idnits 2.17.1 draft-ietf-sipcore-dns-dual-stack-07.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- -- The draft header indicates that this document updates RFC3263, but the abstract doesn't seem to directly say this. It does mention RFC3263 though, so this could be OK. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year (Using the creation date from RFC3263, updated by this document, for RFC5378 checks: 2000-10-06) -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (July 8, 2016) is 2848 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Obsolete informational reference (is this intentional?): RFC 3484 (Obsoleted by RFC 6724) -- Obsolete informational reference (is this intentional?): RFC 6555 (Obsoleted by RFC 8305) Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 5 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 SIPCORE O. Johansson 3 Internet-Draft Edvina AB 4 Updates: 3263 (if approved) G. Salgueiro 5 Intended status: Standards Track Cisco Systems 6 Expires: January 9, 2017 V. Gurbani 7 Bell Labs, Nokia Networks 8 D. Worley, Ed. 9 Ariadne 10 July 8, 2016 12 Locating Session Initiation Protocol (SIP) Servers in a Dual-Stack IP 13 Network 14 draft-ietf-sipcore-dns-dual-stack-07 16 Abstract 18 RFC 3263 defines how a Session Initiation Protocol (SIP) 19 implementation, given a SIP Uniform Resource Identifier (URI), should 20 locate the next-hop SIP server using Domain Name System (DNS) 21 procedures. As SIP networks increasingly transition from IPv4-only 22 to dual-stack, a quality user experience must be ensured for dual- 23 stack SIP implementations. This document updates the DNS procedures 24 described in RFC 3263 for dual-stack SIP implementations in 25 preparation for forthcoming specifications for applying Happy 26 Eyeballs principles to SIP. 28 Status of This Memo 30 This Internet-Draft is submitted in full conformance with the 31 provisions of BCP 78 and BCP 79. 33 Internet-Drafts are working documents of the Internet Engineering 34 Task Force (IETF). Note that other groups may also distribute 35 working documents as Internet-Drafts. The list of current Internet- 36 Drafts is at http://datatracker.ietf.org/drafts/current/. 38 Internet-Drafts are draft documents valid for a maximum of six months 39 and may be updated, replaced, or obsoleted by other documents at any 40 time. It is inappropriate to use Internet-Drafts as reference 41 material or to cite them other than as "work in progress." 43 This Internet-Draft will expire on January 9, 2017. 45 Copyright Notice 47 Copyright (c) 2016 IETF Trust and the persons identified as the 48 document authors. All rights reserved. 50 This document is subject to BCP 78 and the IETF Trust's Legal 51 Provisions Relating to IETF Documents 52 (http://trustee.ietf.org/license-info) in effect on the date of 53 publication of this document. Please review these documents 54 carefully, as they describe your rights and restrictions with respect 55 to this document. Code Components extracted from this document must 56 include Simplified BSD License text as described in Section 4.e of 57 the Trust Legal Provisions and are provided without warranty as 58 described in the Simplified BSD License. 60 Table of Contents 62 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 63 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 64 3. DNS Procedures in a Dual-Stack Network . . . . . . . . . . . 4 65 3.1. Dual-Stack SIP UA DNS Record Lookup Procedure . . . . . . 4 66 3.2. Indicating Address Family Preference in DNS SRV Records . 5 67 4. Clarification of interaction with RFC 6724 . . . . . . . . . 5 68 5. Security Considerations . . . . . . . . . . . . . . . . . . . 7 69 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 70 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 7 71 8. Revision History . . . . . . . . . . . . . . . . . . . . . . 8 72 8.1. Changes from draft-ietf-sipcore-dns-dual-stack-06 to 73 draft-ietf-sipcore-dns-dual-stack-07 . . . . . . . . . . 8 74 8.2. Changes from draft-ietf-sipcore-dns-dual-stack-05 to 75 draft-ietf-sipcore-dns-dual-stack-06 . . . . . . . . . . 8 76 8.3. Changes from draft-ietf-sipcore-dns-dual-stack-04 to 77 draft-ietf-sipcore-dns-dual-stack-05 . . . . . . . . . . 8 78 8.4. Changes from draft-ietf-sipcore-dns-dual-stack-03 to 79 draft-ietf-sipcore-dns-dual-stack-04 . . . . . . . . . . 