Network Working Group M. Boucadair
Internet-Draft France Telecom
Intended status: Standards Track R. Penno
Expires: June 26, 2011 Juniper Networks
D. Wing
Cisco
F. Dupont
ISC
December 23, 2010
Universal Plug and Play (UPnP) Internet Gateway Device (IGD)-Port
Control Protocol (PCP) Interworking Function
draft-bpw-pcp-upnp-igd-interworking-01
Abstract
This document specifies the behavior of the UPnP IGD (Internet
Gateway Device)/PCP Interworking Function. An UPnP IGD-PCP
Interworking Function (IGD-PCP IWF) is required to be embedded in CP
routers to allow for transparent NAT control in environments where
UPnP is used in the LAN side and PCP in the external side of the CP
router.
Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
Status of this Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on June 26, 2011.
Copyright Notice
Boucadair, et al. Expires June 26, 2011 [Page 1]
Internet-Draft UPnP IGD-PCP Interworking Function December 2010
Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4
2. Acronyms . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
3. Architecture Model . . . . . . . . . . . . . . . . . . . . . . 5
4. UPnP IGD-PCP Interworking Function: Overview . . . . . . . . . 7
4.1. UPnP IGD-PCP: Variables . . . . . . . . . . . . . . . . . 7
4.2. IGD-PCP: Methods . . . . . . . . . . . . . . . . . . . . . 9
4.3. UPnP IGD-PCP: Errors . . . . . . . . . . . . . . . . . . . 12
5. Specification of the IGD-PCP Interworking Function . . . . . . 13
5.1. PCP Server Discovery . . . . . . . . . . . . . . . . . . . 13
5.2. Control of the Firewall . . . . . . . . . . . . . . . . . 13
5.3. NAT Control in LAN Side . . . . . . . . . . . . . . . . . 14
5.4. Port Mapping Tables . . . . . . . . . . . . . . . . . . . 14
5.5. Interworking Function Without NAT in the CP Router . . . . 14
5.6. NAT Embedded in the CP Router . . . . . . . . . . . . . . 14
5.7. Creating a Mapping . . . . . . . . . . . . . . . . . . . . 15
5.7.1. AddAnyPortMapping() . . . . . . . . . . . . . . . . . 15
5.7.2. AddPortMapping() . . . . . . . . . . . . . . . . . . . 16
5.8. Listing One or a Set of Mappings . . . . . . . . . . . . . 21
5.9. Delete One or a Set of Mappings: DeletePortMapping()
or DeletePortMappingRange() . . . . . . . . . . . . . . . 21
5.10. Mapping Synchronisation . . . . . . . . . . . . . . . . . 22
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 22
7. Security Considerations . . . . . . . . . . . . . . . . . . . 23
8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 23
Boucadair, et al. Expires June 26, 2011 [Page 2]
Internet-Draft UPnP IGD-PCP Interworking Function December 2010
9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 23
9.1. Normative References . . . . . . . . . . . . . . . . . . . 23
9.2. Informative References . . . . . . . . . . . . . . . . . . 23
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 24
Boucadair, et al. Expires June 26, 2011 [Page 3]
Internet-Draft UPnP IGD-PCP Interworking Function December 2010
1. Introduction
PCP [I-D.ietf-pcp-base] discusses the implementation of NAT control
features that rely upon Carrier Grade NAT devices such as DS-Lite
AFTR [I-D.ietf-softwire-dual-stack-lite] or NAT64
[I-D.ietf-behave-v6v4-xlate-stateful]. Nevertheless, in environments
where UPnP is used in the local network, an interworking function
between UPnP IGD and PCP is required to be embedded in the CP router
(an example is illustrated in Figure 1).
Two configurations are considered:
o No NAT function is embedded in the CP router. This is required
for instance in DS-Lite or NAT64 deployments;
o The CP router embeds a NAT function.
UPnP-PCP
UPnP Control Interworking
Point Function PCP Server
| | |
| (1) AddPortMapping | |
|--------------------->| |
| | (2) PCP PINxy Request |
| |-------------------------->|
| | |
Figure 1: Flow Example
The UPnP IGD-PCP Interworking Function (IGD-PCP IWF) maintains a
local mapping table which stores all active mappings instructed by
internal UPnP Control Points. This design choice restricts the
amount of PCP messages to be exchanged with the PCP Server.
