[Docs] [txt|pdf|xml|html] [Tracker] [WG] [Email] [Diff1] [Diff2] [Nits]

Versions: (draft-phelan-dccp-natencap) 00 01 02 03 04 05 06 07 08 09 10 11 RFC 6773

Datagram Congestion Control                                    T. Phelan
Protocol                                                           Sonus
Internet-Draft                                         February 11, 2010
Intended status: Experimental
Expires: August 15, 2010


   Datagram Congestion Control Protocol (DCCP) Encapsulation for NAT
                          Traversal (DCCP-NAT)
                      draft-ietf-dccp-udpencap-00

Abstract

   This document specifies an alternative encapsulation of the Datagram
   Congestion Control Protocol (DCCP), referred to as DCCP-NAT.  This
   encapsulation will allow DCCP to be carried through the current
   generation of Network Address Translation (NAT) middleboxes without
   modification of those middleboxes.

Status of this Memo

   This Internet-Draft is submitted to IETF in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on August 15, 2010.

Copyright Notice

   Copyright (c) 2010 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal



Phelan                   Expires August 15, 2010                [Page 1]

Internet-Draft           DCCP-NAT Encapsulation            February 2010


   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the BSD License.


Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.  Terminology  . . . . . . . . . . . . . . . . . . . . . . . . .  3
   3.  DCCP-NAT . . . . . . . . . . . . . . . . . . . . . . . . . . .  3
     3.1.  UDP Header . . . . . . . . . . . . . . . . . . . . . . . .  4
     3.2.  DCCP-NAT Generic Header  . . . . . . . . . . . . . . . . .  5
     3.3.  DCCP-NAT Checksum Procedures . . . . . . . . . . . . . . .  5
       3.3.1.  Minimum Checksum Coverage Feature  . . . . . . . . . .  5
     3.4.  Explicit Congestion Notification . . . . . . . . . . . . .  6
     3.5.  Path Maximum Transmission Unit Discovery . . . . . . . . .  6
     3.6.  Other DCCP Headers and Options . . . . . . . . . . . . . .  7
     3.7.  Service Codes and the DCCP Port Registry . . . . . . . . .  7
   4.  DCCP-NAT and Higher-Layer Protocols  . . . . . . . . . . . . .  7
   5.  Signaling the Use of DCCP-NAT  . . . . . . . . . . . . . . . .  8
     5.1.  SDP for RTP over DCCP  . . . . . . . . . . . . . . . . . .  8
   6.  Security Considerations  . . . . . . . . . . . . . . . . . . .  9
   7.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 10
   8.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 10
   Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 11





















Phelan                   Expires August 15, 2010                [Page 2]

Internet-Draft           DCCP-NAT Encapsulation            February 2010


1.  Introduction

   The Datagram Congestion Control Protocol (DCCP), specified in
   [RFC4340], is a transport-layer protocol that provides upper layers
   with the capability of using unreliable but congestion controlled
   flows.  According to [RFC4340], DCCP packets are directly
   encapsulated in IPv4 or IPv6 packets.

   In order for the [RFC4340] encapsulation to pass through Network
   Address Translation (NAT) devices, these devices must be updated to
   recognize and properly modify DCCP.  This is the long-term objective
   for DCCP, and work is underway to specify the necessary operations.

   However, in the short term it would be useful to have an
   encapsulation for DCCP that would be compatible with NAT devices
   conforming to [RFC4787].  This document specifies that encapsulation,
   which is referred to as DCCP-NAT.  For convenience, the [RFC4340]
   encapsulation is referred to as DCCP-STD.

   The DCCP-NAT encapsulation specified here supports all of the
   features contained in DCCP-STD.  However, support of partial
   checksums and ECN might be impractical for some implementations.
   Those implementations MAY choose to not support one or both of these
   features.


2.  Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].


3.  DCCP-NAT

   The basic approach here is to insert a UDP ([RFC0768]) "shim" layer
   between the IP header and a DCCP packet with a modified generic
   header (modified to eliminate redundancies between UDP and DCCP).
   Note that this is not strictly a tunneling approach.  The IP
   addresses of the communicating end systems are carried in the IP
   header (which could be modified by NAT devices) and there are no
   other IP addresses embedded.

   Devices offering or using DCCP services via DCCP-NAT encapsulation
   listen on a UDP port (default port awaiting IANA action) for incoming
   packets and pass received packets along to the DCCP protocol.  DCCP
   implementations MAY allow services to be simultaneously offered over
   any or all combinations of DCCP-STD and DCCP-NAT encapsulations with



Phelan                   Expires August 15, 2010                [Page 3]

Internet-Draft           DCCP-NAT Encapsulation            February 2010


   IPv4 and IPv6.

