConEx) 11 draft-ietf-conex-destopt-09 13 Abstract 15 Congestion Exposure (ConEx) is a mechanism by which senders inform 16 the network about the congestion encountered by packets earlier in 17 the same flow. This document specifies an IPv6 destination option 18 that is capable of carrying ConEx markings in IPv6 datagrams. 20 Status of This Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at http://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on February 6, 2016. 37 Copyright Notice 39 Copyright (c) 2015 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (http://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 55 2. Conventions used in this document . . . . . . . . . . . . . . 3 56 3. Requirements for the coding of ConEx in IPv6 . . . . . . . . 3 57 4. ConEx Destination Option (CDO) . . . . . . . . . . . . . . . 4 58 5. Implementation in the fast path of ConEx-aware routers . . . 7 59 6. Tunnel Processing . . . . . . . . . . . . . . . . . . . . . . 8 60 7. Compatibility with use of IPsec . . . . . . . . . . . . . . . 8 61 8. Mitigating flooding attacks by using preferential drop . . . 9 62 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 10 63 10. Security Considerations . . . . . . . . . . . . . . . . . . . 10 64 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 65 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 11 66 12.1. Normative References . . . . . . . . . . . . . . . . . . 11 67 12.2. Informative References . . . . . . . . . . . . . . . . . 12 68 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 12 70 1. Introduction 72 Congestion Exposure (ConEx) [I-D.ietf-conex-abstract-mech] is a 73 mechanism by which senders inform the network about the congestion 74 encountered by packets earlier in the same flow. This document 75 specifies an IPv6 destination option [RFC2460] that can be used for 76 performing ConEx markings in IPv6 datagrams. 78 This document specifies the ConEx wire protocol in IPv6. The ConEx 79 information can be used by any network element on the path to e.g. do 80 traffic management or egress policing. Additionally this information 81 will potentially be used by an audit function that checks the 82 integrity of the sender's signaling. Further each transport 83 protocol, that supports ConEx signaling, will need to specify 84 precisely when the transport sets ConEx markings (e.g. the behavior 85 for TCP is specified in [ID.conex-tcp-modifications]). 87 This document specifies ConEx for IPv6 only. Due to space limitation 88 and the risk of options that might be stripped by middlebox in IPv4 89 the primary goal of the working goal was to specify ConEx in IPv6 for 90 experimentation. 92 This specification is experimental to allow the IETF to assess 93 whether the decision to implement the ConEx signal as a destination 94 option fulfills the requirements stated in this document, as well as 95 to evaluate the proposed encoding of the ConEx signals as described 96 in [I-D.ietf-conex-abstract-mech]. 98 The duration of this experiment is expected to be no less than two 99 years from publication of this document as infrastructure is needed 100 to be set up to determine the outcome of this experiment. 101 Experimenting with Conex requires IPv6 traffic. Even though the 102 amount of IPv6 traffic is growing, the traffic mix carried over IPv6 103 is still very different as over IPv4. Therefore, it might taker 104 longer to find a suitable test scenario where only IPv6 traffic is 105 managed using ConEx. 107 2. Conventions used in this document 109 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL","SHALL NOT", 110 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 111 document are to be interpreted as described in [RFC2119]. 113 3. Requirements for the coding of ConEx in IPv6 115 A set of requirement for an ideal concrete ConEx wire protocol is 116 given in [I-D.ietf-conex-abstract-mech]. In the ConEx working group 117 is was recognized that it will be difficult to find an encoding in 118 IPv6 that satisfies all requirements. The choice in this document to 119 implement the ConEx information in a destination option aims to 120 satisfy those requirements that constrain the placement of ConEx 121 information: 123 R-1: The marking mechanism needs to be visible to all ConEx-capable 124 nodes on the path. 126 R-2: The mechanism needs to be able to traverse nodes that do not 127 understand the markings. This is required to ensure that ConEx can 128 be incrementally deployed over the Internet. 130 R-3: The presence of the marking mechanism should not significantly 131 alter the processing of the packet. This is required to ensure that 132 ConEx marked packets do not face any undue delays or drops due to a 133 badly chosen mechanism. 