draft-ietf-speermint-architecture-10.txt   draft-ietf-speermint-architecture-11.txt 
SPEERMINT A. Uzelac, Ed. SPEERMINT D. Malas, Ed.
Internet-Draft Global Crossing Internet-Draft CableLabs
Intended status: Informational R. Penno Intended status: Informational J. Livingood, Ed.
Expires: September 10, 2010 Juniper Networks Expires: March 3, 2011 Comcast
M. Hammer August 30, 2010
Cisco Systems
D. Malas
CableLabs
S. Khan
Comcast
H. Kaplan
Acme Packet
J. Livingood
Comcast
D. Schwartz
XConnect Global Networks
R. Shockey
Shockey Consulting
March 9, 2010
SPEERMINT Peering Architecture SPEERMINT Peering Architecture
draft-ietf-speermint-architecture-10 draft-ietf-speermint-architecture-11
This document may contain material from IETF Documents or IETF
Contributions published or made publicly available before November
10, 2008. The person(s) controlling the copyright in some of this
material may not have granted the IETF Trust the right to allow
modifications of such material outside the IETF Standards Process.
Without obtaining an adequate license from the person(s) controlling
the copyright in such materials, this document may not be modified
outside the IETF Standards Process, and derivative works of it may
not be created outside the IETF Standards Process, except to format
it for publication as an RFC or to translate it into languages other
than English.
Abstract Abstract
This document defines a peering architecture for the Session This document defines a peering architecture for the Session
Initation Protocol (SIP) [RFC3261], it's functional components and Initiation Protocol (SIP) [RFC3261], it's functional components and
interfaces. It also describes the steps necessary to establish a interfaces. It also describes the components and the steps necessary
session between two peering domains in the context of the functions to establish a session between two SIP Service Provider (SSP) peering
defined. domains.
Status of this Memo Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF). Note that other groups may also distribute
other groups may also distribute working documents as Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at This Internet-Draft will expire on March 3, 2011.
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on September 10, 2010.
Copyright Notice Copyright Notice
Copyright (c) 2010 IETF Trust and the persons identified as the Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Reference Architecture . . . . . . . . . . . . . . . . . . . . 4 2. Reference Architecture . . . . . . . . . . . . . . . . . . . . 3
3. Procedures of Inter-domain SSP Session Establishment . . . . . 5 3. Procedures of Inter-domain SSP Session Establishment . . . . . 4
4. Relationships between functions/elements . . . . . . . . . . . 6 4. Relationships Between Functions/Elements . . . . . . . . . . . 5
5. Recommended SSP Procedures . . . . . . . . . . . . . . . . . . 6 5. Recommended SSP Procedures . . . . . . . . . . . . . . . . . . 5
5.1. Originating SSP Procedures . . . . . . . . . . . . . . . . 7 5.1. Originating SSP Procedures . . . . . . . . . . . . . . . . 5
5.1.1. The Look-Up Function (LUF) . . . . . . . . . . . . . . 7 5.1.1. The Look-Up Function (LUF) . . . . . . . . . . . . . . 5
5.1.1.1. Target Address Analysis . . . . . . . . . . . . . 7 5.1.1.1. Target Address Analysis . . . . . . . . . . . . . 6
5.1.1.2. ENUM Lookup . . . . . . . . . . . . . . . . . . . 7 5.1.1.2. ENUM Lookup . . . . . . . . . . . . . . . . . . . 6
5.1.2. Location Routing Function (LRF) . . . . . . . . . . . 8 5.1.2. Location Routing Function (LRF) . . . . . . . . . . . 7
5.1.2.1. DNS resolution . . . . . . . . . . . . . . . . . . 8 5.1.2.1. DNS resolution . . . . . . . . . . . . . . . . . . 7
5.1.2.2. Routing Table . . . . . . . . . . . . . . . . . . 8 5.1.2.2. Routing Table . . . . . . . . . . . . . . . . . . 7
5.1.2.3. LRF to LRF Routing . . . . . . . . . . . . . . . . 8 5.1.2.3. LRF to LRF Routing . . . . . . . . . . . . . . . . 7