   The basic format of a DCCP-NAT packet is:

    +-----------------------------------+
    |     IP Header (IPv4 or IPv6)      |  Variable length
    +-----------------------------------+
    |            UDP Header             |  8 bytes
    +-----------------------------------+
    |     DCCP-NAT Generic Header       |  12 bytes
    +-----------------------------------+
    | Additional (type-specific) Fields |  Variable length (could be 0)
    +--------------------------------------+
    |           DCCP Options            |  Variable length (could be 0)
    +-----------------------------------+
    |      Application Data Area        |  Variable length (could be 0)
    +-----------------------------------+

3.1.  UDP Header

   The format of the UDP header is taken from [RFC0768]:

       0                   1                   2                   3
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |          Source Port          |           Dest Port           |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |             Length            |           Checksum            |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   For DCCP-NAT, the fields are interpreted as follows:

   Source and Dest(ination) Ports: 16 bits each

      These fields identify the UDP ports on which the source and
      destination (respectively) of the packet are listening for
      incoming DCCP-NAT packets (normally both are the default port to
      be assigned by IANA).  Note that they do not identify the DCCP
      source and destination ports.

   Length: 16 bits

      This field is the length of the portion of the UDP datagram,
      including the UDP header and the payload (which for DCCP-NAT is
      the DCCP-NAT datagram) that is covered by the UDP Checksum.

   Checksum: 16 bits




Phelan                   Expires August 15, 2010                [Page 4]

Internet-Draft           DCCP-NAT Encapsulation            February 2010


      This field is the Internet checksum of a network-layer
      pseudoheader and Length bytes of the UDP packet.

3.2.  DCCP-NAT Generic Header

   Unlike the DCCP-STD generic header, the DCCP-NAT generic header takes
   only one form; it does not support short sequence numbers.  Its
   format is as follows:

       0                   1                   2                   3
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |          Source Port          |           Dest Port           |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |  Data Offset  | CCVal | Type  |  Sequence Number (high bits)  |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      .                  Sequence Number (low bits)                   |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   All DCCP-NAT generic header fields function as specified in
   [RFC4340].

3.3.  DCCP-NAT Checksum Procedures

   For DCCP-NAT, the functions of the DCCP-STD generic header fields
   Checksum and CsCov are performed by the UDP Checksum and Length
   fields.

   If the UDP Length field is less than 20 (UDP Header length and
   minimum DCCP-NAT header length), the packet MUST be dropped.

   If the UDP Checksum field, computed using standard UDP methods except
   including only UDP Length bytes of the UDP packet, is invalid, the
   packet MUST be dropped.

   If the UDP Length field in a received packet is less than the length
   of the UDP header plus the entire DCCP-NAT header (including the
   generic header and type-specific fields and options, if present), or
   the UDP Length field is greater than the length of the packet from
   the beginning of the UDP header to the end of the packet, that packet
   MUST be dropped.

3.3.1.  Minimum Checksum Coverage Feature

   The Minimum Checksum Coverage Feature lets a DCCP endpoint determine
   whether its peer is willing to accept packets with partial checksum
   coverage.  It takes values from 0 to 15.  For DCCP-NAT the feature
   values are interpreted as follows:



Phelan                   Expires August 15, 2010                [Page 5]

Internet-Draft           DCCP-NAT Encapsulation            February 2010


   o  Minimum Checksum Coverage = 0, the peer will not accept packets
      with partial checksum.  If the UDP Length field is less than the
      length of the entire UDP packet, then the packet has unacceptable
      Checksum Coverage, as defined in DCCP-STD section 9.2.1.

   o  Minimum Checksum Coverage > 0, the peer will accept packets with
      partial checksum.  If the UDP Length field is less than the size
      of the UDP Header (8 bytes) plus the size of the DCCP-NAT header
      (including type-specific fields and options) plus (Minimum
      Checksum Coverage - 1)*4, then the packet has unacceptable
      Checksum Coverage.

   As defined in DCCP-STD section 9.2.1, peers MAY refuse to process
   packets with unacceptable Checksum Coverage.

   It might be impractical for an implementation to set the UDP Length
   field to less than the full length in outgoing packets or to receive
   incoming packets with UDP Length less than the full length (e.g.,
   user-space implementations using the socket interface).  These
   implementations MAY choose to not support Minimum Checksum Coverage
   values other than 0.  Implementations that make this choice MUST
   always answer a "Change R(Minimum Checksum Coverage, any value)" with
   a "Confirm L(Minimum Checksum Coverage, 0)".  These implementations
   MAY choose to drop packets with UDP Length less than the full packet
   length, rather invoke the procedures of DCCP-STD section 9.2.1.

