idnits 2.17.1 draft-ietf-sipcore-dns-dual-stack-08.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- -- The draft header indicates that this document updates RFC3263, but the abstract doesn't seem to directly say this. It does mention RFC3263 though, so this could be OK. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year (Using the creation date from RFC3263, updated by this document, for RFC5378 checks: 2000-10-06) -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (August 31, 2016) is 2795 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Obsolete informational reference (is this intentional?): RFC 6555 (Obsoleted by RFC 8305) Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 4 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 SIPCORE O. Johansson 3 Internet-Draft Edvina AB 4 Updates: 3263 (if approved) G. Salgueiro 5 Intended status: Standards Track Cisco Systems 6 Expires: March 4, 2017 V. Gurbani 7 Bell Labs, Nokia Networks 8 D. Worley, Ed. 9 Ariadne 10 August 31, 2016 12 Locating Session Initiation Protocol (SIP) Servers in a Dual-Stack IP 13 Network 14 draft-ietf-sipcore-dns-dual-stack-08 16 Abstract 18 RFC 3263 defines how a Session Initiation Protocol (SIP) 19 implementation, given a SIP Uniform Resource Identifier (URI), should 20 locate the next-hop SIP server using Domain Name System (DNS) 21 procedures. As SIP networks increasingly transition from IPv4-only 22 to dual-stack, a quality user experience must be ensured for dual- 23 stack SIP implementations. This document updates the DNS procedures 24 described in RFC 3263 for dual-stack SIP implementations in 25 preparation for forthcoming specifications for applying Happy 26 Eyeballs principles to SIP. 28 Status of This Memo 30 This Internet-Draft is submitted in full conformance with the 31 provisions of BCP 78 and BCP 79. 33 Internet-Drafts are working documents of the Internet Engineering 34 Task Force (IETF). Note that other groups may also distribute 35 working documents as Internet-Drafts. The list of current Internet- 36 Drafts is at http://datatracker.ietf.org/drafts/current/. 38 Internet-Drafts are draft documents valid for a maximum of six months 39 and may be updated, replaced, or obsoleted by other documents at any 40 time. It is inappropriate to use Internet-Drafts as reference 41 material or to cite them other than as "work in progress." 43 This Internet-Draft will expire on March 4, 2017. 45 Copyright Notice 47 Copyright (c) 2016 IETF Trust and the persons identified as the 48 document authors. All rights reserved. 50 This document is subject to BCP 78 and the IETF Trust's Legal 51 Provisions Relating to IETF Documents 52 (http://trustee.ietf.org/license-info) in effect on the date of 53 publication of this document. Please review these documents 54 carefully, as they describe your rights and restrictions with respect 55 to this document. Code Components extracted from this document must 56 include Simplified BSD License text as described in Section 4.e of 57 the Trust Legal Provisions and are provided without warranty as 58 described in the Simplified BSD License. 60 Table of Contents 62 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 63 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 64 3. DNS Procedures in a Dual-Stack Network . . . . . . . . . . . 4 65 3.1. Dual-Stack SIP UA DNS Record Lookup Procedure . . . . . . 4 66 3.2. Indicating Address Family Preference in DNS SRV Records . 5 67 4. Clarification of Interaction with RFC 6724 . . . . . . . . . 6 68 5. Security Considerations . . . . . . . . . . . . . . . . . . . 8 69 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 70 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 8 71 8. Revision History . . . . . . . . . . . . . . . . . . . . . . 8 72 8.1. Changes from draft-ietf-sipcore-dns-dual-stack-07 to 73 draft-ietf-sipcore-dns-dual-stack-08 . . . . . . . . . . 8 74 8.2. Changes from draft-ietf-sipcore-dns-dual-stack-06 to 75 draft-ietf-sipcore-dns-dual-stack-07 . . . . . . . . . . 