idnits 2.17.1 draft-ietf-speermint-architecture-07.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 22. -- Found old boilerplate from RFC 3978, Section 5.5, updated by RFC 4748 on line 873. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 849. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 856. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 862. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == There are 1 instance of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust Copyright Line does not match the current year == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (November 3, 2008) is 5654 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Unused Reference: '2' is defined on line 722, but no explicit reference was found in the text == Unused Reference: '3' is defined on line 725, but no explicit reference was found in the text == Unused Reference: '5' is defined on line 732, but no explicit reference was found in the text == Unused Reference: '6' is defined on line 736, but no explicit reference was found in the text == Unused Reference: '7' is defined on line 740, but no explicit reference was found in the text == Unused Reference: '15' is defined on line 770, but no explicit reference was found in the text == Unused Reference: '17' is defined on line 776, but no explicit reference was found in the text == Unused Reference: '18' is defined on line 779, but no explicit reference was found in the text == Unused Reference: '19' is defined on line 783, but no explicit reference was found in the text == Unused Reference: '20' is defined on line 787, but no explicit reference was found in the text == Unused Reference: '22' is defined on line 795, but no explicit reference was found in the text ** Obsolete normative reference: RFC 2915 (ref. '2') (Obsoleted by RFC 3401, RFC 3402, RFC 3403, RFC 3404) ** Obsolete normative reference: RFC 4366 (ref. '5') (Obsoleted by RFC 5246, RFC 6066) == Outdated reference: A later version (-17) exists of draft-ietf-speermint-terminology-16 == Outdated reference: A later version (-11) exists of draft-ietf-speermint-requirements-04 == Outdated reference: A later version (-05) exists of draft-ietf-speermint-flows-02 == Outdated reference: A later version (-01) exists of draft-penno-sipping-peering-package-00 == Outdated reference: A later version (-07) exists of draft-ietf-sip-domain-certs-00 Summary: 3 errors (**), 0 flaws (~~), 19 warnings (==), 7 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Speermint Working Group R. Penno 2 Internet Draft Juniper Networks 3 Intended status: Informational D. Malas 4 Expires: May 2009 CableLabs 5 S. Khan 6 Comcast 7 A. Uzelac 8 Global Crossing 9 M. Hammer 10 Cisco Systems 11 November 3, 2008 13 SPEERMINT Peering Architecture 14 draft-ietf-speermint-architecture-07 16 Status of this Memo 18 By submitting this Internet-Draft, each author represents that 19 any applicable patent or other IPR claims of which he or she is 20 aware have been or will be disclosed, and any of which he or she 21 becomes aware will be disclosed, in accordance with Section 6 of 22 BCP 79. 24 Internet-Drafts are working documents of the Internet Engineering 25 Task Force (IETF), its areas, and its working groups. Note that 26 other groups may also distribute working documents as Internet- 27 Drafts. 29 Internet-Drafts are draft documents valid for a maximum of six 30 months and may be updated, replaced, or obsoleted by other documents 31 at any time. It is inappropriate to use Internet-Drafts as 32 reference material or to cite them other than as "work in progress." 34 The list of current Internet-Drafts can be accessed at 35 http://www.ietf.org/ietf/1id-abstracts.txt 37 The list of Internet-Draft Shadow Directories can be accessed at 38 http://www.ietf.org/shadow.html 40 This Internet-Draft will expire on January 2008. 42 Copyright Notice 44 Copyright (C) The IETF Trust (2008). 46 Abstract 48 This document defines the SPEERMINT peering architecture, its 49 functional components and peering interface functions. It also 50 describes the steps taken to establish a session between two peering 51 domains in the context of the functions defined. 