draft-ietf-hip-nat-traversal-08.txt   draft-ietf-hip-nat-traversal-09.txt 
HIP Working Group M. Komu HIP Working Group M. Komu
Internet-Draft HIIT Internet-Draft HIIT
Intended status: Experimental T. Henderson Intended status: Experimental T. Henderson
Expires: December 31, 2009 The Boeing Company Expires: April 26, 2010 The Boeing Company
H. Tschofenig H. Tschofenig
Nokia Siemens Networks Nokia Siemens Networks
J. Melen J. Melen
A. Keranen, Ed. A. Keranen, Ed.
Ericsson Research Nomadiclab Ericsson Research Nomadiclab
June 29, 2009 October 23, 2009
Basic HIP Extensions for Traversal of Network Address Translators Basic HIP Extensions for Traversal of Network Address Translators
draft-ietf-hip-nat-traversal-08.txt draft-ietf-hip-nat-traversal-09.txt
Status of this Memo Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79. This document may contain material provisions of BCP 78 and BCP 79. This document may contain material
from IETF Documents or IETF Contributions published or made publicly from IETF Documents or IETF Contributions published or made publicly
available before November 10, 2008. The person(s) controlling the available before November 10, 2008. The person(s) controlling the
copyright in some of this material may not have granted the IETF copyright in some of this material may not have granted the IETF
Trust the right to allow modifications of such material outside the Trust the right to allow modifications of such material outside the
IETF Standards Process. Without obtaining an adequate license from IETF Standards Process. Without obtaining an adequate license from
skipping to change at page 1, line 48 skipping to change at page 1, line 48
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on December 31, 2009. This Internet-Draft will expire on April 26, 2010.
Copyright Notice Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the Copyright (c) 2009 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents in effect on the date of Provisions Relating to IETF Documents in effect on the date of
publication of this document (http://trustee.ietf.org/license-info). publication of this document (http://trustee.ietf.org/license-info).
Please review these documents carefully, as they describe your rights Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. and restrictions with respect to this document.
Abstract Abstract
This document specifies extensions to the Host Identity Protocol This document specifies extensions to the Host Identity Protocol
(HIP) to facilitate Network Address Translator (NAT) traversal. The (HIP) to facilitate Network Address Translator (NAT) traversal. The
extensions are based on the use of the Interactive Connectivity extensions are based on the use of the Interactive Connectivity
Establishment (ICE) methodology to discover a working path between Establishment (ICE) methodology to discover a working path between
two end-hosts, and on standard techniques for encapsulating two end-hosts, and on standard techniques for encapsulating
Encapsulating Security Payload (ESP) packets within the User Datagram Encapsulating Security Payload (ESP) packets within the User Datagram
Protocol (UDP). This document also defines elements of procedure for Protocol (UDP). This document also defines elements of a procedure
NAT traversal, including the optional use of a HIP relay server. for NAT traversal, including the optional use of a HIP relay server.
With these extensions HIP is able to work in environments that have With these extensions HIP is able to work in environments that have
NATs and provides a generic NAT traversal solution to higher-layer NATs and provides a generic NAT traversal solution to higher-layer
networking applications. networking applications.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 6 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 6
3. Overview of Operation . . . . . . . . . . . . . . . . . . . . 7 3. Overview of Operation . . . . . . . . . . . . . . . . . . . . 7
4. Protocol Description . . . . . . . . . . . . . . . . . . . . . 8 4. Protocol Description . . . . . . . . . . . . . . . . . . . . . 8
skipping to change at page 10, line 21 skipping to change at page 10, line 21
registration, the client sends NAT keepalives periodically to the registration, the client sends NAT keepalives periodically to the
relay to keep possible NAT bindings between the client and the relay relay to keep possible NAT bindings between the client and the relay
alive. The relay client maintains the HIP association with the relay alive. The relay client maintains the HIP association with the relay
server as long as it requires relaying service from it. server as long as it requires relaying service from it.
