[Docs] [txt|pdf] [Tracker] [Email] [Diff1] [Diff2] [Nits]

Versions: 00 01 02 03 draft-ietf-dccp-udpencap

INTERNET-DRAFT          DCCP-NAT Encapsulation       November 18, 2009

DCCP-NAT Encapsulation
Internet Draft                                                T. Phelan
Document: draft-phelan-dccp-natencap-03.txt              Sonus Networks
Expires: May 2010                                     November 18, 2009
Intended status: Proposed Standard


                Datagram Congestion Control Protocol (DCCP)
                Encapsulation for NAT Traversal (DCCP-NAT)


   Status of this Memo

   This Internet-Draft is submitted to IETF in full conformance with the
   provisions of BCP 78 and BCP 79. This document may contain material
   from IETF Documents or IETF Contributions published or made publicly
   available before November 10, 2008. The person(s) controlling the
   copyright in some of this material may not have granted the IETF
   Trust the right to allow modifications of such material outside the
   IETF Standards Process.  Without obtaining an adequate license from
   the person(s) controlling the copyright in such materials, this
   document may not be modified outside the IETF Standards Process, and
   derivative works of it may not be created outside the IETF Standards
   Process, except to format it for publication as an RFC or to
   translate it into languages other than English.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on March 23, 2010.

   Copyright Notice

   Copyright (c) 2009 IETF Trust and the persons identified as the
   document authors.  All rights reserved.




Phelan                    Expires - May 2010                  [Page 1]

INTERNET-DRAFT          DCCP-NAT Encapsulation       November 18, 2009

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents in effect on the date of
   publication of this document (http://trustee.ietf.org/license-info).
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.



   Abstract

   This document specifies an alternative encapsulation of the Datagram
   Congestion Control Protocol (DCCP), referred to as DCCP-NAT.  This
   encapsulation will allow DCCP to be carried through the current
   generation of Network Address Translation (NAT) middleboxes without
   modification of those middleboxes.





































Phelan                    Expires - May 2010                  [Page 2]

INTERNET-DRAFT          DCCP-NAT Encapsulation       November 18, 2009


   Table of Contents

   1. Introduction...................................................4
   2. Terminology....................................................4
   3. DCCP-NAT.......................................................4
      3.1 UDP Header.................................................5
      3.2 DCCP-NAT Generic Header....................................6
         3.2.1 DCCP-RAW Checksum Field...............................6
      3.3 Partial Checksum Extension Header..........................7
      3.4 Minimum Checksum Coverage Feature..........................7
      3.5 Other DCCP Headers and Options.............................8
      3.6 Service Codes and the DCCP Port Registry...................8
   4. DCCP-NAT and Higher-Layer Protocols............................8
   5. Signaling the Use of DCCP-NAT..................................9
      5.1 SDP for RTP over DCCP......................................9
   6. Security Considerations.......................................10
   7. IANA Considerations...........................................10
   8. References....................................................10
      8.1 Normative References......................................10
   9. Author's Address..............................................11































Phelan                    Expires - May 2010                  [Page 3]

INTERNET-DRAFT          DCCP-NAT Encapsulation       November 18, 2009




1. Introduction

   The Datagram Congestion Control Protocol (DCCP), specified in
   [RFC4340], is a transport-layer protocol that provides upper layers
   with the capability of using unreliable but congestion controlled
   flows.  According to [RFC4340], DCCP packets are directly
   encapsulated in IPv4 or IPv6 packets.

   In order for the [RFC4340] encapsulation to pass through Network
   Address Translation (NAT) devices, these devices must be updated to
   recognize and properly modify DCCP.  This is the long-term objective
   for DCCP, and work is underway to specify the necessary operations.

   However, in the short term it would be useful to have an
   encapsulation for DCCP that would be compatible with NAT devices
   conforming to [RFC4787].  This document specifies that encapsulation,
   which is referred to as DCCP-NAT.  For convenience, the [RFC4340]
   encapsulation is referred to as DCCP-RAW.

2. Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

3. DCCP-NAT

   The basic approach here is to insert a UDP ([RFC768]) "shim" layer
   between the IP header and a DCCP packet with a modified generic
   header (modified to eliminate redundancies between UDP and DCCP).
   Note that this is not strictly a tunneling approach.  The IP
   addresses of the communicating end systems are carried in the IP
   header (which could be modified by NAT devices) and there are no
   other IP addresses embedded.

   Devices offering or using DCCP services via DCCP-NAT encapsulation
   listen on a UDP port (default port awaiting IANA action) for incoming
   packets and pass received packets along to the DCCP protocol.  DCCP
   implementations MAY allow services to be simultaneously offered over
   all combinations of DCCP-RAW and DCCP-NAT encapsulations with IPv4
   and IPv6.








