DCCP-UDP: A Datagram Congestion Control Protocol UDP Encapsulation for NAT Traversal
draft-ietf-dccp-udpencap-11

[Ballot comment]
Consider pointing out in the description of the first method in section 3.8 that peers that implement
this method will not work with peers that do not use rtcp-mux.

Please clarify this sentence:
" (The active state of a DCCP connection is defined in Section 3.8: A DCCP connection becomes active following transmission of a DCCP- Request, and become inactive after sending a DCCP-Close.)"
Did you mean RFC 4340 instead of Section 3.8 here?

[Ballot comment]
Consider pointing out in the description of the first method in section 3.8 that peers that implement
this method will not work with peers that do not use rtcp-mux.

Please clarify this sentence:
" (The active state of a DCCP connection is defined in Section 3.8: A DCCP connection becomes active following transmission of a DCCP- Request, and become inactive after sending a DCCP-Close.)"
I think you meant "Section 3.8 of RFC4340".

[Ballot discuss]
As pointed out by Robert as well, this draft had not been reviewed by the SDP directorate. Flemming has been kind enough to review the draft on a short notice. This is his review:

http://www.ietf.org/mail-archive/web/mmusic/current/msg09365.html

I have taken some of his comments as discuss-level comments and some as comment-level comments.

1) Section 5.2 states:

  If the "a=rtcp:" attribute [RFC3605] is used, then the signalled port is the DCCP port used for RTCP.
</quote
I think this warrants further discussion. How will this work if non-consecutive ports are to be used for DCCP-UDP itself and how will this work if a middlebox looks at the "a=rtcp" attribute and assumes the currently defined behavior in RFC 3605, which would effectively provide it with the port information for the (UDP native) RTCP stream today ?


2) Section 5.4 discusses how to negotiate DCCP-UDP versus native DCCP (DCCP-STD) and in particular considers only the use of ICE for this (with the details of the encoding "left for future study"). While this may be appropriate for the basic use of DCCP-UDP versus DCCP-STD, it is arguably not appropriate when it comes to negotiating different RTP profiles within each of these (which are defined in this draft). SDP Capability Negotiation would be more suitable for this, as described in RFC 5939 Section 3.7. At a minimum, a reference to that effect and those considerations should be provided.

[Ballot comment]


Section 3.8, 4th paragraph:
s/a DCCP-UDP server must therefore/a DCCP-UDP MUST therefore/ ??
                                       
Various instances of repeat words and a few spelling errors that should be caught by a spell-checker.

Also:
- Section 5.1, first paragraph:
s/(from [RFC4566]:/(from [RFC4566]):/
                                  ^
- Section 5.4, second paragraph
s/DCCPx/DCCP/

- Section 6, last paragraph:
s/A firewall than/A firewall that/ 

- ICE-TCP is now RFC 6544

[Ballot comment]
"These fields identify the UDP ports on which the source and
  destination (respectively) of the packet are listening for
  incoming DCCP-UDP packets.  The UDP port values do not identify
  the DCCP source and destination ports."

I don't know if there is enough DCCP in the wild that any of the
router vendors have implemented ECMP support for it, so the
following comment may be moot.

This encapsulation is going to trigger the use of UDP ECMP in
place of DCCP ECMP, but without enough entropy in the
packet header for ECMP to occur. Thus a service using
this encapsulation will probably see worse performance from
the routing layer than a service running a native transport.

This probably deserves discussion in the document.

[Ballot discuss]
As pointed out by Robert as well, this draft was not reviewed by the SDP directorate. I will get the chairs of the directorate to have a quick look at it to make sure everything is OK with the SDP-related definitions in the draft. In the future, please send drafts with SDP definitions to the directorate.

[Ballot discuss]
This draft says:

  DCCP-UDP provides all of the security risk-mitigation measures
  present in DCCP-STD, and also all of the security risks.