4.2. ICE Candidate Gathering 4.2. ICE Candidate Gathering
If a host is going to use ICE, it needs to gather a set of address If a host is going to use ICE, it needs to gather a set of address
candidates. The candidate gathering SHOULD be done as defined in candidates. The candidate gathering SHOULD be done as defined in
Section 4.1 of [I-D.ietf-mmusic-ice]. Candidates need to be gathered Section 4.1 of [I-D.ietf-mmusic-ice]. Candidates need to be gathered
for only one media stream and component. Component ID 1 should be for the UDP encapsulated flow of HIP and ESP traffic. This flow
used for ICE processing, where needed. The Initiator takes the role corresponds to one ICE media stream and component. Since ICE
of the ICE controlling agent. component IDs are not needed, they are not explicitly signaled and ID
value of 1 SHOULD be used for ICE processing, where needed. The
Initiator takes the role of the ICE controlling agent.
The candidate gathering can be done at any time, but it needs to be The candidate gathering can be done at any time, but it needs to be
done before sending an I2 or R2 in the base exchange if ICE is to be done before sending an I2 or R2 in the base exchange if ICE is to be
used for the connectivity checks. It is RECOMMENDED that all three used for the connectivity checks. It is RECOMMENDED that all three
types of candidates (host, server reflexive and relayed) are gathered types of candidates (host, server reflexive and relayed) are gathered
to maximize the probability of successful NAT traversal. However, if to maximize the probability of successful NAT traversal. However, if
no TURN server is used, and the host has only a single local IP no TURN server is used, and the host has only a single local IP
address to use, the host MAY use the local address as the only host address to use, the host MAY use the local address as the only host
candidate and the address from the REG_FROM parameter discovered candidate and the address from the REG_FROM parameter discovered
during the relay registration as a server reflexive candidate. In during the relay registration as a server reflexive candidate. In
skipping to change at page 12, line 29 skipping to change at page 12, line 29
retrying a previous check. If a host does not include this parameter retrying a previous check. If a host does not include this parameter
in the base exchange, a Ta value of 500ms MUST be used as that host's in the base exchange, a Ta value of 500ms MUST be used as that host's
minimum value. The value that is used by both of the hosts is the minimum value. The value that is used by both of the hosts is the
higher out of the two offered values. higher out of the two offered values.
Hosts SHOULD NOT use values smaller than 20ms for the minimum Ta, Hosts SHOULD NOT use values smaller than 20ms for the minimum Ta,
since such values may not work well with some NATs, as explained in since such values may not work well with some NATs, as explained in
[I-D.ietf-mmusic-ice]. The Initiator MUST NOT propose a smaller [I-D.ietf-mmusic-ice]. The Initiator MUST NOT propose a smaller
value than what the Responder offered. value than what the Responder offered.
The minimum Ta value SHOULD be configurable. Guidelines for The minimum Ta value SHOULD be configurable, and if no value is
selecting a Ta value are given in Appendix A. Currently this feature configured, value of 500ms MUST be used. Guidelines for selecting a
applies only to the ICE-STUN-UDP NAT traversal mode, but any other Ta value are given in Appendix A. Currently this feature applies
mode using connectivity checks SHOULD utilize this feature. only to the ICE-STUN-UDP NAT traversal mode, but any other mode using
connectivity checks SHOULD utilize this feature.
4.5. Base Exchange via HIP Relay Server 4.5. Base Exchange via HIP Relay Server
This section describes how Initiator and Responder perform a base This section describes how Initiator and Responder perform a base
exchange through a HIP relay server. The NAT traversal mode exchange through a HIP relay server. The NAT traversal mode
negotiation (denoted as NAT_TM in the example) was described in negotiation (denoted as NAT_TM in the example) was described in
Section 4.3 and is not repeated here. If a relay receives an R1 or Section 4.3 and is not repeated here. If a relay receives an R1 or
I2 packet without the NAT traversal mode parameter, it MUST drop it I2 packet without the NAT traversal mode parameter, it MUST drop it
and SHOULD send a NOTIFY error packet with type and SHOULD send a NOTIFY error packet with type
NO_VALID_NAT_TRAVERSAL_MODE_PARAMETER to the sender of the R1/I2. NO_VALID_NAT_TRAVERSAL_MODE_PARAMETER to the sender of the R1/I2.
skipping to change at page 15, line 50 skipping to change at page 15, line 50
If the ICE connectivity checks failed, the hosts MUST NOT send ESP If the ICE connectivity checks failed, the hosts MUST NOT send ESP
traffic to each other but MAY continue communicating using HIP traffic to each other but MAY continue communicating using HIP
packets and the locators used for the base exchange. Also, the hosts packets and the locators used for the base exchange. Also, the hosts
SHOULD notify each other about the failure with a SHOULD notify each other about the failure with a
CONNECTIVITY_CHECKS_FAILED NOTIFY packet (see Section 5.10). CONNECTIVITY_CHECKS_FAILED NOTIFY packet (see Section 5.10).
