draft-ietf-rohc-ikev2-extensions-hcoipsec-00.txt   draft-ietf-rohc-ikev2-extensions-hcoipsec-01.txt 
Network Working Group R. Jasani Network Working Group J. Pezeshki
Internet-Draft J. Pezeshki Internet-Draft E. Ertekin
Intended status: Experimental E. Ertekin Expires: August 28, 2007 R. Jasani
Expires: March 26, 2007 C. Christou C. Christou
Booz Allen Hamilton Booz Allen Hamilton
September 22, 2006 February 24, 2007
Extensions to IKEv2 to Support Header Compression over IPsec (HCoIPsec) IKEv2 Extensions to Support Header Compression over IPsec (HCoIPsec)
draft-ietf-rohc-ikev2-extensions-hcoipsec-00.txt draft-ietf-rohc-ikev2-extensions-hcoipsec-01
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 36 skipping to change at page 1, line 36
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on March 26, 2007. This Internet-Draft will expire on August 28, 2007.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2006). Copyright (C) The IETF Trust (2007).
Abstract Abstract
When using Header Compression (HC) schemes in conjunction with IPsec When using Header Compression (HC) schemes (e.g. ROHC [ROHC]) in
(i.e., [HCOIPSEC]) a mechanism is needed to negotiate both the HC conjunction with IPsec [IPSEC] (i.e. [HCOIPSEC]) a mechanism is
scheme and any associated configuration parameters between end-points needed to negotiate ROHC configuration parameters between end-points
prior to operation. Internet Key Exchange (IKE) is a mechanism which prior to operation. Internet Key Exchange (IKE) is a mechanism which
can be leveraged to handle these negotiations. This document can be leveraged to handle these negotiations. This document
specifies extensions to Internet Key Exchange (IKEv2) that will allow specifies extensions to Internet Key Exchange (IKEv2 [IKEV2]) that
header compression schemes and their associated configuration will allow ROHC and its associated configuration parameters to be
parameters to be negotiated for IPsec security associations. negotiated for IPsec security associations (SAs).
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Header Compression Channel Negotiation . . . . . . . . . . . . 3
3. Header Compression Channel Negotiation . . . . . . . . . . . . 3 2.1. Negotiation of Header Compression Parameters . . . . . . . 3
3.1. Header Compression Scheme Negotiation . . . . . . . . . . 3 2.1.1. Profiles Suboption . . . . . . . . . . . . . . . . . . 6
3.1.1. Notify Payload For RoHC . . . . . . . . . . . . . . . 6 3. Security Considerations . . . . . . . . . . . . . . . . . . . 7
3.1.1.1. Profiles Suboption . . . . . . . . . . . . . . . . 8 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7
3.1.2. Notify Payload For IPHC/cRTP/ECRTP . . . . . . . . . . 8 5. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 7
3.1.3. Notify Payload For None . . . . . . . . . . . . . . . 10 6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 8
4. Security Considerations . . . . . . . . . . . . . . . . . . . 11 6.1. Normative References . . . . . . . . . . . . . . . . . . . 8
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 6.2. Informative References . . . . . . . . . . . . . . . . . . 8
6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 11 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 8
7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Intellectual Property and Copyright Statements . . . . . . . . . . 10
7.1. Normative References . . . . . . . . . . . . . . . . . . . 12
7.2. Informative References . . . . . . . . . . . . . . . . . . 12
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 13
Intellectual Property and Copyright Statements . . . . . . . . . . 15
1. Introduction 1. Introduction
Packet header overhead incurred by applications that use IPsec can Increased packet header overhead due to IPsec protection can result
result in inefficient bandwidth utilization of the communications in inefficient utilization of bandwidth. Coupling HC with IPsec
channel. Coupling header compression with IPsec [IPSEC] (i.e., offers an efficient way to transfer protected IP traffic.
[HCOIPSEC]) offers an efficient way to deploy these applications
securely.
