idnits 2.17.1 draft-ietf-tsvwg-sctp-udp-encaps-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (December 8, 2011) is 4515 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 2460 (Obsoleted by RFC 8200) ** Obsolete normative reference: RFC 4960 (Obsoleted by RFC 9260) == Outdated reference: A later version (-09) exists of draft-ietf-behave-sctpnat-05 == Outdated reference: A later version (-23) exists of draft-ietf-tsvwg-natsupp-01 Summary: 2 errors (**), 0 flaws (~~), 3 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group M. Tuexen 3 Internet-Draft Muenster Univ. of Appl. Sciences 4 Intended status: Standards Track R. Stewart 5 Expires: June 10, 2012 Adara Networks 6 December 8, 2011 8 UDP Encapsulation of SCTP Packets 9 draft-ietf-tsvwg-sctp-udp-encaps-02.txt 11 Abstract 13 This document describes a simple method of encapsulating SCTP Packets 14 into UDP packets and its limitations. This allows the usage of SCTP 15 in networks with legacy NAT not supporting SCTP. It can also be used 16 to implement SCTP on hosts without directly accessing the IP-layer, 17 for example implementing it as part of the application without 18 requiring special privileges. 20 Status of this Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at http://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on June 10, 2012. 37 Copyright Notice 39 Copyright (c) 2011 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (http://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 55 2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3 56 3. Use Cases . . . . . . . . . . . . . . . . . . . . . . . . . . 3 57 3.1. Portable SCTP Implementations . . . . . . . . . . . . . . 3 58 3.2. Legacy NAT traversal . . . . . . . . . . . . . . . . . . . 4 59 4. SCTP over UDP . . . . . . . . . . . . . . . . . . . . . . . . 4 60 4.1. Architectural Considerations . . . . . . . . . . . . . . . 4 61 4.2. Packet Format . . . . . . . . . . . . . . . . . . . . . . 4 62 4.3. Encapsulation Procedure . . . . . . . . . . . . . . . . . 6 63 4.4. Decapsulation Procedure . . . . . . . . . . . . . . . . . 6 64 4.5. ICMP considerations . . . . . . . . . . . . . . . . . . . 6 65 4.6. Path MTU considerations . . . . . . . . . . . . . . . . . 7 66 4.7. Handling of Embedded IP-addresses . . . . . . . . . . . . 7 67 4.8. ECN considerations . . . . . . . . . . . . . . . . . . . . 7 68 5. Socket API Considerations . . . . . . . . . . . . . . . . . . 7 69 5.1. Get or Set the Remote UDP Encapsulation Port Number 70 (SCTP_REMOTE_UDP_ENCAPS_PORT) . . . . . . . . . . . . . . 7 71 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 72 7. Security Considerations . . . . . . . . . . . . . . . . . . . 8 73 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 8 74 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 8 75 9.1. Normative References . . . . . . . . . . . . . . . . . . . 8 76 9.2. Informative References . . . . . . . . . . . . . . . . . . 9 77 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 10 79 1. Introduction 81 This document describes a simple method of encapsulating SCTP packets 82 into UDP packets. SCTP as defined in [RFC4960] runs directly over 83 IPv4 or IPv6. There are two main reasons for encapsulating SCTP 84 packets: 86 o Allow SCTP traffic to pass legacy NATs, which do not provide 87 native SCTP support as specified in [I-D.ietf-behave-sctpnat] and 88 [I-D.ietf-tsvwg-natsupp]. 90 o Allow SCTP to be implemented on hosts which do not provide direct 91 access to the IP-layer. In particular, applications can use their 92 own SCTP implementation if the operating system does not provide 93 one. 95 2. Conventions 97 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 98 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 99 document are to be interpreted as described in [RFC2119]. 101 3. Use Cases 103 This section discusses two important use cases for encapsulating SCTP 104 into UDP. 106 3.1. Portable SCTP Implementations 108 Some operating systems support SCTP natively. For other operating 109 systems implementations are available, but require special privileges 110 to install and/or use them. In some cases no kernel implementation 111 might be available at all. When proving an SCTP implementation as 112 part of a user process, most operating systems require special 113 privileges to access the IP layer directly. 115 Using UDP encapsulation makes it possible to provide an SCTP 116 implementation as part of a user process which does not require any 117 special privileges. 119 A crucial point for implementing SCTP in user-land is controlling the 120 source address of outgoing packets. This is not an issue when using 121 all available addresses. However, this is not the case when also 122 using the address management required for NAT traversal described in 123 Section 4.7. 125 3.2. Legacy NAT traversal 127 Using UDP encapsulation allows SCTP communication when traversing 128 legacy NATs (i.e those NATs not supporting SCTP as described in 129 [I-D.ietf-behave-sctpnat] and [I-D.ietf-tsvwg-natsupp]). It is 130 important to realize that for single homed associations it is only 131 necessary that no IP addresses are listed in the INIT and INIT-ACK 132 chunks. To use multiple addresses, the dynamic address 133 reconfiguration extension described in [RFC5061] must be used with 134 wildcard addresses in combination with [RFC4895]. 