Phelan                    Expires - May 2010                  [Page 4]

INTERNET-DRAFT          DCCP-NAT Encapsulation       November 18, 2009

   The basic format of a DCCP-NAT packet is:

    +-----------------------------------+
    |     IP Header (IPv4 or IPv6)      |  Variable length
    +-----------------------------------+
    |            UDP Header             |  8 bytes
    +-----------------------------------+
    |     DCCP-NAT Generic Header       |  12 bytes
    +-----------------------------------+
    | Additional (type-specific) Fields |  Variable length (could be 0)
    +--------------------------------------+
    |           DCCP Options            |  Variable length (could be 0)
    +-----------------------------------+
    |      Application Data Area        |  Variable length (could be 0)
    +-----------------------------------+

3.1 UDP Header

   The format of the UDP header is taken from [RFC768]:

       0                   1                   2                   3
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |          Source Port          |           Dest Port           |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |             Length            |           Checksum            |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   For DCCP-NAT, the fields are interpreted as follows:

   Source and Dest(ination) Ports: 16 bits each
     These fields identify the UDP ports on which the source and
     destination (respectively) of the packet are listening for incoming
     DCCP-NAT packets (normally both are the default port to be assigned
     by IANA).  Note that they do not identify the DCCP source and
     destination ports.

   Length: 16 bits
     This field is the length of the UDP datagram, including the UDP
     header and the payload (which for DCCP-NAT is the DCCP-NAT
     datagram).  For DCCP-NAT, when the UDP Checksum is non-zero, Length
     MUST be at least the size of the UDP header (8 bytes) plus the
     minimum size of a DCCP-NAT header (12 bytes), for a total minimum
     value of 20 bytes.  When the UDP Checksum is zero, the DCCP-NAT
     header MUST also contain a Partial Checksum Extension Header,
     therefore the minimum DCCP-NAT header is 16 bytes and the total
     minimum is 24 bytes.  Received packets with a UDP Length of less
     than the applicable minimum length MUST be ignored.




Phelan                    Expires - May 2010                  [Page 5]

INTERNET-DRAFT          DCCP-NAT Encapsulation       November 18, 2009

   Checksum: 16 bits
     This field is the Internet checksum of a network-layer pseudoheader
     and the entire UDP packet.  For DCCP-NAT, a packet with a checksum
     field equal to 0 that does not contain a Partial Checksum Extension
     Header, or contains an invalid Partial Checksum Extension Header
     MUST be ignored as incorrect checksum.

3.2 DCCP-NAT Generic Header

   Unlike the DCCP-RAW generic header, the DCCP-NAT generic header takes
   only one form; it does not support short sequence numbers.  Its
   format is as follows:

       0                   1                   2                   3
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |          Source Port          |           Dest Port           |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |  Data Offset  | CCVal | Type  |  Sequence Number (high bits)  |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      .                  Sequence Number (low bits)                   |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   All DCCP-NAT generic header fields function as specified in
   [RFC4340].

3.2.1 DCCP-RAW Checksum Field

   For DCCP-NAT, the function of the DCCP-RAW generic header field
   Checksum is performed by the UDP Checksum field.

   If the UDP Checksum field in a received packet is non-zero and is
   invalid, that packet MUST be ignored as per the invalid checksum
   procedures of DCCP-RAW (i.e., the options in the packet MUST NOT be
   processed).

   If the UDP Length field in a received packet is less than the length
   of the UDP header plus the entire DCCP-NAT header (including the
   generic header, Partial Checksum Extension Header if present, type-
   specific fields and options), or the UDP Length field is greater than
   the length of the packet from the beginning of the UDP header to the
   end of the packet, that packet MUST also be ignored as per the
   invalid checksum procedures.

   If the UDP Checksum field is zero, then the Partial Checksum
   Extension Header procedures apply.  See section 3.3 for more
   information.





Phelan                    Expires - May 2010                  [Page 6]

INTERNET-DRAFT          DCCP-NAT Encapsulation       November 18, 2009

3.3 Partial Checksum Extension Header

   If the UDP Checksum field is zero, the DCCP-NAT generic header MUST
   be immediately followed by a Partial Checksum Extension Header.
   Additional type-specific header fields and DCCP Options would then
   follow the Partial Checksum Extension Header.  If the UDP Checksum
   field is non-zero the Partial Checksum Extension Header MUST NOT be
   included.  The format of the header is as follows:

       0                   1                   2                   3
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |       Checksum Coverage        |           PChecksum           |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   The fields are defined as follows:

   Checksum Coverage: 16 bits
     This is the number of bytes of user data that are covered by the
     partial checksum.  It MUST NOT be greater than the entire length of
     the user data (from the end of the DCCP-NAT header, including
     options, to the end of the packet).  Packets whose Checksum
     Coverage fields are greater than the length of the user data MUST
     be ignored as incorrect checksum.