HC schemes require their configuration parameters to be negotiated
between the compressor and decompressor, prior to operation. Current
hop-by-hop HC schemes negotiate these parameters through a link-layer
protocol such as Point-to-Point Protocol (PPP). This document
proposes the use of IPsec's parameter negotiation mechanism, IKE, to
handle HC scheme and parameter negotiation for HCoIPsec. This
document details how IKEv2 must be extended to provide the
functionality required to initialize an HC channel and negotiate HC
scheme parameters.
2. Audience
The target audience of this document includes those who are involved
with the design and development of Header Compression (HC) schemes,
IPsec mechanisms, and the IETF HCoIPsec participants. In addition,
this document is intended for vendors developing IPsec encryption/
decryption devices that may be deployed in bandwidth-constrained, IP
networking environments.
3. Header Compression Channel Negotiation
The initialization of a HC session entails negotiating the HC scheme HC schemes require configuration parameters to be negotiated between
to be used, as well as any configuration parameters that are required the compressor and decompressor, prior to operation. Current hop-by-
by that particular HC scheme. IKEv2, an extensible protocol that hop ROHC schemes negotiate these parameters through a link-layer
negotiates parameters via request/response message pairs (e.g. protocol such as Point-to-Point Protocol (PPP) (i.e. ROHC over PPP
exchange), will be used to initialize a HCoIPsec session. [ROHCPPP]). Similarly, key exchange protocols (e.g. IKEv2) exist,
which are commonly used to negotiate parameters between IPsec peers
before a SA can be established. This document proposes the use of
IPsec's parameter negotiation mechanism, IKE, to handle ROHC channel
configuration for HCoIPsec. Various extensions to IKEv2, designed to
provide this functionality, are detailed within this document.
IKEv2 negotiation of a HCoIPsec session is implemented with a Notify 2. Header Compression Channel Negotiation
payload as part of the IKE_AUTH and CREATE_CHILD_SA exchanges. The
new Notify payload will be used to negotiate:
1. HC scheme The initialization of a ROHC session requires the negotiation of a
2. HC scheme configuration parameters set of configuration parameters (e.g. maximum context identifier
length, etc.). As such, a mechanism must exist for a ROHC enabled
device to share a list of supported HC parameters with its peer, and
for the peer to select the appropriate parameters from this list.
3.1. Header Compression Scheme Negotiation Similarly, negotiable parameters must also be shared between IPsec
peers before a SA can be established. To perform this negotiation, a
key exchange protocol, IKEv2, is commonly used. IKEv2 is an
extensible protocol that negotiates parameters via request/response
message pairs (i.e. exchanges).
An IPsec end-point may be able to support multiple compression types, A set of extensions to IKEv2 can be defined, which will allow for
including RObust Header Compression (ROHC) [ROHC], IP Header ROHC parameters to be negotiated during the creation and rekeying of
Compression (IPHC) [IPHC], Compressed RTP CRTP [CRTP], and/or Child SAs. This new Notify payload will contain values for the set
Enhanced Compressed RTP ECRTP [ECRTP]. As such, for a given Child of ROHC parameters to be negotiated between the two ROHC peers.
SA, the configuration parameters for these HC schemes will be
negotiated at either the establishment or rekeying of a Child SA.
The Notify payload will be used during the IKE_AUTH and 2.1. Negotiation of Header Compression Parameters
CREATE_CHILD_SA exchanges to negotiate the HCoIPsec session. This
payload will contain the proposed/accepted HC schemes for the Child
SA, as well as the configuration parameters for each scheme. A new
Notify Message Type value, denoted HC_SUPPORTED, will be added to
indicate that the Notify payload is conveying HC information. In
addition, the supported HC schemes and their corresponding
configuration parameters will be communicated in the Notification
Data field.
Note: The prioritized list of allowable HC schemes within the ROHC configuration parameters will be negotiated at either the
Notification Data field of the Notify payload should always end with establishment or rekeying of a Child SA. Specifically, a Notify
NONE, indicating uncompressed traffic. payload will be used during the IKE_AUTH and CREATE_CHILD_SA
exchanges to negotiate the HCoIPsec session. The Notify payload sent
by the initiator will contain the configuration parameters for the
ROHC scheme. Upon receipt of the initiator's request, the responder
will either ignore the payload (if it doesn't support ROHC or the
proposed parameters) or respond with a Notify payload that contains
the accepted negotiable parameters.