Triggers for deactivating the UPnP IGD-PCP Interworking Function from
the CP router and relying on a PCP-only mode are out of scope of this
document.
In the remaining, PINxy refers to one of the PIN44, PIN46, PING64 and
PIN66 PCP OpCodes defined in [I-D.ietf-pcp-base].
2. Acronyms
This document make use of the following abbreviations:
Boucadair, et al. Expires June 26, 2011 [Page 4]
Internet-Draft UPnP IGD-PCP Interworking Function December 2010
CP router Customer Premise router
DS-Lite Dual-Stack Lite
IGD Internet Gateway Device
IWF Interworking Function
NAT Network Address Translation
PCP Port Control Protocol
UPnP Universal Plug and Play
3. Architecture Model
As a reminder, Figure 2 illustrates the architecture model adopted by
UPnP IGD [IGD2]. In Figure 2, the following UPnP terminology is
used:
o Client refers to a host located in the local network.
o IGD Control Point is a UPnP control point using UPnP to control an
IGD (Internet Gateway Device).
o Host represents a remote peer reachable in the Internet.
+-------------+
| IGD Control |
| Point |-----+
+-------------+ | +-----+ +------+
+---| | | |
| IGD |-------| Host |
+---| | | |
+-------------+ | +-----+ +------+
| Client |-----+
+-------------+
Figure 2: UPnP IGD Model
This model is not valid when PCP is used to control for instance a
Carrier Grade NAT (a.k.a., Provider NAT) while internal hosts
continue to use UPnP. In such scenarios, Figure 3 shows the updated
model.
Boucadair, et al. Expires June 26, 2011 [Page 5]
Internet-Draft UPnP IGD-PCP Interworking Function December 2010
+-------------+
| IGD Control |
| Point |-----+
+-------------+ | +-----+ +--------+ +------+
+---| IGD-| |Provider| | |
| PCP |-------| NAT |--<Internet>---| Peer |
+---| IWF | | | | |
+-------------+ | +-----+ +--------+ +------+
| Local Host |-----+
+-------------+
LAN Side External Side
<======UPnP IGD===============><======PCP=====>
Figure 3: UPnP IGD-PCP Interworking Model
In the updated model depicted in Figure 3, one or two levels of NAT
can be encountered in the data path. Indeed, in addition to the
Carrier Grade NAT, the CP router may embed a NAT function (Figure 4).
+-------------+
| IGD Control |
| Point |-----+
+-------------+ | +-----+ +----+ +------+
+---| IGD-| | | |Remote|
| PCP |-------|NAT2|--<Internet>---| Host |
+---| IWF | | | | |
+-------------+ | +-----+ +----+ +------+
| Local Host |-----+ NAT1
+-------------+
Figure 4: Cascaded NAT scenario
To ensure a successful interworking between UPnP IGD and PCP, an
interworking function is embedded in the CP router. In the model
defined in Figure 3, all UPnP IGD server-oriented functions, a PCP
Client [I-D.ietf-pcp-base] and a UPnP IGD-PCP Interworking Function
are embedded in the CP router (i.e., IGD). In the rest of the
document, IGD-PCP Interworking Function refers to PCP Client and UPnP
IGD-PCP Interworking Function.
UPnP IGD-PCP Interworking Function is responsible for generating a
well-formed PCP (resp., UPnP IGD) message from a received UPnP IGD
(resp., PCP) message.
Boucadair, et al. Expires June 26, 2011 [Page 6]
Internet-Draft UPnP IGD-PCP Interworking Function December 2010
4. UPnP IGD-PCP Interworking Function: Overview
Three tables are provided to specify the mapping between UPnP IGD and
PCP:
1. Table 1 provides the mapping between WANIPConnection parameters
and PCP parameters;
2. Table 2 focuses on the correspondence between supported methods;
3. Table 3 lists the IGD error messages and their corresponding PCP
ones.
Note that some enhancements have been integrated in WANIPConnection
as documented in [IGD2].
