draft-ietf-speermint-architecture-12.txt   draft-ietf-speermint-architecture-13.txt 
SPEERMINT D. Malas, Ed. SPEERMINT D. Malas, Ed.
Internet-Draft CableLabs Internet-Draft CableLabs
Intended status: Informational J. Livingood, Ed. Intended status: Informational J. Livingood, Ed.
Expires: April 25, 2011 Comcast Expires: April 28, 2011 Comcast
October 22, 2010 October 25, 2010
SPEERMINT Peering Architecture SPEERMINT Peering Architecture
draft-ietf-speermint-architecture-12 draft-ietf-speermint-architecture-13
Abstract Abstract
This document defines a peering architecture for the Session This document defines a peering architecture for the Session
Initiation Protocol (SIP) [RFC3261], it's functional components and Initiation Protocol (SIP) [RFC3261], it's functional components and
interfaces. It also describes the components and the steps necessary interfaces. It also describes the components and the steps necessary
to establish a session between two SIP Service Provider (SSP) peering to establish a session between two SIP Service Provider (SSP) peering
domains. domains.
Status of this Memo Status of this Memo
skipping to change at page 1, line 35 skipping to change at page 1, line 35
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 25, 2011. This Internet-Draft will expire on April 28, 2011.
Copyright Notice Copyright Notice
Copyright (c) 2010 IETF Trust and the persons identified as the Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Reference Architecture . . . . . . . . . . . . . . . . . . . . 3 2. Reference Architecture . . . . . . . . . . . . . . . . . . . . 3
3. Procedures of Inter-domain SSP Session Establishment . . . . . 4 3. Procedures of Inter-Domain SSP Session Establishment . . . . . 4
4. Relationships Between Functions/Elements . . . . . . . . . . . 5 4. Relationships Between Functions/Elements . . . . . . . . . . . 5
5. Recommended SSP Procedures . . . . . . . . . . . . . . . . . . 5 5. Recommended SSP Procedures . . . . . . . . . . . . . . . . . . 5
5.1. Originating SSP Procedures . . . . . . . . . . . . . . . . 5 5.1. Originating or Indirect SSP Procedures . . . . . . . . . . 5
5.1.1. The Look-Up Function (LUF) . . . . . . . . . . . . . . 6 5.1.1. The Look-Up Function (LUF) . . . . . . . . . . . . . . 6
5.1.1.1. Target Address Analysis . . . . . . . . . . . . . 6 5.1.1.1. Target Address Analysis . . . . . . . . . . . . . 6
5.1.1.2. ENUM Lookup . . . . . . . . . . . . . . . . . . . 6 5.1.1.2. ENUM Lookup . . . . . . . . . . . . . . . . . . . 6
5.1.2. Location Routing Function (LRF) . . . . . . . . . . . 7 5.1.2. Location Routing Function (LRF) . . . . . . . . . . . 7
5.1.2.1. DNS resolution . . . . . . . . . . . . . . . . . . 7 5.1.2.1. DNS Resolution . . . . . . . . . . . . . . . . . . 7
5.1.2.2. Routing Table . . . . . . . . . . . . . . . . . . 7 5.1.2.2. Routing Table . . . . . . . . . . . . . . . . . . 7
5.1.2.3. LRF to LRF Routing . . . . . . . . . . . . . . . . 7 5.1.2.3. LRF to LRF Routing . . . . . . . . . . . . . . . . 8
5.1.3. The Signaling Path Border Element (SBE) . . . . . . . 8 5.1.3. The Signaling Path Border Element (SBE) . . . . . . . 8
5.1.3.1. Establishing a Trusted Relationship . . . . . . . 8 5.1.3.1. Establishing a Trusted Relationship . . . . . . . 8
5.1.3.2. IPSec . . . . . . . . . . . . . . . . . . . . . . 8 5.1.3.2. IPSec . . . . . . . . . . . . . . . . . . . . . . 8
5.1.3.3. Co-Location . . . . . . . . . . . . . . . . . . . 8 5.1.3.3. Co-Location . . . . . . . . . . . . . . . . . . . 8
5.1.3.4. Sending the SIP Request . . . . . . . . . . . . . 8 5.1.3.4. Sending the SIP Request . . . . . . . . . . . . . 9
5.2. Target SSP Procedures . . . . . . . . . . . . . . . . . . 9 5.2. Target SSP Procedures . . . . . . . . . . . . . . . . . . 9
5.2.1. The Ingress SBE . . . . . . . . . . . . . . . . . . . 9 5.2.1. TLS . . . . . . . . . . . . . . . . . . . . . . . . . 9
5.2.1.1. TLS . . . . . . . . . . . . . . . . . . . . . . . 9 5.2.2. Receive SIP Requests . . . . . . . . . . . . . . . . . 9
5.2.1.2. Receive SIP Requests . . . . . . . . . . . . . . . 9
5.3. Data Path Border Element (DBE) . . . . . . . . . . . . . . 9 5.3. Data Path Border Element (DBE) . . . . . . . . . . . . . . 9
6. Address Space Considerations . . . . . . . . . . . . . . . . . 10 6. Address Space Considerations . . . . . . . . . . . . . . . . . 10
7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 10 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 10
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10
9. Security Considerations . . . . . . . . . . . . . . . . . . . 10 9. Security Considerations . . . . . . . . . . . . . . . . . . . 10
10. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 11 10. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 10
11. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . . 12 11. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . . 12
12. Open Issues . . . . . . . . . . . . . . . . . . . . . . . . . 12 12. Open Issues . . . . . . . . . . . . . . . . . . . . . . . . . 12
13. References . . . . . . . . . . . . . . . . . . . . . . . . . . 13 13. References . . . . . . . . . . . . . . . . . . . . . . . . . . 12
13.1. Normative References . . . . . . . . . . . . . . . . . . . 13 13.1. Normative References . . . . . . . . . . . . . . . . . . . 12
13.2. Informative References . . . . . . . . . . . . . . . . . . 14 13.2. Informative References . . . . . . . . . . . . . . . . . . 14
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 15 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 14
1. Introduction 1. Introduction
This document defines a reference peering architecture for the This document defines a reference peering architecture for the
Session Initiation Protocol (SIP)[RFC3261], it's functional Session Initiation Protocol (SIP)[RFC3261], it's functional
components and interfaces, in the context of session peering for components and interfaces, in the context of session peering for
multimedia interconnects. In this process, we define the peering multimedia interconnects. In this process, we define the peering
reference architecture, its functional components, and peering reference architecture, its functional components, and peering
interface functions from the perspective of a SIP Service providers interface functions from the perspective of a SIP Service providers
[RFC5486] network. Thus, it also describes the components and the [RFC5486] network. Thus, it also describes the components and the
skipping to change at page 4, line 36 skipping to change at page 4, line 36
SSP1 Network || || SSP2 Network SSP1 Network || || SSP2 Network
+=============++ ++=============+ +=============++ ++=============+
Reference Architecture Reference Architecture
Figure 1 Figure 1
For further details on the elements and functions described in this For further details on the elements and functions described in this
figure, please refer to [RFC5486]. figure, please refer to [RFC5486].
3. Procedures of Inter-domain SSP Session Establishment 3. Procedures of Inter-Domain SSP Session Establishment
This document assumes that in order for a session to be established This document assumes that in order for a session to be established
from a UA in the Originating SSP's network to an UA in the Target from a UA in the originating (or indirect) SSP's network to an UA in
SSP's network the following steps are taken: the Target SSP's network the following steps are taken:
1. Determine the target SSP via the LUF. (Note: If the target 1. Determine the target or indirect SSP via the LUF. (Note: If the
address represents an intra-SSP resource, the behavior is out-of- target address represents an intra-SSP resource, the behavior is
scope with respect to this draft.) out-of-scope with respect to this draft.)
2. Determine the address of the SF of the target SSP via the LRF. 2. Determine the address of the SF of the target SSP via the LRF.
3. Establish the session 3. Establish the session
4. Exchange the media, which could include voice, video, text, etc. 4. Exchange the media, which could include voice, video, text, etc.
5. End the session (BYE) 5. End the session (BYE)
The originating SSP would likely perform steps 1-4, and the target The originating or indirect SSP would likely perform steps 1-4, and
SSP would likely perform steps 4-5. the target SSP would likely perform steps 4-5.
In the case the target SSP changes, then steps 1-4 would be repeated. In the case the target SSP changes, then steps 1-4 would be repeated.
This is reflected in Figure 1 that shows the target SSP with its own This is reflected in Figure 1 that shows the target SSP with its own
peering functions. peering functions.
4. Relationships Between Functions/Elements 4. Relationships Between Functions/Elements
o An SBE can contain a SF function. o An SBE can contain a SF function.
o An SF can perform LUF and LRF functions. o An SF can perform LUF and LRF functions.
skipping to change at page 5, line 44 skipping to change at page 5, line 44
5. Recommended SSP Procedures 5. Recommended SSP Procedures
This section describes the functions in more detail and provides some This section describes the functions in more detail and provides some
recommendations on the role they would play in a SIP call in a Layer recommendations on the role they would play in a SIP call in a Layer
5 peering scenario. 5 peering scenario.