The Notify payload used to convey HC information must begin with the A new Notify Message Type value, denoted ROHC_SUPPORTED, will be
following payload header: added to indicate that the Notify payload is conveying ROHC channel
parameters. As defined in [IPSEC], the Notify payload is specified
as follows:
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
! Next Payload !C! RESERVED ! Payload Length ! ! Next Payload !C! RESERVED ! Payload Length !
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
! Protocol ID ! SPI Size ! Notify Message Type ! ! Protocol ID ! SPI Size ! Notify Message Type !
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
! ! ! !
~ Security Parameter Index (SPI) ~ ~ Notification Data ~
! ! ! !
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 1: Notify Payload Header Figure 1: Notify Payload
To negotiate HCoIPsec, the values for the fields in the Notify
payload are defined as follows:
Next Payload (1 octet) Next Payload (1 octet)
Identifier for the payload type of the next payload in the Identifier for the payload type of the next payload in the
message. If the current payload is the last in the message, then message. If the current payload is the last in the message, then
this field will be 0. The Next Payload value of the previous this field will be 0. The Next Payload value of the previous
payload must be 41, indicating that this current payload is a payload must be 41, indicating that this current payload is a
Notify Payload. Notify Payload.
Critical (1 bit) Critical (1 bit)
This value is set to zero, indicating that the recipient must skip This value is set to zero, indicating that the recipient must skip
skipping to change at page 5, line 14 skipping to change at page 4, line 47
RESERVED (7 bits) RESERVED (7 bits)
Must be sent as zero, and must be ignored on receipt. Must be sent as zero, and must be ignored on receipt.
Payload Length (2 octets) Payload Length (2 octets)
Length in octets of the current payload, including the generic Length in octets of the current payload, including the generic
payload header. payload header.
Protocol ID (1 octet) Protocol ID (1 octet)
If this notification concerns an existing SA, this field indicates If this notification concerns an existing SA, this field indicates
the SA type. This field must contain either (2) to indicate AH or the type of that SA (i.e. IKE_SA, AH [AH], or ESP [ESP]). Since
(3) to indicate ESP on the Child SA. For notifications that do the ROHC parameters are set at SA creation, and thus do not relate
not relate to an existing SA, this field must be sent as zero and to an existing SA, this field must be set to zero.
ignored on receipt. This value must not be set to (1), since this
refers to IKE_SA notifications. All other values for this field
are reserved to IANA for future assignment.
SPI Size (1 octet) SPI Size (1 octet)
Length in octets of the SPI as defined by the IPsec protocol ID or Length in octets of the SPI as defined by the IPsec protocol ID.
zero if no SPI is applicable. This value must be set to zero, since no SPI is applicable (ROHC
parameters are set at SA creation, thus the SPI has not been
defined).
Notify Message Type (2 octets) Notify Message Type (2 octets)
Specifies the type of notification message. This field must be Specifies the type of notification message. This field must be
set to HC_SUPPORTED. set to ROHC_SUPPORTED.
SPI (variable length)
Security Parameter Index.
Following the Notify payload header, the remainder of the payload is ROHC configuration parameters will be communicated via a new Notify
used to identify the proposed HC schemes, and their associated message type, denoted ROHC_SUPPORTED. The ROHC configuration
configuration parameters. Each scheme will be listed in the parameters will be listed within the Notification Data field in the
following format: following format:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| HC ID | Next HC ID | HC Parameter Length | ! HC PRMTR LNTH ! MAX_CID ! MRRU...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
...MRRU ! MAX_HEADER ! !
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
! ! ! !
~ HC Scheme Configuration Parameters ~ ~ suboptions... ~
! ! ! !