4.1. UPnP IGD-PCP: Variables
+---------------------------+------------+--------------------------+
| WANIPConnection | PCP | Comments |
+---------------------------+------------+--------------------------+
| PortMappingEnabled | Not | When set to 1, this |
| | applicable | parameter MUST NOT be |
| | | reproduced as an |
| | | argument in PCP |
| | | messages. If set to 0, |
| | | this is the default PCP |
| | | mode (no explicit |
| | | indication in PCP |
| | | messages). PCP does not |
| | | support deactivating the |
| | | dynamic NAT mapping |
| | | since the initial goal |
| | | of PCP is to ease the |
| | | traversal of Carrier |
| | | Grade NAT. Supporting |
| | | such per-subscriber |
| | | function may overload |
| | | the Carrier Grade NAT. |
+---------------------------+------------+--------------------------+
Boucadair, et al. Expires June 26, 2011 [Page 7]
Internet-Draft UPnP IGD-PCP Interworking Function December 2010
+---------------------------+------------+--------------------------+
| PortMappingLeaseDuration | Requested | PCP recommends 7200s as |
| | Mapping | default value. When |
| | Lifetime | PortMappingLeaseDuration |
| | | is set to 0, a maximum |
| | | lifetime value MAY be |
| | | included in the |
| | | corresponding PCP |
| | | message. PCP allows for |
| | | a maximum value of 65536 |
| | | seconds while UPnP IGD |
| | | allows 604800 seconds |
| | | (i.e., one week) as a |
| | | maximum bound. 3600s |
| | | being the recommended |
| | | lease value in UPnP |
| | | IGD:2 [IGD2]. |
+---------------------------+------------+--------------------------+
| ExternalPort | External | PCP does not support |
| | Port | explicit wildcard |
| | Number | values. If ExternalPort |
| | | is a wildcard value, a |
| | | random value of External |
| | | Port Number MUST be |
| | | enclosed in the |
| | | corresponding PCP |
| | | message. |
+---------------------------+------------+--------------------------+
| InternalPort | Internal | |
| | Port | |
| | Number | |
+---------------------------+------------+--------------------------+
| PortMappingProtocol | Transport | IGD only supports TCP |
| | Protocol | and UDP. |
+---------------------------+------------+--------------------------+
| InternalClient | Internal | InternalClient can be an |
| | IP Address | IP address or a FQDN. |
| | | Only an IP address |
| | | scheme is supported in |
| | | PCP. If a FQDN is used |
| | | by the IGD Control |
| | | Point, it must be |
| | | resolved to an IP |
| | | address by the |
| | | Interworking Function |
| | | when relying the message |
| | | to the PCP Server. |
+---------------------------+------------+--------------------------+
Boucadair, et al. Expires June 26, 2011 [Page 8]
Internet-Draft UPnP IGD-PCP Interworking Function December 2010
+---------------------------+------------+--------------------------+
| ExternaIPAddress | External | |
| | IP Address | |
+---------------------------+------------+--------------------------+
| PortMappingDescription | Not | Not supported in base |
| | applicable | PCP. When present in |
| | | UPnP IGD messages, this |
| | | parameter SHOULD NOT be |
| | | propagated in the |
| | | corresponding PCP |
| | | messages. If the local |
| | | PCP Client support a PCP |
| | | Option to convey the |
| | | description, this option |
| | | MAY be used. |
+---------------------------+------------+--------------------------+
| RemoteHost | REMOTE_PEE | PCP RECOMMENDS to |
| | R | configure the CP |
| | | router's firewall |
| | | instead of overloading |
| | | the Carrier Grade NAT. |
| | | The REMOTE_PEER PCP |
| | | Option can be used. |
+---------------------------+------------+--------------------------+
| PossibleConnectionTypes | Not | Out of scope of PCP |
| | applicable | |
+---------------------------+------------+--------------------------+
| ConnectionStatus | Not | Out of scope of PCP |
| | applicable | |
+---------------------------+------------+--------------------------+
| PortMappingNumberOfEntrie | Not | Managed locally by the |
| s | applicable | UPnP IGD-PCP |
| | | Interworking Function |
+---------------------------+------------+--------------------------+
| SystemUpdateID | Not | Managed locally by the |
| | applicable | UPnP IGD-PCP |
| | | Interworking Function |
+---------------------------+------------+--------------------------+
Table 1: UPnP IGD-PCP: Variables
4.2. IGD-PCP: Methods
Both IGD:1 and IGD:2 methods are listed in Table 2.