Some of the information in the section is taken from Some of the information in the section is taken from
[I-D.ietf-speermint-requirements] and is put here for continuity [I-D.ietf-speermint-requirements] and is put here for continuity
purposes. purposes.
5.1. Originating SSP Procedures 5.1. Originating or Indirect SSP Procedures
This section describes the procedures of the originating SSP. This section describes the procedures of the originating or indirect
SSP.
5.1.1. The Look-Up Function (LUF) 5.1.1. The Look-Up Function (LUF)
Purpose is to determine the SF of the target domain of a given The purpose of the LUF is to determine the SF of the target domain of
request and optionally develop Session Establishment Data. a given request and optionally to develop Session Establishment Data.
It is important to note that the LUF may utilize the public e164.arpa
ENUM root, as well as one or more private roots. When private roots
are used specialized routing rules may be implemented, and these
rules may vary depending upon whether an originating or indirect SSP
is querying the LUF.
5.1.1.1. Target Address Analysis 5.1.1.1. Target Address Analysis
When the originating SSP receives a request to communicate, it When the originating (or indirect) SSP receives a request to
analyzes the target URI to determine whether the call needs to be communicate, it analyzes the target URI to determine whether the call
routed internal or external to its network. The analysis method is needs to be routed internal or external to its network. The analysis
internal to the SSP; thus, outside the scope of SPEERMINT. method is internal to the SSP; thus, outside the scope of SPEERMINT.
If the target address does not represent a resource inside the If the target address does not represent a resource inside the
originating SSP?s administrative domain or federation of domains, originating (or indirect) SSP's administrative domain or federation
then the originating SSP performs a Lookup Function (LUF) to of domains, then the originating (or indirect) SSP performs a Lookup
determine a target address, and then is resolves the call routing Function (LUF) to determine a target address, and then is resolves
data by using the Location routing Function (LRF). the call routing data by using the Location routing Function (LRF).
For example, if the request to communicate is for an im: or pres: URI For example, if the request to communicate is for an im: or pres: URI
type [RFC3861] [RFC3953], the originating SSP follows the procedures type [RFC3861] [RFC3953], the originating (or indirect) SSP follows
in [8--NEED TO CORRECT REFERENCE]. If the highest priority supported the procedures in [RFC3861]. If the highest priority supported URI
URI scheme is sip: or sips: the originating SSP skips to SIP DNS scheme is sip: or sips: the originating (or indirect) SSP skips to
resolution in Section 5.1.3. Likewise, if the target address is SIP DNS resolution in Section 5.1.3. Likewise, if the target address
already a sip: or sips: URI in an external domain, the originating is already a sip: or sips: URI in an external domain, the originating
SSP skips to SIP DNS resolution in Section 4.1.2.1 [CORRECT REFERENCE (or indirect) SSP skips to SIP DNS resolution in Section 5.1.2.1.
HERE]. This may be the case, to use one example, with
"sips:bob@biloxi.example.com".
If the target address corresponds to a specific E.164 address, the If the target address corresponds to a specific E.164 address, the
SSP may need to perform some form of number plan mapping according to SSP may need to perform some form of number plan mapping according to
local policy. For example, in the United States, a dial string local policy. For example, in the United States, a dial string
beginning "011 44" could be converted to "+44", or in the United beginning "011 44" could be converted to "+44", or in the United
Kingdom "00 1" could be converted to "+1". Once the SSP has an E.164 Kingdom "00 1" could be converted to "+1". Once the SSP has an E.164
address, it can use ENUM. address, it can use ENUM.
5.1.1.2. ENUM Lookup 5.1.1.2. ENUM Lookup
If an external E.164 address is the target, the originating SSP If an external E.164 address is the target, the originating (or
consults the public "User ENUM" rooted at e164.arpa, according to the indirect) SSP consults the public "User ENUM" rooted at e164.arpa,
procedures described in [RFC3761]. The SSP must query for the "E2U+ according to the procedures described in [RFC3761]. The SSP must
sip" enumservice as described in [RFC3764], but MAY check for other query for the "E2U+sip" enumservice as described in [RFC3764], but
enumservices. The originating SSP MAY consult a cache or alternate MAY check for other enumservices. The originating (or indirect) SSP
representation of the ENUM data rather than actual DNS queries. MAY consult a cache or alternate representation of the ENUM data
Also, the SSP may skip actual DNS queries if the originating SSP is rather than actual DNS queries. Also, the SSP may skip actual DNS
sure that the target address country code is not represented in queries if the originating (or indirect) SSP is sure that the target
e164.arpa. If a sip: or sips: URI is chosen the SSP skips to Section address country code is not represented in e164.arpa.
5.1.6 [CORRECT REFERENCE HERE].