   PChecksum: 16 bits
     This is the Internet checksum of the DCCP-NAT header plus Checksum
     Coverage bytes of the user data.  Using the TCP/IP checksum
     algorithm, the PChecksum field is first set to zero.  If the
     Checksum Coverage field is odd, the data to be summed is extended
     by one byte set to zero.  This byte does not overwrite the
     corresponding byte in the DCCP-NAT packet, and is not transmitted.
     The PChecksum field is then set to the one's complement of the
     one's complement sum of the sixteen-bit words covered (DCCP header
     plus Checksum Coverage bytes of user data plus one zero byte if
     Checksum Coverage is odd).  Note that PChecksum does not include an
     IP pseudoheader.  Packets with invalid PChecksum fields MUST be
     ignored as incorrect checksum.

3.4 Minimum Checksum Coverage Feature

   The Minimum Checksum Coverage Feature lets a DCCP endpoint determine
   whether its peer is willing to accept packets with partial checksum
   coverage.  It takes values from 0 to 15. For DCCP-NAT the feature
   values are interpreted as follows:

    o  Minimum Checksum Coverage = 0, the peer will not accept packets
       with partial checksum.  All UDP Checksum fields should be non-
       zero and the Partial Checksum Extension Header is never included.



Phelan                    Expires - May 2010                  [Page 7]

INTERNET-DRAFT          DCCP-NAT Encapsulation       November 18, 2009

    o  Minimum Checksum Coverage > 0, the peer will accept packets with
       partial checksum as long as the Checksum Coverage field is at
       least (Minimum Checksum Coverage - 1)*4.

   As in DCCP-RAW, peers may refuse to process packets with unacceptable
   Checksum Coverage.  Such packets SHOULD be reported using Data
   Dropped options with Drop Code 0, Protocol Constraints.

3.5 Other DCCP Headers and Options

   All type-specific DCCP headers are as in DCCP-RAW, except that the
   short sequence number version of the acknowledgement header is not
   supported.  All option and feature encodings are as in DCCP-RAW.

3.6 Service Codes and the DCCP Port Registry

   There is one Service Code registry and one DCCP port registry and
   they apply to all combinations of encapsulation and IP version.  A
   DCCP Service Code specifies an application using DCCP regardless of
   the combination of DCCP encapsulation and IP version.  An application
   MAY choose not to support some combinations of encapsulation and IP
   version, but its Service Code will remain registered for those
   combinations and MUST NOT be used by other applications.  An
   application SHOULD NOT register different Service Codes for different
   combinations of encapsulation and IP version.

   Similarly, a port registration is applicable to all combinations of
   encapsulation and IP version.  Again, an application MAY choose not
   to support some combinations of encapsulation and IP version on its
   registered port, although the port will remain registered for those
   combinations.  Applications SHOULD NOT register different ports just
   for the purpose of using different encapsulation combinations.  Since
   the port registry supports multiple applications registering the same
   port (as long as the Service Codes are different), other applications
   MAY register on the same port, but those registrations are also
   applicable to all combinations of encapsulation and IP version.

4. DCCP-NAT and Higher-Layer Protocols

   In general, the encapsulation of a higher-layer protocol within DCCP
   SHOULD be the same in both DCCP-RAW and DCCP-NAT.  At this time,
   encapsulations of DTLS over DCCP, defined in [RFC5238] and RTP over
   DCCP, defined in [RTP-DCCP], have been already defined.  The
   encapsulations of those protocols in DCCP-NAT SHALL be the same as
   specified in those documents.

   Higher-layer protocols that require different encapsulations for
   different DCCP modes MUST justify the reasons for the difference and
   MUST specify the encapsulations for both DCCP-RAW and DCCP-NAT.  If a
   document does not specify different encapsulations for DCCP-RAW and


Phelan                    Expires - May 2010                  [Page 8]

INTERNET-DRAFT          DCCP-NAT Encapsulation       November 18, 2009

   DCCP-NAT, the specified encapsulation SHALL apply to both DCCP-RAW
   and DCCP-NAT.

5. Signaling the Use of DCCP-NAT

   Applications often signal transport connection parameters through
   outside means, such as the Session Description Protocol (SDP).
   Applications that define such methods for DCCP MUST define how the
   DCCP encapsulation is chosen, and MUST allow either type of
   encapsulation to be signaled.