4.7. NAT Keepalives 4.7. NAT Keepalives
To prevent NAT states from expiring, communicating hosts send To prevent NAT states from expiring, communicating hosts send
periodically keepalives to each other. HIP relay servers MAY refrain periodic keepalives to each other. HIP relay servers MAY refrain
from sending keepalives if it's known that they are not behind a from sending keepalives if it's known that they are not behind a
middlebox that requires keepalives. An end-host MUST send keepalives middlebox that requires keepalives. An end-host MUST send keepalives
every 15 seconds to refresh the UDP port mapping at the NAT(s) when every 15 seconds to refresh the UDP port mapping at the NAT(s) when
the control or data channel is idle. To implement failure tolerance, the control or data channel is idle. To implement failure tolerance,
an end-host SHOULD have shorter keepalive period. an end-host SHOULD have shorter keepalive period.
The keepalives are STUN Binding Indications if the hosts have agreed The keepalives are STUN Binding Indications if the hosts have agreed
on ICE-STUN-UDP NAT traversal mode during the base exchange. on ICE-STUN-UDP NAT traversal mode during the base exchange.
Otherwise, HIP NOTIFY packets MAY be used as keepalives. Otherwise, HIP NOTIFY packets MAY be used as keepalives.
skipping to change at page 27, line 32 skipping to change at page 27, line 32
associations are based on the same inner IP addresses. associations are based on the same inner IP addresses.
This issue does not exist with the UDP encapsulation of HIP ESP This issue does not exist with the UDP encapsulation of HIP ESP
transport format because the Responder uses HITs to distinguish transport format because the Responder uses HITs to distinguish
between different Initiators. between different Initiators.
7. IANA Considerations 7. IANA Considerations
This section is to be interpreted according to [RFC5226]. This section is to be interpreted according to [RFC5226].
Upon publication of this document, IANA is requested to register a [TO BE REMOVED: Upon publication of this document, IANA is requested
UDP port and the RFC editor is requested to change all occurrences of to register a UDP port from the Registered Ports range and the RFC
port HIPPORT to the port IANA has registered. The HIPPORT number editor is requested to change all occurrences of port HIPPORT to the
50500 should be used for initial experimentation. port IANA has registered. The HIPPORT number 50500 should be used
for initial experimentation. ]
This document updates the IANA Registry for HIP Parameter Types This document updates the IANA Registry for HIP Parameter Types
[RFC5201] by assigning new HIP Parameter Type values for the new HIP [RFC5201] by assigning new HIP Parameter Type values for the new HIP
Parameters: RELAY_FROM, RELAY_TO and REG_FROM (defined in Parameters: RELAY_FROM, RELAY_TO and REG_FROM (defined in
Section 5.6), RELAY_HMAC (defined in Section 5.8), TRANSACTION_PACING Section 5.6), RELAY_HMAC (defined in Section 5.8), TRANSACTION_PACING
(defined in Section 5.5), and NAT_TRAVERSAL_MODE (defined in (defined in Section 5.5), and NAT_TRAVERSAL_MODE (defined in
Section 5.4). Section 5.4).
This document defines an additional registration type for the HIP This document defines an additional registration type for the HIP
Registration Extension [RFC5203] that allows registering with a HIP Registration Extension [RFC5203] that allows registering with a HIP
relay server for relaying service: RELAY_UDP_HIP (defined in relay server for relaying service: RELAY_UDP_HIP (defined in
Section 5.9). Section 5.9).
This document also defines NO_VALID_NAT_TRAVERSAL_MODE_PARAMETER, This document also defines NO_VALID_NAT_TRAVERSAL_MODE_PARAMETER,
CONNECTIVITY_CHECKS_FAILED and MESSAGE_NOT_RELAYED Notify Packet CONNECTIVITY_CHECKS_FAILED and MESSAGE_NOT_RELAYED Notify Packet
Types [RFC5201] in Section 5.10. Types [RFC5201] in Section 5.10.