If an im: or pres: URI is chosen for based on an "E2U+im" [RFC3861] If an im: or pres: URI is chosen for based on an "E2U+im" [RFC3861]
or "E2U+pres" [RFC3953] enumserver, the SSP follows the procedures or "E2U+pres" [RFC3953] enumserver, the SSP follows the procedures
for resolving these URIs to URIs for specific protocols such a SIP or for resolving these URIs to URIs for specific protocols such a SIP or
XMPP as described in the previous section. XMPP as described in the previous section.
The NAPTR response to the ENUM lookup may be a SIP AoR (such as
"sips:bob@example.com") or SIP URI (such as
"sips:bob@sbe1.biloxi.example.com"). In the case of when a SIP URI
is returned, the originating (or indirect) SSP has sufficient routing
information to locate the target SSP. In the case of when a SIP AoR
is returned, the SF then uses the LRF to determine the URI for more
explicitly locating the target SSP.
5.1.2. Location Routing Function (LRF) 5.1.2. Location Routing Function (LRF)
The LRF of an Originating SSP analyzes target address and target The LRF of an originating (or indirect) SSP analyzes target address
domain identified by the LUF, and discovers the next hop signaling and target domain identified by the LUF, and discovers the next hop
function (SF) in a peering relationship. The resource to determine signaling function (SF) in a peering relationship. The resource to
the SF of the target domain might be provided by a third-party as in determine the SF of the target domain might be provided by a third-
the assisted-peering case. The following sections define mechanisms party as in the assisted-peering case. The following sections define
which may be used by the LRF. These are not in any particular order mechanisms which may be used by the LRF. These are not in any
and, importantly, not all of them may be used. particular order and, importantly, not all of them may be used.
5.1.2.1. DNS resolution 5.1.2.1. DNS Resolution
The originating SSP uses the procedures in Section 4 of [RFC3263] to The originating (or indirect) SSP uses the procedures in Section 4 of
determine how to contact the receiving SSP. To summarize the [RFC3263] to determine how to contact the receiving SSP. To
[RFC3263] procedure: unless these are explicitly encoded in the summarize the [RFC3263] procedure: unless these are explicitly
target URI, a transport is chosen using NAPTR records, a port is encoded in the target URI, a transport is chosen using NAPTR records,
chosen using SRV records, and an address is chosen using A or AAAA a port is chosen using SRV records, and an address is chosen using A
records. or AAAA records.
When communicating with another SSP, entities compliant to this When communicating with another SSP, entities compliant to this
document should select a TLS-protected transport for communication document should select a TLS-protected transport for communication
from the originating SSP to the receiving SSP if available. from the originating (or indirect) SSP to the receiving SSP if
available.
5.1.2.2. Routing Table 5.1.2.2. Routing Table
If there are no End User ENUM records and the Originating SSP cannot If there are no End User ENUM records and the originating (or
discover the carrier-of-record or if the Originating SSP cannot reach indirect) SSP cannot discover the carrier-of-record or if the
the carrier-of-record via SIP peering, the Originating SSP may originating (or indirect) SSP cannot reach the carrier-of-record via
deliver the call to the PSTN or reject it. Note that the originating SIP peering, the originating (or indirect) SSP may deliver the call
to the PSTN or reject it. Note that the originating (or indirect)
SSP may forward the call to another SSP for PSTN gateway termination SSP may forward the call to another SSP for PSTN gateway termination
by prior arrangement using the routing table. by prior arrangement using the routing table.
If so, the originating SSP rewrites the Request-URI to address the If so, the originating (or indirect) SSP rewrites the Request-URI to
gateway resource in the target SSP's domain and MAY forward the address the gateway resource in the target SSP's domain and MAY
request on to that SSP using the procedures described in the forward the request on to that SSP using the procedures described in
remainder of these steps. the remainder of these steps.
5.1.2.3. LRF to LRF Routing 5.1.2.3. LRF to LRF Routing
Communications between the LRF of two interconnecting SSPs may use Communications between the LRF of two interconnecting SSPs may use
DNS or statically provisioned IP Addresses for reachability. Other DNS or statically provisioned IP Addresses for reachability. Other
inputs to determine the path may be code-based routing, method-based inputs to determine the path may be code-based routing, method-based
routing, Time of day, least cost and/or source-based routing. routing, Time of day, least cost and/or source-based routing.