53 Conventions used in this document 55 The key words "must", "must NOT", "REQUIRED", "SHALL", "SHALL NOT", 56 "should", "should NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 57 document are to be interpreted as described in RFC-2119[1] 59 Table of Contents 61 1. Introduction...................................................3 62 2. Network Context................................................3 63 3. Procedures.....................................................6 64 4. Reference SPEERMINT Architecture...............................6 65 5. Recommended SSP Procedures.....................................8 66 5.1. Originating SSP Procedures................................8 67 5.1.1. The Look-Up Function (LUF)...........................8 68 5.1.1.1. Target address analysis.........................8 69 5.1.1.2. User ENUM Lookup................................9 70 5.1.1.3. Infrastructure ENUM lookup......................9 71 5.1.2. Location Routing Function (LRF).....................10 72 5.1.2.1. Routing Table..................................10 73 5.1.2.2. SIP DNS Resolution.............................10 74 5.1.2.3. SIP Redirect Server............................11 75 5.1.3. The Signaling Function (SF).........................11 76 5.1.3.1. Establishing a Trusted Relationship............11 77 5.1.3.2. Sending the SIP request........................12 78 5.2. Terminating SSP Procedures...............................12 79 5.2.1. The Location Function (LF)..........................12 80 5.2.1.1. Publish ENUM records...........................12 81 5.2.1.2. Publish SIP DNS records........................13 82 5.2.1.3. Subscribe Notify...............................13 83 5.2.2. Signaling Function (SF).............................13 84 5.2.2.1. TLS............................................13 85 5.2.2.2. Receive SIP requests...........................13 86 5.3. Target SSP Procedures....................................14 87 5.3.1. Signaling Function (SF).............................14 88 5.3.1.1. TLS............................................14 89 5.3.1.2. Receive SIP requests...........................14 90 5.4. Media Function (MF)......................................14 91 5.5. Policy Considerations....................................14 92 6. Call Control and Media Control Deployment Options.............15 93 7. Address space considerations..................................17 94 8. Security Considerations.......................................17 95 9. IANA Considerations...........................................17 96 10. Acknowledgments..............................................17 97 11. References...................................................18 98 11.1. Normative References....................................18 99 11.2. Informative References..................................19 100 Author's Addresses...............................................20 101 Intellectual Property Statement..................................20 102 Disclaimer of Validity...........................................21 104 1. Introduction 106 The objective of this document is to define a reference peering 107 architecture in the context of Session PEERing for Multimedia 108 INTerconnect (SPEERMINT). In this process, we define the peering 109 reference architecture (reference, for short), it's functional 110 components, and peering interface functions from the perspective of 111 a SIP Service provider's (SSP) network. 113 This architecture allows the interconnection of two SSPs in layer 5 114 peering as defined in the SPEERMINT Requirements [13] and 115 Terminology [12] documents. 117 Layer 3 peering is outside the scope of this document. Hence, the 118 figures in this document do not show routers so that the focus is on 119 Layer 5 protocol aspects. 121 This document uses terminology defined in the SPEERMINT Terminology 122 document [12], so the reader should be familiar with all the terms 123 defined there. 125 2. Network Context 127 Figure 1 shows an example network context. Two SSPs can form a Layer 128 5 peering over either the public Internet or private Layer3 129 networks. In addition, two or more providers may form a SIP (Layer 130 5) federation [13] on either the public Internet or private Layer 3 131 networks. This document does not make any assumption whether the SIP 132 providers directly peer to each other or through Layer 3 transit 133 network as per use case of [16]. 135 Note that Figure 1 allows for the following potential SPEERMINT 136 peering scenarios: 138 o Enterprise to Enterprise across the public Internet 140 o Enterprise to SSP across the public Internet 141 o SSP to SSP across the public Internet 143 o Enterprise to enterprise across a private Layer 3 network 145 o Enterprise to SSP across a private Layer 3 network 147 o SSP to SSP across a private Layer 3 network 149 The members of a federation may jointly use a set of functions such 150 as location function, signaling function, media function, ENUM 151 database or SIP Registrar, SIP proxies, and/or functions that 152 synthesize various SIP and non-SIP based applications. Similarly, 153 two SSPs may jointly use a set of functions. The functions can be 154 either public or private. 