135 R-4: The markings should be immutable once set by the sender. At the 136 very least, any tampering should be detectable. 138 Based on these requirements four solutions to implement the ConEx 139 information in the IPv6 header have been investigated: hop-by-hop 140 options, destination options, using IPv6 header bits (from the flow 141 label), and new extension headers. After evaluating the different 142 solutions, the ConEx working group concluded that the use of a 143 destination option would best address these requirements. 145 Choosing to use a destination option does not necessarily satisfy the 146 requirement for on-path visibility, because it can be encapsulated by 147 additional IP header(s). Therefore, ConEx-aware network devices, 148 including policy or audit devices, might have to follow the chaining 149 (extension-)headers into inner IP headers to find ConEx information. 150 This choice was a compromise between fast-path performance of Conex- 151 aware network nodes and visibility, as discussed in 152 Section Section 5. 154 4. ConEx Destination Option (CDO) 156 The ConEx Destination Option (CDO) is a destination option that can 157 be included in IPv6 datagrams that are sent by ConEx-aware senders in 158 order to inform ConEx-aware nodes on the path about the congestion 159 encountered by packets earlier in the same flow or the expected risk 160 of encountering congestion in the future. The CDO has an alignment 161 requirement of (none). 163 0 1 2 3 164 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 165 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 166 | Option Type | Option Length | 167 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 168 |X|L|E|C| res | 169 +-+-+-+-+-+-+-+-+ 171 Figure 1: ConEx Destination Option Layout 172 Option Type 174 8-bit identifier of the type of option. The option identifier 175 for the ConEx destination option will be allocated by the IANA. 177 Option Length 179 8-bit unsigned integer. The length of the option (excluding 180 the Option Type and Option Length fields). The sender MUST set 181 this field to 1 but ConEx-aware nodes MUST accept an option 182 length of 1 or more. 184 X Bit 186 When this bit is set, the transport sender is using ConEx with 187 this packet. If it is not set, the sender is not using ConEx with 188 this packet. 190 L Bit 192 When this bit is set, the transport sender has experienced a loss. 194 E Bit 196 When this bit is set, the transport sender has experienced congestion signaled 197 using Explicite Congestion Notification (ECN) [RFC3168]. 199 C Bit 201 When this bit is set, the transport sender is building up 202 congestion credit in the audit function. 204 Reserved (res) 206 These four bits are not used in the current specification. They 207 are set to zero on the sender and are ignored on the receiver. 209 foo 211 All packets sent over a ConEx-capable TCP connection or belonging to 212 the same ConEx-capable flow MUST carry the CDO. The CDO is 213 immutable. Network devices with ConEx-aware functions read the 214 flags, but all network devices MUST forward the CDO unaltered. 216 CDO MUST be placed as the first option in the destination option 217 header before the AH and/or ESP (if present). IPsec Authentication 218 Header (AH) MAY be used to verify that the CDO has not been modified. 220 If the X bit is zero all other three bits are undefined and thus MUST 221 be ignored and forwarded unchanged by network nodes. The X bit set 222 to zero means that the connection is ConEx-capable but this packet 223 MUST NOT be counted when determining ConEx information in an audit 224 function. This can be the case if no congestion feedback is 225 (currently) available e.g. in TCP if one endpoint has been receiving 226 data but sending nothing but pure ACKs (no user data) for some time. 227 This is because pure ACKs do not advance the sequence number, so the 228 TCP endpoint receiving them cannot reliably tell whether any have 229 been lost due to congestion. Pure TCP ACKs cannot be ECN-marked 230 either [RFC3168]. 232 If the X bit is set, any of the other three bits (L, E, C) might be 233 set. Whenever one of these bits is set, the number of bytes carried 234 by this IP packet (including the IP header that directly encapsulates 235 the CDO and everything that IP header encapsulates) SHOULD be counted 236 to determine congestion or credit information. In IPv6 the number of 237 bytes can easily be calculated by adding the number 40 (length of the 238 IPv6 header in bytes) to the value present in the Payload Length 239 field in the IPv6 header. 