idnits 2.17.1 draft-ietf-tsvwg-addip-sctp-15.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 22. -- Found old boilerplate from RFC 3978, Section 5.5 on line 1471. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 1448. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 1455. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 1461. ** This document has an original RFC 3978 Section 5.4 Copyright Line, instead of the newer IETF Trust Copyright according to RFC 4748. ** This document has an original RFC 3978 Section 5.5 Disclaimer, instead of the newer disclaimer which includes the IETF Trust according to RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** The abstract seems to contain references ([RFC2960]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. == There are 4 instances of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. == There are 3 instances of lines with private range IPv4 addresses in the document. If these are generic example addresses, they should be changed to use any of the ranges defined in RFC 6890 (or successor): 192.0.2.x, 198.51.100.x or 203.0.113.x. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'SHOULD not' in this paragraph: R2) An ASCONF may be bundled with any other chunk type (except other ASCONF Chunks). R3) An ASCONF-ACK may be bundled with any other chunk type except other ASCONF-ACKs. R4) Both ASCONF and ASCONF-ACK chunks MUST NOT be sent in any SCTP state except ESTABLISHED, SHUTDOWN-PENDING, SHUTDOWN-RECEIVED and SHUTDOWN-SENT. R5) An ASCONF MUST NOT be larger than the path MTU of the destination. R6) An ASCONF-ACK SHOULD not be larger than the path MTU. In some circumstances an ASCONF-ACK may exceed the path MTU and in such a case IP fragmentation should be used to transmit the chunk. -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (May 31, 2006) is 6539 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'RFC2026' is defined on line 1235, but no explicit reference was found in the text == Unused Reference: 'RFC2402' is defined on line 1241, but no explicit reference was found in the text == Unused Reference: 'RFC2629' is defined on line 1248, but no explicit reference was found in the text ** Obsolete normative reference: RFC 2402 (Obsoleted by RFC 4302, RFC 4305) ** Obsolete normative reference: RFC 2434 (Obsoleted by RFC 5226) ** Obsolete normative reference: RFC 2629 (Obsoleted by RFC 7749) ** Obsolete normative reference: RFC 2960 (Obsoleted by RFC 4960) == Outdated reference: A later version (-08) exists of draft-ietf-tsvwg-sctp-auth-02 Summary: 9 errors (**), 0 flaws (~~), 10 warnings (==), 7 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group R. Stewart 3 Internet-Draft M. Ramalho 4 Expires: December 2, 2006 Cisco Systems, Inc. 5 Q. Xie 6 Motorola, Inc. 7 M. Tuexen 8 Univ. of Applied Sciences Muenster 9 P. Conrad 10 University of Delaware 11 May 31, 2006 13 Stream Control Transmission Protocol (SCTP) Dynamic Address 14 Reconfiguration 15 draft-ietf-tsvwg-addip-sctp-15.txt 17 Status of this Memo 19 By submitting this Internet-Draft, each author represents that any 20 applicable patent or other IPR claims of which he or she is aware 21 have been or will be disclosed, and any of which he or she becomes 22 aware will be disclosed, in accordance with Section 6 of BCP 79. 24 Internet-Drafts are working documents of the Internet Engineering 25 Task Force (IETF), its areas, and its working groups. Note that 26 other groups may also distribute working documents as Internet- 27 Drafts. 29 Internet-Drafts are draft documents valid for a maximum of six months 30 and may be updated, replaced, or obsoleted by other documents at any 31 time. It is inappropriate to use Internet-Drafts as reference 32 material or to cite them other than as "work in progress." 34 The list of current Internet-Drafts can be accessed at 35 http://www.ietf.org/ietf/1id-abstracts.txt. 37 The list of Internet-Draft Shadow Directories can be accessed at 38 http://www.ietf.org/shadow.html. 40 This Internet-Draft will expire on December 2, 2006. 42 Copyright Notice 44 Copyright (C) The Internet Society (2006). 46 Abstract 48 This document describes extensions to the Stream Control Transmission 49 Protocol (SCTP) [RFC2960] that provides a method to reconfigure IP 50 address information on an existing association. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 55 2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 4 56 3. Additional Chunks and Parameters . . . . . . . . . . . . . . . 4 57 3.1. New Chunk Types . . . . . . . . . . . . . . . . . . . . . 5 58 3.1.1. Address Configuration Change Chunk (ASCONF) . . . . . 5 59 3.1.2. Address Configuration Acknowledgment Chunk 60 (ASCONF-ACK) . . . . . . . . . . . . . . . . . . . . . 6 61 3.2. New Parameter Types . . . . . . . . . . . . . . . . . . . 7 62 3.2.1. Add IP Address . . . . . . . . . . . . . . . . . . . . 8 63 3.2.2. Delete IP Address . . . . . . . . . . . . . . . . . . 9 64 3.2.3. Error Cause Indication . . . . . . . . . . . . . . . . 10 65 3.2.4. Set Primary IP Address . . . . . . . . . . . . . . . . 11 66 3.2.5. Success Indication . . . . . . . . . . . . . . . . . . 12 67 3.2.6. Adaptation Layer Indication . . . . . . . . . . . . . 13 68 3.2.7. Supported Extensions Parameter . . . . . . . . . . . . 13 69 3.3. New Error Causes . . . . . . . . . . . . . . . . . . . . . 14 70 3.3.1. Error Cause: Request to Delete Last Remaining IP 71 Address . . . . . . . . . . . . . . . . . . . . . . . 14 72 3.3.2. Error Cause: Operation Refused Due to Resource 73 Shortage . . . . . . . . . . . . . . . . . . . . . . . 15 74 3.3.3. Error Cause: Request to Delete Source IP Address . . . 16 75 3.3.4. Error Cause: Association Aborted due to illegal 76 ASCONF-ACK . . . . . . . . . . . . . . . . . . . . . . 17 77 3.3.5. Error Cause: Request refused - no authorization. . . . 17 78 4. Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . 18 79 4.1. ASCONF Chunk Procedures . . . . . . . . . . . . . . . . . 18 80 4.1.1. Congestion Control of ASCONF Chunks . . . . . . . . . 19 81 4.2. Upon reception of an ASCONF Chunk. . . . . . . . . . . . . 20 82 4.3. General rules for address manipulation . . . . . . . . . . 22 83 4.3.1. A special case for OOTB ABORT chunks . . . . . . . . . 25 84 4.3.2. A special case for changing an address. . . . . . . . 26 85 4.4. Setting of the primary address . . . . . . . . . . . . . . 26 86 5. Security Considerations . . . . . . . . . . . . . . . . . . . 27 87 6. IANA considerations . . . . . . . . . . . . . . . . . . . . . 28 88 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 28 89 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 29 90 Appendix A. Abstract Address Handling . . . . . . . . . . . . . . 29 91 A.1. General remarks . . . . . . . . . . . . . . . . . . . . . 29 92 A.2. Generalized endpoints . . . . . . . . . . . . . . . . . . 29 93 A.3. Associations . . . . . . . . . . . . . . . . . . . . . . . 30 94 A.4. Relationship with RFC 2960 . . . . . . . . . . . . . . . . 31 95 A.5. Rules for address manipulation . . . . . . . . . . . . . . 31 97 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 33 98 Intellectual Property and Copyright Statements . . . . . . . . . . 35 100 1. Introduction 102 To extend the utility and application scenarios of SCTP, this 103 document introduces optional extensions that provide SCTP with the 104 ability to: 106 1. reconfigure IP address information on an existing association. 107 2. set the remote primary path. 108 3. exchange adaptation layer information during association setup. 110 These extensions enable SCTP to be utilized in the following 111 applications: 113 1. For computational or networking platforms that allow addition/ 114 removal of physical interface cards this feature can provide a 115 graceful method to add to the interfaces of an existing 116 association. For IPv6 this feature allows renumbering of 117 existing associations. 118 2. This provides a method for an endpoint to request that its peer 119 set its primary destination address. This can be useful when an 120 address is about to be deleted, or when an endpoint has some 121 predetermined knowledge about which is the preferred address to 122 receive SCTP packets upon. 123 3. This feature can be used to extend the usability of SCTP without 124 modifying it by allowing endpoints to exchange some information 125 during association setup. 