9 76 8.3. Changes from draft-ietf-sipcore-dns-dual-stack-05 to 77 draft-ietf-sipcore-dns-dual-stack-06 . . . . . . . . . . 9 78 8.4. Changes from draft-ietf-sipcore-dns-dual-stack-04 to 79 draft-ietf-sipcore-dns-dual-stack-05 . . . . . . . . . . 9 80 8.5. Changes from draft-ietf-sipcore-dns-dual-stack-03 to 81 draft-ietf-sipcore-dns-dual-stack-04 . . . . . . . . . . 9 82 8.6. Changes from draft-ietf-sipcore-dns-dual-stack-02 to 83 draft-ietf-sipcore-dns-dual-stack-03 . . . . . . . . . . 10 84 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 10 85 9.1. Normative References . . . . . . . . . . . . . . . . . . 10 86 9.2. Informative References . . . . . . . . . . . . . . . . . 11 87 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 11 89 1. Introduction 91 The Session Initiation Protocol (SIP, [RFC3261]) and the additional 92 documents that extended it provide support for both IPv4 and IPv6. 93 However, this support does not fully extend to the highly hybridized 94 environments that are characteristic of the transitional migratory 95 phase from IPv4 to IPv6 networks. During this phase, many server and 96 client implementations run on dual-stack hosts. In such 97 environments, a dual-stack host will likely suffer greater connection 98 delay, and by extension an inferior user experience, than an 99 IPv4-only host. The need to remedy this diminished performance of 100 dual-stack hosts led to the development of the Happy Eyeballs 101 [RFC6555] algorithm, which has since been implemented in many 102 protocols and applications. 104 This document updates the DNS lookup procedures of RFC 3263 [RFC3263] 105 in preparation for the specification of the application of Happy 106 Eyeballs to SIP. Happy Eyeballs will provide enhanced performance, 107 and consequently user experience, in highly hybridized dual-stack SIP 108 networks. The procedures described herein are such that a dual-stack 109 client should look up both A and AAAA records in DNS and then select 110 the best way to set up a network flow. The details of how the latter 111 is done is considered out of scope for this document. See the Happy 112 Eyeballs algorithm and implementation and design considerations in 113 RFC 6555 [RFC6555] for more information about issues with setting up 114 dual-stack network flows. 116 Section 4 of this document clarifies the interaction of [RFC3263] 117 with [RFC6157] and [RFC6724]. 119 2. Terminology 121 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 122 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 123 document are to be interpreted as described in RFC 2119 [RFC2119]. 125 RFC 3261 [RFC3261] defines additional terms used in this document 126 that are specific to the SIP domain such as "proxy", "registrar", 127 "redirect server", "user agent server" or "UAS", "user agent client" 128 or "UAC", "back-to-back user agent" or "B2BUA", "dialog", 129 "transaction", and "server transaction". 131 This document uses the term "SIP server" that is defined to include 132 the following SIP entities: user agent server, registrar, redirect 133 server, a SIP proxy in the role of user agent server, and a B2BUA in 134 the role of a user agent server. 136 While this document focuses on the dual-stack situation described in 137 RFC 6555 and other documents, concerning the migration from an 138 IPv4-only network to a network supporting both IPv4 and IPv6, the 139 techniques described can be used in other situations. Possible 140 situations include when a device has multiple interfaces with 141 distinct addressing characteristics and when additional IP address 142 families are created in the future. This document uses the general 143 term "dual-stack" to include all situations where the client has 144 access to multiple communication methods that have distinct 145 addressing characteristics. 