3.4.  Explicit Congestion Notification

   DCCP-NAT implementations SHOULD follow the procedures of DCCP-STD
   section 12 by setting the ECN fields in the IP Headers of outgoing
   packets and examining the values received in the ECN fields of
   incoming packets.

   However, some implementations might find it impractical to set or
   receive the ECN fields (e.g., user-space implementations using the
   socket interface).  These implementations MUST follow the procedures
   in DCCP-STD section 12.1 for implementations that are not ECN
   capable.

3.5.  Path Maximum Transmission Unit Discovery

   DCCP-NAT implementations should follow DCCP-STD section 14 with
   regard to maximum packet size and Path Maximum Transmission Unit
   Discovery (PMTUD).







Phelan                   Expires August 15, 2010                [Page 6]

Internet-Draft           DCCP-NAT Encapsulation            February 2010


3.6.  Other DCCP Headers and Options

   All type-specific DCCP headers are as in DCCP-STD, except that the
   short sequence number version of the acknowledgement header is not
   supported.  All option and feature encodings are as in DCCP-STD.

3.7.  Service Codes and the DCCP Port Registry

   There is one Service Code registry and one DCCP port registry and
   they apply to all combinations of encapsulation and IP version.  A
   DCCP Service Code specifies an application using DCCP regardless of
   the combination of DCCP encapsulation and IP version.  An application
   MAY choose not to support some combinations of encapsulation and IP
   version, but its Service Code will remain registered for those
   combinations and MUST NOT be used by other applications.  An
   application SHOULD NOT register different Service Codes for different
   combinations of encapsulation and IP version.

   Similarly, a port registration is applicable to all combinations of
   encapsulation and IP version.  Again, an application MAY choose not
   to support some combinations of encapsulation and IP version on its
   registered port, although the port will remain registered for those
   combinations.  Applications SHOULD NOT register different ports just
   for the purpose of using different encapsulation combinations.  Since
   the port registry supports multiple applications registering the same
   port (as long as the Service Codes are different), other applications
   MAY register on the same port, but those registrations are also
   applicable to all combinations of encapsulation and IP version.


4.  DCCP-NAT and Higher-Layer Protocols

   In general, the encapsulation of a higher-layer protocol within DCCP
   SHOULD be the same in both DCCP-STD and DCCP-NAT.  At this time,
   encapsulations of DTLS over DCCP, defined in [RFC5238] and RTP over
   DCCP, defined in [I-D.ietf-dccp-rtp], have been already defined.  The
   encapsulations of those protocols in DCCP-NAT SHALL be the same as
   specified in those documents.

   Higher-layer protocols that require different encapsulations for
   different DCCP modes MUST justify the reasons for the difference and
   MUST specify the encapsulations for both DCCP-STD and DCCP-NAT.  If a
   document does not specify different encapsulations for DCCP-STD and
   DCCP-NAT, the specified encapsulation SHALL apply to both DCCP-STD
   and DCCP-NAT.






Phelan                   Expires August 15, 2010                [Page 7]

Internet-Draft           DCCP-NAT Encapsulation            February 2010


5.  Signaling the Use of DCCP-NAT

   Applications often signal transport connection parameters through
   outside means, such as the Session Description Protocol (SDP).
   Applications that define such methods for DCCP MUST define how the
   DCCP encapsulation is chosen, and MUST allow either type of
   encapsulation to be signaled.

5.1.  SDP for RTP over DCCP

   [I-D.ietf-dccp-rtp] defines SDP extensions for signaling RTP over
   DCCP connections.  Since it predates this document, it does not
   define a method for determining the DCCP encapsulation type.  This
   document updates [I-D.ietf-dccp-rtp] to add a method for determining
   the DCCP encapsulation type.

   A new SDP attribute "dccp-encap" is defined for signaling the DCCP
   encapsulation according to the following ABNF [RFC5234]:

       dccp-encap-attr = %x61 "=dccp-in-udp" [":" udp-port-num]

       udp-port-num    = *DIGIT

   where *DIGIT is as defined in [RFC5234].

   The presence of "a=dccp-in-udp" in an SDP offer indicates that the
   offerer is listening for DCCP-NAT connections on the indicated UDP
   port (if udp-port-num is included) or on the IANA allocated port for
   the DCCP-NAT service if no port is included.

   The absence of "a=dccp-in-udp" in an SDP offer indicates that the
   offerer is listening for DCCP-STD connections.  The presence of
   "a=dccp-in-udp" conveys no information about whether or not the
   offerer is listening for DCCP-STD connections.

