idnits 2.17.1 draft-ietf-straw-b2bua-loop-detection-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (December 3, 2013) is 3795 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) No issues found here. Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 STRAW Working Group H. Kaplan 3 Internet-Draft Oracle 4 Intended status: Standards Track V. Pascual 5 Expires: June 6, 2014 Quobis 6 December 3, 2013 8 Loop Detection Mechanisms for Session Initiation Protocol (SIP) Back-to- 9 Back User Agents (B2BUAs) 10 draft-ietf-straw-b2bua-loop-detection-03 12 Abstract 14 SIP Back-to-Back User Agents (B2BUAs) can cause unending SIP request 15 routing loops because, as User Agent Clients, they can generate SIP 16 requests with new Max-Forwards values. This document discusses the 17 difficulties associated with loop detection for B2BUAs, and 18 requirements for them to prevent infinite loops. 20 Status of This Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at http://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on June 6, 2014. 37 Copyright Notice 39 Copyright (c) 2013 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (http://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 55 2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 2 56 3. Background . . . . . . . . . . . . . . . . . . . . . . . . . 3 57 4. B2BUA Loop-Detection Behavior . . . . . . . . . . . . . . . . 4 58 5. B2BUA Max-Forwards Behavior . . . . . . . . . . . . . . . . . 4 59 6. B2BUA Max-Breadth Behavior . . . . . . . . . . . . . . . . . 4 60 7. Security Considerations . . . . . . . . . . . . . . . . . . . 5 61 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 62 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 5 63 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 5 64 10.1. Normative References . . . . . . . . . . . . . . . . . . 5 65 10.2. Informative References . . . . . . . . . . . . . . . . . 6 66 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 6 68 1. Introduction 70 SIP provides a means of preventing infinite request forwarding loops 71 in [RFC3261], and a means of mitigating parallel forking 72 amplification floods in [RFC5393]. Neither document normatively 73 defines specific behavior for B2BUAs, however. 75 Unbounded SIP request loops have actually occurred in SIP 76 deployments, numerous times. The cause of loops is usually mis- 77 configuration, but the reason they have been unbounded/unending is 78 they crossed B2BUAs that reset the Max-Forwards value in the SIP 79 requests they generated on their UAC side. Although such behavior is 80 technically legal per [RFC3261] because a B2BUA is a UAC, the 81 resulting unbounded loops have caused service outages and make 82 troubleshooting difficult. 84 Furthermore, [RFC5393] also provides a mechanism to mitigate the 85 impact of parallel forking amplification issues, through the use of a 86 "Max-Breadth" header field. If a B2BUA does not pass on this header 87 field, parallel forking amplification is not mitigated with the 88 [RFC5393] mechanism. 90 This document defines normative requirements for Max-Forwards and 91 Max-Breadth header field behaviors of B2BUAs, in order to mitigate 92 the effect of loops and parallel forking amplification. 94 2. Conventions 95 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 96 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 97 document are to be interpreted as described in BCP 14, RFC 2119 98 [RFC2119]. 100 B2BUA terminology and taxonomy used in this document is based on 101 [I-D.ietf-straw-b2bua-taxonomy] 103 3. Background 105 Within the context of B2BUAs, the scope of the SIP protocol ends at 106 the UAS side of the B2BUA, and a new one begins on the UAC side. A 107 B2BUA is thus capable of choosing what it wishes to do on its UAC 108 side independently of its UAS side, and still remain compliant to 109 [RFC3261] and its extensions. For example, any B2BUA type defined in 110 [I-D.ietf-straw-b2bua-taxonomy] other than Proxy-B2BUA may create the 111 SIP request on its UAC side without copying any of the Via header 112 field values received on its UAS side. Indeed there are valid 113 reasons for it to do so; however this prevents the Via-based loop- 114 detection mechanism defined in [RFC3261] and updated by [RFC5393] 115 from detecting SIP request loops any earlier than by reaching a Max- 116 Forwards limit. 118 Some attempts have been made by B2BUA vendors to detect request loops 119 in other ways: by keeping track of the number of outstanding dialog- 120 forming requests for a given caller/called URI pair; or by detecting 121 when they receive and send their own media addressing information too 122 many times in certain cases when they are a signaling/media-plane 123 B2BUA; or by encoding a request instance identifier in some field 124 they believe will pass through other nodes, and detecting when they 125 see the same value too many times. 