147 The term "address records" means the DNS records which translate a 148 domain name into addresses within the address family(ies) that the 149 entity supports (as A records provide IPv4 addresses and AAAA records 150 provide IPv6 addresses), regardless of whether the address family was 151 defined before or after this document was approved. 153 3. DNS Procedures in a Dual-Stack Network 155 This specification introduces two normative DNS lookup procedures. 156 These are designed to improve the performance of dual-stack clients 157 in IPv4/IPv6 networks. 159 3.1. Dual-Stack SIP UA DNS Record Lookup Procedure 161 Once the transport protocol has been determined, the procedure for 162 discovering an IP address if the TARGET is not a numeric IP address 163 but the port is explicitly stated in the URI, is detailed in 164 Section 4.2 of RFC 3263 [RFC3263]. The piece relevant to this 165 discussion is: 167 If the TARGET was not a numeric IP address, but a port is present 168 in the URI, the client performs an A or AAAA record lookup of the 169 domain name. The result will be a list of IP addresses, each of 170 which can be contacted at the specific port from the URI and 171 transport protocol determined previously. 173 Section 4.2 of RFC 3263 [RFC3263] also goes on to describe the 174 procedure for discovering an IP address if the TARGET is not a 175 numeric IP address, and no port is present in the URI. The piece 176 relevant to to this discussion is: 178 If no SRV records were found, the client performs an A or AAAA 179 record lookup of the domain name. The result will be a list of IP 180 addresses, each of which can be contacted using the transport 181 protocol determined previously, at the default port for that 182 transport. Processing then proceeds as described above for an 183 explicit port once the A or AAAA records have been looked up. 185 Happy Eyeballs [RFC6555] documents that looking up the "A or AAAA 186 record" is not an effective practice for dual-stack clients and that 187 it can add significant connection delay and greatly degrade user 188 experience. Therefore, this document makes the following normative 189 addendum to the DNS lookup procedures of Section 4.2 of RFC 3263 190 [RFC3263] for IPv4/IPv6 hybrid SIP networks and recommends it as a 191 best practice for such dual-stack networks: 193 The dual-stack client SHOULD look up address records for all 194 address families that it supports for the domain name and add the 195 resulting addresses to the list of IP addresses to be contacted. 196 A client MUST be prepared for the existence of DNS resource 197 records containing addresses in families that it does not support; 198 if such records may be returned by the client's DNS queries, such 199 records MUST be ignored as unusable and the supported addresses 200 used as specified herein. 202 3.2. Indicating Address Family Preference in DNS SRV Records 204 The Happy Eyeballs algorithm [RFC6555] is particularly effective for 205 dual-stack HTTP client applications that have significant performance 206 differences between their IPv4 and IPv6 network paths. This is 207 because the client can initiate two TCP connections to the server, 208 one using IPv4 and one using IPv6, and then use the connection which 209 completes first. This works properly because the client can test 210 each route by initiating a TCP connection, but simply opening a TCP 211 connection to an HTTP server does not change the server's state; the 212 client will send the HTTP request on only one connection. 214 Unfortunately, in common SIP situations, it is not possible to "race" 215 simultaneous request attempts using two address families. If the SIP 216 requests are transmitted as single UDP packets, sending two copies of 217 the request to two different addresses risks having two copies of the 218 request propagating through the SIP network at the same time. The 219 difference between SIP and HTTP is that in SIP the sender cannot test 220 a route in a non-state-changing way. 222 (If two copies of the same request arrive at the destination client, 223 the client MUST reject the second of them with a 482 "Merged Request" 224 response.