   For example (adapted from examples in [I-D.ietf-dccp-rtp]):

   An offerer at 192.0.2.47 signals its availability for an H.261 video
   session, using RTP/AVP over DCCP with service code "RTPV" (using the
   hexadecimal encoding of the service code in the SDP).  RTP and RTCP
   packets are multiplexed onto a single DCCP connection and DCCP-NAT
   encapsulation is supported:









Phelan                   Expires August 15, 2010                [Page 8]

Internet-Draft           DCCP-NAT Encapsulation            February 2010


          v=0
          o=alice 1129377363 1 IN IP4 192.0.2.47
          s=-
          c=IN IP4 192.0.2.47
          t=0 0
          m=video 5004 DCCP/RTP/AVP 99
          a=rtcp-mux
          a=rtpmap:99 h261/90000
          a=dccp-service-code:SC=x52545056
          a=setup:passive
          a=connection:new
          a=dccp-in-udp

   An answerer at 192.0.2.128 receives this offer and responds with the
   following answer:

          v=0
          o=bob 1129377364 1 IN IP4 192.0.2.128
          s=-
          c=IN IP4 192.0.2.128
          t=0 0
          m=video 9 DCCP/RTP/AVP 99
          a=rtcp-mux
          a=rtpmap:99 h261/90000
          a=dccp-service-code:SC:RTPV
          a=setup:active
          a=connection:new
          a=dccp-in-udp

   The end point at 192.0.2.128 then initiates a DCCP-NAT connection to
   UDP port to-be-allocated and DCCP port 5004 at 192.0.2.47.  DCCP port
   5004 is used for both the RTP and RTCP data, and port 5005 is unused.
   The textual encoding of the service code is used in the answer, and
   represents the same service code as in the offer.


6.  Security Considerations

   DCCP-NAT provides all of the security risk-mitigation measures
   present in DCCP-STD, and also all of the security risks, except those
   associated with short sequence numbers (since DCCP-NAT does not
   support that feature).

   The purpose of DCCP-NAT is to allow DCCP to pass through NAT devices,
   and therefore it exposes DCCP to the risks associated with passing
   through NAT devices.  It does not create any new risks with regard to
   NAT devices.




Phelan                   Expires August 15, 2010                [Page 9]

Internet-Draft           DCCP-NAT Encapsulation            February 2010


   DCCP-NAT may also allow DCCP applications to pass through existing
   firewall devices, if the administrators of the devices so choose.
   The option is a binary one however; either allow all DCCP
   applications or allow none.  Proper control of DCCP application-by-
   application will require enhancements to firewalls.


7.  IANA Considerations

   A port allocation request will be placed with IANA for the dccp-nat
   service port in UDP.

   The following new SDP attribute ("att-field") is to be registered:

      Contact name: Tom Phelan <tphelan@sonusnet.com>

      Attribute name: dccp-in-udp

      Long-form attribute name in English: DCCP in UDP Encapsulation

      Type of attribute: Media level

      Subject to charset attribute?  No

      Purpose of the attribute: See this document section Section 5.1

      Allowed attribute values: See this document section Section 5.1


8.  References

   [I-D.ietf-dccp-rtp]
              Perkins, C., "RTP and the Datagram Congestion Control
              Protocol (DCCP)", draft-ietf-dccp-rtp-07 (work in
              progress), June 2007.

   [RFC0768]  Postel, J., "User Datagram Protocol", STD 6, RFC 768,
              August 1980.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC4340]  Kohler, E., Handley, M., and S. Floyd, "Datagram
              Congestion Control Protocol (DCCP)", RFC 4340, March 2006.

   [RFC4787]  Audet, F. and C. Jennings, "Network Address Translation
              (NAT) Behavioral Requirements for Unicast UDP", BCP 127,
              RFC 4787, January 2007.



Phelan                   Expires August 15, 2010               [Page 10]

Internet-Draft           DCCP-NAT Encapsulation            February 2010


   [RFC5234]  Crocker, D. and P. Overell, "Augmented BNF for Syntax
              Specifications: ABNF", STD 68, RFC 5234, January 2008.

   [RFC5238]  Phelan, T., "Datagram Transport Layer Security (DTLS) over
              the Datagram Congestion Control Protocol (DCCP)",
              RFC 5238, May 2008.


Author's Address

   Tom Phelan
   Sonus Networks
   7 Technology Dr.
   Westford, MA  01886
   US

   Phone: +1 978 614 8456
   Email: tphelan@sonusnet.com

































Phelan                   Expires August 15, 2010               [Page 11]


Html markup produced by rfcmarkup 1.109, available from https://tools.ietf.org/tools/rfcmarkup/