156 +-------------------+ 157 | | 158 | Public | 159 | SIP | 160 | Peering | 161 | | 162 +-------------------+ 163 | 164 ----- 165 +-----------+ / \ +-----------+ 166 |Enterprise | -- -- |Enterprise | 167 |Provider A |-----------/ \-----------|Provider B | 168 +-----------+ -- -- +-----------+ 169 / Public \ 170 | Internet | 171 \ (Layer 3) / 172 +-----------+ -- -- +-----------+ 173 | SSP C |-----------\ /-----------| SSP D | 174 | | -- -- | | 175 +-----------+ \_____/ +-----------+ 176 | Layer 3 Peering 177 | Point (out of scope) 178 ----- 179 +-----------+ / \ +-----------+ 180 |Enterprise | -- -- |Enterprise | 181 |Provider E |-----------/ \-----------|Provider F | 182 +-----------+ -- Private -- +-----------+ 183 / Network \ 184 | (Layer 3) | 185 \ / 186 +-----------+ -- -- +-----------+ 187 | SSP G |-----------\ /-----------| SSP H | 188 | | -- -- | | 189 +-----------+ \____/ +-----------+ 190 | 191 +-------------------+ 192 | Private | 193 | SIP | 194 | Peering | 195 | | 196 +-------------------+ 198 Figure 1: SPEERMINT Network Context 200 3. Procedures 202 This document assumes that in order for call to be establish from a 203 UAC end user in the initiating peer's network to a UAS in the 204 receiving peer's network the following steps are taken: 206 1. The analysis of the target address. 208 . If the target address represents an intra-SSP resource, the 209 behavior is out-of-scope with respect to this draft. 211 2. the determination of the target SSP, 213 3. the determination of the SF next-hop in the target SSP, 215 4. the enforcement of authentication and potentially other 216 policies, 218 5. the determination of the UAS, 220 6. the session establishment, 222 7. the transfer of media which could include voice, video, text 223 and others, 225 8. and the session termination. 227 The originating SSP would likely perform steps 1-4, and the 228 terminating SSP would likely perform steps 4-5. 230 In the case the target SSP is different from the terminating SSP it 231 would repeat steps 1-4. This is reflected in Figure 2 that shows the 232 target SSP with its own peering functions. 234 4. Reference SPEERMINT Architecture 236 Figure 2 depicts the SPEERMINT architecture and logical functions 237 that form the peering between two SSPs. 239 +------+ 240 | DNS, | 241 +---------->| Db, |<---------+ 242 | | etc | | 243 | +------+ | 244 | | 245 ------|-------- -------|------- 246 / v \ / v \ 247 | +--LUF-+ | | +--LUF-+ | 248 | | | | | | | | 249 | | | | | | | | 250 | | | | | | | | 251 | +------+ | | +------+ | 252 | | | | 253 | +--LRF-+ | | +--LRF-+ | 254 | | | | | | | | 255 | | | | | | | | 256 | | | | | | | | 257 | +------+ | | +------+ | 258 | | | | 259 | | | | 260 | +---SF--+ +---SF--+ | 261 | | | | | | 262 | | SBE | | SBE | | 263 | Originating | | | | Target | 264 | +---SF--+ +---SF--+ | 265 | SSP | | SSP | 266 | +---MF--+ +---MF--+ | 267 | | | | | | 268 | | DBE | | DBE | | 269 | | | | | | 270 | +---MF--+ +---MF--+ | 271 \ / \ / 272 --------------- --------------- 273 Figure 2: Reference SPEERMINT Architecture 275 The procedures presented in section 3 are implemented by a set of 276 peering functions: 278 The Look-Up Function (LUF) provides a mechanism for determining for 279 a given request the target domain to which the request should be 280 routed. 282 The Location Routing Function (LRF) determines for the target domain 283 of a given request the location of the SF in that domain and 284 optionally develops other Session Establishment Data (SED) required 285 to route the request to that domain. 287 Signaling Function (SF): Purpose is to perform SIP call routing, to 288 optionally perform termination and re-initiation of call, to 289 optionally implement security and policies on SIP messages, and to 290 assist in discovery/exchange of parameters to be used by the Media 291 Function (MF). 293 Media Function (MF): Purpose is to perform media related function 294 such as media transcoding and media security implementation between 295 two SIP providers. 297 The intention of defining these functions is to provide a framework 298 for design segmentation and allow each one to evolve independently. 300 5. Recommended SSP Procedures 302 This section describes the functions in more detail and provides 303 some recommendations on the role they would play in a SIP call in a 304 Layer 5 peering scenario. 306 Some of the information in the chapter is taken from [14] and is put 307 here for continuity purposes. 309 5.1. Originating SSP Procedures 311 5.1.1. The Look-Up Function (LUF) 313 Purpose is to determine the SF of the target domain of a given 314 request and optionally develop Session Establishment Data (SED) 315 [12]. 