127 2. Conventions 129 The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD, 130 SHOULD NOT, RECOMMENDED, NOT RECOMMENDED, MAY, and OPTIONAL, when 131 they appear in this document, are to be interpreted as described in 132 RFC2119 [RFC2119]. 134 3. Additional Chunks and Parameters 136 This section describes the addition of two new chunks and, seven new 137 parameters to allow: 139 o Dynamic addition of IP Addresses to an association. 140 o Dynamic deletion of IP Addresses from an association. 141 o A request to set the primary address the peer will use when 142 sending to an endpoint. 144 Additionally, this section describes three new error causes that 145 support these new chunks and parameters. 147 3.1. New Chunk Types 149 This section defines two new chunk types that will be used to 150 transfer the control information reliably. Table 1 illustrates the 151 two new chunk types. 153 Chunk Type Chunk Name 154 -------------------------------------------------------------- 155 0xC1 Address Configuration Change Chunk (ASCONF) 156 0x80 Address Configuration Acknowledgment (ASCONF-ACK) 158 Table 1: Address Configuration Chunks 160 It should be noted that the ASCONF Chunk format requires the receiver 161 to report to the sender if it does not understand the ASCONF Chunk. 162 This is accomplished by setting the upper bits in the chunk type as 163 described in RFC2960 [RFC2960] section 3.2. Note that the upper two 164 bits in the ASCONF Chunk are set to one. As defined in RFC2960 165 [RFC2960] section 3.2, setting these upper bits in this manner will 166 cause the receiver that does not understand this chunk to skip the 167 chunk and continue processing, but report in an Operation Error Chunk 168 using the 'Unrecognized Chunk Type' cause of error. 170 3.1.1. Address Configuration Change Chunk (ASCONF) 172 This chunk is used to communicate to the remote endpoint one of the 173 configuration change requests that MUST be acknowledged. The 174 information carried in the ASCONF Chunk uses the form of a Type- 175 Length-Value (TLV), as described in "3.2.1 Optional/Variable-length 176 Parameter Format" in RFC2960 [RFC2960], for all variable parameters. 177 This chunk MUST be sent in an authenticated way by using the 178 mechanism defined in SCTP-AUTH [I-D.ietf-tsvwg-sctp-auth]. If this 179 chunk is received unauthenticated it MUST be silently discarded as 180 described in SCTP-AUTH [I-D.ietf-tsvwg-sctp-auth]. 182 0 1 2 3 183 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 184 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 185 | Type = 0xC1 | Chunk Flags | Chunk Length | 186 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 187 | Serial Number | 188 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 189 | Address Parameter | 190 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 191 | ASCONF Parameter #1 | 192 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 193 \ \ 194 / .... / 195 \ \ 196 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 197 | ASCONF Parameter #N | 198 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 200 Serial Number : 32 bits (unsigned integer) 202 This value represents a Serial Number for the ASCONF Chunk. The 203 valid range of Serial Number is from 0 to 4294967295 (2**32 - 1). 204 Serial Numbers wrap back to 0 after reaching 4294967295. 206 Address Parameter : 8 or 20 bytes (depending on type) 208 This field contains an address parameter, either IPv6 or IPv4, from 209 RFC2960 [RFC2960]. The address is an address of the sender of the 210 ASCONF chunk, the address MUST be considered part of the association 211 by the peer endpoint (the receiver of the ASCONF chunk). This field 212 may be used by the receiver of the ASCONF to help in finding the 213 association. If the address 0.0.0.0 or ::0 is provided the receiver 214 MAY lookup the association by other information provided in the 215 packet. This parameter MUST be present in every ASCONF message i.e. 216 it is a mandatory TLV parameter. 218 Note the host name address parameter is NOT allowed and MUST be 219 ignored if received in any ASCONF message. 221 ASCONF Parameter: TLV format 223 Each Address configuration change is represented by a TLV parameter 224 as defined in Section 3.2. One or more requests may be present in an 225 ASCONF Chunk. 227 3.1.2. Address Configuration Acknowledgment Chunk (ASCONF-ACK) 229 This chunk is used by the receiver of an ASCONF Chunk to acknowledge 230 the reception. It carries zero or more results for any ASCONF 231 Parameters that were processed by the receiver. This chunk MUST be 232 sent in an authenticated way by using the mechanism defined in SCTP- 233 AUTH [I-D.ietf-tsvwg-sctp-auth]. If this chunk is received 234 unauthenticated it MUST be silently discarded as described in SCTP- 235 AUTH [I-D.ietf-tsvwg-sctp-auth]. 237 0 1 2 3 238 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 239 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 240 | Type = 0x80 | Chunk Flags | Chunk Length | 241 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 242 | Serial Number | 243 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 244 | ASCONF Parameter Response#1 | 245 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 246 \ \ 247 / .... / 248 \ \ 249 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 250 | ASCONF Parameter Response#N | 251 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 253 Serial Number : 32 bits (unsigned integer) 255 This value represents the Serial Number for the received ASCONF Chunk 256 that is acknowledged by this chunk. This value is copied from the 257 received ASCONF Chunk. 259 ASCONF Parameter Response : TLV format 261 The ASCONF Parameter Response is used in the ASCONF-ACK to report 262 status of ASCONF processing. By default, if a responding endpoint 263 does not include any Error Cause, a success is indicated. Thus a 264 sender of an ASCONF-ACK MAY indicate complete success of all TLVs in 265 an ASCONF by returning only the Chunk Type, Chunk Flags, Chunk Length 266 (set to 8) and the Serial Number. 268 3.2. New Parameter Types 270 The seven new parameters added follow the format defined in section 271 3.2.1 of RFC2960 [RFC2960]. Table 2, 3 and 4 describes the 272 parameters. 274 Address Configuration Parameters Parameter Type 275 ------------------------------------------------- 276 Set Primary Address 0xC004 277 Adaptation Layer Indication 0xC006 278 Supported Extensions 0x8008 280 Table 2: Parameters that can be used in INIT/INIT-ACK chunk 282 Address Configuration Parameters Parameter Type 283 ------------------------------------------------- 284 Add IP Address 0xC001 285 Delete IP Address 0xC002 286 Set Primary Address 0xC004 288 Table 3: Parameters used in ASCONF Parameter 290 Address Configuration Parameters Parameter Type 291 ------------------------------------------------- 292 Error Cause Indication 0xC003 293 Success Indication 0xC005 295 Table 4: Parameters used in ASCONF Parameter Response 297 Any parameter that appears where it is not allowed (for example a 298 0xC002 parameter appearing within an INIT or INIT-ACK) MAY be 299 responded to with an ABORT by the receiver of the invalid parameter. 301 3.2.1. Add IP Address 303 0 1 2 3 304 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 305 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 306 | Type = 0xC001 | Length = Variable | 307 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 308 | ASCONF-Request Correlation ID | 309 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 310 | Address Parameter | 311 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 313 ASCONF-Request Correlation ID: 32 bits 315 This is an opaque integer assigned by the sender to identify each 316 request parameter. It is in host byte order and is only meaningful 317 to the sender. The receiver of the ASCONF Chunk will copy this 32 318 bit value into the ASCONF Response Correlation ID field of the 319 ASCONF-ACK response parameter. The sender of the ASCONF can use this 320 same value in the ASCONF-ACK to find which request the response is 321 for. 323 Address Parameter: TLV 325 This field contains an IPv4 or IPv6 address parameter as described in 326 3.3.2.1 of RFC2960 [RFC2960]. The complete TLV is wrapped within 327 this parameter. It informs the receiver that the address specified 328 is to be added to the existing association. This parameter MUST NOT 329 contain a broadcast or multicast address. If the address 0.0.0.0 or 330 ::0 is provided, the source address of the packet MUST be added. 