5.1.3. Signaling Path Border Element (SBE) . . . . . . . . . 8 5.1.3. The Signaling Path Border Element (SBE) . . . . . . . 7
5.1.4. Establishing a Trusted Relationship . . . . . . . . . 9 5.1.3.1. Establishing a Trusted Relationship . . . . . . . 8
5.1.4.1. IPSec . . . . . . . . . . . . . . . . . . . . . . 9 5.1.3.2. IPSec . . . . . . . . . . . . . . . . . . . . . . 8
5.1.4.2. Co-Location . . . . . . . . . . . . . . . . . . . 9 5.1.3.3. Co-Location . . . . . . . . . . . . . . . . . . . 8
5.1.4.3. Sending the SIP Request . . . . . . . . . . . . . 9 5.1.3.4. Sending the SIP Request . . . . . . . . . . . . . 8
5.2. Target SSP Procedures . . . . . . . . . . . . . . . . . . 9 5.2. Target SSP Procedures . . . . . . . . . . . . . . . . . . 8
5.2.1. The Ingress SBE . . . . . . . . . . . . . . . . . . . 10 5.2.1. The Ingress SBE . . . . . . . . . . . . . . . . . . . 8
5.2.1.1. TLS . . . . . . . . . . . . . . . . . . . . . . . 10 5.2.1.1. TLS . . . . . . . . . . . . . . . . . . . . . . . 9
5.2.1.2. Receive SIP Requests . . . . . . . . . . . . . . . 10 5.2.1.2. Receive SIP Requests . . . . . . . . . . . . . . . 9
5.3. Data Path Border Element (DBE) . . . . . . . . . . . . . . 10 5.3. Data Path Border Element (DBE) . . . . . . . . . . . . . . 9
6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 10 6. Address Space Considerations . . . . . . . . . . . . . . . . . 9
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 10
8. Security Considerations . . . . . . . . . . . . . . . . . . . 11 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10
9. Normative References . . . . . . . . . . . . . . . . . . . . . 11 9. Security Considerations . . . . . . . . . . . . . . . . . . . 10
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 12 10. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 10
11. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . . 11
12. Open Issues . . . . . . . . . . . . . . . . . . . . . . . . . 11
13. References . . . . . . . . . . . . . . . . . . . . . . . . . . 11
13.1. Normative References . . . . . . . . . . . . . . . . . . . 11
13.2. Informative References . . . . . . . . . . . . . . . . . . 12
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 13
1. Introduction 1. Introduction
The objective of this document is to define a reference peering This document defines a reference peering architecture in the context
architecture in the context of session peering for multimedia of session peering for multimedia interconnects. In this process, we
interconnects. In this process, we define the peering reference define the peering reference architecture, its functional components,
architecture, its functional components, and peering interface and peering interface functions from the perspective of a SIP Service
functions from the perspective of a SIP Service provider's (SSP) providers [RFC5486] network.
[RFC5486] network.
This architecture allows the interconnection of two SSPs in layer 5 This architecture allows the interconnection of two SSPs in layer 5
peering as defined in the SIP-based session peering requirements peering as defined in the SIP-based session peering requirements
[I-D.ietf-speermint-requirements]. [I-D.draft-ietf-speermint-requirements-09].
Layer 3 peering is outside the scope of this document. Hence, the Layer 3 peering is outside the scope of this document. Hence, the
figures in this document focus on Layer 5 protocol functions and figures in this document do not show routers so that the focus is on
elements. Layer 5 protocol aspects.
This document uses terminology defined in the Session Peering for This document uses terminology defined in the Session Peering for
Multimedia Interconnect Terminology document [RFC5486]. Multimedia Interconnect Terminology document [RFC5486].
2. Reference Architecture 2. Reference Architecture
Figure 1 depicts the architecture and logical functions that form The following figure depicts the architecture and logical functions
peering between two SSPs. The terms used in the diagram are expanded that form peering between two SSPs.