127 All of these methods are brittle and prone to error, however. They 128 are brittle because the definition of when a value has been seen "too 129 many times" is very hard to accurately determine; requests can and do 130 fork before and after B2BUAs process them, and requests legitimately 131 spiral in some cases, leading to incorrect determination of loops. 132 The mechanisms are prone to error because there can be other B2BUAs 133 in the loop's path that interfere with the particular mechanism being 134 used. 136 Ultimately, the last defense against loops becoming unbounded is to 137 limit how many SIP hops any request can traverse, which is the 138 purpose of the SIP Max-Forwards field value. If B2BUAs were to at 139 least copy and decrement the Max-Forwards header field value from 140 their UAS to the UAC side, loops would not continue indefinitely. 142 4. B2BUA Loop-Detection Behavior 144 It is RECOMMENDED that B2BUAs implement the loop-detection mechanism 145 for the Via header field, as defined for a Proxy in [RFC5393]. 147 5. B2BUA Max-Forwards Behavior 149 This section applies for dialog-forming and out-of-dialog SIP 150 requests. B2BUAs MAY perform the same actions for in-dialog 151 requests, but doing so may cause issues with devices that set Max- 152 Forwards values based upon the number of received Via or Record-Route 153 headers. 155 All B2BUA types MUST copy the received Max-Forwards header field from 156 the received SIP request on their UAS side, to any request(s) they 157 generate on their UAC side, and decrement the value, as if they were 158 a Proxy following [RFC3261]. 160 Being a UAS, B2BUAs MUST also check the received Max-Forwards header 161 field and reject or respond to the request if the value is zero, as 162 defined in [RFC3261]. 164 If the received request did not contain a Max-Forwards header field, 165 one MUST be created in any request generated in the UAC side, which 166 SHOULD be 70, as described for Proxies in section 16.6 part 3 of 167 [RFC3261]. 169 6. B2BUA Max-Breadth Behavior 171 All B2BUA types MUST copy the received Max-Breadth header field from 172 the received SIP request on their UAS side, to any request(s) they 173 generate on their UAC side, as if they were a Proxy following 174 [RFC5393]. 176 B2BUAs of all types MUST follow the requirements imposed on Proxies 177 as described in section 5.3.3 of [RFC5393], including generating the 178 header field if none is received, limiting its maximum value, etc. 180 B2BUAs that generate parallel requests on their UAC side for a single 181 incoming request on the UAS side MUST also follow the rules for Max- 182 Breadth handling in [RFC5393] as if they were a parallel forking 183 Proxy. 185 7. Security Considerations 187 The security implications for parallel forking amplification are 188 documented in section 7 of [RFC5393]. This document does not add any 189 additional issues beyond those discussed in [RFC5393]. 191 Some B2BUAs reset the Max-Forwards and Max-Breadth header field 192 values in order to obfuscate the number of hops a request has already 193 traversed, as a privacy or security concern. Such goals are at odds 194 with the mechanisms in this document, and administrators can decide 195 which they consider more important: obfuscation vs. loop detection. 196 In order to comply with this RFC, manufacturers MUST comply with the 197 normative rules defined herein by default, but MAY provide user- 198 configurable overrides as they see fit. 200 8. IANA Considerations 202 This document makes no request of IANA. 204 9. Acknowledgments 206 Funding for the RFC Editor function is provided by the IETF 207 Administrative Support Activity (IASA). Thanks to Brett Tate 208 (Broadsoft) and Andrew Hutton (Unify) and Anton Roman (Quobis) for 209 their review of the document. 211 10. References 213 10.1. Normative References 215 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 216 Requirement Levels", BCP 14, RFC 2119, March 1997. 218 [RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, 219 A., Peterson, J., Sparks, R., Handley, M., and E. 220 Schooler, "SIP: Session Initiation Protocol", RFC 3261, 221 June 2002. 223 [RFC5393] Sparks, R., Lawrence, S., Hawrylyshen, A., and B. Campen, 224 "Addressing an Amplification Vulnerability in Session 225 Initiation Protocol (SIP) Forking Proxies", RFC 5393, 226 December 2008. 228 10.2. Informative References 230 [I-D.ietf-straw-b2bua-taxonomy] 231 Kaplan, H. and V. Pascual, "A Taxonomy of Session 232 Initiation Protocol (SIP) Back-to-Back User Agents", 233 draft-ietf-straw-b2bua-taxonomy-03 (work in progress), 234 October 2013. 236 Authors' Addresses 238 Hadriel Kaplan 239 Oracle 241 Email: hadriel.kaplan@oracle.com 243 Victor Pascual 244 Quobis 246 Email: victor.pascual@quobis.com