8 80 8.5. Changes from draft-ietf-sipcore-dns-dual-stack-02 to 81 draft-ietf-sipcore-dns-dual-stack-03 . . . . . . . . . . 9 82 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 83 9.1. Normative References . . . . . . . . . . . . . . . . . . 10 84 9.2. Informative References . . . . . . . . . . . . . . . . . 10 85 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 11 87 1. Introduction 89 The Session Initiation Protocol (SIP, [RFC3261]) and the additional 90 documents that extended it provide support for both IPv4 and IPv6. 91 However, this support does not fully extend to the highly hybridized 92 environments that are characteristic of the transitional migratory 93 phase from IPv4 to IPv6 networks. During this phase, many server and 94 client implementations run on dual-stack hosts. In such 95 environments, a dual-stack host will likely suffer greater connection 96 delay, and by extension an inferior user experience, than an 97 IPv4-only host. The need to remedy this diminished performance of 98 dual-stack hosts led to the development of the Happy Eyeballs 99 [RFC6555] algorithm, which has since been implemented in many 100 protocols and applications. 102 This document updates the DNS lookup procedures of RFC 3263 [RFC3263] 103 in preparation for the specification of the application of Happy 104 Eyeballs to SIP. Happy Eyeballs will provide enhanced performance, 105 and consequently user experience, in highly hybridized dual-stack SIP 106 networks. The procedures described herein are such that a dual-stack 107 client should look up both A and AAAA records in DNS and then select 108 the best way to set up a network flow. The details of how the latter 109 is done is considered out of scope for this document. See the Happy 110 Eyeballs algorithm and implementation and design considerations in 111 RFC 6555 [RFC6555] for more information about issues with setting up 112 dual-stack network flows. 114 Section 4 of this document clarifies the interaction of [RFC3263] 115 with [RFC6157] and [RFC6724]. 117 2. Terminology 119 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 120 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 121 document are to be interpreted as described in RFC 2119 [RFC2119]. 123 RFC 3261 [RFC3261] defines additional terms used in this document 124 that are specific to the SIP domain such as "proxy", "registrar", 125 "redirect server", "user agent server" or "UAS", "user agent client" 126 or "UAC", "back-to-back user agent" or "B2BUA", "dialog", 127 "transaction", and "server transaction". 129 This document uses the term "SIP server" that is defined to include 130 the following SIP entities: user agent server, registrar, redirect 131 server, a SIP proxy in the role of user agent server, and a B2BUA in 132 the role of a user agent server. 134 This document also uses the following terminology to make clear 135 distinction between SIP entities supporting only IPv4, only IPv6 or 136 supporting both IPv4 and IPv6: 138 IPv4-only UA/UAC/UAS: An IPv4-only UA/UAC/UAS supports SIP signaling 139 and media only on the IPv4 network. It does not understand IPv6 140 addresses. 142 IPv6-only UA/UAC/UAS: An IPv6-only UA/UAC/UAS supports SIP signaling 143 and media only on the IPv6 network. It does not understand IPv4 144 addresses. 146 dual-stack UA/UAC/UAS: A UA/UAC/UAS that supports SIP signaling and 147 media on both IPv4 and IPv6 networks. 149 The term "address records" means the DNS records which translate a 150 domain name into addresses within the address family(ies) that the 151 entity supports (as A records provide IPv4 addresses and AAAA records 152 provide IPv6 addresses), regardless of whether the address family was 153 defined before or after this document was approved. 155 3. DNS Procedures in a Dual-Stack Network 157 This specification introduces two normative DNS lookup procedures. 158 These are designed to improve the performance of dual-stack clients 159 in IPv4/IPv6 networks. 161 3.1. Dual-Stack SIP UA DNS Record Lookup Procedure 163 Once the transport protocol has been determined, the procedure for 164 discovering an IP address if the TARGET is not a numeric IP address 165 but the port is explicitly stated in the URI, is detailed in 166 Section 4.2 of RFC 3263 [RFC3263]. The piece relevant to this 167 discussion is: 169 If the TARGET was not a numeric IP address, but a port is present 170 in the URI, the client performs an A or AAAA record lookup of the 171 domain name. The result will be a list of IP addresses, each of 172 which can be contacted at the specific port from the URI and 173 transport protocol determined previously. 