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2: Portion of HC Notify Payload Body (repeated for each Figure 2: Notification Data field
proposed HC scheme)
HC ID (1 octet)
Identifies the HC scheme that is being defined within the HC
Scheme Configuration Parameters field(s). The order in which the
HC ID fields occur within the HC Notify payload define the order
of preference (i.e. the first HC scheme defined is the scheme most
preferred by the initiator).
Next HC ID (1 octet)
Identifies the HC scheme that will be defined after the HC Scheme
Configuration Parameters field(s). If this is the last HC scheme
to be proposed, this value is set to zero.
HC Parameter Length (2 octets)
The length, in octets, of the configuration parameters for this
particular HC scheme.
HC Scheme Configuration Parameters (Variable Length)
The negotiable parameters for the particular HC scheme.
3.1.1. Notify Payload For RoHC
For ROHC, the NOTIFY payload will be of the following form (ignoring
the header depicted in Figure 1):
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| HC ID (ROHC) | Next HC ID | HC Parameter Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MAX_CID | MRRU |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MAX_HEADER | suboptions...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 3: Portion of HC Notify Payload Body for negotiating RoHC
parameters
HC ID
1 (ROHC)
HC Parameter Length HC PARAMETER LENGTH (1 octet)
>= 6 >= 7 (i.e. the combined length of HC PARAMETER LENGTH, MAX_CID,
MRRU, and MAX_HEADER)
MAX_CID MAX_CID (2 octets)
The MAX_CID field is two octets and indicates the maximum value of The MAX_CID field indicates the maximum value of a context
a context identifier. This value must be at least 0 and at most identifier. This value must be at least 0 and at most 16383 (The
16383 (The value 0 implies having one context). value 0 implies having one context).
Suggested value: 15 Suggested value: 15
Note: The value of LARGE_CIDS will be implicitly determined by Note: The value of LARGE_CIDS will be implicitly determined by
this value (i.e. if MAX_CID is <= 15, LARGE_CIDS will be assumed this value (i.e. if MAX_CID is <= 15, LARGE_CIDS will be assumed
to be 0). to be 0).
MRRU MRRU (2 octets)
The MRRU field is two octets and indicates the maximum The MRRU field indicates the maximum reconstructed reception unit
reconstructed reception unit (see [ROHC], section 5.1.1). (see [ROHC], section 5.1.1).
Suggested value: 0 Suggested value: 0
MAX_HEADER Note: The MRRU value is used in conjunction with the segmentation
protocol defined in ROHC. Since a HCoIPsec compressor and
decompressor will generally be separated by multiple link-layer
"hops", segmentation will not be needed. In these cases the MRRU
value should be set to zero, indicating that no segmented ROHC
segmented-header packets are allowed on the channel.
MAX_HEADER (2 octets)
The largest header size in octets that may be compressed. The largest header size in octets that may be compressed.
Suggested value: 168 octets Suggested value: 168 octets
The value of MAX_HEADER should be large enough so that at least Note: The MAX_HEADER parameter is not used for all ROHC profiles.
the outer network layer header can be compressed. To increase If none of the ROHC profiles require this field, this value is
compression efficiency MAX_HEADER should be set to a value large
enough to cover common combinations of network and transport layer
headers.
Note: The MAX_HEADER parameter is not used for all RoHC profiles.
If none of the RoHC profiles require this field, this value is
ignored. ignored.
suboptions suboptions
The suboptions field consists of zero or more suboptions. Each The suboptions field consists of one or more suboptions. Each
suboption consists of a type field, a length field and zero or suboption consists of a type field, a length field and zero or
more parameter octets, as defined by the suboption type. The more parameter octets, as defined by the suboption type. The
value of the length field indicates the length of the suboption in value of the length field indicates the length of the suboption in
its entirety, including the lengths of the type and length fields. its entirety, including the lengths of the type and length fields.