5.1.3. The Signaling Path Border Element (SBE) 5.1.3. The Signaling Path Border Element (SBE)
The purpose of signaling function is to perform routing of SIP The purpose of signaling function is to perform routing of SIP
messages as well as optionally implement security and policies on SIP messages as well as optionally implement security and policies on SIP
messages, and to assist in discovery/exchange of parameters to be messages, and to assist in discovery/exchange of parameters to be
used by the Media Function (MF). used by the Media Function (MF). The signaling function performs the
routing of SIP messages. The SBE may be a B2BUA or it may act as a
The signaling function performs the routing of SIP messages. The SIP proxy. Optionally, a SF may perform additional functions such as
optional termination and re-initiation of calls may be performed by Session Admission Control, SIP Denial of Service protection, SIP
the signaling path Session Border Element (SBE), or other signaling Topology Hiding, SIP header normalization, SIP security, privacy, and
elements. encryption. The SF of a SBE can also process SDP payloads for media
information such as media type, bandwidth, and type of codec; then,
Optionally, a SF may perform additional functions such as Session communicate this information to the media function.
Admission Control, SIP Denial of Service protection, SIP Topology
Hiding, SIP header normalization, SIP security, privacy, and
encryption.
The SF of a SBE can also process SDP payloads for media information
such as media type, bandwidth, and type of codec; then, communicate
this information to the media function. Signaling function may
optionally communicate with the network to pass Layer 3 related
policies [10--NEED TO CORRECT REFERENCE].
5.1.3.1. Establishing a Trusted Relationship 5.1.3.1. Establishing a Trusted Relationship
Depending on the security needs and trust relationships between SSPs, Depending on the security needs and trust relationships between SSPs,
different security mechanism can be used to establish SIP calls. different security mechanism can be used to establish SIP calls.
These are discussed in the following subsections. These are discussed in the following subsections.
5.1.3.2. IPSec 5.1.3.2. IPSec
In certain deployments the use of IPSec between the signaling In certain deployments the use of IPSec between the signaling
skipping to change at page 8, line 50 skipping to change at page 9, line 8
5.1.3.3. Co-Location 5.1.3.3. Co-Location
In this scenario the SFs are co-located in a physically secure In this scenario the SFs are co-located in a physically secure
location and/or are members of a segregated network. In this case location and/or are members of a segregated network. In this case
messages between the originating and terminating SSPs would be sent messages between the originating and terminating SSPs would be sent
as clear text. as clear text.
5.1.3.4. Sending the SIP Request 5.1.3.4. Sending the SIP Request
Once a trust relationship between the peers is established, the Once a trust relationship between the peers is established, the
originating SSP sends the request. originating (or indirect) SSP sends the request.
5.2. Target SSP Procedures 5.2. Target SSP Procedures
[ANY TEXT HERE?] This section describes the Target SSP Procedures.
5.2.1. The Ingress SBE
[ANY TEXT HERE?]
5.2.1.1. TLS 5.2.1. TLS
When the receiving SSP receives a TLS client hello, it responds with The section defines uses of TLS between two SSPs [RFC5246]. When the
its certificate. The Target SSP certificate should be valid and receiving SSP receives a TLS client hello, it responds with its
rooted in a well-known certificate authority. The procedures to certificate. The Target SSP certificate should be valid and rooted
authenticate the SSP's originating domain are specified in [24- in a well-known certificate authority. The procedures to
CORRECT REFERENCE-IS THIS FOR RFC5922?]. authenticate the SSP's originating domain are specified in [RFC5922].
The SF of the Target SSP verifies that the Identity header is valid, The SF of the Target SSP verifies that the Identity header is valid,
corresponds to the message, corresponds to the Identity-Info header, corresponds to the message, corresponds to the Identity-Info header,
and that the domain in the From header corresponds to one of the and that the domain in the From header corresponds to one of the
domains in the TLS client certificate. domains in the TLS client certificate.
5.2.1.2. Receive SIP Requests 5.2.2. Receive SIP Requests
Once a trust relationship is established, the Target SSP is prepared Once a trust relationship is established, the Target SSP is prepared
to receive incoming SIP requests. For new requests (dialog forming to receive incoming SIP requests. For new requests (dialog forming
or not) the receiving SSP verifies if the target (request-URI) is a or not) the receiving SSP verifies if the target (request-URI) is a
domain that for which it is responsible. For these requests, there domain that for which it is responsible. For these requests, there
should be no remaining Route header field values. For in-dialog should be no remaining Route header field values. For in-dialog
requests, the receiving SSP can verify that it corresponds to the requests, the receiving SSP can verify that it corresponds to the
top-most Route header field value. top-most Route header field value.
The receiving SSP may reject incoming requests due to local policy. The receiving SSP may reject incoming requests due to local policy.
When a request is rejected because the originating SSP is not When a request is rejected because the originating (or indirect) SSP
authorized to peer, the receiving SSP should respond with a 403 is not authorized to peer, the receiving SSP should respond with a
response with the reason phrase "Unsupported Peer". 403 response with the reason phrase "Unsupported Peer".