241 A transport sends credits prior to the occurrence of congestion (loss 242 or ECN-CE marks) and the amount of credits should cover the 243 congestion risk. This is further specified in 244 [I-D.ietf-conex-abstract-mech] and described in detail for the case 245 of TCP in [I-D.ietf-conex-tcp-modifications]. Note, the maximum 246 congestion risk is that all packets in flight get lost or ECN marked. 248 If the L or E bit is set, a congestion signal in the form of a loss 249 or, respectively, an ECN mark was previously experienced by the same 250 connection. 252 In principle all of these three bits (L, E, C) might be set in the 253 same packet. In this case the packet size MUST be counted more than 254 once for each respective ConEx information counter. 256 If a network node extracts the ConEx information from a connection, 257 it is expected to hold this information in bytes, e.g. comparing the 258 total number of bytes sent with the number of bytes sent with ConEx 259 congestion marks (L, E) to determine the current whole path 260 congestion level. Therefore a ConEx-aware nodes, that processes the 261 CDO, MUST use the Payload length field of the preceding IPv6 header 262 for byte-based counting. When a ratio is measured and equally sized 263 packets can be assumed, counting the number of packets (instead of 264 the number of bytes) should deliver the same result. But a network 265 node must be aware that this estimation can be quite wrong, if e.g. 266 different sized packed are sent and thus it is not reliable. 268 All remaining bits in the CDO are reserved for future use (which are 269 currently the last four bits of the eight bit option space). A ConEx 270 sender SHOULD set the reserved bits in the CDO to zero. Other nodes 271 MUST ignore these bits and ConEx-aware intermediate nodes MUST 272 forward them unchanged, whatever their values. They MAY log the 273 presence of a non-zero reserved field. 275 It might be possible to implement a proxy for a ConEx sender, as long 276 as it is located where receiver feedback is always visible. A ConEx 277 proxy MUST NOT introduce a CDO header into a packet already carrying 278 one and it MUST NOT alter the information in any existing CDO header. 279 However, it can add a CDO header to any packets without one, taking 280 care not to disrupt any integrity or authentication mechanisms as 281 well as to not exceed the MTU. 283 The CDO is only applicable on unicast or anycast packets (see 284 [I-D.ietf-conex-abstract-mech] note regarding item J on multicast at 285 the end of section 3.3 for reasoning). A ConEx sender MUST NOT send 286 a packet with the CDO to a multicast address. ConEx-capable network 287 nodes MUST treat a multicast packet with the X flag set the same as 288 an equivalent packet without the CDO, and they SHOULD forward it 289 unchanged. 291 As stated in [I-D.ietf-conex-abstract-mech] (see section 3.3 item N 292 on network layer requirements) protocol specs should describe any 293 warning or error messages relevant to the encoding. There are no 294 warnings or error messages associated with the CDO. 296 5. Implementation in the fast path of ConEx-aware routers 298 The ConEx information is being encoded into a destination option so 299 that it does not impact forwarding performance in the non-ConEx-aware 300 nodes on the path. Since destination options are not usually 301 processed by routers, the existence of the CDO does not affect the 302 fast path processing of the datagram on non-ConEx-aware routers, i.e. 303 they are not pushed into the slow path towards the control plane for 304 exception processing. 306 ConEx-aware nodes still need to process the CDO without severely 307 affecting forwarding. For this to be possible, the ConEx-aware 308 routers need to quickly ascertain the presence of the CDO and process 309 the option if it is present. To efficiently perform this, the CDO 310 needs to be placed in a fairly deterministic location. In order to 311 facilitate forwarding on ConEx-aware routers, ConEx-aware senders 312 that send IPv6 datagrams with the CDO MUST place the CDO as the first 313 destination option in the destination options header. 315 6. Tunnel Processing 317 As with any destination option, an ingress tunnel endpoint will not 318 natively copy the CDO when adding an encapsulating outer IP header. 319 In general an ingress tunnel SHOULD NOT copy the CDO to the outer 320 header as this would changed the number of bytes that would be 321 counted. However, it MAY copy the CDO to the outer header in order 322 to facilitate visibility by subsequent on-path ConEx functions if the 323 configuration of the tunnel ingress and the ConEx nodes is co- 324 ordinated. This trades off the performance of ConEx functions 325 against that of tunnel processing. 