here for reference:
o SBE - Signaling Path Border Element is described in Section 5.1.3
o LUF - Look-up Function is described in Section 5.1.1
o LRF - Location Routing Function is described in Section 5.1.2
o SF - Signaling Function is defined in [RFC5486]
o SIP - Session Initiation Protocol is defined in [RFC3261]
o DBE - Data Path Border Element is described in Section 5.3
o DNS - Domain Name Service is described in Section 5.1.2.1
o ENUM - E.164 Number Mapping is described in Section 5.1.1.2
o FQDN - Fully Qualified Domain Name
o TN DB - Telephone Number Database
o IP - IPv4/v6 Address
o RTP - Real-time Transport Protocol is defined in [RFC3550] +=============++ ++==============+
|| ||
+-----------+ +-----------+
| SBE | +-----+ | SBE |
| +-----+ | SIP |Proxy| | +-----+ |
| | LUF |<-|------>|ENUM | | | LUF | |
| +-----+ | ENUM |TN DB| | +-----+ |
SIP | | +-----+ | |
------>| +-----+ | DNS +-----+ | +-----+ |
| | LRF |<-|------>|FQDN | | | LRF | |
| +-----+ | |IP | | +-----+ |
| +-----+ | SIP +-----+ | +-----+ |
| | SF |<-|----------------|->| SF | |
| +-----+ | | +-----+ |
+-----------+ +-----------+
|| ||
+-----------+ +-----------+
RTP | DBE | RTP | DBE |
------>| |--------------->| |
+-----------+ +-----------+
|| ||
SSP1 Network || || SSP2 Network
+=============++ ++=============+
+=============++ ++==============+ Reference Architecture
|| ||
+-----------+ +-----------+
| SBE | | SBE |
| +-----+ | SIP +-----+ | +-----+ |
| | LUF |<-|------>|ENUM | | | LUF | |
| +-----+ | ENUM |TN DB| | +-----+ |
SIP | | +-----+ | |
------>| +-----+ | DNS +-----+ | +-----+ |
| | LRF |<-|------>|FQDN | | | LRF | |
| +-----+ | |IP | | +-----+ |
| +-----+ | SIP +-----+ | +-----+ |
| | SF |<-|----------------|->| SF | |
| +-----+ | | +-----+ |
+-----------+ +-----------+
|| ||
+-----------+ +-----------+
RTP | DBE | RTP | DBE |
------>| |--------------->| |
+-----------+ +-----------+
|| ||
SSP1 Network || || SSP2 Network
+=============++ ++=============+
Figure 1 Figure 1
For further details on the elements and functions described in this For further details on the elements and functions described in this
figure, please refer to [RFC5486]. figure, please refer to [RFC5486].
3. Procedures of Inter-domain SSP Session Establishment 3. Procedures of Inter-domain SSP Session Establishment
This document assumes that in order for a session to be established This document assumes that in order for a session to be established
from a User Agent (UA) in the Originating SSP's network to a UA in from a UA in the Originating SSP's network to an UA in the Target
the Target SSP's network the following steps are taken: SSP's network the following steps are taken:
1. Determine the target SSP via the LUF. (Note: If the target 1. Determine the target SSP via the LUF. (Note: If the target
address represents a resource within the originating SSP, the address represents an intra-SSP resource, the behavior is out-of-
behavior is out-of-scope with respect to this draft.) scope with respect to this draft.)
2. Determine the address of the SF of the target SSP via the LRF. 2. Determine the address of the SF of the target SSP via the LRF.
3. Establish the session 3. Establish the session
4. Exchange the media, which could include voice, video, text, etc. 4. Exchange the media, which could include voice, video, text, etc.
5. End the session 5. End the session (BYE)
The originating SSP would likely perform steps 1-4, and the target The originating SSP would likely perform steps 1-4, and the target
SSP would likely perform steps 4-5. SSP would likely perform steps 4-5.
If the target SSP is also an indirect peer, then steps 1-4 may be In the case the target SSP changes, then steps 1-4 would be repeated.
repeated. This is reflected in Figure 1 that shows the target SSP This is reflected in Figure 1 that shows the target SSP with its own
with its own peering functions. peering functions.
4. Relationships between functions/elements 4. Relationships Between Functions/Elements
o An SBE can contain a SF function. o An SBE can contain a SF function.
o An SF can perform LUF and LRF functions. o An SF can perform LUF and LRF functions.
o As an additional consideration, in current Session Border o As an additional consideration, a Session Border Controller, can
Controller (SBC) implementations, an SBC can contain an SF, SBE contain an SF, SBE and DBE, and may perform the LUF and LRF
and DBE, and may perform the LUF and LRF functions. functions.
o The following functions can communicate as follows, depending upon o The following functions can communicate as follows, depending upon
various real-world implementations: various real-world implementations:
* SF can communicate with LUF, LRF and another SF * SF can communicate with LUF, LRF, SBE and SF
* LUF can communicate with SF * LUF can communicator with SF and SBE
* LRF can communicate with SF * LRF can communicate with SF and SBE
5. Recommended SSP Procedures 5. Recommended SSP Procedures
This section describes the functions in more detail and provides some This section describes the functions in more detail and provides some
recommendations on the role they would play in an example SIP recommendations on the role they would play in a SIP call in a Layer
telephony call scenario. 5 peering scenario.