332 An example TLV requesting that the IPv4 address 10.1.1.1 be added to 333 the association would look as follows: 335 +--------------------------------+ 336 | Type=0xC001 | Length = 16 | 337 +--------------------------------+ 338 | C-ID = 0x01023474 | 339 +--------------------------------+ 340 | Type=5 | Length = 8 | 341 +----------------+---------------+ 342 | Value=0x0a010101 | 343 +----------------+---------------+ 345 Valid Chunk Appearance 347 The Add IP Address parameter may only appear in the ASCONF Chunk 348 type. 350 3.2.2. Delete IP Address 352 0 1 2 3 353 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 354 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 355 | Type =0xC002 | Length = Variable | 356 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 357 | ASCONF-Request Correlation ID | 358 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 359 | Address Parameter | 360 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 362 ASCONF-Request Correlation ID: 32 bits 364 This is an opaque integer assigned by the sender to identify each 365 request parameter. It is in host byte order and is only meaningful 366 to the sender. The receiver of the ASCONF Chunk will copy this 32 367 bit value into the ASCONF Response Correlation ID field of the 368 ASCONF-ACK response parameter. The sender of the ASCONF can use this 369 same value in the ASCONF-ACK to find which request the response is 370 for. 372 Address Parameter: TLV 374 This field contains an IPv4 or IPv6 address parameter as described in 375 3.3.2.1 of RFC2960 [RFC2960]. The complete TLV is wrapped within 376 this parameter. It informs the receiver that the address specified 377 is to be removed from the existing association. This parameter MUST 378 NOT contain a broadcast or multicast address. If the address 0.0.0.0 379 or ::0 is provided, all addresses of the peer except the source 380 address of the packet MUST be deleted. 382 An example TLV deleting the IPv4 address 10.1.1.1 from an existing 383 association would look as follows: 385 +--------------------------------+ 386 | Type=0xC002 | Length = 16 | 387 +--------------------------------+ 388 | C-ID = 0x01023476 | 389 +--------------------------------+ 390 | Type=5 | Length = 8 | 391 +----------------+---------------+ 392 | Value=0x0a010101 | 393 +----------------+---------------+ 395 Valid Chunk Appearance 397 The Delete IP Address parameter may only appear in the ASCONF Chunk 398 type. 400 3.2.3. Error Cause Indication 402 0 1 2 3 403 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 404 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 405 | Type = 0xC003 | Length = Variable | 406 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 407 | ASCONF-Response Correlation ID | 408 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 409 | Error Cause(s) or Return Info on Success | 410 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 412 ASCONF-Response Correlation ID: 32 bits 414 This is an opaque integer assigned by the sender to identify each 415 request parameter. The receiver of the ASCONF Chunk will copy this 416 32 bit value from the ASCONF-Request Correlation ID into the ASCONF 417 Response Correlation ID field so the peer can easily correlate the 418 request to this response. 420 Error Cause(s): TLV(s) 422 When reporting an error this response parameter is used to wrap one 423 or more standard error causes normally found within an SCTP 424 Operational Error or SCTP Abort (as defined in RFC2960 [RFC2960]). 425 The Error Cause(s) follow the format defined in section 3.3.10 of 426 RFC2960 [RFC2960]. 428 Valid Chunk Appearance 430 The Error Cause Indication parameter may only appear in the ASCONF- 431 ACK chunk type. 433 3.2.4. Set Primary IP Address 435 0 1 2 3 436 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 437 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 438 | Type =0xC004 | Length = Variable | 439 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 440 | ASCONF-Request Correlation ID | 441 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 442 | Address Parameter | 443 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 445 ASCONF-Request Correlation ID: 32 bits 447 This is an opaque integer assigned by the sender to identify each 448 request parameter. It is in host byte order and is only meaningful 449 to the sender. The receiver of the ASCONF Chunk will copy this 32 450 bit value into the ASCONF Response Correlation ID field of the 451 ASCONF-ACK response parameter. The sender of the ASCONF can use this 452 same value in the ASCONF-ACK to find which request the response is 453 for. 455 Address Parameter: TLV 457 This field contains an IPv4 or IPv6 address parameter as described in 458 3.3.2.1 of RFC2960 [RFC2960]. The complete TLV is wrapped within 459 this parameter. It requests the receiver to mark the specified 460 address as the primary address to send data to (see section 5.1.2 of 461 RFC2960 [RFC2960]). The receiver MAY mark this as its primary upon 462 receiving this request. If the address 0.0.0.0 or ::0 is provided, 463 the receiver MAY mark the source address of the packet as its 464 primary. 466 An example TLV requesting that the IPv4 address 10.1.1.1 be made the 467 primary destination address would look as follows: 469 +--------------------------------+ 470 | Type=0xC004 | Length = 16 | 471 +--------------------------------+ 472 | C-ID = 0x01023479 | 473 +--------------------------------+ 474 | Type=5 | Length = 8 | 475 +----------------+---------------+ 476 | Value=0x0a010101 | 477 +----------------+---------------+ 479 Valid Chunk Appearance 481 The Set Primary IP Address parameter may appear in the ASCONF Chunk, 482 the INIT, or the INIT-ACK chunk type. The inclusion of this 483 parameter in the INIT or INIT-ACK can be used to indicate an initial 484 preference of primary address. 486 3.2.5. Success Indication 488 0 1 2 3 489 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 490 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 491 | Type = 0xC005 | Length = 8 | 492 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 493 | ASCONF-Response Correlation ID | 494 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 496 By default if a responding endpoint does not report an error for any 497 requested TLV, a success is implicitly indicated. Thus a sender of a 498 ASCONF-ACK MAY indicate complete success of all TLVs in an ASCONF by 499 returning only the Chunk Type, Chunk Flags, Chunk Length (set to 8) 500 and the Serial Number. 502 The responding endpoint MAY also choose to explicitly report a 503 success for a requested TLV, by returning a success report ASCONF 504 Parameter Response. 506 ASCONF-Response Correlation ID: 32 bits 508 This is an opaque integer assigned by the sender to identify each 509 request parameter. The receiver of the ASCONF Chunk will copy this 510 32 bit value from the ASCONF-Request Correlation ID into the ASCONF 511 Response Correlation ID field so the peer can easily correlate the 512 request to this response. 514 Valid Chunk Appearance 516 The Success Indication parameter may only appear in the ASCONF-ACK 517 chunk type. 519 3.2.6. Adaptation Layer Indication 521 0 1 2 3 522 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 523 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 524 | Type =0xC006 | Length = 8 | 525 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 526 | Adaptation Code point | 527 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 529 This parameter is specified for the communication of peer upper layer 530 protocols. It is envisioned to be used for flow control and other 531 adaptation layers that require an indication to be carried in the 532 INIT and INIT-ACK. Each adaptation layer that is defined that wishes 533 to use this parameter MUST specify a an adaptation code point in an 534 appropriate RFC defining its use and meaning. This parameter SHOULD 535 NOT be examined by the receiving SCTP implementation and should be 536 passed opaquely to the upper layer protocol. 538 Valid Chunk Appearance 540 The Adaptation Layer Indication parameter may appear in INIT or INIT- 541 ACK chunk and SHOULD be passed to the receivers upper layer protocol. 542 This parameter MUST NOT appear in a ASCONF chunk. 