327 An egress tunnel endpoint SHOULD ignore any CDO on decapsulation of 328 an outer IP header. The information in any inner CDO will always be 329 considered correct, even if it differs from any outer CDO. 330 Therefore, the decapsulator can strip the outer CDO without 331 comparison to the inner. A decapsulator MAY compare the two, and MAY 332 log any case where they differ. However, the packet MUST be 333 forwarded irrespective of any such anomaly, given an outer CDO is 334 only a performance optimization. 336 A network node that assesses ConEx information SHOULD search for 337 encapsulated IP headers until a CDO is found. At any specific 338 network location, the maximum necessary depth of search is likely to 339 be the same for all packets. 341 7. Compatibility with use of IPsec 343 If the transport network cannot be trusted, IPsec Authentication 344 should be used to ensure integrity of the ConEx information. If an 345 attacker would be able to remove the ConEx marks, this could cause an 346 audit device to penalize the respective connection, while the sender 347 cannot easily detect that ConEx information is missing. 349 In IPv6 a Destination Option header can be placed in two possible 350 position in the order of possible headers, either before the Routing 351 header or after the Encapsulating Security Payload (ESP) header 352 [RFC2460]. As the CDO is placed in the destination option header 353 before the AH and/or ESP, it is not encrypted in transport mode 354 [RFC4301]. Otherwise, if the CDO were placed in the latter position 355 and an ESP header were used, the CDO would also be encrypted and 356 could not be interpreted by ConEx-aware devices. 358 The IPv6 protocol architecture currently does not provide a mechanism 359 for new headers to be copied to the outer IP header. Therefore if 360 IPsec encryption is used in tunnel mode, ConEx information cannot be 361 accessed over the extent of the ESP tunnel. 363 8. Mitigating flooding attacks by using preferential drop 365 This section is aspirational, and not critical to the use of ConEx 366 for more general traffic management. However, once CDO information 367 is present, the CDO header could optionally also be used in the data 368 plane of any IP-aware forwarding node to mitigate flooding attacks. 370 Please note that ConEx is an experimental protocol and that any kind 371 of mechanisms that reacts on information provided by the ConEx 372 protocol needs to be evaluated in experimentation as well. This is 373 also true, or especially true, for the preferential drop mechanism 374 described below. 376 Dropping packets preferentially that are not ConEx-capable or do not 377 carry a ConEx mark can be beneficial to migrate flooding attacks as 378 ConEx-marked packets can be assumed to be already restricted by an 379 ConEx ingress policer as further described in 380 [I-D.ietf-conex-abstract-mech]. Therefore the following ConEx-based 381 perferential dropping scheme is proposed: 383 If a router queue experiences very high load so that it has to drop 384 arriving packets, it MAY preferentially drop packets within the same 385 DiffServ PHB using the preference order given in Table 1 (1 means 386 drop first). Additionally, if a router implements preferential drop 387 based on ConEx it SHOULD also support ECN-marking. Even though 388 preferential dropping can be difficult to implement on some hardware, 389 if nowhere else, routers at the egress of a network SHOULD implement 390 preferential drop based on ConEx markings (stronger than the MAY 391 above). 393 +----------------------+----------------+ 394 | | Preference | 395 +----------------------+----------------+ 396 | Not-ConEx or no CDO | 1 (drop first) | 397 | X (but not L,E or C) | 2 | 398 | X and L,E or C | 3 | 399 +----------------------+----------------+ 401 Table 1: Drop preference for ConEx packets 403 A flooding attack is inherently about congestion of a resource. As 404 load focuses on a victim, upstream queues grow, requiring honest 405 sources to pre-load packets with a higher fraction of ConEx-marks. 407 If ECN marking is supported by downstream queues, preferential 408 dropping provides the most benefits because, if the queue is so 409 congested that it drops traffic, it will be CE-marking 100% of any 410 forwarded traffic. Honest sources will therefore be sending 100% 411 ConEx E-marked packets (and subject to rate-limiting at an ingress 412 policer). 