317 5.1.1.1. Target address analysis 319 When the initiating SSP receives a request to communicate, it 320 analyzes the target URI to determine whether the call needs to be 321 terminated internally or externally to its network. The analysis 322 method is internal to the SSP; thus, outside the scope of SPEERMINT. 323 Note that the SSP is free to consult any manner of private data 324 sources to make this determination. 326 If the target address does not represent a resource inside the 327 initiating SSP's administrative domain or federation of domains, the 328 initiating SSP resolves the call routing data by using the Location 329 Routing Function (LRF). 331 For example, if the request to communicate is for an im: or pres: 332 URI type, the initiating peer follows the procedures in [8]. If the 333 highest priority supported URI scheme is sip: or sips:, the 334 initiating peer skips to SIP DNS resolution in Section 5.1.3. 335 Likewise, if the target address is already a sip: or sips: URI in an 336 external domain, the initiating peer skips to SIP DNS resolution in 337 Section 5.1.2.2. 339 If the target address corresponds to a specific E.164 address, the 340 peer may need to perform some form of number plan mapping according 341 to local policy. For example, in the United States, a dial string 342 beginning "011 44" could be converted to "+44", or in the United 343 Kingdom "00 1" could be converted to "+1". Once the peer has an 344 E.164 address, it can use ENUM. 346 5.1.1.2. User ENUM Lookup 348 If an external E.164 address is the target, the initiating peer 349 consults the public "User ENUM" rooted at e164.arpa, according to 350 the procedures described in RFC 3761. The peer must query for the 351 "E2U+sip" enumservice as described in RFC 3764 [11], but MAY check 352 for other enumservices. The initiating peer MAY consult a cache or 353 alternate representation of the ENUM data rather than actual DNS 354 queries. Also, the peer may skip actual DNS queries if the 355 initiating peer is sure that the target address country code is not 356 represented in e164.arpa. If a sip: or sips: URI is chosen the peer 357 skips to Section 5.1.6. 359 If an im: or pres: URI is retrieved based on an "E2U+im" [10] or 360 "E2U+pres" [9] enumserver, the peer follows the procedures for 361 resolving these URIs to URIs for specific protocols such a SIP or 362 XMPP as described in the previous section. 364 5.1.1.3. Infrastructure ENUM lookup 366 Next the initiating peer checks for a carrier-of-record in a carrier 367 ENUM domain according to the procedures described in [12]. As in 368 the previous step, the peer may consult a cache or alternate 369 representation of the ENUM data in lieu of actual DNS queries. The 370 peer first checks for records for the "E2U+sip" enumservice, then 371 for the "E2U+pstn" enumservice as defined in [21]. If a terminal 372 record is found with a sip: or sips: URI, the peer skips to Section 373 5.1.2.2. , otherwise the peer continues processing according to the 374 next section. 376 5.1.2. Location Routing Function (LRF) 378 The LRF of an Initiating SSP analyzes target address and discovers 379 the next hop signaling function (SF) in a peering relationship. The 380 resource to determine the SF of the target domain might be provided 381 by a third-party as in the assisted-peering case. 383 5.1.2.1. Routing Table 385 If there is no user ENUM records and the initiating peer cannot 386 discover the carrier-of-record or if the initiating peer cannot 387 reach the carrier-of-record via SIP peering, the initiating peer 388 still needs to deliver the call to the PSTN or reject it. Note that 389 the initiating peer may still forward the call to another SSP for 390 PSTN gateway termination by prior arrangement using the routing 391 table. 393 If so, the initiating peer may rewrite the Request-URI to address 394 the gateway resource in the target SSP's domain and may forward the 395 request on to that SSP using the procedures described in the 396 remainder of these steps. 398 Alternatively to Request-URI re-writing, the initiating peer may 399 populate the Route header with the address of the gateway resource 400 in the target SSP's domain and forward the request on to that SSP 401 using the procedures described in the remainder of these steps, but 402 applied to the Route header. 404 5.1.2.2. SIP DNS Resolution 406 Once a sip: or sips: in an external domain is selected as the 407 target, the initiating peer may apply local policy to decide whether 408 forwarding requests to the target domain is acceptable. If so, the 409 initiating peer uses the procedures in RFC 3263 [4] Section 4 to 410 determine how to contact the receiving peer. To summarize the RFC 411 3263 procedure: unless these are explicitly encoded in the target 412 URI, a transport is chosen using NAPTR records, a port is chosen 413 using SRV records, and an address is chosen using A or AAAA records. 