Some of the information in the section is taken from Some of the information in the section is taken from
[I-D.ietf-speermint-requirements] and is put here for continuity [I-D.draft-ietf-speermint-requirements-09] and is put here for
purposes. continuity purposes.
5.1. Originating SSP Procedures 5.1. Originating SSP Procedures
5.1.1. The Look-Up Function (LUF) 5.1.1. The Look-Up Function (LUF)
Purpose is to determine the SF of the target domain of a given Purpose is to determine the SF of the target domain of a given
request and optionally develop Session Establishment Data. request and optionally develop Session Establishment Data.
5.1.1.1. Target Address Analysis 5.1.1.1. Target Address Analysis
When the originating SSP receives a SIP request, it analyzes the When the originating SSP receives a request to communicate, it
target URI to determine whether the call needs to be routed internal analyzes the target URI to determine whether the call needs to be
or external to its network. routed internal or external to its network. The analysis method is
internal to the SSP; thus, outside the scope of SPEERMINT.
If the target address does not represent a resource inside the If the target address does not represent a resource inside the
originating SSP's administrative domain, then the originating SSP originating SSP?s administrative domain or federation of domains,
performs a Lookup (LUF) to determine the target domain, and then it then the originating SSP performs a Lookup Function (LUF) to
resolves the call routing data by using Location Routing (LRF). determine a target address, and then is resolves the call routing
data by using the Location routing Function (LRF).
For example, if the request to communicate is for an im: or pres: URI For example, if the request to communicate is for an im: or pres: URI
type, the originating SSP follows the procedures in [RFC3861]. If type, the originating SSP follows the procedures in [8]. If the
the highest priority supported URI scheme is sip: or sips: the highest priority supported URI scheme is sip: or sips: the
originating SSP skips to SIP DNS resolution. Likewise, if the target originating SSP skips to SIP DNS resolution in Section 5.1.3.
address is already a sip: or sips: URI in an external domain, the Likewise, if the target address is already a sip: or sips: URI in an
originating SSP skips to SIP DNS resolution in Section 5.1.2.1 external domain, the originating SSP skips to SIP DNS resolution in
Section 4.1.2.1.
If the target address corresponds to a specific E.164 address, the If the target address corresponds to a specific E.164 address, the
SSP may need to perform some form of number plan mapping according to SSP may need to perform some form of number plan mapping according to
local policy. For example, in the United States, a dial string local policy. For example, in the United States, a dial string
beginning "011 44" could be converted to "+44", or in the United beginning "011 44" could be converted to "+44", or in the United
Kingdom "00 1" could be converted to "+1". Once the SSP has an E.164 Kingdom "00 1" could be converted to "+1". Once the SSP has an E.164
address, it can use ENUM. address, it can use ENUM.
5.1.1.2. ENUM Lookup 5.1.1.2. ENUM Lookup
If an external E.164 address is the target, the originating SSP If an external E.164 address is the target, the originating SSP
consults a private or public ENUM server, according to the procedures consults the public "User ENUM" rooted at e164.arpa, according to the
described in [RFC3761]. The SSP must query for the "E2U+sip" procedures described in RFC 3761. The SSP must query for the "E2U+
enumservice as described in [RFC3764], but MAY check for other sip" enumservice as described in RFC 3764 [11], but MAY check for
enumservices. The originating SSP MAY consult a cache or alternate other enumservices. The originating SSP MAY consult a cache or
representation of the ENUM data rather than actual DNS queries. alternate representation of the ENUM data rather than actual DNS
Also, the SSP may skip actual DNS queries if the target domain is queries. Also, the SSP may skip actual DNS queries if the
represented as an IPv4/v6 address. originating SSP is sure that the target address country code is not
represented in e164.arpa. If a sip: or sips: URI is chosen the SSP
skips to Section 5.1.6.
If an im: or pres: URI is chosen for based on an "E2U+im" [RFC3861] If an im: or pres: URI is chosen for based on an "E2U+im" [8] or
or "E2U+pres" [RFC3953] enumserver, the SSP follows the procedures "E2U+pres" [9] enumserver, the SSP follows the procedures for
for resolving these URIs to URIs for specific protocols such a SIP or resolving these URIs to URIs for specific protocols such a SIP or
XMPP. XMPP as described in the previous section.