544 3.2.7. Supported Extensions Parameter 546 This parameter is used at startup to identify any additional 547 extensions that the sender supports. The sender MUST support both 548 the sending and the receiving of any chunk types listed within the 549 Supported Extensions Parameter. 551 0 1 2 3 552 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 553 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 554 | Parameter Type = 0x8008 | Parameter Length | 555 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 556 | CHUNK TYPE 1 | CHUNK TYPE 2 | CHUNK TYPE 3 | CHUNK TYPE 4 | 557 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 558 | .... | 559 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 560 | CHUNK TYPE N | PAD | PAD | PAD | 561 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 563 Parameter Type This field holds the IANA defined parameter type for 564 Supported Extensions Parameter. The suggested value of this field 565 for IANA is 0x8008. 566 Parameter Type Length This field holds the length of the parameter, 567 including the Parameter Type, Parameter Length and any addition 568 supported extensions. Note the length MUST NOT include any 569 padding. 570 CHUNK TYPE X This field(s) hold the chunk type of any SCTP 571 extension(s) that are currently supported by the sending SCTP. 572 Multiple chunk types may be defined listing each additional 573 feature that the sender supports. The sender MUST NOT include 574 multiple Supported Extensions Parameter within any chunk. 575 Parameter Appearance This parameter may appear in the INIT or INIT- 576 ACK chunk. This parameter MUST NOT appear in any other chunk. 578 3.3. New Error Causes 580 Five new Error Causes are added to the SCTP Operational Errors, 581 primarily for use in the ASCONF-ACK chunk. 583 Cause Code 584 Value Cause Code 585 --------- ---------------- 586 0x0100 Request to Delete Last Remaining IP Address. 587 0x0101 Operation Refused Due to Resource Shortage. 588 0x0102 Request to Delete Source IP Address. 589 0x0103 Association Aborted due to illegal ASCONF-ACK 590 0x0104 Request refused - no authorization. 592 Table 5: New Error Causes 594 3.3.1. Error Cause: Request to Delete Last Remaining IP Address 596 Cause of error 597 Request to Delete Last Remaining IP address: The receiver of this 598 error sent a request to delete the last IP address from its 599 association with its peer. This error indicates that the request is 600 rejected. 602 0 1 2 3 603 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 604 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 605 | Cause Code=0x0100 | Cause Length=Variable | 606 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 607 \ TLV-Copied-From-ASCONF / 608 / \ 609 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 611 An example of a failed delete in an Error Cause TLV would look as 612 follows in the response ASCONF-ACK message: 614 +--------------------------------+ 615 | Type = 0xC003 | Length = 28 | 616 +----------------+---------------+ 617 | C-ID = 0x01023476 | 618 +--------------------------------+ 619 | Cause=0x0100 | Length = 20 | 620 +----------------+---------------+ 621 | Type= 0xC002 | Length = 16 | 622 +----------------+---------------+ 623 | C-ID = 0x01023476 | 624 +--------------------------------+ 625 | Type=0x0005 | Length = 8 | 626 +----------------+---------------+ 627 | Value=0x0A010101 | 628 +----------------+---------------+ 630 3.3.2. Error Cause: Operation Refused Due to Resource Shortage 632 Cause of error 634 This error cause is used to report a failure by the receiver to 635 perform the requested operation due to a lack of resources. The 636 entire TLV that is refused is copied from the ASCONF into the error 637 cause. 639 0 1 2 3 640 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 641 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 642 | Cause Code=0x0101 | Cause Length=Variable | 643 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 644 \ TLV-Copied-From-ASCONF / 645 / \ 646 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 648 An example of a failed addition in an Error Cause TLV would look as 649 follows in the response ASCONF-ACK message: 651 +--------------------------------+ 652 | Type = 0xC003 | Length = 28 | 653 +--------------------------------+ 654 | C-ID = 0x01023474 | 655 +--------------------------------+ 656 | Cause=0x0101 | Length = 20 | 657 +----------------+---------------+ 658 | Type=0xC001 | Length = 16 | 659 +--------------------------------+ 660 | C-ID = 0x01023474 | 661 +--------------------------------+ 662 | Type=0x0005 | Length = 8 | 663 +----------------+---------------+ 664 | Value=0x0A010101 | 665 +----------------+---------------+ 667 3.3.3. Error Cause: Request to Delete Source IP Address 669 Cause of error 671 Request to Delete Source IP Address: The receiver of this error sent 672 a request to delete the source IP address of the ASCONF message. 673 This error indicates that the request is rejected. 675 0 1 2 3 676 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 677 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 678 | Cause Code=0x0102 | Cause Length=Variable | 679 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 680 \ TLV-Copied-From-ASCONF / 681 / \ 682 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 684 An example of a failed delete in an Error Cause TLV would look as 685 follows in the response ASCONF-ACK message: 687 +--------------------------------+ 688 | Type = 0xC003 | Length = 28 | 689 +--------------------------------+ 690 | C-ID = 0x01023476 | 691 +--------------------------------+ 692 | Cause=0x0102 | Length = 20 | 693 +----------------+---------------+ 694 | Type=0xC002 | Length = 16 | 695 +----------------+---------------+ 696 | C-ID = 0x01023476 | 697 +--------------------------------+ 698 | Type=0x0005 | Length = 8 | 699 +----------------+---------------+ 700 | Value=0x0A010101 | 701 +----------------+---------------+ 703 IMPLEMENTATION NOTE: It is unlikely that an endpoint would source a 704 packet from the address being deleted, unless the endpoint does not 705 do proper source address selection. 707 3.3.4. Error Cause: Association Aborted due to illegal ASCONF-ACK 709 This error is to be included in an ABORT that is generated due to the 710 reception of an ASCONF-ACK that was not expected but is larger than 711 the current sequence number (see Section 4.3 Rule D0 ). Note that a 712 sequence number is larger than the last acked sequence number if it 713 is either the next sequence or no more than 2^^31-1 greater than the 714 current sequence number. 716 0 1 2 3 717 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 718 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 719 | Cause Code=0x0103 | Cause Length=4 | 720 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 722 3.3.5. Error Cause: Request refused - no authorization. 724 Cause of error 726 This error cause may be included to reject a request based on local 727 security policies. 729 0 1 2 3 730 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 731 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 732 | Cause Code=0x0104 | Cause Length=Variable | 733 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 734 \ TLV-Copied-From-ASCONF / 735 / \ 736 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 738 4. Procedures 740 This section will lay out the specific procedures for address 741 configuration change chunk type and its processing. 743 4.1. ASCONF Chunk Procedures 745 When an endpoint has an ASCONF signaled change to be sent to the 746 remote endpoint it should do the following: 748 A1) Create an ASCONF Chunk as defined in Section 3.1.1. The chunk 749 should contain all of the TLV(s) of information necessary to be 750 sent to the remote endpoint, and unique correlation identities for 751 each request. 752 A2) A serial number should be assigned to the Chunk. The serial 753 number should be a monotonically increasing number. The serial 754 number MUST be initialized at the start of the association to the 755 same value as the Initial TSN and every time a new ASCONF chunk is 756 created it is incremented by one after assigning the serial number 757 to the newly created chunk . 758 A3) If no ASCONF Chunk is outstanding (un-acknowledged) with the 759 remote peer, send the chunk. 760 A4) Start a T-4 RTO timer, using the RTO value of the selected 761 destination address (normally the primary path; see RFC2960 762 [RFC2960] section 6.4 for details). 