414 Note that these are queries of records in the global DNS. 416 When communicating with another SSP, entities compliant to this 417 document should select a TLS-protected transport for communication 418 from the initiating peer to the receiving peer if available. Note 419 that this is a single-hop requirement. 421 5.1.2.3. SIP Redirect Server 423 A SIP Redirect Server may help in resolving the current address of 424 the next-hop SF in the target domain. 426 5.1.3. The Signaling Function (SF) 428 The purpose of signaling function is to perform routing of SIP 429 messages, to optionally perform termination and re-initiation of a 430 call, to optionally implement security and policies on SIP messages, 431 and to assist in discovery/exchange of parameters to be used by the 432 Media Function (MF). 434 The signaling function performs the routing of SIP messages. The 435 optional termination and re-initiation of calls are performed by the 436 signaling path border element (SBE). 438 Optionally, a SF may perform additional functions such as Session 439 Admission Control, SIP Denial of Service protection, SIP Topology 440 Hiding, SIP header normalization, and SIP security, privacy and 441 encryption. 443 The SF can also process SDP payloads for media information such as 444 media type, bandwidth, and type of codec; then, communicate this 445 information to the media function. Signaling function may optionally 446 communicate with the network to pass Layer 3 related policies [10] 448 5.1.3.1. Establishing a Trusted Relationship 450 Depending on the security needs and trust relationship between SSPs, 451 different security mechanism can be used to establish SIP calls. 452 These are discussed in the following subsections. 454 5.1.3.1.1. TLS connection 456 Once a transport, port, and address are found, the initiating SSP 457 will open or find a reusable TLS connection to the peer. The 458 procedures to authenticate the SSP's target domain is specified in 459 [24] 461 5.1.3.1.2. IPSec 463 In certain deployments, the use of IPSec between the signaling 464 functions of the originating and terminating domains can be used as 465 a security mechanism instead of TLS. 467 5.1.3.1.3. Co-Location 469 In this scenario, the SFs are co-located in a physically secure 470 location and/or are members of a segregated network. In this case 471 messages between the originating and terminating SSPs would be sent 472 as clear text. 474 5.1.3.2. Sending the SIP request 476 Once a trust relationship between the peers is established, the 477 initiating peer sends the request. 479 5.1.3.2.1. TLS 481 If the trust relationship was established through TLS, the 482 initiating peer can optionally verify and assert the sender's 483 identity using the SIP Identity mechanism. 485 In addition, new requests should contain a valid Identity and 486 Identity-Info header as described in [12]. The Identity-Info header 487 must present a domain name that is represented in the certificate 488 provided when establishing the TLS connection over which the request 489 is sent. The initiating peer should include an Identity header on 490 in-dialog requests as well if the From header field value matches an 491 identity the initiating peer is willing to assert. 493 5.2. Terminating SSP Procedures 495 5.2.1. The Location Function (LF) 497 5.2.1.1. Publish ENUM records 499 The receiving peer should publish "E2U+SIP" and "E2U+pstn" records 500 with sip: or sips: URIs wherever a public carrier ENUM root is 501 available. In the event that a public root is not available, a 502 publishing to a common ENUM registry with the originating peer will 503 suffice. 505 This assumes that the receiving peer wants to peer by default. When 506 the receiving peer does not want to accept traffic from specific 507 initiating peers, it may still reject requests on a call-by-call 508 basis. 510 5.2.1.2. Publish SIP DNS records 512 To receive peer requests, the receiving peer must ensure that it 513 publishes appropriate NAPTR, SRV, and address (A and/or AAAA) 514 records in the LF relevant to the originating peer's SF. 516 5.2.1.3. Subscribe Notify 518 A policy notification function may also be optionally implemented by 519 dynamic subscribe, notify, and exchange of policy information and 520 feature information among SSPs [21]. 522 5.2.2. Signaling Function (SF) 524 5.2.2.1. TLS 526 When the receiving peer receives a TLS client hello, it responds 527 with its certificate. The target SSP certificate should be valid 528 and rooted in a well-known certificate authority. The procedures to 529 authenticate the SSP's originating domain are specified in [24]. 