0 1 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Parameters... ! Type ! Length ! Parameters...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 4: Suboption for RoHC Figure 3: Suboption
Note: When a pair of SAs are created (one in each direction), the Note: When a pair of SAs are created (one in each direction), the
ROHC channel parameter FEEDBACK_FOR is set implicitly to the other ROHC channel parameter FEEDBACK_FOR is set implicitly to the other
SA of the pair (e.g. the SA pointing in the reverse direction). SA of the pair (i.e. the SA pointing in the reverse direction).
3.1.1.1. Profiles Suboption 2.1.1. Profiles Suboption
The set of profiles to be enabled on a Child SA is subject to The set of profiles to be enabled on a Child SA is subject to
negotiation. negotiation.
0 1 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Parameters... ! Type ! Length ! Profiles...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 5: Profiles suboption Figure 4: Profiles suboption
Type Type
1 1
Length Length
2n+2 2n+2
Value Value
n octet-pairs in ascending order, each octet-pair specifying a n octet-pairs in ascending order, each octet-pair specifying a
ROHC profile supported. Values negotiated are assigned in the ROHC profile supported. Values negotiated are assigned in the
RoHC profile identifiers registry [ROHCPROF]. ROHC profile identifiers registry [ROHCPROF].
3.1.2. Notify Payload For IPHC/cRTP/ECRTP
For IPHC/cRTP/ECRTP, the NOTIFY payload will be of the following form
(ignoring the header depicted in Figure 1):
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| HC ID (ECRTP) | Next HC ID | HC Parameter Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| TCP_SPACE | NON_TCP_SPACE |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| F_MAX_PERIOD | F_MAX_TIME |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MAX_HEADER | suboptions...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 6: Portion of HC Notify Payload Body for negotiating IPHC/
cRTP/ECRTP parameters
HC ID
2 (ECRTP)
3 (cRTP)
4 (IPHC)
HC Parameter Length
>= 10
TCP_SPACE
The TCP_SPACE field is two octets and indicates the maximum value
of a context identifier in the space of context identifiers
allocated for TCP.
Suggested value: 15
TCP_SPACE must be at least 0 and at most 255 (the value 0 implies
having one context).
NON_TCP_SPACE
The NON_TCP_SPACE field is two octets and indicates the maximum
value of a context identifier in the space of context identifiers
allocated for non-TCP. These context identifiers are carried in
COMPRESSED_NON_TCP, COMPRESSED_UDP and COMPRESSED_RTP packet
headers.
Suggested value: 15
NON_TCP_SPACE must be at least 0 and at most 65535 (the value 0
implies having one context).
F_MAX_PERIOD
Maximum interval between full headers. No more than F_MAX_PERIOD
COMPRESSED_NON_TCP headers may be sent between FULL_HEADER
headers.
Suggested value: 256
A value of zero implies infinity, i.e. there is no limit to the
number of consecutive COMPRESSED_NON_TCP headers.
F_MAX_TIME
Maximum time interval between full headers. COMPRESSED_NON_TCP
headers may not be sent more than F_MAX_TIME seconds after sending
the last FULL_HEADER header.
Suggested value: 5 seconds
A value of zero implies infinity.
MAX_HEADER
The largest header size in octets that may be compressed.
Suggested value: 168 octets
The value of MAX_HEADER should be large enough so that at least
the outer network layer header can be compressed. To increase
compression efficiency MAX_HEADER should be set to a value large
enough to cover common combinations of network and transport layer
headers.
suboptions
The suboptions field consists of zero or more suboptions. Each
suboption consists of a type field, a length field and zero or
more parameter octets, as defined by the suboption type. The
value of the length field indicates the length of the suboption in
its entirety, including the lengths of the type and length fields.
0 1 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Parameters...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 7: Suboption for IPHC/cRTP/ECRTP
3.1.3. Notify Payload For None
For None, the Notify payload will be of the following form (ignoring
the header depicted in Figure 1):
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| HC ID (NONE ) | NEXT HC ID | HC PARAMETER LENGTH |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 8: Portion of HC Notify Payload Body for no HC scheme
HC ID
0
HC Parameter Length
0
Note: None (e.g. no HC) should always be proposed last. If proposed
last, the Next HC ID field for this set of fields must be set to
zero.