But the draft doesn't say anything about an MTI security mechanism.  If this is really based at NAT traversal, then you might want to say something about DTLS because DCCP points to IPsec, which is all kinds of fun to setup to traverse NATS.  Or is there some other mechanism that should be the MTI?

If DTLS is invoked, then how does all that affect firewalls that intercept the messages?

[Ballot discuss]
1) The requirement to only use a single UDP port when encapsulating DCCP that would have been on two ports (separate RTP and RTCP) at the end of section 4 seems to interact with the demultiplexing rules in section 3.8.

The six-tuples there would look something like:
  Source IP, source UDP, source DCCP, Dest IP, dest UDP, dest DCCP 
[    A    ,  udpa    ,  dccpa1  ,    B  ,  udpb  ,  dccpb1  ] for RTP
[    A    ,  udpa    ,  dccpa2  ,    B  ,  udbp  ,  dccpb2  ] for RTCP

Those have the same UDP 4-tuple, so any DCCP endpoint that implemented the
first of the two methods in section 3.8 (end of page 9) would not allow
whichever of those came second. The media stream would fail to work.

2) Please clarify what "active 6-tuple" means.
At what point does it become active? When does it become de-active?
How much work is it for one application to tie up all the 6-tuples at a peer, at least for a given UDP 4-tuple?

3) The second paragraph of section 3.8 may need clarification. Is the sentence that starts "Because of this," trying to say that other applications on the same host as a server listening on the default port should not use the default port as their source port? 

4) Why is the requirement in Section 3.7 (to follow the guidance of rfc4340 section 14) a SHOULD? What else would a a DCCP-UDP implementation do?

[Ballot comment]
I don't think this received an SDP directorate review so far (see http://www.ietf.org/iesg/directorate/sdp.html), though I think Colin did point this document out to MMUSIC. I don't anticipate any problems with the SDP defined here, but will try to get additional eyes on it quickly. Please request a review for future documents that add to SDP.

Consider renaming section 5.4 to "possible negotiation mechanisms" or something similar

[Ballot comment]
My only comment is really a question: do we want to define a mechanism for working around IPv6 NAT, thereby perhaps passively encouraging the deployment of IPv6 NAT.  I realize the mechanism in this document is completely protocol independent and the definition of its use on IPv6 costs essentially nothing.

[Ballot comment]
Substantive comments; these are non-blocking, but please consider them
seriously, and feel free to chat with me about them:

Ditto on "Update 5762",  and on Stephen's DANE comment.  Also...

-- 3.8 --
In list item 2:
   A DCCP endpoint MUST implement one of the two
   methods:

Does that mean *exactly one*, or might it implement both, using each in different circumstances?  Regardless of the answer to that question, the 2119 MAYs in the two methods are wrong.  If at least one of these MUST be implemented, then they are *not* both entirely optional (which is what MAY means). I suggest changing "MAY accept" and "MAY support" to "accept" and "supports", respectively, and changing "A DCCP server" to "The DCCP server" in both cases.

========
Other comments; no need to respond to these. Take them or modify them
as you please:

-- Introduction --
There's no need for the [RFC4340] citation *twice* in the first paragraph, and then once again in the second.  The first citation will do for all three.  I would also change that first citation to be this way: "The Datagram Congestion Control Protocol (DCCP) [RFC4340] is a transport-layer protocol that..."

The same is true for the three [RFC5597] citations in the second paragraph, though the reference style (of which I'm not terribly fond, but nevermind) makes it matter less.  Still, I might change the second and third instances to just say "RFC 5597", without making them citations.

-- 3 --
   A DCCP implementation MAY allow services to be simultaneously offered
   over any or all combinations

Does this really need to be a 2119 MAY?  Why on Earth?

-- 5 --
   This is considered a
   scenario that has the potential to be an important use-case.

That's double-talk.  Please find a different way to say what you really mean.

-- 5.1 --
The second sentence is missing a closing paren.  It also should probably have a citation for [RFC5234].