The NAT_TRAVERSAL_MODE parameter has 8-bit unsigned integer fields The NAT_TRAVERSAL_MODE parameter has 16-bit unsigned integer fields
for different modes, for which IANA is to create and maintain a new for different modes, for which IANA is to create and maintain a new
sub-registry entitled "HIP NAT traversal modes" under the "Host sub-registry entitled "HIP NAT traversal modes" under the "Host
Identity Protocol (HIP) Parameters". Initial values for the NAT Identity Protocol (HIP) Parameters". Initial values for the NAT
traversal mode registry are given in Section 5.4; future assignments traversal mode registry are given in Section 5.4; future assignments
are to be made through IETF Review [RFC5226]. Assignments consist of are to be made through IETF Review [RFC5226]. Assignments consist of
a NAT traversal mode identifier name and its associated value. [TO a NAT traversal mode identifier name and its associated value. [TO
BE REMOVED: This registration should take place at the following BE REMOVED: This registration should take place at the following
location: http://www.iana.org/assignments/hip-parameters/] location: http://www.iana.org/assignments/hip-parameters/]
8. Contributors 8. Contributors
skipping to change at page 28, line 46 skipping to change at page 28, line 47
Forces, Ericsson, and Birdstep. Forces, Ericsson, and Birdstep.
10. References 10. References
10.1. Normative References 10.1. Normative References
[I-D.ietf-behave-turn] [I-D.ietf-behave-turn]
Rosenberg, J., Mahy, R., and P. Matthews, "Traversal Using Rosenberg, J., Mahy, R., and P. Matthews, "Traversal Using
Relays around NAT (TURN): Relay Extensions to Session Relays around NAT (TURN): Relay Extensions to Session
Traversal Utilities for NAT (STUN)", Traversal Utilities for NAT (STUN)",
draft-ietf-behave-turn-15 (work in progress), June 2009. draft-ietf-behave-turn-16 (work in progress), July 2009.
[I-D.ietf-mmusic-ice] [I-D.ietf-mmusic-ice]
Rosenberg, J., "Interactive Connectivity Establishment Rosenberg, J., "Interactive Connectivity Establishment
(ICE): A Protocol for Network Address Translator (NAT) (ICE): A Protocol for Network Address Translator (NAT)
Traversal for Offer/Answer Protocols", Traversal for Offer/Answer Protocols",
draft-ietf-mmusic-ice-19 (work in progress), October 2007. draft-ietf-mmusic-ice-19 (work in progress), October 2007.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
skipping to change at page 31, line 43 skipping to change at page 31, line 43
| -00 | Initial version. | | -00 | Initial version. |
| -01 | Draft based on RVS. | | -01 | Draft based on RVS. |
| -02 | Draft based on Relay proxies and ICE concepts. | | -02 | Draft based on Relay proxies and ICE concepts. |
| -03 | Draft based on STUN/ICE formats. | | -03 | Draft based on STUN/ICE formats. |
| -04 | Issues 25-27,29-36 | | -04 | Issues 25-27,29-36 |
| -05 | Issues 28,40-43,47,49,51 | | -05 | Issues 28,40-43,47,49,51 |
| -06 | New copyright boilerplate and STUN username encoding | | -06 | New copyright boilerplate and STUN username encoding |
| -07 | New NOTIFY error packet parameters, changed handling | | -07 | New NOTIFY error packet parameters, changed handling |
| | of I2/R2 via relay with UDP-ENCAPSULATION mode | | | of I2/R2 via relay with UDP-ENCAPSULATION mode |
| -08 | Small editorial fixes regarding WGLC comments | | -08 | Small editorial fixes regarding WGLC comments |
| -09 | Small fixes regarding IESG and Gen-ART review comments |
+----------+--------------------------------------------------------+ +----------+--------------------------------------------------------+
Authors' Addresses Authors' Addresses
Miika Komu Miika Komu
Helsinki Institute for Information Technology Helsinki Institute for Information Technology
Metsanneidonkuja 4 Metsanneidonkuja 4
Espoo Espoo
Finland Finland
 End of changes. 12 change blocks. 
20 lines changed or deleted 25 lines changed or added

This html diff was produced by rfcdiff 1.37a. The latest version is available from http://tools.ietf.org/tools/rfcdiff/