136 For multi-homed SCTP association the address management as described 137 in Section 4.7 MUST be performed. 139 4. SCTP over UDP 141 4.1. Architectural Considerations 143 An SCTP implementation supporting UDP encapsulation MUST store a 144 remote UDP encapsulation port number per destination address for each 145 SCTP association. 147 Each SCTP stack uses a single local UDP encapsulation port number as 148 the destination port for all its incoming SCTP packets. The IANA 149 assigned value of 9989 MAY be used as this port number. If there is 150 only a single SCTP implementation on a host (for example, a kernel 151 implementation being part of the operating system), using a single 152 UDP encapsulation port number per host can be advantageous (e.g., 153 this reduces the number of mappings in firewalls and NATs, among 154 other things). However, this is not possible if the SCTP stack is 155 implemented as part of an application. 157 4.2. Packet Format 159 To encapsulate an SCTP packet, a UDP header as defined in [RFC0768] 160 is inserted between the IP header as defined in [RFC0791] and the 161 SCTP common header as defined in [RFC4960]. 163 Figure 1 shows the packet format of an encapsulated SCTP packet when 164 IPv4 is used. 166 0 1 2 3 167 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 168 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 169 | IPv4 Header | 170 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 171 | UDP Header | 172 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 173 | SCTP Common Header | 174 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 175 | SCTP Chunk #1 | 176 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 177 | ... | 178 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 179 | SCTP Chunk #n | 180 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 182 Figure 1 184 The packet format for an encapsulated SCTP packet when using IPv6 as 185 defined in [RFC2460] is shown in Figure 2. Please note the the 186 number m of IPv6 extension headers can be 0. 188 0 1 2 3 189 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 190 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 191 | IPv6 Base Header | 192 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 193 | IPv6 Extension Header #1 | 194 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 195 | ... | 196 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 197 | IPv6 Extension Header #m | 198 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 199 | UDP Header | 200 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 201 | SCTP Common Header | 202 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 203 | SCTP Chunk #1 | 204 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 205 | ... | 206 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 207 | SCTP Chunk #n | 208 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 210 Figure 2 212 The UDP checksum MUST NOT be zero. 214 4.3. Encapsulation Procedure 216 When inserting the UDP header, the source port is the local UDP 217 encapsulation port number of the SCTP stack, the destination port is 218 the remote UDP encapsulation port number stored for the destination 219 address the packet is sent to (see Section 4.1). 221 The length of the UDP packet is the length of the SCTP packet plus 222 the size of the UDP header. 224 The UDP checksum and the SCTP checksum MUST be computed. 226 4.4. Decapsulation Procedure 228 When an encapsulated packet is received, the UDP header is removed. 229 Then a lookup is performed to find the association the received SCTP 230 packet belongs to. The UDP source port is stored as the 231 encapsulation port for the destination address the SCTP packet is 232 received from (see Section 4.1). 234 Please note that when a non-encapsulated SCTP packet is received, the 235 encapsulation of outgoing packets belonging to the same association 236 and the corresponding destination address is disabled. 238 4.5. ICMP considerations 240 When receiving ICMP or ICMPv6 response packets, there might not be 241 enough bytes in the payload to identify the SCTP association which 242 the SCTP packet triggering the ICMP or ICMPv6 packet belongs to. If 243 a received ICMP or ICMPv6 packet can not be related to a specific 244 SCTP association, it MUST be discarded silently. This means in 245 particular that the SCTP stack MUST NOT rely on receiving ICMP or 246 ICMPv6 messages. There MAY be implementation constraints not 247 allowing to process received ICMP or ICMPv6 messages at all. 249 If received ICMP or ICMPv6 messages are processed, the following 250 mapping SHOULD apply: 252 1. ICMP messages with type 'Destination Unreachable' and code 'Port 253 Unreachable' SHOULD be treated as ICMP messages with type 254 'Protocol Unreachable' and code 'Destination Port unreachable. 255 See [RFC0792] for more details. 257 2. ICMPv6 messages with type 'Destination Unreachable' and code 258 'Port unreachable' SHOULD be treated as ICMPv6 messages with type 259 'Parameter Problem' and code 'Unrecognized Next Header type 260 encountered'. See [RFC4443] for more details. 