[RFC3261] But this rule is not sufficient to prevent user- 225 visible differences in behavior. A proxy that is upstream of the 226 second request to arrive at the client may (almost immediately!) 227 serially fork the second request to further destinations (e.g., the 228 voicemail service for the destination client).) 230 In this common scenario it is often necessary for a dual-stack client 231 to indicate a preference for either IPv4 or IPv6. A service may use 232 DNS SRV records to indicate such a preference for an address family. 234 This way, a server with a high-latency and/or low-capacity IPv4 235 tunnel may indicate a preference for being contacted using IPv6. A 236 server that wishes to do this can use the lowest SRV priority to 237 publish hostnames that only resolve in IPv6 and the next priority 238 with host names that resolve in both address families. 240 Note that hostnames that have addresses in only one address family 241 are discouraged by [RFC6555]. Such special-purpose hostnames SHOULD 242 be used only as described in this section, as targets of SRV records 243 for an aggregate host name, where the aggregate host name ultimately 244 resolves to addresses in all families supported by the client. 246 4. Clarification of Interaction with RFC 6724 248 Section 5 of [RFC6157] specifies that the addresses from the address 249 records for a single target DNS name for a server's DNS name must be 250 contacted in the order specified by the source and destination 251 address selection algorithms defined in [RFC6724]. The set of 252 addresses provided to a single invocation of the destination address 253 selection algorithm MUST be the address records for the target DNS 254 name in a single SRV record (or, if there are no SRV records, the DNS 255 name in the URI or derived via NAPTR) -- the destination address 256 selection algorithm MUST NOT reorder addresses derived from different 257 SRV records. Typically, desination address selection is done by 258 using the (relatively new) getaddrinfo() function to translate the 259 target DNS name into a list of IPv4 and/or IPv6 addresses in the 260 order in which they are to be contacted, as that function implements 261 [RFC6724]. 263 Thus, if SRV lookup on the server's DNS name is successful, the major 264 ordering of the complete list of destination addresses is determined 265 by the priority and weight fields of the SRV records (as specified in 266 [RFC2782]) and the (minor) ordering among the destinations derived 267 from the "target" field of a single SRV record is determined by 268 [RFC6724]. 270 For example, consider a server with DNS name example.com, with TCP 271 transport specified. The relevant SRV records for example.com are: 273 _sip._tcp.example.com. 300 IN SRV 10 1 5060 sip-1.example.com. 274 _sip._tcp.example.com. 300 IN SRV 20 1 5060 sip-2.example.com. 276 The processing of [RFC2782] results in this ordered list of target 277 domain names: 279 sip-1.example.com 280 sip-2.example.com 282 The address records for sip-1.example.com, as ordered by [RFC6724], 283 are 285 sip-1.example.com. 300 IN AAAA 2001:0db8:58:c02::face 286 sip-1.example.com. 300 IN AAAA 2001:0db8:c:a06::2:cafe 287 sip-1.example.com. 300 IN AAAA 2001:0db8:44:204::d1ce 288 sip-1.example.com. 300 IN A 192.0.2.45 289 sip-1.example.com. 300 IN A 203.0.113.109 290 sip-1.example.com. 300 IN A 198.51.100.24 292 and the address records for sip-2.example.com, as ordered by 293 [RFC6724], are: 295 sip-2.example.com. 300 IN AAAA 2001:0db8:58:c02::dead 296 sip-2.example.com. 300 IN AAAA 2001:0db8:c:a06::2:beef 297 sip-2.example.com. 300 IN AAAA 2001:0db8:44:204::c0de 298 sip-2.example.com. 300 IN A 192.0.2.75 299 sip-2.example.com. 300 IN A 203.0.113.38 300 sip-2.example.com. 300 IN A 198.51.100.140 302 Thus, the complete list of destination addresses has this ordering: 304 2001:0db8:58:c02::face 305 2001:0db8:c:a06::2:cafe 306 2001:0db8:44:204::d1ce 307 192.0.2.45 308 203.0.113.109 309 198.51.100.24 310 2001:0db8:58:c02::dead 311 2001:0db8:c:a06::2:beef 312 2001:0db8:44:204::c0de 313 192.0.2.75 314 203.0.113.38 315 198.51.100.140 317 In particular, the destination addresses derived from sip- 318 1.example.com and those derived from sip-2.example.com are not 319 interleaved; [RFC6724] does not operate on the complete list. This 320 would be true even if the two SRV records had the same priority and 321 were (randomly) ordered based on their weights, as the address 322 records of two target DNS names are never interleaved. 