-- 5.2 --
Do you really want to cite RFC 4234?

-- 6 --
OLD
   A firewall than interprets
NEW
   A firewall that interprets

[Ballot comment]

- Isn't this really pretending that the need for a UDP
encapsulation is "short-term"? Why is such pretense useful?

- Along the same lines, is a "SHOULD prefer DCCP-STD" not going
to lead to another happy-eyeballs problem to be solved later?
(The 1st para of section 5 says the above, but 5.4 says that its
ok to prefer DCCP-UDP where low connection setup time is
important, which appears to be the exception that makes
preferring DCCP-STD a SHOULD and not a MUST?)

- So a portmapper-like thing like this is going to have a
problem with DANE perhaps - has anyone thought that out? that
is, what port should I use when I name the DANE TLSA record?  I
assume it ought be the DCCP destination port, and that any
resulting DTLS session is with the process listening there and
not the portmapper. But am I right? This could well be a topic
for future study rather than someting to decide here. (Not
sure.) But in any case, saying something might be useful.

- I think section 6 could usefully say that a client
MUST establish DTLS sessions with the listener on the
DCCP port and not the UDP port.

- typo: 3.4, s/A DCCP-UDP implementations MAY/ DCCP-UDP
implementations MAY/

IANA has reviewed draft-ietf-dccp-udpencap-10 and has the following comments:

IANA has a question about one of the IANA actions requested in this document.

IANA understands that, upon approval of this document, there are three IANA
actions which must be completed.

First, in the Service Name and Transport Protocol Port Number Registry located at:

http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml

a new port number will be assigned as follows:

Service name: dccp-udp
Port Number: [ TBD ]
Transport Protocol: udp
Description: Datagram Congestion Control Protocol Encapsulation for NAT Traversal

IANA Question -> The service name for a port number should not include the
transport protocol. Could the authors propose a different Service Name (port
short name)?

Second, in the Reset Codes subregistry of the Datagram Congestion Control
Protocol (DCCP) Parameters registry located at:

http://www.iana.org/assignments/dccp-parameters/dccp-parameters.xml

a new DCCP Reset Code will be assigned as follows:

Reset Code: [ TBD ]
Name: Encapsulated Port Reuse
Reference: [ RFC-to-be ]

Third, in the att-field (media level only) subregistry of the Session
Description Protocol (SDP) Parameters registry located at:

http://www.iana.org/assignments/sdp-parameters/sdp-parameters.xml

a new att-field will be registered as follows:

Type: att-field (media level only)
SDP Name: ccp-port
Reference: [ RFC-to-be ]

IANA understands these three actions to be the only ones required upon approval of this document.

Note: The actions requested in this document will not be completed
until the document has been approved for publication as an RFC.
This message is only to confirm what actions will be performed.

[Ballot comment]
Good document with some nits:

- ID-Nits complains a bit about unused references and one obsoloted reference
  ** Obsolete normative reference: RFC 4234 (Obsoleted by RFC 5234)

- the  document header should mention that this memo updates RFC 5762.

- Section 3., paragraph 7:

>    Section 3.8 describes usage of UDP ports.  This includes
>    implementation of a DCCP-UDP encapsulation service as a daemon that
>    listens on a well-known port, allowing multiplexing of different DCCP
>    applications over the port.

  s/over the port/over the same port/

- Section 5.4., paragraph 2:

>    An approach to doing this might be to include candidates for the
>    DCCP-UDP encapsulation and native DCCP into an Interactive
>    Connectivity Establishment (ICE) [RFC5245] exchange.  Since DCCP is
>    connection-oriented, these candidates would need to be encoded into
>    ICE in a manner analogous to TCP candidates defined in [ICE-TCP].
>    Both active and passive candidates could be supported for native
>    DCCPx and DCCP-UDP encapsulation, as may DCCP simultaneous
>    open[RFC5596].  In choosing local preference values, it may make
>    sense to to prefer DCCP-UDP over native DCCP in cases where low
>    connection setup time is important, and to prioritise native DCCP in
>    cases where low overhead is preferred (on the assumption that DCCP-
>    UDP is more likely to work through legacy NAT, but has higher
>    overhead).