5.3. Data Path Border Element (DBE) 5.3. Data Path Border Element (DBE)
The purpose of the DBE [RFC5486] is to perform media related The purpose of the DBE [RFC5486] is to perform media related
functions such as media transcoding and media security implementation functions such as media transcoding and media security implementation
between two SSPs. between two SSPs.
An Example of this is to transform a voice payload from one codec An example of this is to transform a voice payload from one codec
(e.g., G.711) to another (e.g., EvRC). Additionally, the MF may (e.g., G.711) to another (e.g., EvRC). Additionally, the MF may
perform media relaying, media security, privacy, and encryption. perform media relaying, media security [RFC3711], privacy, and
encryption.
6. Address Space Considerations 6. Address Space Considerations
Peering must occur in a common IP address space, which is defined by Peering must occur in a common IP address space, which is defined by
the federation, which may be entirely on the public Internet, or some the federation, which may be entirely on the public Internet, or some
private address space. The origination or termination networks may private address space [RFC1918]. The origination or termination
or may not entirely be in the same address space. If they are not, networks may or may not entirely be in the same address space. If
then a network address translation (NAT) or similar may be needed they are not, then a network address translation (NAT) or similar may
before the signaling or media is presented correctly to the be needed before the signaling or media is presented correctly to the
federation. The only requirement is that all associated entities federation. The only requirement is that all associated entities
across the peering interface are reachable. across the peering interface are reachable.
7. Acknowledgments 7. Acknowledgments
The working group thanks Sohel Khan for his initial architecture The working group would like to thank John Elwell, Otmar Lendl, Rohan
draft that helped to initiate work on this draft. John Elwell, Mike Mahy, Alexander Mayrhofer, Jim McEachern, Jean-Francois Mule,
Hammer, Otmar Lendl, Jason Livingood, Alexander Mayrhofer, Jean- Jonathan Rosenberg, and Dan Wing for their valuable contributions to
Francois Mule, Jonathan Rosenberg, David Schwartz, Richard Shockey, various versions of this document.
Jim McEachern, and Dan Wing all made valuable contributions to
versions of this document.
A significant portion of this draft is taken from
[I-D.mahy-speermint-direct-peering] with permission from the author
R. Mahy.
8. IANA Considerations 8. IANA Considerations
This memo includes no request to IANA. This memo includes no request to IANA.
9. Security Considerations 9. Security Considerations
In all cases, cryptographic-based security should be maintained as an In all cases, cryptographic-based security should be maintained as an
optional requirement between peering providers conditioned on the optional requirement between peering providers conditioned on the
presence or absence of underlying physical security of SSP presence or absence of underlying physical security of SSP
skipping to change at page 11, line 7 skipping to change at page 10, line 45
security requirements common for the majority of peering security requirements common for the majority of peering
relationships, should be standardized within the IETF. These relationships, should be standardized within the IETF. These
standardized methods may enable capabilities such as dynamic peering standardized methods may enable capabilities such as dynamic peering
relationships across publicly maintained interconnections. relationships across publicly maintained interconnections.
Additional security considerations have been documented separately in Additional security considerations have been documented separately in
[I-D.ietf-speermint-voipthreats]. [I-D.ietf-speermint-voipthreats].
10. Contributors 10. Contributors
Adam Uzelac Mike Hammer
Global Crossing
Rochester, NY - USA
Email: adam.uzelac@globalcrossing.com
--------------------------------------------------------------
Reinaldo Penno
Juniper Networks
Sunnyvale, CA - USA Cisco Systems
Herndon, VA - USA
Email: rpenno@juniper.net Email: mhammer@cisco.com
-------------------------------------------------------------- --------------------------------------------------------------
Mike Hammer Hadriel Kaplan
Cisco Systems Acme Packet
Herndon, VA - USA Burlington, MA - USA
Email: mhammer@cisco.com Email: hkaplan@acmepacket.com
-------------------------------------------------------------- --------------------------------------------------------------
Sohel Khan, Ph.D. Sohel Khan, Ph.D.