Boucadair, et al. Expires June 26, 2011 [Page 9]
Internet-Draft UPnP IGD-PCP Interworking Function December 2010
+-----------------------------+------------+------------------------+
| WANIPConnection | PCP | Comments |
+-----------------------------+------------+------------------------+
| GetGenericPortMappingEntry | Not | This request is not |
| | applicable | relayed to the PCP |
| | | Server. IGD-PCP |
| | | Interworking Function |
| | | maintains an updated |
| | | list of active |
| | | mappings instantiated |
| | | in the PCP Server by |
| | | internal hosts. See |
| | | Section 5.8 for more |
| | | information. |
+-----------------------------+------------+------------------------+
| GetSpecificPortMappingEntry | Not | Under normal |
| | applicable | conditions, the |
| | | IGD-PCP Interworking |
| | | Function maintains an |
| | | updated list of active |
| | | mapping as |
| | | instantiated in the |
| | | PCP Server. The |
| | | IGD-PCP Interworking |
| | | Function locally |
| | | handles this request |
| | | and provides back the |
| | | port mapping entry |
| | | based on the |
| | | ExternalPort, the |
| | | PortMappingProtocol, |
| | | and the RemoteHost. |
| | | See Section 5.8 for |
| | | more information |
+-----------------------------+------------+------------------------+
| AddPortMapping | PINxy | We recommend the use |
| | | of AddAnyPortMapping() |
| | | instead of |
| | | AddPortMapping(). |
| | | Refer to Section 5.7.2 |
+-----------------------------+------------+------------------------+
| DeletePortMapping | PINxy with | Refer to Section 5.9 |
| | a | |
| | requested | |
| | lifetime | |
| | set to 0 | |
+-----------------------------+------------+------------------------+
Boucadair, et al. Expires June 26, 2011 [Page 10]
Internet-Draft UPnP IGD-PCP Interworking Function December 2010
+-----------------------------+------------+------------------------+
| GetExternalIPAddress | PCP does | |
| | not | |
| | support | |
| | yet a | |
| | method for | |
| | retrieving | |
| | the | |
| | external | |
| | IP | |
| | address. | |
| | Issuing | |
| | PINxy may | |
| | be used as | |
| | a means to | |
| | retrieve | |
| | the | |
| | external | |
| | IP address | |
+-----------------------------+------------+------------------------+
| DeletePortMappingRange() | PINxy with | Individual requests |
| | a lifetime | are issued by the |
| | positioned | IGD-PCP Interworking |
| | to 0 | Function. Refer to |
| | | Section 5.9 for more |
| | | details |
+-----------------------------+------------+------------------------+
| GetListOfPortMappings() | Not | The IGD-PCP |
| | applicable | Interworking Function |
| | | maintains an updated |
| | | list of active mapping |
| | | as instantiated in the |
| | | PCP Server. The |
| | | IGD-PCP Interworking |
| | | Function handles |
| | | locally this request. |
| | | See Section 5.8 for |
| | | more information |
+-----------------------------+------------+------------------------+
| AddAnyPortMapping() | PINxy | No issue is |
| | | encountered to proxy |
| | | this request to the |
| | | PCP Server. Refer to |
| | | Section 5.7.1 for more |
| | | details |
+-----------------------------+------------+------------------------+
Table 2: IGD-PCP: Methods
Boucadair, et al. Expires June 26, 2011 [Page 11]
Internet-Draft UPnP IGD-PCP Interworking Function December 2010
4.3. UPnP IGD-PCP: Errors
Table 3 lists UPnP IGD errors codes and the corresponding PCP ones.
Error codes specific to IGD:2 are tagged accordingly.