262 4.6. Path MTU considerations 264 If an SCTP endpoint starts to encapsulate the packets of a path, it 265 MUST decrease the path MTU of that path by the size of the UDP 266 header. If it stops encapsulating them, the path MTU SHOULD be 267 increased by the size of the UDP header. 269 When performing path MTU discovery as described in [RFC4820] and 270 [RFC4821] it MUST be taken into account that one cannot rely on the 271 feedback provided by ICMP or ICMPv6 due to the limitation laid out in 272 Section 4.5. 274 4.7. Handling of Embedded IP-addresses 276 When using UDP encapsulation for legacy NAT traversal, IP addresses 277 that might be translated MUST NOT be put into any SCTP packet. 279 This means that an SCTP association is setup singled homed and the 280 protocol extension [RFC5061] in combination with [RFC4895] is used to 281 add other addresses. Only wildcard addresses are put into the SCTP 282 packet. 284 When addresses are changed during the lifetime of an association 285 [RFC5061] MUST be used with wildcard addresses only. 287 4.8. ECN considerations 289 During encapsulation and decapsulation the ECN bits MUST NOT be 290 changed. 292 5. Socket API Considerations 294 This section describes how the socket API defined in 295 [I-D.ietf-tsvwg-sctpsocket] is extended to provide a way for the 296 application to control the UDP encapsulation. 298 Please note that this section is informational only. 300 A socket API implementation based on [I-D.ietf-tsvwg-sctpsocket] is 301 extended by supporting one new read/write socket option. 303 5.1. Get or Set the Remote UDP Encapsulation Port Number 304 (SCTP_REMOTE_UDP_ENCAPS_PORT) 306 This socket option can be used to set and retrieve the UDP 307 encapsulation port number. This allows an endpoint to encapsulate 308 initial packets. 310 struct sctp_udpencaps { 311 sctp_assoc_t sue_assoc_id; 312 struct sockaddr_storage sue_address; 313 uint16_t sue_port; 314 }; 316 sue_assoc_id: This parameter is ignored for one-to-one style 317 sockets. For one-to-many style sockets the application may fill 318 in an association identifier or SCTP_FUTURE_ASSOC for this query. 319 It is an error to use SCTP_{CURRENT|ALL}_ASSOC in sue_assoc_id. 321 sue_address: This specifies which address is of interest. If a 322 wildcard address is provided it applies only to future paths. 324 sue_port: The UDP port number in network byte order used as the 325 destination port number for UDP encapsulation. Providing a value 326 of 0 disables UDP encapsulation. 328 6. IANA Considerations 330 This document does not require any actions from IANA. 332 7. Security Considerations 334 Encapsulating SCTP into UDP does not add any additional security 335 considerations to the ones given in [RFC4960] and [RFC5061]. 337 8. Acknowledgments 339 The authors wish to thank Irene Ruengeler and Dan Wing for their 340 invaluable comments. 342 9. References 344 9.1. Normative References 346 [RFC0768] Postel, J., "User Datagram Protocol", STD 6, RFC 768, 347 August 1980. 349 [RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, 350 September 1981. 352 [RFC0792] Postel, J., "Internet Control Message Protocol", STD 5, 353 RFC 792, September 1981. 355 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 356 Requirement Levels", BCP 14, RFC 2119, March 1997. 358 [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 359 (IPv6) Specification", RFC 2460, December 1998. 361 [RFC4443] Conta, A., Deering, S., and M. Gupta, "Internet Control 362 Message Protocol (ICMPv6) for the Internet Protocol 363 Version 6 (IPv6) Specification", RFC 4443, March 2006. 365 [RFC4820] Tuexen, M., Stewart, R., and P. Lei, "Padding Chunk and 366 Parameter for the Stream Control Transmission Protocol 367 (SCTP)", RFC 4820, March 2007. 369 [RFC4821] Mathis, M. and J. Heffner, "Packetization Layer Path MTU 370 Discovery", RFC 4821, March 2007. 372 [RFC4895] Tuexen, M., Stewart, R., Lei, P., and E. Rescorla, 373 "Authenticated Chunks for the Stream Control Transmission 374 Protocol (SCTP)", RFC 4895, August 2007. 376 [RFC4960] Stewart, R., "Stream Control Transmission Protocol", 377 RFC 4960, September 2007. 379 [RFC5061] Stewart, R., Xie, Q., Tuexen, M., Maruyama, S., and M. 380 Kozuka, "Stream Control Transmission Protocol (SCTP) 381 Dynamic Address Reconfiguration", RFC 5061, 382 September 2007. 384 9.2. Informative References 386 [I-D.ietf-tsvwg-sctpsocket] 387 Stewart, R., Tuexen, M., Poon, K., Lei, P., and V. 388 Yasevich, "Sockets API Extensions for Stream Control 389 Transmission Protocol (SCTP)", 390 draft-ietf-tsvwg-sctpsocket-32 (work in progress), 391 October 2011. 393 [I-D.ietf-behave-sctpnat] 394 Stewart, R., Tuexen, M., and I. Ruengeler, "Stream Control 395 Transmission Protocol (SCTP) Network Address Translation", 396 draft-ietf-behave-sctpnat-05 (work in progress), 397 June 2011. 399 [I-D.ietf-tsvwg-natsupp] 400 Stewart, R., Tuexen, M., and I. Ruengeler, "Stream Control 401 Transmission Protocol (SCTP) Network Address Translation 402 Support", draft-ietf-tsvwg-natsupp-01 (work in progress), 403 June 2011. 405 Authors' Addresses 407 Michael Tuexen 408 Muenster University of Applied Sciences 409 Stegerwaldstr. 39 410 48565 Steinfurt 411 DE 413 Email: tuexen@fh-muenster.de 415 Randall R. Stewart 416 Adara Networks 417 Chapin, SC 29036 418 USA 420 Email: randall@lakerest.net