4. Security Considerations 3. Security Considerations
The negotiated HC schemes and parameters negotiated via IKEv2 do not The negotiated HC schemes and parameters negotiated via IKEv2 do not
add any any new vulnerabilities beyond those associated with the add any new vulnerabilities beyond those associated with the normal
normal operation of IKEv2. operation of IKEv2.
5. IANA Considerations
This document defines a new Notify Message Type value of which future
assignments will be managed by the IANA.
The following registry should be updated:
IKEv2 Notify Message Types (REF4306, Section 3.10.1)
The following registry should be created:
HC ID (Section 4.1)
The following HC IDs should be allocated: 4. IANA Considerations
HC ID Document Identifier This document defines a new Notify Message Type. Therefore, if the
0 RFCthis None proposal is accepted, IANA is requested to allocate on value from the
1 RFCthis ROHC IKEv2 Notify Message Types registry to indicate ROHC_SUPPORTED.
2 RFCthis ECRTP
3 RFCthis cRTP
4 RFCthis IPHC
6. Acknowledgments 5. Acknowledgments
The authors would like to thank Mr. Sean O'Keeffe, Mr. James Kohler, The authors would like to thank Mr. Sean O'Keeffe, Mr. James Kohler,
and Ms. Linda Noone of the Department of Defense, and well as Mr. and Ms. Linda Noone of the Department of Defense, as well as Mr. Rich
Rich Espy of OPnet for their contributions and support in the Espy of OPnet for their contributions and support in the development
development of this document. In addition, the authors would like to of this document. The authors would also like to thank Mr. Tero
thank the following for their numerous reviews and comments to this Kivinen for providing his technical expertise for this document. In
document: addition, the authors would like to thank the following for their
numerous reviews and comments to this document:
Mr. Tero Kivinen
Dr. Stephen Kent Dr. Stephen Kent
Dr. Carsten Bormann
Mr. Lars-Erik Jonnson
Finally, the authors would also like to thank Mr. Tom Conkle, Ms. Finally, the authors would also like to thank Mr. Tom Conkle, Ms.
Renee Esposito, and Mr. Etzel Brower.
7. References
7.1. Normative References
[IPSEC] Kent, S. and K. Seo, "Security Architecture for the
Internet Protocol", RFC 4301, December 2005.
[HCOIPSEC]
Ertekin, E., Christou, C., and R. Jasani, "Integration of
Header Compression over IPsec Security Associations", work
in progress , June 2006.
[IPHC] Nordgren, M., Pink, B., and S. Pink, "IP Header Michele Casey, and Mr. Etzel Brower.
Compression", RFC 2509, February 1999.
[CRTP] Casner, S. and V. Jacobson, "Compressing IP/UDP/RTP 6. References
Headers for Low-Speed Serial Links", RFC 2508,
February 1999.
[ECRTP] Koren, T. and et. al., "Compressing IP/UDP/RTP Headers on 6.1. Normative References
Links with High Delay, Packet Loss, and Reordering",
RFC 3545, July 2003.
[ROHC] Bormann, C., Burmeister, C., Degermark, M., Fukushima, H., [ROHC] Bormann, C., Burmeister, C., Degermark, M., Fukushima, H.,
Hannu, H., Jonsson, L., Hakenberg, R., Koren, T., Le, K., Hannu, H., Jonsson, L., Hakenberg, R., Koren, T., Le, K.,
Liu, Z., Martensson, A., Miyazaki, A., Svanbro, K., Liu, Z., Martensson, A., Miyazaki, A., Svanbro, K.,
Wiebke, T., Yoshimura, T., and H. Zheng, "RObust Header Wiebke, T., Yoshimura, T., and H. Zheng, "RObust Header
Compression (ROHC): Framework and four profiles: RTP, UDP, Compression (ROHC): Framework and four profiles: RTP, UDP,
ESP, and uncompressed", RFC 3095, July 2001. ESP, and uncompressed", RFC 3095, July 2001.