+------------------------------------+------------------------------+
| IGD Error Code | PCP Error Code |
+------------------------------------+------------------------------+
| 401 (InvalidAction) | 129 (UNSUPP_OPCODE) |
+------------------------------------+------------------------------+
| 402 (InvalidArgs) | TBD (MALFORMED_REQUEST) |
+------------------------------------+------------------------------+
| 501(ActionFailed) | 154 (UNABLE_TO_DELETE_ALL) |
| | (??) |
+------------------------------------+------------------------------+
| 606 (ActionNotAuthorized) (only | 151 (NOT_AUTHORIZED) |
| for IGD:2) | |
+------------------------------------+------------------------------+
| 713 (SpecifiedArrayIndexInvalid) | Not applicable because Get* |
| | requests are not relayed to |
| | the PCP Server |
+------------------------------------+------------------------------+
| 714 (NoSuchEntryInArray) | PCP returns always a |
| | positive response even if |
| | the mapping to be deleted |
| | does not exist. This error |
| | code is not applicable for |
| | Get* requests which are not |
| | relayed to the PCP Server |
+------------------------------------+------------------------------+
| 715 (WildCardNotPermitedInSrcIP) | TBD (MALFORMED_REQUEST) |
+------------------------------------+------------------------------+
| 716 | Not applicable |
| (WildCardNotPermitedInSrcExtPort) | |
+------------------------------------+------------------------------+
| 718 (ConflictInMappingEntry) | Not applicable |
+------------------------------------+------------------------------+
| 724 (SamePortValuesRequired) | Not applicable |
+------------------------------------+------------------------------+
| 725 (OnlyPermanentLeaseSupported) | Not applicable |
+------------------------------------+------------------------------+
| 726 | 130 (UNSUPP_OPTION) |
| (RemoteHostOnlySupportsWildcard) | |
+------------------------------------+------------------------------+
| 727 | Not applicable |
| (ExternalPortOnlySupportsWildcard) | |
+------------------------------------+------------------------------+
Boucadair, et al. Expires June 26, 2011 [Page 12]
Internet-Draft UPnP IGD-PCP Interworking Function December 2010
+------------------------------------+------------------------------+
| 728 (NoPortMapsAvailable) (only | 4 (NO_RESOURCES) or 152 |
| for IGD:2) | (USER_EX_QUOTA) |
+------------------------------------+------------------------------+
| 729 (ConflictWithOtherMechanisms) | TBD (MECHANISM_CONFLICT) |
| (only for IGD:2) | |
+------------------------------------+------------------------------+
| 730 (PortMappingNotFound) (only | Not applicable |
| for IGD:2) | |
+------------------------------------+------------------------------+
| 732 (WildCardNotPermittedInPort) | TBD (MALFORMED_REQUEST) |
| (only for IGD:2) | |
+------------------------------------+------------------------------+
| 733 (InconsistentParameter) (only | Not applicable |
| for IGD:2) | |
+------------------------------------+------------------------------+
Table 3: UPnP IGD-PCP: Errors
5. Specification of the IGD-PCP Interworking Function
This section covers the scenarios with or without NAT in the CP
router.
5.1. PCP Server Discovery
The IGD-PCP Interworking Function implements one of the discovery
methods identified in [I-D.ietf-pcp-base] (e.g., DHCP
[I-D.bpw-pcp-dhcp]). The IGD-PCP Interworking Function behaves as a
PCP Client when communicating with the provisioned PCP Server.
In order to not impact the delivery of local services requiring the
control of the local IGD during any failure event to reach the PCP
Server (e.g., no IP address/prefix is assigned to the CP router),
IGD-PCP Interworking Function MUST NOT be invoked. Indeed, UPnP
machinery is used to control that device and therefore lead to
successful operations of internal services.
Once the PCP Sever is reachable, the IGD-PCP Interworking Function
MUST synchronize its states as specified in Section 5.10.
5.2. Control of the Firewall
In order to configure security policies to be applied to inbound and
outbound traffic, UPnP IGD can be used to control a local firewall
engine.
Boucadair, et al. Expires June 26, 2011 [Page 13]
Internet-Draft UPnP IGD-PCP Interworking Function December 2010
No IGD-PCP Interworking Function is therefore required for that
purpose.
5.3. NAT Control in LAN Side
Internal UPnP Control Points are not aware of the presence of the
IGD-PCP Interworking Function in the CP router (IGD). Especially,
UPnP Control Points MUST NOT be aware of the deactivation of the NAT
in the CP router.