175 Section 4.2 of RFC 3263 [RFC3263] also goes on to describe the 176 procedure for discovering an IP address if the TARGET is not a 177 numeric IP address, and no port is present in the URI. The piece 178 relevant to to this discussion is: 180 If no SRV records were found, the client performs an A or AAAA 181 record lookup of the domain name. The result will be a list of IP 182 addresses, each of which can be contacted using the transport 183 protocol determined previously, at the default port for that 184 transport. Processing then proceeds as described above for an 185 explicit port once the A or AAAA records have been looked up. 187 Happy Eyeballs [RFC6555] documents that looking up the "A or AAAA 188 record" is not an effective practice for dual-stack clients and that 189 it can add significant connection delay and greatly degrade user 190 experience. Therefore, this document makes the following normative 191 addendum to the DNS lookup procedures of Section 4.2 of RFC 3263 192 [RFC3263] for IPv4/IPv6 hybrid SIP networks and recommends it as a 193 best practice for such dual-stack networks: 195 The dual-stack client SHOULD look up all address records (i.e., 196 for all address family(ies) that it supports) for the domain name 197 and add the resulting addresses to the list of IP addresses to be 198 contacted. A client MUST be prepared for the existence of DNS 199 resource records containing addresses in families that it does not 200 support; if such records may be returned by the client's DNS 201 queries, such records MUST be ignored as unusable and the 202 supported addresses used as specified herein. 204 3.2. Indicating Address Family Preference in DNS SRV Records 206 The Happy Eyeballs algorithm [RFC6555] is particularly effective for 207 dual-stack HTTP client applications that have significant performance 208 differences between their IPv4 and IPv6 network paths. This is 209 because the client can initiate two TCP connections to the server, 210 one using IPv4 and one using IPv6, and then use the connection which 211 completes first. 213 Unfortunately, in common SIP situations, it is not possible to "race" 214 simultaneous request attempts using two address families. In this 215 common scenario it is often necessary for a dual-stack client to 216 indicate a preference for either IPv4 or IPv6. A service may use DNS 217 SRV records to indicate such a preference for an address family. 218 This way, a server with a high-latency and/or low-capacity IPv4 219 tunnel may indicate a preference for being contacted using IPv6. A 220 server that wishes to do this can use the lowest SRV priority to 221 publish hostnames that only resolve in IPv6 and the next priority 222 with host names that resolve in both address families. 224 Note that hostnames that have addresses in only one address family 225 are discouraged by [RFC6555]. Such special-purpose hostnames SHOULD 226 be used only as described in this section, as targets of SRV records 227 for an aggregate host name, where the aggregate host name ultimately 228 resolves to addresses in all families supported by the client. 230 4. Clarification of interaction with RFC 6724 232 Section 5 of [RFC6157] specifies that the addresses from the address 233 records for a single target DNS name for a server's DNS name must be 234 contacted in the order specified by the source and destination 235 address selection algorithms defined in [RFC6724] (the successor of 236 [RFC3484]). The set of addresses provided to a single invocation of 237 the destination address selection algorithm MUST be the address 238 records for the target DNS name in a single SRV record (or, if there 239 are no SRV records, the DNS name in the URI or derived via NAPTR) -- 240 the destination address selection algorithm MUST NOT reorder 241 addresses derived from different SRV records. Typically, desination 242 address selection is done by using the (relatively new) getaddrinfo() 243 function to translate the target DNS name into a list of IPv4 and/or 244 IPv6 addresses in the order in which they are to be contacted, as 245 that function implements [RFC6724]. 