763 A5) When the ASCONF-ACK that acknowledges the serial number last sent 764 arrives, stop the T-4 RTO timer, and clear the appropriate 765 association and destination error counters as defined in RFC2960 766 [RFC2960] section 8.1 and 8.2. 767 A6) Process all of the TLVs within the ASCONF-ACK to find out 768 particular status information returned to the various requests 769 that were sent. Use the Correlation IDs to correlate the request 770 and the responses. 771 A7) If an error response is received for a TLV parameter, all TLVs 772 with no response before the failed TLV are considered successful 773 if not reported. All TLVs after the failed response are 774 considered unsuccessful unless a specific success indication is 775 present for the parameter. 777 A8) If there is no response(s) to specific TLV parameter(s), and no 778 failures are indicated, then all request(s) are considered 779 successful. 780 A9) If the peer responds to an ASCONF with an ERROR chunk reporting 781 that it did not recognize the ASCONF chunk type, the sender of the 782 ASCONF MUST NOT send any further ASCONF chunks and MUST stop its 783 T-4 timer. 785 If the T-4 RTO timer expires the endpoint should do the following: 787 B1) Increment the error counters and perform path failure detection 788 on the appropriate destination address as defined in RFC2960 789 [RFC2960] section 8.1 and 8.2. 790 B2) Increment the association error counters and perform endpoint 791 failure detection on the association as defined in RFC2960 792 [RFC2960] section 8.1 and 8.2. 793 B3) Back-off the destination address RTO value to which the ASCONF 794 chunk was sent by doubling the RTO timer value. 795 Note: The RTO value is used in the setting of all timer types for 796 SCTP. Each destination address has a single RTO estimate. 797 B4) Re-transmit the ASCONF Chunk last sent and if possible choose an 798 alternate destination address (please refer to RFC2960 [RFC2960] 799 section 6.4.1). An endpoint MUST NOT add new parameters to this 800 chunk, it MUST be the same (including its serial number) as the 801 last ASCONF sent. 802 B5) Restart the T-4 RTO timer. Note that if a different destination 803 is selected, then the RTO used will be that of the new destination 804 address. 806 Note: the total number of re-transmissions is limited by B2 above. 807 If the maximum is reached, the association will fail and enter into 808 the CLOSED state (see RFC2960 [RFC2960] section 6.4.1 for details). 810 4.1.1. Congestion Control of ASCONF Chunks 812 In defining the ASCONF Chunk transfer procedures, it is essential 813 that these transfers MUST NOT cause congestion within the network. 814 To achieve this, we place these restrictions on the transfer of 815 ASCONF Chunks: 817 R1) One and only one ASCONF Chunk MAY be in transit and 818 unacknowledged at any one time. If a sender, after sending an 819 ASCONF chunk, decides it needs to transfer another ASCONF Chunk, 820 it MUST wait until the ASCONF-ACK Chunk returns from the previous 821 ASCONF Chunk before sending a subsequent ASCONF. Note this 822 restriction binds each side, so at any time two ASCONF may be in- 823 transit on any given association (one sent from each endpoint). 825 R2) An ASCONF may be bundled with any other chunk type (except other 826 ASCONF Chunks). 827 R3) An ASCONF-ACK may be bundled with any other chunk type except 828 other ASCONF-ACKs. 829 R4) Both ASCONF and ASCONF-ACK chunks MUST NOT be sent in any SCTP 830 state except ESTABLISHED, SHUTDOWN-PENDING, SHUTDOWN-RECEIVED and 831 SHUTDOWN-SENT. 832 R5) An ASCONF MUST NOT be larger than the path MTU of the 833 destination. 834 R6) An ASCONF-ACK SHOULD not be larger than the path MTU. In some 835 circumstances an ASCONF-ACK may exceed the path MTU and in such a 836 case IP fragmentation should be used to transmit the chunk. 838 If the sender of an ASCONF Chunk receives an Operational Error 839 indicating that the ASCONF chunk type is not understood, then the 840 sender MUST NOT send subsequent ASCONF Chunks to the peer. The 841 endpoint should also inform the upper layer application that the peer 842 endpoint does not support any of the extensions detailed in this 843 document. 845 4.2. Upon reception of an ASCONF Chunk. 847 When an endpoint receives an ASCONF Chunk from the remote peer 848 special procedures MAY be needed to identify the association the 849 ASCONF Chunk is associated with. To properly find the association 850 the following procedures should be followed: 852 L1) Use the source address and port number of the sender to attempt 853 to identify the association (i.e. use the same method defined in 854 RFC2960 [RFC2960] used for all other SCTP chunks). If found 855 proceed to rule L4. 856 L2) If the association is not found, use the address found in the 857 Address Parameter TLV combined with the port number found in the 858 SCTP common header. If found proceed to rule L4. 859 L3) If neither L1 or L2 locates the association, treat the chunk as 860 an Out Of The Blue chunk as defined in RFC2960 [RFC2960]. 861 L4) Follow the normal rules to validate the SCTP verification tag 862 found in RFC2960 [RFC2960]. 864 After identification and verification of the association, the 865 following should be performed to properly process the ASCONF Chunk: 867 C1) Compare the value of the serial number to the value the endpoint 868 stored in a new association variable 'Peer-Serial-Number'. This 869 value MUST be initialized to the Initial TSN value minus 1. 871 C2) If the value found in the serial number is equal to the ('Peer- 872 Serial-Number' + 1), the endpoint MUST: 874 V1) Process the TLVs contained within the Chunk performing the 875 appropriate actions as indicated by each TLV type. The TLVs 876 MUST be processed in order within the Chunk. For example, if 877 the sender puts 3 TLVs in one chunk, the first TLV (the one 878 closest to the Chunk Header) in the Chunk MUST be processed 879 first. The next TLV in the chunk (the middle one) MUST be 880 processed second and finally the last TLV in the Chunk MUST be 881 processed last. If the association was found via L2, the first 882 parameter MUST be an Add IP address parameter for the source 883 address of the packet. If it is not the case the ASCONF is 884 silently discarded. Please note that this new address can not 885 be deleted by a later parameter in the chunk because it is the 886 source address of the packet. 887 V2) In processing the chunk, the receiver should build a response 888 message with the appropriate error TLVs, as specified in the 889 Parameter type bits for any ASCONF Parameter it does not 890 understand. To indicate an unrecognized parameter, cause type 891 8 as defined in the ERROR in 3.3.10.8 of RFC2960 [RFC2960] 892 should be used. The endpoint may also use the response to 893 carry rejections for other reasons such as resource shortages 894 etc, using the Error Cause TLV and an appropriate error 895 condition. 896 Note: a positive response is implied if no error is indicated 897 by the sender. 898 V3) All responses MUST copy the ASCONF-Request Correlation ID 899 field received in the ASCONF parameter, from the TLV being 900 responded to, into the ASCONF-Request Correlation ID field in 901 the response parameter. 902 V4) After processing the entire Chunk, the receiver of the ASCONF 903 MUST send all TLVs for both unrecognized parameters and any 904 other status TLVs inside the ASCONF-ACK chunk that acknowledges 905 the arrival and processing of the ASCONF Chunk. 906 V5) Update the 'Peer-Serial-Number' to the value found in the 907 serial number field. 908 C3) If the value found in the serial number is equal to the value 909 stored in the 'Peer-Serial-Number', the endpoint should: 911 X1) Parse the ASCONF Chunk TLVs but the endpoint MUST NOT take any 912 action on the TLVs parsed (since it has already performed these 913 actions). 914 X2) Build a response message with the appropriate response TLVs as 915 specified in the ASCONF Parameter type bits, for any parameter 916 it does not understand or could not process. 918 X3) After parsing the entire Chunk, it MUST send any response TLV 919 errors and status with an ASCONF-ACK chunk acknowledging the 920 arrival and processing of the ASCONF Chunk. 921 X4) The endpoint MUST NOT update its 'Peer-Serial-Number'. 