5.1 SDP for RTP over DCCP

   [RTP-DCCP] defines SDP extensions for signaling RTP over DCCP
   connections.  Since it predates this document, it does not define a
   method for determining the DCCP encapsulation type.  This document
   updates [RTP-DCCP] to add a method for determining the DCCP
   encapsulation type.

   A new SDP attribute "dccp-encap" is defined for signaling the DCCP
   encapsulation according to the following ABNF [RFC5234]:

       dccp-encap-attr = %x61 "=dccp-encap:" dccp-encap-type

       dccp-encap-type = dccp-raw-encap / dccp-nat-encap

       dccp-raw-encap  = "dccp-raw"

       dccp-nat-encap  = "dccp-nat" [":" udp-port-num]

       udp-port-num    = *DIGIT

   where *DIGIT is as defined in [RFC5234].

   For example:

    o  To specify a connection that will use DCCP-RAW encapsulation use:
           a=dccp-encap:dccp-raw

    o  To specify a connection that will use DCCP-NAT encapsulation,
       with the DCCP-NAT service running on the default UDP port for
       DCCP-NAT defined in section 7 use:
           a=dccp-encap:dccp-nat

    o  To specify a connection that will use DCCP-NAT encapsulation,
       with the DCCP-NAT service running UDP port 50,000 use:
           a=dccp-encap=dccp-nat:50000

   The absence of an "a=dccp-encap" attribute SHALL be interpreted as
   "a=dccp-encap:dccp-raw".


Phelan                    Expires - May 2010                  [Page 9]

INTERNET-DRAFT          DCCP-NAT Encapsulation       November 18, 2009

   Note that the port number in the media description (m=) always
   specifies the DCCP port number.

6. Security Considerations

   DCCP-NAT provides all of the security risk-mitigation measures
   present in DCCP-RAW, and also all of the security risks, except those
   associated with short sequence numbers (since DCCP-NAT does not
   support that feature).

   The purpose of DCCP-NAT is to allow DCCP to pass through NAT devices,
   and therefore it exposes DCCP to the risks associated with passing
   through NAT devices.  It does not create any new risks with regard to
   NAT devices.

   DCCP-NAT may also allow DCCP applications to pass through existing
   firewall devices, if the administrators of the devices so choose.
   The option is a binary one however; either allow all DCCP
   applications or allow none.  Proper control of DCCP application-by-
   application will require enhancements to firewalls.

7. IANA Considerations

   A port allocation request has been placed with IANA for the dccp-nat
   service port in UDP.

   The following new SDP attribute ("att-field") is to be registered:

       Contact name:  Tom Phelan <tphelan@sonusnet.com>

       Attribute name:  dccp-encap

       Long-form attribute name in English:  DCCP encapsulation type

       Type of attribute:  Media level

       Subject to charset attribute?  No

       Purpose of the attribute:  See this document section 5.1

       Allowed attribute values:  See this document section 5.1

8. References


8.1 Normative References

   [RFC4340]   Kohler, E., Handley, M., Floyd, S., "Datagram Congestion
               Control Protocol (DCCP)", RFC 4340, March 2006.



Phelan                    Expires - May 2010                 [Page 10]

INTERNET-DRAFT          DCCP-NAT Encapsulation       November 18, 2009

   [RFC768]    Postel, J., "User Datagram Protocol", RFC 768, August
               1980.

   [RFC4787]   Audet, F., Jennings, C., "Network Address Translation
               (NAT) Behavioral Requirements for Unicast UDP", RFC 4787,
               January 2007.

   [RFC2119]   Bradner, S., "Key words for use in RFCs to Indicate
               Requirement Levels", RFC 2119, March 1997.

   [RTP-DCCP]  Perkins, C., "RTP and the Datagram Congestion Control
               Protocol (DCCP)", draft-ietf-dccp-rtp-07.txt, June 2007.

   [RFC5238]   Phelan, T., "Datagram Transport Layer Security (DTLS)
               over the Datagram Congestion Control Protocol (DCCP)",
               RFC 5238, May 2008.

   [RFC5234]   Crocker, D., Ed. and P. Overell, "Augmented BNF for
               Syntax Specifications: ABNF", RFC 5234, October 2005.

9. Author's Address

   Tom Phelan
   Sonus Networks
   7 Technology Park Dr.
   Westford, MA USA 01886
   Phone: 978-614-8456
   Email: tphelan@sonusnet.com
























Phelan                    Expires - May 2010                 [Page 11]


Html markup produced by rfcmarkup 1.107, available from http://tools.ietf.org/tools/rfcmarkup/