247 Thus, if SRV lookup on the server's DNS name is successful, the major 248 ordering of the complete list of destination addresses is determined 249 by the priority and weight fields of the SRV records (as specified in 250 [RFC2782]) and the (minor) ordering among the destinations derived 251 from the "target" field of a single SRV record is determined by 252 [RFC6724]. 254 For example, consider a server with DNS name example.com, with TCP 255 transport specified. The relevant SRV records are: 257 _sip._tcp.example.com. 300 IN SRV 10 1 5060 sip-1.example.com. 258 _sip._tcp.example.com. 300 IN SRV 20 1 5060 sip-2.example.com. 260 The address records for sip-1.example.com, as ordered by [RFC6724], 261 are 263 sip-1.example.com. 300 IN AAAA 2001:0db8:58:c02::face 264 sip-1.example.com. 300 IN AAAA 2001:0db8:c:a06::2:cafe 265 sip-1.example.com. 300 IN AAAA 2001:0db8:44:204::d1ce 266 sip-1.example.com. 300 IN A 192.0.2.45 267 sip-1.example.com. 300 IN A 203.0.113.109 268 sip-1.example.com. 300 IN A 198.51.100.24 270 and the address records for sip-2.example.com, as ordered by 271 [RFC6724], are: 273 sip-2.example.com. 300 IN AAAA 2001:0db8:58:c02::dead 274 sip-2.example.com. 300 IN AAAA 2001:0db8:c:a06::2:beef 275 sip-2.example.com. 300 IN AAAA 2001:0db8:44:204::c0de 276 sip-2.example.com. 300 IN A 192.0.2.75 277 sip-2.example.com. 300 IN A 203.0.113.38 278 sip-2.example.com. 300 IN A 198.51.100.140 280 Thus, the complete list of destination addresses has this ordering: 282 2001:0db8:58:c02::face 283 2001:0db8:c:a06::2:cafe 284 2001:0db8:44:204::d1ce 285 192.0.2.45 286 203.0.113.109 287 198.51.100.24 288 2001:0db8:58:c02::dead 289 2001:0db8:c:a06::2:beef 290 2001:0db8:44:204::c0de 291 192.0.2.75 292 203.0.113.38 293 198.51.100.140 295 In particular, the destination addresses derived from sip- 296 1.example.com and those derived from sip-2.example.com are not 297 interleaved; [RFC6724] does not operate on the complete list. This 298 would be true even if the two SRV records had the same priority and 299 were (randomly) ordered based on their weights, as the address 300 records of two target DNS names are never interleaved. 302 5. Security Considerations 304 This document introduces two new normative procedures to the existing 305 DNS procedures used to locate SIP servers. A client may contact 306 additional target addresses for a URI beyond those prescribed in 307 [RFC3263], and/or it may contact target addresses in a different 308 order than prescribed in [RFC3263]. Neither of these changes 309 introduce any new security considerations because it has always been 310 assumed that a client desiring to send to a URI may contact any of 311 its targets that are listed in DNS. 313 The specific security vulnerabilities, attacks and threat models of 314 the various protocols discussed in this document (SIP, DNS, SRV 315 records, Happy Eyeballs requirements and algorithm, etc.) are well 316 documented in their respective specifications. 318 6. IANA Considerations 320 This document does not require any actions by IANA. 322 7. Acknowledgments 324 The authors would like to acknowledge the support and contribution of 325 the SIP Forum IPv6 Working Group. This document is based on a lot of 326 tests and discussions at SIPit events, organized by the SIP Forum. 328 This document has benefited from the expertise and review feedback of 329 many participants of the IETF DISPATCH and SIPCORE WG mailing lists 330 as well as those on the SIP Forum IPv6 Task Group mailing list. The 331 authors wish to specifically call out the efforts and express their 332 gratitude for the detailed and thoughtful comments and corrections of 333 Dan Wing, Brett Tate, Rifaat Shekh-Yusef, Carl Klatsky, Mary Barnes, 334 Keith Drage, Cullen Jennings, Simon Perreault, Paul Kyzivat, Adam 335 Roach, Richard Barnes, Ben Campbell, and Stefan Winter. Adam Roach 336 devised the example in Section 4. 338 8. Revision History 340 [Note to RFC Editor: Please remove this entire section upon 341 publication as an RFC.] 343 8.1. Changes from draft-ietf-sipcore-dns-dual-stack-06 to draft-ietf- 344 sipcore-dns-dual-stack-07 346 Update per Ben Campbell's AD evaluation. 348 Update Vijay Gurbani's affiliation. 350 Update per Stefan Winter's OPS-DIR review. 352 8.2. Changes from draft-ietf-sipcore-dns-dual-stack-05 to draft-ietf- 353 sipcore-dns-dual-stack-06 355 Acknowledged Adam Roach for providing the example in Section 4. 357 Correct references to [RFC6157] vs. references to [RFC6724]. 