922 Note: the response to the retransmitted ASCONF MUST be the same as 923 the original response. This MAY mean an implementation must keep 924 state in order to respond with the same exact answer (including 925 resource considerations that may have made the implementation 926 refuse a request). 927 IMPLEMENTATION NOTE: As an optimization a receiver may wish to 928 save the last ASCONF-ACK for some predetermined period of time and 929 instead of re-processing the ASCONF (with the same serial number) 930 it may just re-transmit the ASCONF-ACK. It may wish to use the 931 arrival of a new serial number to discard the previously saved 932 ASCONF-ACK or any other means it may choose to expire the saved 933 ASCONF-ACK. 934 C4) Otherwise, the ASCONF Chunk is discarded since it must be either 935 a stale packet or from an attacker. A receiver of such a packet 936 MAY log the event for security purposes. 937 C5) In both cases C2 and C3 the ASCONF-ACK MUST be sent back to the 938 source address contained in the IP header of the ASCONF being 939 responded to. 941 4.3. General rules for address manipulation 943 When building TLV parameters for the ASCONF Chunk that will add or 944 delete IP addresses the following rules should be applied: 946 D0) If an endpoint receives an ASCONF-ACK that is greater than or 947 equal to the next serial number to be used but no ASCONF chunk is 948 outstanding the endpoint MUST ABORT the association. Note that a 949 sequence number is greater than if it is no more than 2^^31-1 950 larger than the current sequence number (using serial arithmetic). 951 D1) When adding an IP address to an association, the IP address is 952 NOT considered fully added to the association until the ASCONF-ACK 953 arrives. This means that until such time as the ASCONF containing 954 the add is acknowledged the sender MUST NOT use the new IP address 955 as a source for ANY SCTP packet except on carrying an ASCONF 956 chunk. The receiver of the add IP address request may use the 957 address as a destination immediately. The receiver MUST use the 958 path verification procedure for the added address before using 959 that address. The receiver MUST NOT send packets to the new 960 address except for the corresponding ASCONF-ACK chunk or HEARTBEAT 961 chunks for path verification before the new path is verified. If 962 the ASCONF-ACK is sent to the new address it MAY be bundled with 963 the HEARTBEAT chunk for path verification. 965 D2) After the ASCONF-ACK of an IP address add arrives, the endpoint 966 MAY begin using the added IP address as a source address for any 967 type of SCTP chunk. 968 D3a) If an endpoint receives an Error Cause TLV indicating that the 969 IP address Add or IP address Deletion parameters was not 970 understood, the endpoint MUST consider the operation failed and 971 MUST NOT attempt to send any subsequent Add or Delete requests to 972 the peer. 973 D3b) If an endpoint receives an Error Cause TLV indicating that the 974 IP address Set Primary IP Address parameter was not understood, 975 the endpoint MUST consider the operation failed and MUST NOT 976 attempt to send any subsequent Set Primary IP Address requests to 977 the peer. 978 D4) When deleting an IP address from an association, the IP address 979 MUST be considered a valid destination address for the reception 980 of SCTP packets until the ASCONF-ACK arrives and MUST NOT be used 981 as a source address for any subsequent packets. This means that 982 any datagrams that arrive before the ASCONF-ACK destined to the IP 983 address being deleted MUST be considered part of the current 984 association. One special consideration is that ABORT chunks 985 arriving destined to the IP address being deleted MUST be ignored 986 (see Section 4.3.1 for further details). 987 D5) An endpoint MUST NOT delete its last remaining IP address from an 988 association. In other words if an endpoint is NOT multi-homed it 989 MUST NOT use the delete IP address without an add IP address 990 preceding the delete parameter in the ASCONF chunk. Or if an 991 endpoint sends multiple requests to delete IP addresses it MUST 992 NOT delete all of the IP addresses that the peer has listed for 993 the requester. 994 D6) An endpoint MUST NOT set an IP header source address for an SCTP 995 packet holding the ASCONF Chunk to be the same as an address being 996 deleted by the ASCONF Chunk. 997 D7) If a request is received to delete the last remaining IP address 998 of a peer endpoint, the receiver MUST send an Error Cause TLV with 999 the error cause set to the new error code 'Request to Delete Last 1000 Remaining IP Address'. The requested delete MUST NOT be performed 1001 or acted upon, other than to send the ASCONF-ACK. 1002 D8) If a request is received to delete an IP address which is also 1003 the source address of the IP packet which contained the ASCONF 1004 chunk, the receiver MUST reject this request. To reject the 1005 request the receiver MUST send an Error Cause TLV set to the new 1006 error code 'Request to Delete Source IP Address' (unless Rule D5 1007 has also been violated, in which case the error code 'Request to 1008 Delete Last Remaining IP Address' is sent). 1010 D9) If an endpoint receives an ADD IP address request and does not 1011 have the local resources to add this new address to the 1012 association, it MUST return an Error Cause TLV set to the new 1013 error code 'Operation Refused Due to Resource Shortage'. 1014 D10) If an endpoint receives an 'Out of Resource' error in response 1015 to its request to ADD an IP address to an association, it must 1016 either ABORT the association or not consider the address part of 1017 the association. In other words if the endpoint does not ABORT 1018 the association, it must consider the add attempt failed and NOT 1019 use this address since its peer will treat SCTP packets destined 1020 to the address as Out Of The Blue packets. 1021 D11) When an endpoint receiving an ASCONF to add an IP address sends 1022 an 'Out of Resource' in its response, it MUST also fail any 1023 subsequent add or delete requests bundled in the ASCONF. The 1024 receiver MUST NOT reject an ADD and then accept a subsequent 1025 DELETE of an IP address in the same ASCONF Chunk. In other words, 1026 once a receiver begins failing any ADD or DELETE request, it must 1027 fail all subsequent ADD or DELETE requests contained in that 1028 single ASCONF. 1029 D12) When an endpoint receives a request to delete an IP address that 1030 is the current primary address, it is an implementation decision 1031 as to how that endpoint chooses the new primary address. 1032 D13) When an endpoint receives a valid request to DELETE an IP 1033 address the endpoint MUST consider the address no longer as part 1034 of the association. It MUST NOT send SCTP packets for the 1035 association to that address and it MUST treat subsequent packets 1036 received from that address as Out Of The Blue. 1037 During the time interval between sending out the ASCONF and 1038 receiving the ASCONF-ACK it MAY be possible to receive DATA chunks 1039 out of order. The following examples illustrate these problems: 1041 Endpoint-A Endpoint-Z 1042 ---------- ---------- 1043 ASCONF[Add-IP:X]------------------------------> 1044 /--ASCONF-ACK 1045 / 1046 /--------/---New DATA: 1047 / / Destination 1048 <-------------------/ / IP:X 1049 / 1050 <--------------------------/ 1052 In the above example we see a new IP address (X) being added to the 1053 Endpoint-A. However due to packet re-ordering in the network a new 1054 DATA chunk is sent and arrives at Endpoint-A before the ASCONF-ACK 1055 confirming the add of the address to the association. 1057 A similar problem exists with the deletion of an IP address as 1058 follows: 1060 Endpoint-A Endpoint-Z 1061 ---------- ---------- 1062 /------------New DATA: 1063 / Destination 1064 / IP:X 1065 ASCONF [DEL-IP:X]---------/----------------> 1066 <-----------------/------------------ASCONF-ACK 1067 / 1068 / 1069 <-------------/ 1071 In this example we see a DATA chunk destined to the IP:X (which is 1072 about to be deleted) arriving after the deletion is complete. For 1073 the ADD case an endpoint SHOULD consider the newly adding IP address 1074 valid for the association to receive data from during the interval 1075 when awaiting the ASCONF-ACK. The endpoint MUST NOT source data from 1076 this new address until the ASCONF-ACK arrives but it may receive out 1077 of order data as illustrated and MUST NOT treat this data as an OOTB 1078 datagram (please see RFC2960 [RFC2960] section 8.4). It MAY drop the 1079 data silently or it MAY consider it part of the association but it 1080 MUST NOT respond with an ABORT. 