  s/DCCPx/DCCP-STD/

The following Last Call announcement was sent out:

From: The IESG
To: IETF-Announce
CC:
Reply-To: ietf@ietf.org
Subject: Last Call:  (Datagram Congestion Control Protocol (DCCP) Encapsulation for NAT Traversal (DCCP-UDP)) to Proposed Standard


The IESG has received a request from the Datagram Congestion Control
Protocol WG (dccp) to consider the following document:
- 'Datagram Congestion Control Protocol (DCCP) Encapsulation for NAT
  Traversal (DCCP-UDP)'
  as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2012-05-25. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

Abstract


  This document specifies an alternative encapsulation of the Datagram
  Congestion Control Protocol (DCCP), referred to as DCCP-UDP.  This
  encapsulation allows DCCP to be carried through the current
  generation of Network Address Translation (NAT) middleboxes without
  modification of those middleboxes.  This document also updates the
  SDP information for DCCP defined in RFC 5762.




The file can be obtained via
http://datatracker.ietf.org/doc/draft-ietf-dccp-udpencap/

IESG discussion can be tracked via
http://datatracker.ietf.org/doc/draft-ietf-dccp-udpencap/ballot/


No IPR declarations have been submitted directly on this I-D.

(1) What type of RFC is being requested (BCP, Proposed Standard,
Internet Standard, Informational, Experimental, or Historic)?  Why
is this the proper type of RFC?  Is this type of RFC indicated in the
title page header?

This document is requested to be published as Proposed
Standard. It specifies the mechanism for encapsulating DCCP headers
in UDP datagrams, and does not outline an experiment. The type
is properly indicated in the header.

(2) The IESG approval announcement includes a Document Announcement
Write-Up. Please provide such a Document Announcement Write-Up. Recent
examples can be found in the "Action" announcements for approved
documents. The approval announcement contains the following sections:

Technical Summary

The document specifies a mechanism to encapsulate DCCP packets
in UDP datagrams, to support NAT traversal through devices
that do not support DCCP natively. It also discusses various
interactions related to encapsulation, such as those related
to MTU discovery or ECN processing, and interactions with
higher level protocols.

Working Group Summary

The DCCP working group has been generally supportive of the
document. It went through three working group last calls;
starting on August 2010, February 2011, and April 2012. All
WGLCs have been forwarded also to TSVWG working group, and the
second WGLC was announced in MMUSIC working group. During the
first WGLC, various technical fixes were proposed. The second
WGLC proposed integration with NAT traversal signaling
solutions such as ICE. However, specifying this was
considered to be a significant effort, and not within DCCP WG's
expertise, so it was decided that these interactions will be
specified in a separate document. The third WGLC on the
current version of the document was concluded without
comments. Given all these iterations and cross-WG review, the
shepherd thinks the document has gone through a good review.

Document Quality

As indicated above, the document went through a cross-WG
review with TSVWG and MMUSIC WGs. Some individual
implementation prototypes of the earlier version of the
specification have been made, but at the moment no
implementation activities on this specification are known.

Personnel

Document Shepherd is Pasi Sarolahti
Responsible Area Director is Wesley Eddy .

(3) Briefly describe the review of this document that was performed by
the Document Shepherd.  If this version of the document is not ready
for publication, please explain why the document is being forwarded to
the IESG.

The document shepherd has reviewed the latest version of the
document and thinks the document is ready for publication.

(4) Does the document Shepherd have any concerns about the depth or
breadth of the reviews that have been performed?

No.

(5) Do portions of the document need review from a particular or from
broader perspective, e.g., security, operational complexity, AAA, DNS,
DHCP, XML, or internationalization? If so, describe the review that
took place.