359 8.3. Changes from draft-ietf-sipcore-dns-dual-stack-04 to draft-ietf- 360 sipcore-dns-dual-stack-05 362 Simplified the acknowledgments. 364 Improve wording and punctuation. 366 Rewrote Section 4 based on critiques on the Sipcore list. Included 367 an example by Adam Roach. 369 Replaced "RR's" with "records" per suggestion by Jean Mahoney. 371 8.4. Changes from draft-ietf-sipcore-dns-dual-stack-03 to draft-ietf- 372 sipcore-dns-dual-stack-04 374 Changed the "updates" specification to add RFC 3263 and remove RFC 375 6157. 377 Added Simon Perreault to the acknowledgments. 379 Minor wording changes. 381 8.5. Changes from draft-ietf-sipcore-dns-dual-stack-02 to draft-ietf- 382 sipcore-dns-dual-stack-03 384 Described the relationship to RFC 3263 as "update", since the 385 existing wording in 3263 is not what we want. Arguably, the new 386 wording is what was intended in 3263, but the existing wording either 387 does not say that or says it in a way that is easily misunderstood. 389 Described the relationship to RFC 6157 as "clarification", since the 390 described interaction between 3263 and 6157 appears to be the only 391 reasonable interpretation. 393 Revised wording, punctuation, and capitalization in various places. 395 Clarified that this draft does not document Happy Eyeballs for SIP, 396 but is preparatory for it. 398 Attempted to use "update" for text that is definitively a change to 399 the preexisting text and "clarify" for text that is a more clear 400 statement of the (presumed) intention of the preexisting text. 402 Removed normative words from section 1, the introduction. 404 Copied definition of "address records" from RFC 2782 (SRV records) to 405 allow the specifications to expand automatically to include any new 406 address families. 408 Relocated the text requiring a client to ignore addresses that it 409 discovers in address families it does not support from section 4.2 410 (which describes why the situation arises) to section 4.1 (which 411 describes how clients look up RRs). 413 Clarified the interaction with RFC 6157 (source and destination 414 address selection in IPv6) to specify what must have been intended: 415 The major sort of the destinations is the ordering determined by 416 priority/weight in the SRV records; the addresses derived from a 417 single SRV record's target are minorly sorted based on RFC 6157. 419 Removed editor's name from the acknowledgments list. 421 9. References 422 9.1. Normative References 424 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 425 Requirement Levels", BCP 14, RFC 2119, 426 DOI 10.17487/RFC2119, March 1997, 427 . 429 [RFC2782] Gulbrandsen, A., Vixie, P., and L. Esibov, "A DNS RR for 430 specifying the location of services (DNS SRV)", RFC 2782, 431 DOI 10.17487/RFC2782, February 2000, 432 . 434 [RFC3263] Rosenberg, J. and H. Schulzrinne, "Session Initiation 435 Protocol (SIP): Locating SIP Servers", RFC 3263, 436 DOI 10.17487/RFC3263, June 2002, 437 . 439 [RFC6157] Camarillo, G., El Malki, K., and V. Gurbani, "IPv6 440 Transition in the Session Initiation Protocol (SIP)", 441 RFC 6157, DOI 10.17487/RFC6157, April 2011, 442 . 444 [RFC6724] Thaler, D., Ed., Draves, R., Matsumoto, A., and T. Chown, 445 "Default Address Selection for Internet Protocol Version 6 446 (IPv6)", RFC 6724, DOI 10.17487/RFC6724, September 2012, 447 . 449 9.2. Informative References 451 [RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, 452 A., Peterson, J., Sparks, R., Handley, M., and E. 453 Schooler, "SIP: Session Initiation Protocol", RFC 3261, 454 DOI 10.17487/RFC3261, June 2002, 455 . 457 [RFC3484] Draves, R., "Default Address Selection for Internet 458 Protocol version 6 (IPv6)", RFC 3484, 459 DOI 10.17487/RFC3484, February 2003, 460 . 462 [RFC6555] Wing, D. and A. Yourtchenko, "Happy Eyeballs: Success with 463 Dual-Stack Hosts", RFC 6555, DOI 10.17487/RFC6555, April 464 2012, . 466 Authors' Addresses 468 Olle E. Johansson 469 Edvina AB 470 Runbovaegen 10 471 Sollentuna SE-192 48 472 SE 474 Email: oej@edvina.net 476 Gonzalo Salgueiro 477 Cisco Systems 478 7200-12 Kit Creek Road 479 Research Triangle Park, NC 27709 480 US 482 Email: gsalguei@cisco.com 484 Vijay Gurbani 485 Bell Labs, Nokia Networks 486 1960 Lucent Lane 487 Rm 9C-533 488 Naperville, IL 60563 489 US 491 Email: vkg@bell-labs.com 493 Dale R. Worley (editor) 494 Ariadne Internet Services 495 738 Main St. 496 Waltham, MA 02451 497 US 499 Email: worley@ariadne.com