531 The terminating SF verifies that the Identity header is valid, 532 corresponds to the message, corresponds to the Identity-Info header, 533 and that the domain in the From header corresponds to one of the 534 domains in the TLS client certificate. 536 5.2.2.2. Receive SIP requests 538 Once a trust relationship is established, the receiving peer is 539 prepared to receive incoming SIP requests. For new requests (dialog 540 forming or not) the receiving peer verifies if the target (request- 541 URI) is a domain that for which it is responsible. For these 542 requests, there should be no remaining Route header field values. 543 For in-dialog requests, the receiving peer can verify that it 544 corresponds to the top-most Route header field value. 546 The receiving peer may reject incoming requests due to local policy. 547 When a request is rejected because the initiating peer is not 548 authorized to peer, the receiving peer should respond with a 403 549 response with the reason phrase "Unsupported Peer". 551 5.3. Target SSP Procedures 553 5.3.1. Signaling Function (SF) 555 5.3.1.1. TLS 557 When the receiving peer receives a TLS client hello, it responds 558 with its certificate. The target SSP certificate should be valid 559 and rooted in a well-known certificate authority. The procedures to 560 authenticate the SSP's originating domain are specified in [24]. 562 If the requests should contain a valid Identity and Identity-Info 563 header as described in [12] the target SF verifies that the Identity 564 header is valid, corresponds to the message, corresponds to the 565 Identity-Info header, and that the domain in the From header 566 corresponds to one of the domains in the TLS client certificate. 568 5.3.1.2. Receive SIP requests 570 The procedures of the SF of the target SSP are the same as the ones 571 described in section 5.2.2.2 with the addition that it might 572 establish a connection to another target SSP, and in this case use 573 the procedures recommended to an originating SSP (section 5.1). 575 5.4. Media Function (MF) 577 The purpose of the MF is to perform media related functions such as 578 media transcoding and media security implementation between two 579 SSPs. 581 An Example of this is to transform a voice payload from one codec 582 (e.g., G.711) to another (e.g., EvRC). Additionally, the MF may 583 perform media relaying, media security, privacy, and encryption. 585 5.5. Policy Considerations 587 In the context of the SPEERMINT working group when two SSPs peer, 588 there MAY be a desire to exchange peering policy information 589 dynamically. There are specifications in progress in the SIPPING 590 working group to define policy exchange between an UA and a domain 591 [23] and providing profile data to SIP user agents [24] These 592 considerations borrow from both. 594 Following the terminology introduced in [12], this package uses the 595 terms Peering Session-Independent and Session-Specific policies in 596 the following context. 598 o Peering Session-Independent policies include Diffserv Marking, 599 Policing, Session Admission Control, and domain reachabilities, 600 amongst others. The time period between Peering Session- 601 Independent policy changes is much greater than the time it 602 takes to establish a call. 604 o Peering Session-Specific polices includes supported 605 connection/call rate, total number of connections/calls 606 available, current utilization, amongst others. Peering 607 Session-specific policies can change within the time it takes 608 to establish a call. 610 Likewise, but orthogonal to session dependency, an SSP may have 611 policies that may be peer-dependent or peer-independent. That is, 612 the session-dependent and session-independent policies may by 613 further sub-divided and modified by additional controls that depend 614 on which peer SSP or federation with which communications is being 615 established. 617 6. Call Control and Media Control Deployment Options 619 The peering functions can be deployed along the following two 620 dimensions depending upon how the signaling and the media functions 621 along with IP layer are implemented: 623 Composed or Decomposed: Addresses the question whether the media 624 must flow through the same physical and geographic elements as SIP 625 dialogs and sessions. 627 Centralized or Distributed: Addresses the question whether the 628 logical and physical interconnections are in one geographical 629 location or distributed to multiple physical locations on the SSP's 630 network. 632 In a composed model, SF and MF functions are implemented in one 633 peering logical element. 