Comcast Cable Comcast Cable
Philadelphia, PA - USA Philadelphia, PA - USA
Email: sohel_khan@cable.comcast.com Email: sohel_khan@cable.comcast.com
-------------------------------------------------------------- --------------------------------------------------------------
Hadriel Kaplan Reinaldo Penno
Acme Packet Juniper Networks
Burlington, MA - USA Sunnyvale, CA - USA
Email: hkaplan@acmepacket.com
Email: rpenno@juniper.net
-------------------------------------------------------------- --------------------------------------------------------------
David Schwartz David Schwartz
XConnect Global Networks XConnect Global Networks
Jerusalem - Israel Jerusalem - Israel
Email: dschwartz@xconnnect.net Email: dschwartz@xconnnect.net
skipping to change at page 12, line 19 skipping to change at page 12, line 4
XConnect Global Networks XConnect Global Networks
Jerusalem - Israel Jerusalem - Israel
Email: dschwartz@xconnnect.net Email: dschwartz@xconnnect.net
-------------------------------------------------------------- --------------------------------------------------------------
Rich Shockey Rich Shockey
Shockey Consulting Shockey Consulting
USA USA
Email: Richard@shockey.us Email: Richard@shockey.us
--------------------------------------------------------------
Adam Uzelac
Global Crossing
Rochester, NY - USA
Email: adam.uzelac@globalcrossing.com
11. Change Log 11. Change Log
NOTE TO RFC EDITOR: PLEASE REMOVE THIS SECTION PRIOR TO PUBLICATION. NOTE TO RFC EDITOR: PLEASE REMOVE THIS SECTION PRIOR TO PUBLICATION.
o 13: Closed out all remaining tickets, resolved all editorial
notes.
o 12: Closed out several open issues. Properly XML-ized all o 12: Closed out several open issues. Properly XML-ized all
references. Updated contributors list. references. Updated contributors list.
o 11: Quick update to refresh the I-D since it expired, and cleaned o 11: Quick update to refresh the I-D since it expired, and cleaned
up some of the XML for references. A real revision is coming up some of the XML for references. A real revision is coming
soon. soon.
12. Open Issues 12. Open Issues
NOTE TO RFC EDITOR: PLEASE REMOVE THIS SECTION PRIOR TO PUBLICATION. NOTE TO RFC EDITOR: PLEASE REMOVE THIS SECTION PRIOR TO PUBLICATION.
o Do all the references need to remain if they are not cited? If o NONE!
they do, then add text to cite them. If not, remove them.
o Are the references in the correct sections?
o Validate references to RFC 3861, RFC 3953, and old references to
"reference 8" and "reference 10" and "reference 24".
13. References 13. References
13.1. Normative References 13.1. Normative References
[I-D.ietf-speermint-requirements] [I-D.ietf-speermint-requirements]
Mule, J., "SPEERMINT Requirements for SIP-based Session Mule, J., "Requirements for SIP-based Session Peering",
Peering", draft-ietf-speermint-requirements-09 (work in draft-ietf-speermint-requirements-10 (work in progress),
progress), October 2009. October 2010.
[I-D.ietf-speermint-voip-consolidated-usecases]
Uzelac, A. and Y. Lee, "VoIP SIP Peering Use Cases",
draft-ietf-speermint-voip-consolidated-usecases-18 (work
in progress), April 2010.
[I-D.ietf-speermint-voipthreats] [I-D.ietf-speermint-voipthreats]
Seedorf, J., Niccolini, S., Chen, E., and H. Scholz, Seedorf, J., Niccolini, S., Chen, E., and H. Scholz,
"SPEERMINT Security Threats and Suggested "SPEERMINT Security Threats and Suggested
Countermeasures", draft-ietf-speermint-voipthreats-05 Countermeasures", draft-ietf-speermint-voipthreats-05
(work in progress), September 2010. (work in progress), September 2010.
[I-D.lendl-speermint-federations]
Lendl, O., "A Federation based VoIP Peering Architecture",
draft-lendl-speermint-federations-03 (work in progress),
September 2006.
[I-D.mahy-speermint-direct-peering]
Mahy, R., "A Minimalist Approach to Direct Peering",
draft-mahy-speermint-direct-peering-02 (work in progress),
July 2007.
[I-D.schwartz-speermint-use-cases-federations]
Schwartz, D., "Session Peering Use Cases for Federations",
draft-schwartz-speermint-use-cases-federations-00 (work in
progress), November 2006.
[I-D.uzelac-speermint-use-cases]
Uzelac, A., "SIP Peering Use Case for VSPs",
draft-uzelac-speermint-use-cases-00 (work in progress),
October 2006.
[RFC1918] Rekhter, Y., Moskowitz, R., Karrenberg, D., Groot, G., and [RFC1918] Rekhter, Y., Moskowitz, R., Karrenberg, D., Groot, G., and
E. Lear, "Address Allocation for Private Internets", E. Lear, "Address Allocation for Private Internets",
BCP 5, RFC 1918, February 1996. BCP 5, RFC 1918, February 1996.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", BCP 26, RFC 2434,
October 1998.
[RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, [RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston,
A., Peterson, J., Sparks, R., Handley, M., and E. A., Peterson, J., Sparks, R., Handley, M., and E.