The document was reviewed by TSVWG, because it proposes using
UDP and therefore involves general transport area
consideration. The document was reviewed by MMUSIC, because it
contains section on SDP signaling.

(6) Describe any specific concerns or issues that the Document Shepherd
has with this document that the Responsible Area Director and/or the
IESG should be aware of? For example, perhaps he or she is uncomfortable
with certain parts of the document, or has concerns whether there really
is a need for it. In any event, if the WG has discussed those issues and
has indicated that it still wishes to advance the document, detail those
concerns here.

There are no concerns with the current version of the document.

(7) Has each author confirmed that any and all appropriate IPR
disclosures required for full conformance with the provisions of BCP 78
and BCP 79 have already been filed. If not, explain why.

Yes.

(8) Has an IPR disclosure been filed that references this document?
If so, summarize any WG discussion and conclusion regarding the IPR
disclosures.

No IPR disclosures have been filed for this document.

(9) How solid is the WG consensus behind this document? Does it
represent the strong concurrence of a few individuals, with others
being silent, or does the WG as a whole understand and agree with it? 

The DCCP working group (although being a small community these
days) has been supportive for this document throughout its
progress.

(10) Has anyone threatened an appeal or otherwise indicated extreme
discontent? If so, please summarise the areas of conflict in separate
email messages to the Responsible Area Director. (It should be in a
separate email because this questionnaire is publicly available.)

No.

(11) Identify any ID nits the Document Shepherd has found in this
document. (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts
Checklist). Boilerplate checks are not enough; this check needs to be
thorough.

There was normative reference to one obsolete document (RFC
4234), and three unused references. Otherwise the ID nits tool
was happy with the document.

(12) Describe how the document meets any required formal review
criteria, such as the MIB Doctor, media type, and URI type reviews.

Section 5 contains two small ABNF definitions for signaling
DCCP-UDP in SDP. These have been reviewed along with normal
document review.

(13) Have all references within this document been identified as
either normative or informative?

Yes.

(14) Are there normative references to documents that are not ready for
advancement or are otherwise in an unclear state? If such normative
references exist, what is the plan for their completion?

No (apart from the one reference to document that has been
replaced by later document, as indicated above)

(15) Are there downward normative references references (see RFC 3967)?
If so, list these downward references to support the Area Director in the
Last Call procedure.

No.

(16) Will publication of this document change the status of any
existing RFCs? Are those RFCs listed on the title page header, listed
in the abstract, and discussed in the introduction? If the RFCs are not
listed in the Abstract and Introduction, explain why, and point to the
part of the document where the relationship of this document to the
other RFCs is discussed. If this information is not in the document,
explain why the WG considers it unnecessary.

No.

(17) Describe the Document Shepherd's review of the IANA considerations
section, especially with regard to its consistency with the body of the
document. Confirm that all protocol extensions that the document makes
are associated with the appropriate reservations in IANA registries.
Confirm that any referenced IANA registries have been clearly
identified. Confirm that newly created IANA registries include a
detailed specification of the initial contents for the registry, that
allocations procedures for future registrations are defined, and a
reasonable name for the new registry has been suggested (see RFC 5226).

The document makes three additions to IANA registries: new UDP
port, new DCCP Reset code, and new SDP attribute type. These
are clearly indicated in the document and in a separate IANA
considerations section using specific markup. No new IANA
registries are needed.

(18) List any new IANA registries that require Expert Review for future
allocations. Provide any public guidance that the IESG would find
useful in selecting the IANA Experts for these new registries.

No new IANA registries are needed.

(19) Describe reviews and automated checks performed by the Document
Shepherd to validate sections of the document written in a formal
language, such as XML code, BNF rules, MIB definitions, etc.

The ABNF sections were checked with "Bill's ABNF Parser"
[http://tools.ietf.org/tools/bap], that concluded they were
ok (apart of wanting "%x6d" to be upper case "%x6D")