5.1.2. Location Routing Function (LRF) 5.1.2. Location Routing Function (LRF)
The LRF of an Originating SSP analyzes the target address and target The LRF of an Originating SSP analyzes target address and target
domain identified by the LUF, and discovers the next hop signaling domain identified by the LUF, and discovers the next hop signaling
function (SF) in a peering relationship. The resource to determine function (SF) in a peering relationship. The resource to determine
the SF of the target domain might be provided by a third-party as in the SF of the target domain might be provided by a third-party as in
the indirect peering case. The following sections define mechanisms the assisted-peering case. The following sections define mechanisms
which may be used by the LRF. These are not in any particular order which may be used by the LRF. These are not in any particular order
and, importantly, not all of them may be used. and, importantly, not all of them may be used.
5.1.2.1. DNS resolution 5.1.2.1. DNS resolution
The originating SSP uses the procedures in [RFC3263] to determine how The originating SSP uses the procedures in RFC 3263 [4] Section 4 to
to contact the target SSP. To summarize the RFC 3263 procedure: determine how to contact the receiving SSP. To summarize the RFC
unless these are explicitly encoded in the target URI, a transport is 3263 procedure: unless these are explicitly encoded in the target
chosen using Naming Authority Pointer (NAPTR) records, a port is URI, a transport is chosen using NAPTR records, a port is chosen
chosen using SRV records, and an address is chosen using A or AAAA using SRV records, and an address is chosen using A or AAAA records.
records.
When communicating with another SSP, entities compliant to this When communicating with another SSP, entities compliant to this
document should select a TLS-protected transport for communication document should select a TLS-protected transport for communication
from the Originating SSP to the target SSP if available. from the originating SSP to the receiving SSP if available.
5.1.2.2. Routing Table 5.1.2.2. Routing Table
If there are no End User ENUM records and the Originating SSP cannot If there are no End User ENUM records and the Originating SSP cannot
discover the carrier-of-record or if the Originating SSP cannot reach discover the carrier-of-record or if the Originating SSP cannot reach
the carrier-of-record via SIP peering, the Originating SSP may the carrier-of-record via SIP peering, the Originating SSP may
deliver the call to the PSTN or reject it. Note that the originating deliver the call to the PSTN or reject it. Note that the originating
SSP may forward the call to another SSP for PSTN gateway termination SSP may forward the call to another SSP for PSTN gateway termination
by prior arrangement using the routing table. by prior arrangement using the routing table.
If so, the originating SSP rewrites the Request-URI to address the If so, the originating SSP rewrites the Request-URI to address the
gateway resource in the target SSP's domain and MAY forward the gateway resource in the target SSP's domain and MAY forward the
request on to that SSP using the procedures described in the request on to that SSP using the procedures described in the
remainder of these steps. remainder of these steps.
5.1.2.3. LRF to LRF Routing 5.1.2.3. LRF to LRF Routing
Communication between the LRF of two interconnecting SSPs may use DNS Communications between the LRF of two interconnecting SSPs may use
or statically provisioned IP Addresses for reachability. Other DNS or statically provisioned IP Addresses for reachability. Other
inputs to determine the path may be code-based routing, method-based inputs to determine the path may be code-based routing, method-based
routing, Time of day, least cost and/or source-based routing. routing, Time of day, least cost and/or source-based routing.
5.1.3. Signaling Path Border Element (SBE) 5.1.3. The Signaling Path Border Element (SBE)
The purpose of signaling path border element is to perform routing of The purpose of signaling function is to perform routing of SIP
SIP messages as well as optionally implement security and policies on messages as well as optionally implement security and policies on SIP
SIP messages, and to assist in discovery/exchange of parameters to be messages, and to assist in discovery/exchange of parameters to be
used by the Media Function (MF). used by the Media Function (MF).
The signaling function performs the routing of SIP messages. The The signaling function performs the routing of SIP messages. The
optional termination and re-initiation of calls may be performed by optional termination and re-initiation of calls may be performed by
the signaling path Session Border Element (SBE), or other signaling the signaling path Session Border Element (SBE), or other signaling
elements. elements.
Optionally, the SF of a SBE may perform additional functions such as Optionally, a SF may perform additional functions such as Session
Session Admission Control, SIP Denial of Service protection, SIP Admission Control, SIP Denial of Service protection, SIP Topology
Topology Hiding, SIP header normalization, SIP security, privacy, and Hiding, SIP header normalization, SIP security, privacy, and
encryption. encryption.
The SF of a SBE can also process SDP payloads for media information The SF of a SBE can also process SDP payloads for media information
such as media type, bandwidth, and type of codec; then, communicate such as media type, bandwidth, and type of codec; then, communicate
this information to the media function. Signaling function may this information to the media function. Signaling function may
optionally communicate with the network to pass Layer 3 related optionally communicate with the network to pass Layer 3 related
policies. policies [10].