635 Provider A Provider B 636 ---------- . . ---------- 637 / \ . . / \ 638 | | . _ . | | 639 | +----+ . / \_ . +----+ | 640 | | SF |<-----/ \------| SF | | 641 | +-+--+ . /Transit\ . | | | 642 | | | . / IP \ . | | | 643 | +-+--+ . \ Provider| . | | | 644 | | MF |<~~~~\(Option)|~~~~| MF | | 645 | +----+ . \ / . +----+ | 646 | | . \__ _/ . | | 647 \_________ / . . \________ _/ 648 ---------- ---------- 650 --- Signal (SIP) 651 ~~~ Bearer (RTP/IP) 652 ... Scope of peering 654 Figure 3: Decomposed v. Collapsed Peering 656 The advantage of a collapsed peering architecture is that one- 657 element solves all peering issues. Disadvantage examples of this 658 architecture are single point of failure, bottleneck, and complex 659 scalability. 661 In a decomposed model, SF and MF are implemented in separate peering 662 logical elements. SFs are implemented in a proxy and MFs are 663 implemented in another logical element. The scaling of signaling 664 versus scaling of media may differ between applications. 665 Decomposing allows each to follow a separate migration path. 667 This model allows the implementation of M:N model where one SF is 668 associated with multiple peering MF and one peering MF is associated 669 with multiple SFs. Generally, a vertical protocol associates the 670 relationship between a SF and a MF. This architecture reduces the 671 potential of a single point of failure. It allows separation of the 672 policy decision point and the policy enforcement point. An example 673 of disadvantages is the scaling complexity because of the M:N 674 relationship and latency due to the vertical control messages 675 between entities. 677 7. Address space considerations 679 Peering must occur in a common IP address space, which is defined by 680 the federation, which may be entirely on the public Internet, or 681 some private address space. The origination or termination networks 682 may or may not entirely be in the same address space. If they are 683 not, then a network address translation (NAT) or similar function 684 may be needed before the signaling or media is presented correctly 685 to the federation. The only requirement is that all associated 686 entities across the peering interface are reachable. 688 8. Security Considerations 690 In all cases, cryptographic-based security should be maintained as 691 an optional requirement between peering providers conditioned on the 692 presence or absence of underlying physical security of peer 693 connections, e.g. within the same secure physical building. 695 In order to maintain a consistent approach, unique and specialized 696 security requirements common for the majority of peering 697 relationships, should be standardized within the IETF. These 698 standardized methods may enable capabilities such as dynamic peering 699 relationships across publicly maintained interconnections. 701 TODO: Address RFC-3552 BCP items. 703 9. IANA Considerations 705 There are no IANA considerations at this time. 707 10. Acknowledgments 709 The working group thanks Sohel Khan for his initial architecture 710 draft that helped to initiate work on this draft. 712 A portion of this draft is taken from [14] with permission from the 713 author R. Mahy. The other important contributor is Otmar Lendl. 715 References 717 10.1. Normative References 719 [1] Bradner, S., "Key words for use in RFCs to Indicate 720 Requirement Levels", BCP 14, RFC 2119, March 1997. 722 [2] Mealling, M. and R. Daniel, "The Naming Authority Pointer 723 (NAPTR) DNS Resource Record", RFC 2915, September 2000. 725 [3] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., 726 Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP: 727 Session Initiation Protocol", RFC 3261, June 2002. 729 [4] Rosenberg, J. and H. Schulzrinne, "Session Initiation Protocol 730 (SIP): Locating SIP Servers", RFC 3263, June 2002. 732 [5] Blake-Wilson, S., Nystrom, M., Hopwood, D., Mikkelsen, J., and 733 T. Wright, "Transport Layer Security (TLS) Extensions", RFC 734 4366, April 2006. 736 [6] Schulzrinne, H., Casner, S., Frederick, R., and V. Jacobson, 737 "RTP: A Transport Protocol for Real-Time Applications", STD 738 64, RFC 3550, July 2003. 740 [7] Peterson, J., Liu, H., Yu, J., and B. Campbell, "Using E.164 741 numbers with the Session Initiation Protocol (SIP)", RFC 3824, 742 June 2004. 744 [8] Peterson, J., "Address Resolution for Instant Messaging and 745 Presence",RFC 3861, August 2004. 747 [9] Peterson, J., "Telephone Number Mapping (ENUM) Service 748 Registration for Presence Services", RFC 3953, January 2005. 750 [10] ETSI TS 102 333: " Telecommunications and Internet converged 751 Services and Protocols for Advanced Networking (TISPAN); Gate 752 control protocol". 754 [11] Peterson, J., "enumservice registration for Session Initiation 755 Protocol (SIP) Addresses-of-Record", RFC 3764, April 2004. 