1082 For the DELETE case, an endpoint MAY respond to the late arriving 1083 DATA packet as an OOTB datagram or it MAY hold the deleting IP 1084 address for a small period of time as still valid. If it treats the 1085 DATA packet as an OOTB the peer will silently discard the ABORT 1086 (since by the time the ABORT is sent the peer will have removed the 1087 IP address from this association). If the endpoint elects to hold 1088 the IP address valid for a period of time, it MUST NOT hold it valid 1089 longer than 2 RTO intervals for the destination being removed. 1091 4.3.1. A special case for OOTB ABORT chunks 1093 Another case worth mentioning is illustrated below: 1095 Endpoint-A Endpoint-Z 1096 ---------- ---------- 1098 New DATA:------------\ 1099 Source IP:X \ 1100 \ 1101 ASCONF-REQ[DEL-IP:X]----\------------------> 1102 \ /---------ASCONF-ACK 1103 \ / 1104 \----/-----------> OOTB 1105 (Ignored <---------------------/-------------ABORT 1106 by rule D4) / 1107 <---------------------/ 1109 For this case, during the deletion of an IP address, an Abort MUST be 1110 ignored if the destination address of the Abort message is that of a 1111 destination being deleted. 1113 4.3.2. A special case for changing an address. 1115 In some instances the sender may only have one IP address in an 1116 association that is being renumbered. When this occurs, the sender 1117 may not be able to send to the peer the appropriate ADD/DELETE pair 1118 and use the old address as a source in the IP header. For this 1119 reason the sender MUST fill in the Address Parameter field with an 1120 address that is part of the association (in this case the one being 1121 deleted). This will allow the receiver to locate the association 1122 without using the source address found in the IP header. 1124 The receiver of such a chunk MUST always first use the source address 1125 found in the IP header in looking up the association. The receiver 1126 should attempt to use the address found in the Address Bytes field 1127 only if the lookup fails using the source address from the IP header. 1128 The receiver MUST reply to the source address of the packet in this 1129 case which is the new address that was added by the ASCONF (since the 1130 old address is no longer a part of the association after processing). 1132 4.4. Setting of the primary address 1134 A sender of this option may elect to send this combined with a 1135 deletion or addition of an address. A sender SHOULD only send a set 1136 primary request to an address that is already considered part of the 1137 association. In other words if a sender combines a set primary with 1138 an add of a new IP address the set primary will be discarded unless 1139 the add request is to be processed BEFORE the set primary (i.e. it 1140 precedes the set primary). 1142 A request to set primary MAY also appear in an INIT or INIT-ACK 1143 chunk. This can give advice to the peer endpoint as to which of its 1144 addresses the sender of the INIT or INIT-ACK would prefer to be used 1145 as the primary address. 1147 The request to set an address as the primary path is an option the 1148 receiver SHOULD perform. It is considered advice to the receiver of 1149 the best destination address to use in sending SCTP packets (in the 1150 requesters view). If a request arrives that asks the receiver to set 1151 an address as primary that does not exist, the receiver should NOT 1152 honor the request, leaving its existing primary address unchanged. 1154 5. Security Considerations 1156 The addition and or deletion of an IP address to an existing 1157 association does provide an additional mechanism by which existing 1158 associations can be hijacked. Therefore this document requires the 1159 use of the authentication mechanism defined in SCTP-AUTH [I-D.ietf- 1160 tsvwg-sctp-auth] to limit the ability of an attacker to hijack an 1161 association. 1163 Hijacking an association by using the addition and deletion of an IP 1164 address is only possible for an attacker who is able to intercept the 1165 initial two packets of the association setup when the SCTP-AUTH 1166 extension is used without pre-shared keys.. If such a threat is 1167 considered a possibility, then the SCTP-AUTH [I-D.ietf-tsvwg-sctp- 1168 auth] extension MUST be used with a preconfigured shared end-point 1169 pair key to mitigate this threat. For a more detailed analysis see 1170 SCTP-AUTH [I-D.ietf-tsvwg-sctp-auth]. 1172 If an SCTP endpoint that supports this extension receives an INIT 1173 that indicates that the peer supports the ASCONF extension but does 1174 NOT support the SCTP-AUTH [I-D.ietf-tsvwg-sctp-auth] extension, the 1175 receiver of such an INIT MUST send an ABORT in response to such an 1176 INIT. Note that an implementation is allowed to silently discard 1177 such an INIT as an option as well but under NO circumstance is an 1178 implementation allowed to proceed with the association setup by 1179 sending an INIT-ACK in response. 1181 An implementation that receives an INIT-ACK that indicates that the 1182 peer does not support the SCTP-AUTH [I-D.ietf-tsvwg-sctp-auth] 1183 extension MUST NOT send the COOKIE-ECHO to establish the association. 1184 Instead the implementation MUST discard the INIT-ACK and report to 1185 the upper layer user that an association cannot be established 1186 destroying the TCB. 1188 6. IANA considerations 1190 This document defines the following new SCTP parameters, chunks and 1191 errors: 1193 o Two new chunk types, 1194 o Seven parameter types, and 1195 o Five new SCTP error causes. 1197 One of the two new chunk types must come from the range of chunk 1198 types where the upper two bits are one, we recommend 0xC1 but any 1199 other available code point with the upper bits set is also 1200 acceptable. The second chunk type must come from the range where 1201 only the upper bit is set to one. We recommend 0x80 but any other 1202 available code point with the upper bit set is also acceptable. The 1203 suggested chunk types are listed in Table 1. 1205 All but one of the parameter types must come from the range of types 1206 where the upper two bits are set, we recommend 0xC001 - 0xC006, as 1207 specified in this document. The other parameter type must come from 1208 the 0x8000 range, we recommend 0x8008. Note that for any of these 1209 values a different unique parameter type may be assigned by IANA as 1210 long as the upper bits correspond to the ones specified in this 1211 document. The suggested parameter types are listed in Table 2, Table 1212 3, and Table 4. 1214 The five new error causes can be any value, in this document we have 1215 used 0x0100-0x0104 in an attempt to separate these from the common 1216 ranges of error codes. Any other unassigned values are also 1217 acceptable. The suggested error causes are listed in Table 5. 1219 This document also defines a Adaptation code point. The adaptation 1220 code point is a 32 bit integer that is assigned by IANA through an 1221 IETF Consensus action as defined in RFC2434 [RFC2434]. 1223 7. Acknowledgments 1225 The authors wish to thank Jon Berger, Greg Kendall, Seok Koh, Peter 1226 Lei, John Loughney, Ivan Arias Rodriguez, Renee Revis, Marshall Rose, 1227 Chip Sharp, and Irene Ruengeler for their invaluable comments. 1229 The authors would also like to give special mention to Maria-Carmen 1230 Belinchon and Ian Rytina for there early contributions to this 1231 document and their thoughtful comments. 1233 8. References 1235 [RFC2026] Bradner, S., "The Internet Standards Process -- Revision 1236 3", BCP 9, RFC 2026, October 1996. 1238 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1239 Requirement Levels", BCP 14, RFC 2119, March 1997. 1241 [RFC2402] Kent, S. and R. Atkinson, "IP Authentication Header", 1242 RFC 2402, November 1998. 1244 [RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing an 1245 IANA Considerations Section in RFCs", BCP 26, RFC 2434, 1246 October 1998. 1248 [RFC2629] Rose, M., "Writing I-Ds and RFCs using XML", RFC 2629, 1249 June 1999. 1251 [RFC2960] Stewart, R., Xie, Q., Morneault, K., Sharp, C., 1252 Schwarzbauer, H., Taylor, T., Rytina, I., Kalla, M., 1253 Zhang, L., and V. Paxson, "Stream Control Transmission 1254 Protocol", RFC 2960, October 2000. 