324 5. Security Considerations 326 This document introduces two new normative procedures to the existing 327 DNS procedures used to locate SIP servers. A client may contact 328 additional target addresses for a URI beyond those prescribed in 329 [RFC3263], and/or it may contact target addresses in a different 330 order than prescribed in [RFC3263]. Neither of these changes 331 introduce any new security considerations because it has always been 332 assumed that a client desiring to send to a URI may contact any of 333 its targets that are listed in DNS. 335 The specific security vulnerabilities, attacks and threat models of 336 the various protocols discussed in this document (SIP, DNS, SRV 337 records, Happy Eyeballs requirements and algorithm, etc.) are well 338 documented in their respective specifications. 340 6. IANA Considerations 342 This document does not require any actions by IANA. 344 7. Acknowledgments 346 The authors would like to acknowledge the support and contribution of 347 the SIP Forum IPv6 Working Group. This document is based on a lot of 348 tests and discussions at SIPit events, organized by the SIP Forum. 350 This document has benefited from the expertise and review feedback of 351 many participants of the IETF DISPATCH and SIPCORE WG mailing lists 352 as well as those on the SIP Forum IPv6 Task Group mailing list. The 353 authors wish to specifically call out the efforts and express their 354 gratitude for the detailed and thoughtful comments and corrections of 355 Dan Wing, Brett Tate, Rifaat Shekh-Yusef, Carl Klatsky, Mary Barnes, 356 Keith Drage, Cullen Jennings, Simon Perreault, Paul Kyzivat, Adam 357 Roach, Richard Barnes, Ben Campbell, Stefan Winter, Spencer Dawkins, 358 and Suresh Krishnan. Adam Roach devised the example in Section 4. 360 8. Revision History 362 [Note to RFC Editor: Please remove this entire section upon 363 publication as an RFC.] 365 8.1. Changes from draft-ietf-sipcore-dns-dual-stack-07 to draft-ietf- 366 sipcore-dns-dual-stack-08 368 Remove the reference to RFC 3484, since that RFC has been superseded, 369 and the reference was only the statement that 3484 had been 370 superseded by RFC 6724. 372 Added explanation why "racing" simultaneous copies of a SIP requests 373 causes incorrect behavior. Acknowledged Spencer Dawkins for this. 375 In Section 4, made explcit the ordered list of target domain names 376 that result from processing the SRV records. Acknowledged Suresh 377 Krishnan for suggesting this. 379 Updated the Terminology section to remove the definitions of 380 "IPv4-only", etc. (which weren't being used) and add a definition of 381 "dual-stack" that includes all multiple-stack situations. 383 8.2. Changes from draft-ietf-sipcore-dns-dual-stack-06 to draft-ietf- 384 sipcore-dns-dual-stack-07 386 Update per Ben Campbell's AD evaluation. 388 Update Vijay Gurbani's affiliation. 390 Update per Stefan Winter's OPS-DIR review. 392 8.3. Changes from draft-ietf-sipcore-dns-dual-stack-05 to draft-ietf- 393 sipcore-dns-dual-stack-06 395 Acknowledged Adam Roach for providing the example in Section 4. 397 Correct references to [RFC6157] vs. references to [RFC6724]. 399 8.4. Changes from draft-ietf-sipcore-dns-dual-stack-04 to draft-ietf- 400 sipcore-dns-dual-stack-05 402 Simplified the acknowledgments. 404 Improve wording and punctuation. 406 Rewrote Section 4 based on critiques on the Sipcore list. Included 407 an example by Adam Roach. 