5.1.4. Establishing a Trusted Relationship 5.1.3.1. Establishing a Trusted Relationship
Depending on the security needs and trust relationships between SSPs, Depending on the security needs and trust relationships between SSPs,
different security mechanism can be used to establish SIP calls. different security mechanism can be used to establish SIP calls.
These are discussed in the following subsections. These are discussed in the following subsections.
5.1.4.1. IPSec 5.1.3.2. IPSec
In certain deployments the use of IPSec between the signaling In certain deployments the use of IPSec between the signaling
functions of the originating and terminating domains can be used as a functions of the originating and terminating domains can be used as a
security mechanism instead of TLS. security mechanism instead of TLS.
5.1.4.2. Co-Location 5.1.3.3. Co-Location
In this scenario the SFs are co-located in a physically secure In this scenario the SFs are co-located in a physically secure
location and/or are members of a segregated network. In this case location and/or are members of a segregated network. In this case
messages between the originating and terminating SSPs would be sent messages between the originating and terminating SSPs would be sent
as clear text. as clear text.
5.1.4.3. Sending the SIP Request 5.1.3.4. Sending the SIP Request
Once a trust relationship between the peers is established, the Once a trust relationship between the peers is established, the
originating SSP sends the request. originating SSP sends the request.
5.2. Target SSP Procedures 5.2. Target SSP Procedures
5.2.1. The Ingress SBE
5.2.1. The Ingress SBE
5.2.1.1. TLS 5.2.1.1. TLS
When the target SSP receives a TLS client hello, it responds with its When the receiving SSP receives a TLS client hello, it responds with
certificate. The Originating SSP certificate should be valid and its certificate. The Target SSP certificate should be valid and
rooted in a well-known certificate authority. The procedures to rooted in a well-known certificate authority. The procedures to
authenticate the SSP's originating domain are specified in authenticate the SSP?s originating domain are specified in [24].
[I-D.ietf-sip-domain-certs].
The SF of the Target SSP verifies that the Identity header is valid, The SF of the Target SSP verifies that the Identity header is valid,
corresponds to the message, corresponds to the Identity-Info header, corresponds to the message, corresponds to the Identity-Info header,
and that the domain in the From header corresponds to one of the and that the domain in the From header corresponds to one of the
domains in the TLS client certificate. domains in the TLS client certificate.
5.2.1.2. Receive SIP Requests 5.2.1.2. Receive SIP Requests
Once a trust relationship is established, the Target SSP is prepared Once a trust relationship is established, the Target SSP is prepared
to receive incoming SIP requests. For new requests (dialog forming to receive incoming SIP requests. For new requests (dialog forming
or not) the receiving SSP verifies if the target (request-URI) is a or not) the receiving SSP verifies if the target (request-URI) is a
domain for which it is responsible. For these requests, there should domain that for which it is responsible. For these requests, there
be no remaining Route header field values. For in-dialog requests, should be no remaining Route header field values. For in-dialog
the receiving SSP can verify that it corresponds to the top-most requests, the receiving SSP can verify that it corresponds to the
Route header field value. top-most Route header field value.
The receiving SSP may reject incoming requests due to local policy. The receiving SSP may reject incoming requests due to local policy.
When a request is rejected because the originating SSP is not When a request is rejected because the originating SSP is not
authorized to peer, the receiving SSP should respond with a 403 authorized to peer, the receiving SSP should respond with a 403
response with the reason phrase "Unsupported Peer". response with the reason phrase "Unsupported Peer".
5.3. Data Path Border Element (DBE) 5.3. Data Path Border Element (DBE)
The purpose of the DBE [RFC5486] is to perform media related The purpose of the DBE [RFC 5486] is to perform media related
functions such as media transcoding and media security implementation functions such as media transcoding and media security implementation
between two SSPs. between two SSPs.
An Example of this is to transform a voice payload from one codec An Example of this is to transform a voice payload from one codec
(e.g., G.711) to another (e.g., Enhanced Variable Rate Codec (EvRC)). (e.g., G.711) to another (e.g., EvRC). Additionally, the MF may
Additionally, the MF may perform media relaying, media security, perform media relaying, media security, privacy, and encryption.
privacy, and encryption.
6. Acknowledgments 6. Address Space Considerations
Peering must occur in a common IP address space, which is defined by
the federation, which may be entirely on the public Internet, or some
private address space. The origination or termination networks may
or may not entirely be in the same address space. If they are not,
then a network address translation (NAT) or similar may be needed
before the signaling or media is presented correctly to the
federation. The only requirement is that all associated entities
across the peering interface are reachable.