757 [12] Livingood, J. and R. Shockey, "IANA Registration for an 758 Enumservice Containing PSTN Signaling Information", RFC 4769, 759 November 2006. 761 10.2. Informative References 763 [13] Malas, D., "SPEERMINT Terminology", draft-ietf-speermint- 764 terminology-16 (work in progress), February 2008. 766 [14] Mule, J-F., "SPEERMINT Requirements for SIP-based VoIP 767 Interconnection", draft-ietf-speermint-requirements-04.txt, 768 February 2008. 770 [15] Mahy, R., "A Minimalist Approach to Direct Peering", draft- 771 mahy-speermint-direct-peering-02.txt, July 2007. 773 [16] Penno, R., et al., "SPEERMINT Routing Architecture Message 774 Flows", draft-ietf-speermint-flows-02.txt", April 2007. 776 [17] Houri, A., et al., "RTC Provisioning Requirements", draft- 777 houri-speermint-rtc-provisioning-reqs-00.txt, June, 2006. 779 [18] Habler, M., et al., "A Federation based VOIP Peering 780 Architecture", draft-lendl-speermint-federations-03.txt, 781 September 2006. 783 [19] Mahy, R., "A Telephone Number Mapping (ENUM) Service 784 Registration for Instant Messaging (IM) Services", draft-ietf- 785 enum-im-service-03 (work in progress), March 2006. 787 [20] Haberler, M. and R. Stastny, "Combined User and Carrier ENUM 788 in the e164.arpa tree", draft-haberler-carrier-enum-03 (work 789 in progress), March 2006. 791 [21] Penno, R., Malas D., and Melampy, P., "A Session Initiation 792 Protocol (SIP) Event package for Peering", draft-penno- 793 sipping-peering-package-00 (work in progress), September 2006. 795 [22] Hollander, D., Bray, T., and A. Layman, "Namespaces in XML", 796 W3C REC REC-xml-names-19990114, January 1999. 798 [23] Burger, E (Ed.), "A Mechanism for Content Indirection in 799 Session Initiation Protocol (SIP) Messages", RFC 4483, May 800 2006 802 [24] Gurbani, V., Lawrence, S., and B. Laboratories, "Domain 803 Certificates in the Session Initiation Protocol (SIP)", draft- 804 ietf-sip-domain-certs-00 (work in progress), November 2007. 806 Author's Addresses 808 Reinaldo Penno (Editor) 809 Juniper Networks 810 1194 N Mathilda Avenue 811 Sunnyvale, CA 812 USA 813 Email: rpenno@juniper.net 815 Mike Hammer 816 Cisco Systems 817 13615 Dulles Technology Drive 818 Herndon, VA 20171 819 USA 820 Email: mhammer@cisco.com 822 Sohel Khan, Ph.D. 823 Comcast Cable Communications 824 U.S.A 825 Email: sohel_khan@cable.comcast.com 827 Daryl Malas 828 CableLabs 829 858 Coal Creek Circle 830 Louisville, CO 80027 831 Email: d.malas@cablelabs.com 833 Adam Uzelac 834 Global Crossing 835 1120 Pittsford Victor Road 836 PITTSFORD, NY 14534 837 USA 838 Email: adam.uzelac@globalcrossing.com 840 Intellectual Property Statement 842 The IETF takes no position regarding the validity or scope of any 843 Intellectual Property Rights or other rights that might be claimed 844 to pertain to the implementation or use of the technology described 845 in this document or the extent to which any license under such 846 rights might or might not be available; nor does it represent that 847 it has made any independent effort to identify any such rights. 848 Information on the procedures with respect to rights in RFC 849 documents can be found in BCP 78 and BCP 79. 851 Copies of IPR disclosures made to the IETF Secretariat and any 852 assurances of licenses to be made available, or the result of an 853 attempt made to obtain a general license or permission for the use 854 of such proprietary rights by implementers or users of this 855 specification can be obtained from the IETF on-line IPR repository 856 at http://www.ietf.org/ipr. 858 The IETF invites any interested party to bring to its attention any 859 copyrights, patents or patent applications, or other proprietary 860 rights that may cover technology that may be required to implement 861 this standard. Please address the information to the IETF at 862 ietf-ipr@ietf.org. 864 Disclaimer of Validity 866 This document and the information contained herein are provided on 867 an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE 868 REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE 869 IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL 870 WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY 871 WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE 872 ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS 873 FOR A PARTICULAR PURPOSE. 875 Copyright Statement 877 Copyright (C) The IETF Trust (2008). 879 This document is subject to the rights, licenses and restrictions 880 contained in BCP 78, and except as set forth therein, the authors 881 retain all their rights. 883 Acknowledgment 885 Funding for the RFC Editor function is currently provided by the 886 Internet Society.