414 Senders under malicious control can either do the same as honest 415 sources, and be rate-limited at ingress, or they can understate 416 congestion and not set the E bit. 418 If the preferential drop ranking is implemented on queues, these 419 queues will preserve E/L-marked traffic until last. So, the traffic 420 from malicious sources will all be automatically dropped first. 421 Either way, malicious sources cannot send more than honest sources. 422 Therefore ConEx-based perferential drooping as describe above 423 discriminates against attack traffic if done as part of the overall 424 policing framework as described in [I-D.ietf-conex-abstract-mech]. 426 9. Acknowledgements 428 The authors would like to thank Marcelo Bagnulo, Bob Briscoe, Ingemar 429 Johansson, Joel Halpern and John Leslie for the discussions that led 430 to this document. 432 Special thanks to Bob Briscoe who contributed text and analysis work 433 on preferential dropping. 435 10. Security Considerations 437 [I-D.ietf-conex-abstract-mech] describes the overall audit framework 438 for assuring that ConEx markings truly reflect actual path 439 congestion. This section focuses purely on the security of the 440 encoding chosen for ConEx markings. 442 The chg bit in the CDO option type field is set to zero, meaning that 443 the CDO option is immutable. If IPsec AH is used, a zero chg bit 444 causes AH to cover the CDO option so that its end-to-end integrity 445 can be verified, as explained in Section 4. 447 This document specifies that the Reserved field in the CDO must be 448 ignored and forwarded unchanged even if it does not contain all 449 zeroes. The Reserved field is also required to sit outside the 450 Encapsulating Security Payload (ESP), at least in transport mode (see 451 Section 7). This allows the sender to use the Reserved field as a 4- 452 bit-per-packet covert channel to send information to an on-path node 453 outside the control of IPsec. However, a covert channel is only a 454 concern if it can circumvent IPsec in tunnel mode and, in the tunnel 455 mode case, ESP would close the covert channel as outlined in 456 Section 7. 458 11. IANA Considerations 460 This document defines a new IPv6 ConEx destination option for 461 carrying ConEx markings. IANA is requested to assign a new 462 destination option type in the Destination Options registry 463 maintained at http://www.iana.org/assignments/ipv6-parameters 464 ConEx Destination Option [RFCXXXX] The act bits for this option need 465 to be 00. The chg bit need to be 0. The destination IP stack will 466 not usually process the CDO, therefore the sender can send a CDO 467 without checking if the receiver will understand it. The CDO MUST 468 still be forwarded to the destination IP stack, because the 469 destination might check the integrity of the whole packet, 470 irrespective of whether it understands ConEx. Please also update the 471 describe of the Option Type in section 4 after assignment! 473 12. References 475 12.1. Normative References 477 [I-D.ietf-conex-abstract-mech] 478 Mathis, M. and B. Briscoe, "Congestion Exposure (ConEx) 479 Concepts, Abstract Mechanism and Requirements", draft- 480 ietf-conex-abstract-mech-13 (work in progress), October 481 2014. 483 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 484 Requirement Levels", BCP 14, RFC 2119, 485 DOI 10.17487/RFC2119, March 1997, 486 . 488 [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 489 (IPv6) Specification", RFC 2460, DOI 10.17487/RFC2460, 490 December 1998, . 492 [RFC3168] Ramakrishnan, K., Floyd, S., and D. Black, "The Addition 493 of Explicit Congestion Notification (ECN) to IP", 494 RFC 3168, DOI 10.17487/RFC3168, September 2001, 495 . 497 [RFC4301] Kent, S. and K. Seo, "Security Architecture for the 498 Internet Protocol", RFC 4301, DOI 10.17487/RFC4301, 499 December 2005, . 501 [RFC4302] Kent, S., "IP Authentication Header", RFC 4302, 502 DOI 10.17487/RFC4302, December 2005, 503 . 505 12.2. Informative References 507 [I-D.ietf-conex-tcp-modifications] 508 Kuehlewind, M. and R. Scheffenegger, "TCP modifications 509 for Congestion Exposure", draft-ietf-conex-tcp- 510 modifications-08 (work in progress), April 2015. 512 [RFC6789] Briscoe, B., Ed., Woundy, R., Ed., and A. Cooper, Ed., 513 "Congestion Exposure (ConEx) Concepts and Use Cases", 514 RFC 6789, DOI 10.17487/RFC6789, December 2012, 515 . 517 Authors' Addresses 519 Suresh Krishnan 520 Ericsson 521 8400 Blvd Decarie 522 Town of Mount Royal, Quebec 523 Canada 525 Email: suresh.krishnan@ericsson.com 527 Mirja Kuehlewind 528 ETH Zurich 530 Email: mirja.kuehlewind@tik.ee.ethz.ch 532 Carlos Ralli Ucendo 533 Telefonica 535 Email: ralli@tid.es