1256 [I-D.ietf-tsvwg-sctp-auth] 1257 Tuexen, M., "Authenticated Chunks for Stream Control 1258 Transmission Protocol (SCTP)", 1259 draft-ietf-tsvwg-sctp-auth-02 (work in progress), 1260 March 2006. 1262 Appendix A. Abstract Address Handling 1264 A.1. General remarks 1266 The following text provides a working definition of the endpoint 1267 notion to discuss address reconfiguration. It is not intended to 1268 restrict implementations in any way, its goal is to provide as set of 1269 definitions only. Using these definitions should make a discussion 1270 about address issues easier. 1272 A.2. Generalized endpoints 1274 A generalized endpoint is a pair of a set of IP addresses and a port 1275 number at any given point of time. The precise definition is as 1276 follows: 1278 A generalized endpoint gE at time t is given by 1279 gE(t) = ({IP1, ..., IPn}, Port) 1281 where {IP1, ..., IPn} is a non empty set of IP addresses. 1283 Please note that the dynamic addition and deletion of IP-addresses 1284 described in this document allows the set of IP-addresses of a 1285 generalized endpoint to be changed at some point of time. The port 1286 number can never be changed. 1288 The set of IP addresses of a generalized endpoint gE at a time t is 1289 defined as 1291 Addr(gE)(t) = {IP1, ..., IPn} 1293 if gE(t) = ({IP1, ..., IPn}, Port) holds at time t. 1295 The port number of a generalized endpoint gE is defined as 1297 Port(gE) = Port 1299 if gE(t) = ({IP1, ..., IPn}, Port) holds at time t. 1301 There is one fundamental rule which restricts all generalized 1302 endpoints: 1304 For two different generalized endpoints gE' and gE'' with the same 1305 port number Port(gE') = Port(gE'') the address sets Addr(gE')(t) and 1306 Addr(gE'')(t) must be disjoint at every point of time. 1308 A.3. Associations 1310 Associations consists of two generalized endpoints and the two 1311 address sets known by the peer at any time. The precise definition 1312 is as follows: 1314 An association A between to different generalized endpoints gE' and 1315 gE'' is given by 1317 A = (gE', S', gE'', S'') 1319 where S'(t) and S''(t) are set of addresses at any time t such that 1320 S'(t) is a non-empty subset of Addr(gE')(t) and S''(t) is a non-empty 1321 subset of Addr(gE'')(t). 1323 If A = (gE', S', gE'', S'') is an association between the generalized 1324 endpoints gE' and gE'' the following notion is used: 1326 Addr(A, gE') = S' and Addr(A, gE'') = S''. 1328 If the dependency on time is important the notion Addr(A, gE')(t) = 1329 S'(t) will be used. 1331 If A is an association between gE' and gE'' then Addr(A, gE') is the 1332 subset of IP addresses of gE' which is known by gE'' and used by gE'. 1334 Association establishment between gE' and gE'' can be seen as: 1336 1. gE' and gE'' do exist before the association. 1337 2. If an INIT has to be send from gE' to gE'' address scoping rules 1338 and other limitations are applied to calculate the subset S' from 1339 Addr(gE'). The addresses of S' are included in the INIT chunk. 1340 3. If an INIT-ACK has to be send from gE'' to gE' address scoping 1341 rules and other limitations are applied to calculate the subset 1342 S'' from Addr(gE''). The addresses of S'' are included in the 1343 INIT-ACK chunk. 1344 4. After the handshake the association A = (gE', S', gE'', S'') has 1345 been established. 1346 5. Right after the association establishment Addr(A, gE') and 1347 Addr(A, gE'') are the addresses which have been seen on the wire 1348 during the handshake. 1350 A.4. Relationship with RFC 2960 1352 RFC2960 [RFC2960] defines the notion of an endpoint. This subsection 1353 will show that these endpoints are also (special) generalized 1354 endpoints. 1356 RFC2960 [RFC2960] has no notion of address scoping or other address 1357 handling limitations and provides no mechanism to change the 1358 addresses of an endpoint. 1360 This means that an endpoint is simply a generalized endpoint which 1361 does not depend on the time. Neither the Port nor the address list 1362 changes. 1364 During association setup no address scoping rules or other 1365 limitations will be applied. This means that for an association A 1366 between two endpoints gE' and gE'' the following is true: 1368 Addr(A, gE') = Addr(gE') and Addr(A, gE'') = Addr(gE''). 1370 A.5. Rules for address manipulation 1372 The rules for address manipulation can now be stated in a simple way: 1373 1. An address can be added to a generalized endpoint gE only if this 1374 address is not an address of a different generalized endpoint 1375 with the same port number. 1377 2. An address can be added to an association A with generalized 1378 endpoint gE if it has been added to the generalized endpoint gE 1379 first. This means that the address must be an element of 1380 Addr(gE) first and then it can become an element of Addr(A, gE). 1381 But this is not necessary. If the association does not allow the 1382 reconfiguration of the addresses only Addr(gE) can be modified. 1383 3. An address can be deleted from an association A with generalized 1384 endpoint gE as long as Addr(A, gE) stays non-empty. 1385 4. An address can be deleted from an generalized endpoint gE only if 1386 it has been removed from all associations having gE as a 1387 generalized endpoint. 1389 These rules simply make sure that the rules for the endpoints and 1390 associations given above are always fulfilled. 1392 Authors' Addresses 1394 Randall R. Stewart 1395 Cisco Systems, Inc. 1396 4875 Forest Drive 1397 Suite 200 1398 Columbia, SC 29206 1399 US 1401 Phone: 1402 Email: rrs@cisco.com 1404 Michael A. Ramalho 1405 Cisco Systems, Inc. 1406 1802 Rue de la Porte 1407 Wall Township, NJ 07719-3784 1408 USA 1410 Phone: +1.732.449.5762 1411 Email: mramalho@cisco.com 1413 Qiaobing Xie 1414 Motorola, Inc. 1415 1501 W. Shure Drive, #2309 1416 Arlington Heights, IL 60004 1417 USA 1419 Phone: +1-847-632-3028 1420 Email: qxie1@email.mot.com 1422 Michael Tuexen 1423 Univ. of Applied Sciences Muenster 1424 Stegerwaldstr. 39 1425 48565 Steinfurt 1426 Germany 1428 Email: tuexen@fh-muenster.de 1429 Phillip T. Conrad 1430 University of Delaware 1431 Department of Computer and Information Sciences 1432 Newark, DE 19716 1433 US 1435 Phone: +1 302 831 8622 1436 Email: conrad@acm.org 1437 URI: http://www.cis.udel.edu/~pconrad 1439 Intellectual Property Statement 1441 The IETF takes no position regarding the validity or scope of any 1442 Intellectual Property Rights or other rights that might be claimed to 1443 pertain to the implementation or use of the technology described in 1444 this document or the extent to which any license under such rights 1445 might or might not be available; nor does it represent that it has 1446 made any independent effort to identify any such rights. Information 1447 on the procedures with respect to rights in RFC documents can be 1448 found in BCP 78 and BCP 79. 1450 Copies of IPR disclosures made to the IETF Secretariat and any 1451 assurances of licenses to be made available, or the result of an 1452 attempt made to obtain a general license or permission for the use of 1453 such proprietary rights by implementers or users of this 1454 specification can be obtained from the IETF on-line IPR repository at 1455 http://www.ietf.org/ipr. 1457 The IETF invites any interested party to bring to its attention any 1458 copyrights, patents or patent applications, or other proprietary 1459 rights that may cover technology that may be required to implement 1460 this standard. Please address the information to the IETF at 1461 ietf-ipr@ietf.org. 1463 Disclaimer of Validity 1465 This document and the information contained herein are provided on an 1466 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 1467 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET 1468 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, 1469 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE 1470 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 1471 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 1473 Copyright Statement 1475 Copyright (C) The Internet Society (2006). This document is subject 1476 to the rights, licenses and restrictions contained in BCP 78, and 1477 except as set forth therein, the authors retain all their rights. 1479 Acknowledgment 1481 Funding for the RFC Editor function is currently provided by the 1482 Internet Society.