Schooler, "SIP: Session Initiation Protocol", RFC 3261, Schooler, "SIP: Session Initiation Protocol", RFC 3261,
June 2002. June 2002.
[RFC3263] Rosenberg, J. and H. Schulzrinne, "Session Initiation [RFC3263] Rosenberg, J. and H. Schulzrinne, "Session Initiation
Protocol (SIP): Locating SIP Servers", RFC 3263, Protocol (SIP): Locating SIP Servers", RFC 3263,
June 2002. June 2002.
[RFC3546] Blake-Wilson, S., Nystrom, M., Hopwood, D., Mikkelsen, J.,
and T. Wright, "Transport Layer Security (TLS)
Extensions", RFC 3546, June 2003.
[RFC3761] Faltstrom, P. and M. Mealling, "The E.164 to Uniform [RFC3761] Faltstrom, P. and M. Mealling, "The E.164 to Uniform
Resource Identifiers (URI) Dynamic Delegation Discovery Resource Identifiers (URI) Dynamic Delegation Discovery
System (DDDS) Application (ENUM)", RFC 3761, April 2004. System (DDDS) Application (ENUM)", RFC 3761, April 2004.
[RFC3764] Peterson, J., "enumservice registration for Session [RFC3764] Peterson, J., "enumservice registration for Session
Initiation Protocol (SIP) Addresses-of-Record", RFC 3764, Initiation Protocol (SIP) Addresses-of-Record", RFC 3764,
April 2004. April 2004.
[RFC3861] Peterson, J., "Address Resolution for Instant Messaging [RFC3861] Peterson, J., "Address Resolution for Instant Messaging
and Presence", RFC 3861, August 2004. and Presence", RFC 3861, August 2004.
[RFC3953] Peterson, J., "Telephone Number Mapping (ENUM) Service [RFC3953] Peterson, J., "Telephone Number Mapping (ENUM) Service
Registration for Presence Services", RFC 3953, Registration for Presence Services", RFC 3953,
January 2005. January 2005.
[RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security
(TLS) Protocol Version 1.2", RFC 5246, August 2008.
[RFC5486] Malas, D. and D. Meyer, "Session Peering for Multimedia [RFC5486] Malas, D. and D. Meyer, "Session Peering for Multimedia
Interconnect (SPEERMINT) Terminology", RFC 5486, Interconnect (SPEERMINT) Terminology", RFC 5486,
March 2009. March 2009.
13.2. Informative References [RFC5922] Gurbani, V., Lawrence, S., and A. Jeffrey, "Domain
Certificates in the Session Initiation Protocol (SIP)",
[I-D.lewis-peppermint-enum-reg-if] RFC 5922, June 2010.
Lewis, E., "ENUM Registry Interface Requirements",
draft-lewis-peppermint-enum-reg-if-01 (work in progress),
November 2007.
[I-D.newton-peppermint-problem-statement] 13.2. Informative References
Newton, A., "Provisioning Extensions in Peering Registries
for Multimedia Interconnection (PEPPERMINT) Problem
Statement", draft-newton-peppermint-problem-statement-00
(work in progress), January 2007.
[RFC3546] Blake-Wilson, S., Nystrom, M., Hopwood, D., Mikkelsen, J., [I-D.ietf-speermint-voip-consolidated-usecases]
and T. Wright, "Transport Layer Security (TLS) Uzelac, A. and Y. Lee, "VoIP SIP Peering Use Cases",
Extensions", RFC 3546, June 2003. draft-ietf-speermint-voip-consolidated-usecases-18 (work
in progress), April 2010.
[RFC3711] Baugher, M., McGrew, D., Naslund, M., Carrara, E., and K. [RFC3711] Baugher, M., McGrew, D., Naslund, M., Carrara, E., and K.
Norrman, "The Secure Real-time Transport Protocol (SRTP)", Norrman, "The Secure Real-time Transport Protocol (SRTP)",
RFC 3711, March 2004. RFC 3711, March 2004.
[RFC4483] Burger, E., "A Mechanism for Content Indirection in
Session Initiation Protocol (SIP) Messages", RFC 4483,
May 2006.
Authors' Addresses Authors' Addresses
Daryl Malas (editor) Daryl Malas (editor)
CableLabs CableLabs
Louisville, CO Louisville, CO
US US
Email: d.malas@cablelabs.com Email: d.malas@cablelabs.com
Jason Livingood (editor) Jason Livingood (editor)
 End of changes. 64 change blocks. 
209 lines changed or deleted 167 lines changed or added

This html diff was produced by rfcdiff 1.40. The latest version is available from http://tools.ietf.org/tools/rfcdiff/