409 Replaced "RR's" with "records" per suggestion by Jean Mahoney. 411 8.5. Changes from draft-ietf-sipcore-dns-dual-stack-03 to draft-ietf- 412 sipcore-dns-dual-stack-04 414 Changed the "updates" specification to add RFC 3263 and remove RFC 415 6157. 417 Added Simon Perreault to the acknowledgments. 419 Minor wording changes. 421 8.6. Changes from draft-ietf-sipcore-dns-dual-stack-02 to draft-ietf- 422 sipcore-dns-dual-stack-03 424 Described the relationship to RFC 3263 as "update", since the 425 existing wording in 3263 is not what we want. Arguably, the new 426 wording is what was intended in 3263, but the existing wording either 427 does not say that or says it in a way that is easily misunderstood. 429 Described the relationship to RFC 6157 as "clarification", since the 430 described interaction between 3263 and 6157 appears to be the only 431 reasonable interpretation. 433 Revised wording, punctuation, and capitalization in various places. 435 Clarified that this draft does not document Happy Eyeballs for SIP, 436 but is preparatory for it. 438 Attempted to use "update" for text that is definitively a change to 439 the preexisting text and "clarify" for text that is a more clear 440 statement of the (presumed) intention of the preexisting text. 442 Removed normative words from section 1, the introduction. 444 Copied definition of "address records" from RFC 2782 (SRV records) to 445 allow the specifications to expand automatically to include any new 446 address families. 448 Relocated the text requiring a client to ignore addresses that it 449 discovers in address families it does not support from section 4.2 450 (which describes why the situation arises) to section 4.1 (which 451 describes how clients look up RRs). 453 Clarified the interaction with RFC 6157 (source and destination 454 address selection in IPv6) to specify what must have been intended: 455 The major sort of the destinations is the ordering determined by 456 priority/weight in the SRV records; the addresses derived from a 457 single SRV record's target are minorly sorted based on RFC 6157. 459 Removed editor's name from the acknowledgments list. 461 9. References 463 9.1. Normative References 465 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 466 Requirement Levels", BCP 14, RFC 2119, 467 DOI 10.17487/RFC2119, March 1997, 468 . 470 [RFC2782] Gulbrandsen, A., Vixie, P., and L. Esibov, "A DNS RR for 471 specifying the location of services (DNS SRV)", RFC 2782, 472 DOI 10.17487/RFC2782, February 2000, 473 . 475 [RFC3263] Rosenberg, J. and H. Schulzrinne, "Session Initiation 476 Protocol (SIP): Locating SIP Servers", RFC 3263, 477 DOI 10.17487/RFC3263, June 2002, 478 . 480 [RFC6157] Camarillo, G., El Malki, K., and V. Gurbani, "IPv6 481 Transition in the Session Initiation Protocol (SIP)", 482 RFC 6157, DOI 10.17487/RFC6157, April 2011, 483 . 485 [RFC6724] Thaler, D., Ed., Draves, R., Matsumoto, A., and T. Chown, 486 "Default Address Selection for Internet Protocol Version 6 487 (IPv6)", RFC 6724, DOI 10.17487/RFC6724, September 2012, 488 . 490 9.2. Informative References 492 [RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, 493 A., Peterson, J., Sparks, R., Handley, M., and E. 494 Schooler, "SIP: Session Initiation Protocol", RFC 3261, 495 DOI 10.17487/RFC3261, June 2002, 496 . 498 [RFC6555] Wing, D. and A. Yourtchenko, "Happy Eyeballs: Success with 499 Dual-Stack Hosts", RFC 6555, DOI 10.17487/RFC6555, April 500 2012, . 502 Authors' Addresses 504 Olle E. Johansson 505 Edvina AB 506 Runbovaegen 10 507 Sollentuna SE-192 48 508 SE 510 Email: oej@edvina.net 511 Gonzalo Salgueiro 512 Cisco Systems 513 7200-12 Kit Creek Road 514 Research Triangle Park, NC 27709 515 US 517 Email: gsalguei@cisco.com 519 Vijay Gurbani 520 Bell Labs, Nokia Networks 521 1960 Lucent Lane 522 Rm 9C-533 523 Naperville, IL 60563 524 US 526 Email: vkg@bell-labs.com 528 Dale R. Worley (editor) 529 Ariadne Internet Services 530 738 Main St. 531 Waltham, MA 02451 532 US 534 Email: worley@ariadne.com