7. Acknowledgments
The working group thanks Sohel Khan for his initial architecture The working group thanks Sohel Khan for his initial architecture
draft that helped to initiate work on this draft. draft that helped to initiate work on this draft. John Elwell, Mike
Hammer, Otmar Lendl, Jason Livingood, Alexander Mayrhofer, Jean-
Francois Mule, Jonathan Rosenberg, David Schwartz, Richard Shockey,
Jim McEachern, and Dan Wing all made valuable contributions to
versions of this document.
Other contributors include Rohan Mahy, Otmar Lendl, Jim McEachern and A significant portion of this draft is taken from
John Elwell for detailed comments and feedback. [I-D.draft-mahy-speermint-direct-peering-02] with permission from the
author R. Mahy.
7. IANA Considerations 8. IANA Considerations
This memo includes no request to IANA. This memo includes no request to IANA.
8. Security Considerations 9. Security Considerations
In all cases, cryptographic-based security should be maintained as an In all cases, cryptographic-based security should be maintained as an
optional requirement between peering providers conditioned on the optional requirement between peering providers conditioned on the
presence or absence of underlying physical security of SSP presence or absence of underlying physical security of SSP
connections, e.g. within the same secure physical building. connections, e.g. within the same secure physical building.
In order to maintain a consistent approach, unique and specialized In order to maintain a consistent approach, unique and specialized
security requirements common for the majority of peering security requirements common for the majority of peering
relationships, should be standardized within the IETF. These relationships, should be standardized within the IETF. These
standardized methods may enable capabilities such as dynamic peering standardized methods may enable capabilities such as dynamic peering
relationships across publicly maintained interconnections. relationships across publicly maintained interconnections.
9. Normative References 10. Contributors
[I-D.ietf-sip-domain-certs] Adam Uzelac
Gurbani, V., Lawrence, S., and B. Laboratories, "Domain
Certificates in the Session Initiation Protocol (SIP)", Reinadlo Penno
draft-ietf-sip-domain-certs-05 (work in progress),
March 2010. Mike Hammer
Sohel Khan
Hadriel Kaplan
David Schwartz
Richard Shockey
11. Change Log
NOTE TO RFC EDITOR: PLEASE REMOVE THIS SECTION PRIOR TO PUBLICATION.
o -11 - Quick update to refresh the I-D since it expired, and
cleaned up some of the XML for references. A real revision is
coming soon.
12. Open Issues
NOTE TO RFC EDITOR: PLEASE REMOVE THIS SECTION PRIOR TO PUBLICATION.
o Cleanup odd spacing in XML
o Revise contributors list, which are really authors, due to
document masthead constraint
o Lots of clean-up
13. References
13.1. Normative References
[I-D.ietf-speermint-requirements] [I-D.ietf-speermint-requirements]
Mule, J., "SPEERMINT Requirements for SIP-based Session Mule, J., "SPEERMINT Requirements for SIP-based Session
Peering", draft-ietf-speermint-requirements-09 (work in Peering", draft-ietf-speermint-requirements-09 (work in
progress), October 2009. progress), October 2009.
[I-D.lee-speermint-use-case-cable]
Lee, Y., "Session Peering Use Case for Cable",
draft-lee-speermint-use-case-cable-01 (work in progress),
September 2006.
[I-D.lendl-speermint-federations]
Lendl, O., "A Federation based VoIP Peering Architecture",
draft-lendl-speermint-federations-03 (work in progress),
September 2006.
[I-D.mahy-speermint-direct-peering]
Mahy, R., "A Minimalist Approach to Direct Peering",
draft-mahy-speermint-direct-peering-02 (work in progress),
July 2007.
[I-D.schwartz-speermint-use-cases-federations]
Schwartz, D., "Session Peering Use Cases for Federations",
draft-schwartz-speermint-use-cases-federations-00 (work in
progress), November 2006.
[I-D.uzelac-speermint-use-cases]
Uzelac, A., "SIP Peering Use Case for VSPs",
draft-uzelac-speermint-use-cases-00 (work in progress),
October 2006.
[RFC1918] Rekhter, Y., Moskowitz, R., Karrenberg, D., Groot, G., and
E. Lear, "Address Allocation for Private Internets",
BCP 5, RFC 1918, February 1996.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", BCP 26, RFC 2434,
October 1998.
[RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, [RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston,
A., Peterson, J., Sparks, R., Handley, M., and E. A., Peterson, J., Sparks, R., Handley, M., and E.
Schooler, "SIP: Session Initiation Protocol", RFC 3261, Schooler, "SIP: Session Initiation Protocol", RFC 3261,
June 2002. June 2002.
[RFC3263] Rosenberg, J. and H. Schulzrinne, "Session Initiation [RFC3263] Rosenberg, J. and H. Schulzrinne, "Session Initiation
Protocol (SIP): Locating SIP Servers", RFC 3263, Protocol (SIP): Locating SIP Servers", RFC 3263,
June 2002. June 2002.
[RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V.
Jacobson, "RTP: A Transport Protocol for Real-Time
Applications", STD 64, RFC 3550, July 2003.
[RFC3761] Faltstrom, P. and M. Mealling, "The E.164 to Uniform [RFC3761] Faltstrom, P. and M. Mealling, "The E.164 to Uniform
Resource Identifiers (URI) Dynamic Delegation Discovery Resource Identifiers (URI) Dynamic Delegation Discovery
System (DDDS) Application (ENUM)", RFC 3761, April 2004. System (DDDS) Application (ENUM)", RFC 3761, April 2004.
[RFC3764] Peterson, J., "enumservice registration for Session
Initiation Protocol (SIP) Addresses-of-Record", RFC 3764,
April 2004.
[RFC3861] Peterson, J., "Address Resolution for Instant Messaging
and Presence", RFC 3861, August 2004.
[RFC3953] Peterson, J., "Telephone Number Mapping (ENUM) Service
Registration for Presence Services", RFC 3953,
January 2005.
[RFC5486] Malas, D. and D. Meyer, "Session Peering for Multimedia [RFC5486] Malas, D. and D. Meyer, "Session Peering for Multimedia
Interconnect (SPEERMINT) Terminology", RFC 5486, Interconnect (SPEERMINT) Terminology", RFC 5486,
March 2009. March 2009.
Authors' Addresses 13.2. Informative References
Adam Uzelac (editor) [I-D.lewis-peppermint-enum-reg-if]
Global Crossing Lewis, E., "ENUM Registry Interface Requirements",
Rochester, NY draft-lewis-peppermint-enum-reg-if-01 (work in progress),
US November 2007.
Email: adam.uzelac@globalcrossing.com [I-D.newton-peppermint-problem-statement]
Newton, A., "Provisioning Extensions in Peering Registries
for Multimedia Interconnection (PEPPERMINT) Problem
Statement", draft-newton-peppermint-problem-statement-00
(work in progress), January 2007.
Reinadlo Penno [RFC3546] Blake-Wilson, S., Nystrom, M., Hopwood, D., Mikkelsen, J.,
Juniper Networks and T. Wright, "Transport Layer Security (TLS)
Sunnyvale, CA Extensions", RFC 3546, June 2003.
US
Email: rpenno@juniper.net [RFC3711] Baugher, M., McGrew, D., Naslund, M., Carrara, E., and K.
Norrman, "The Secure Real-time Transport Protocol (SRTP)",
RFC 3711, March 2004.
Mike Hammer [RFC4483] Burger, E., "A Mechanism for Content Indirection in
Cisco Systems Session Initiation Protocol (SIP) Messages", RFC 4483,
Herndon, VA May 2006.
US
Email: mhammer@cisco.com Authors' Addresses
Daryl Malas
Daryl Malas (editor)
CableLabs CableLabs
Louisville, CO Louisville, CO
US US
Email: d.malas@cablelabs.com Email: d.malas@cablelabs.com
Sohel Khan Jason Livingood (editor)
Comcast
Philadelphia, PA
US
Email: sohel_khan@cable.comcast.com
Hadriel Kaplan
Acme Packet
Burlington, MA
US
Email: hkaplan@acmepacket.com
Jason Livingood
Comcast Comcast
Philadelphia, PA Philadelphia, PA
US US
Email: Jason_Livingood@cable.comcast.com Email: Jason_Livingood@cable.comcast.com
David Schwartz
XConnect Global Networks
Jerusalem
Israel
Email: dschwartz@xconnnect.net
Richard Shockey
Shockey Consulting
US
Email: Richard@shockey.us
 End of changes. 70 change blocks. 
270 lines changed or deleted 281 lines changed or added

This html diff was produced by rfcdiff 1.38. The latest version is available from http://tools.ietf.org/tools/rfcdiff/