[IPSEC] Kent, S. and K. Seo, "Security Architecture for the
Internet Protocol", RFC 4301, December 2005.
[HCOIPSEC]
Ertekin, E., Christou, C., and R. Jasani, "Integration of
Header Compression over IPsec Security Associations", work
in progress , February 2007.
[IKEV2] Kaufman, C., "Internet Key Exchange (IKEv2) Protocol",
RFC 4306, December 2005.
[ROHCPROF] [ROHCPROF]
"RObust Header Compression (ROHC) Profile Identifiers", "RObust Header Compression (ROHC) Profile Identifiers",
IANA list , October 2005. www.iana.org/assignments/ROHC-pro-ids , October 2005.
7.2. Informative References 6.2. Informative References
[ROHCPPP] Bormann, C., "Robust Header Compression (ROHC) over PPP", [ROHCPPP] Bormann, C., "Robust Header Compression (ROHC) over PPP",
RFC 3241, April 2002. RFC 3241, April 2002.
[IPHCPPP] Engan, M., Casner, S., Bormann, C., and T. Koren, "IP
Header Compression over PPP", RFC 3544, July 2003.
[AH] Kent, S., "IP Authentication Header", RFC 4302, [AH] Kent, S., "IP Authentication Header", RFC 4302,
December 2005. December 2005.
[ESP] Kent, S., "IP Encapsulating Security Payload (ESP)", [ESP] Kent, S., "IP Encapsulating Security Payload (ESP)",
RFC 4303, December 2005. RFC 4303, December 2005.
[CRTPE] Degermark, M., Hannu, H., Jonsson, L., and K. Svanbro,
"Evaluation of CRTP Performance over Cellular Radio
Networks", IEEE Personal Communication Magazine , Volume
7, number 4, pp. 20-25, August 2000.
[ROHCE] Ash, J. and et. al, "Requirements for ECRTP over MPLS",
work in progress , December 2004.
[TCRTP] Thompson, B., "Tunneling of Multiplexed Compressed RTP",
work in progress , September 2004.
Authors' Addresses Authors' Addresses
Rohan Jasani Jonah Pezeshki
Booz Allen Hamilton Booz Allen Hamilton
13200 Woodland Park Dr. 13200 Woodland Park Dr.
Herndon, VA 20171 Herndon, VA 20171
US US
Email: jasani_rohan@bah.com Email: pezeshki_jonah@bah.com
Jonah Pezeshki Emre Ertekin
Booz Allen Hamilton Booz Allen Hamilton
13200 Woodland Park Dr. 13200 Woodland Park Dr.
Herndon, VA 20171 Herndon, VA 20171
US US
Email: pezeshki_jonah@bah.com Email: ertekin_emre@bah.com
Emre Ertekin Rohan Jasani
Booz Allen Hamilton Booz Allen Hamilton
13200 Woodland Park Dr. 13200 Woodland Park Dr.
Herndon, VA 20171 Herndon, VA 20171
US US
Email: ertekin_emre@bah.com Email: jasani_rohan@bah.com
Chris Christou Chris Christou
Booz Allen Hamilton Booz Allen Hamilton
13200 Woodland Park Dr. 13200 Woodland Park Dr.
Herndon, VA 20171 Herndon, VA 20171
US US
Email: christou_chris@bah.com Email: christou_chris@bah.com
Full Copyright Statement Full Copyright Statement
Copyright (C) The Internet Society (2006). Copyright (C) The IETF Trust (2007).
This document is subject to the rights, licenses and restrictions This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors contained in BCP 78, and except as set forth therein, the authors
retain all their rights. retain all their rights.
This document and the information contained herein are provided on an This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property Intellectual Property
The IETF takes no position regarding the validity or scope of any The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information made any independent effort to identify any such rights. Information
 End of changes. 68 change blocks. 
370 lines changed or deleted 161 lines changed or added

This html diff was produced by rfcdiff 1.33. The latest version is available from http://tools.ietf.org/tools/rfcdiff/