No modification is required in the UPnP Control Point.
5.4. Port Mapping Tables
IGD-PCP Interworking Function MUST store locally all the mappings
instantiated by internal UPnP Control Points in the PCP Server. Port
Forwarding mappings SHOULD be stored in a permanent storage. If not,
upon reset or reboot, the IGD-PCP Interworking Function MUST
synchronise its states as specified in Section 5.10.
Upon receipt of a PCP PINxy Response from the PCP Server, the IGD-PCP
Interworking Function MUST retrieve the enclosed mapping(s) and MUST
store it in the local mapping table. The local mapping table is an
image of the mapping table as maintained by the PCP Server for a
given subscriber.
5.5. Interworking Function Without NAT in the CP Router
When no NAT is embedded in the CP router, the content of received
WANIPConnection and PCP messages is not altered by the IGD-PCP
Interworking Function (i.e., the content of WANIPConnection messages
are copied to the PCP messages (and vice versa) according to
Table 1).
5.6. NAT Embedded in the CP Router
Unlike the scenario with one level of NAT (Section 5.5), the IGD-PCP
Interworking Function MUST update their content of received mapping
messages with the IP address and/or port number belonging to the
external interface of the CP router (i.e., after the NAT1 operation
in Figure 4) and not as initially positioned by the UPnP Control
Point.
All WANIPConnection messages issued by the UPnP Control Point (resp.,
PCP Server) are intercepted by the IGD-PCP Interworking Function.
Then, the corresponding messages (see Table 1, Table 2 and Table 3)
are generated by the IGD-PCP Interworking Function and sent to the
provisioned PCP Server (resp., corresponding UPnP Control Point).
Boucadair, et al. Expires June 26, 2011 [Page 14]
Internet-Draft UPnP IGD-PCP Interworking Function December 2010
The content of PCP messages received by the PCP Server reflects the
mapping information as enforced in the first NAT. In particular, the
internal IP address and/or port number of the requests are replaced
with the IP address and port number as assigned by the NAT of the CP
router. For the reverse path, PCP response messages are intercepted
by the IGD-PCP Interworking Function. The content of the
corresponding WANIPConnection messages are updated:
o The internal IP address and/or port number as initially positioned
by the UPnP Control Point and stored in the CP router NAT are used
to update the corresponding fields in received PCP responses.
o The external IP and port number are not altered by the IGD-PCP
Interworking Function.
o The NAT mapping entry in the first NAT is updated with the result
of PCP request.
The lifetime of the mappings instantiated in all involved NATs SHOULD
be the one assigned by the terminating PCP Server. In any case, the
lifetime MUST be lower or equal to the one assigned by the
terminating PCP Server.
5.7. Creating a Mapping
Two methods can be used to create a mapping: AddPortMapping() or
AddAnyPortMapping().
AddAnyPortMapping() is the RECOMMENDED method.
5.7.1. AddAnyPortMapping()
When an UPnP Control Point issues a AddAnyPortMapping(), this request
is received by the UPnP Server. The request is then relayed to the
IGD-PCP Interworking Function which generates a PCP PINxy Request
(see Table 1 for mapping between WANIPConnection and PCP parameters).
Upon receipt of PCP PINxy Response from the PCP Server, an XML
mapping is returned to the requesting UPnP Control Point (the content
of the messages follows the recommendations listed in Section 5.6 or
Section 5.5 according to the deployed scenario). A flow example is
depicted in Figure 5.
If a PCP Error is received from the PCP Server, a corresponding
WANIPConnection error code Table 3 is generated by the IGD-PCP
Interworking Function and sent to the requesting UPnP Control Point.
Boucadair, et al. Expires June 26, 2011 [Page 15]
Internet-Draft UPnP IGD-PCP Interworking Function December 2010
UPnP-PCP
UPnP Control Interworking
Point Function PCP Server
| | |
|(1) AddAnyPortMapping | |
|--------------------->| |
| | (2) PCP PINxy Request |
| |(requested external port=0) |
| |---------------------------->|
| | |
| | (3) PCP PINxy Response |
| |(assigned external port=6598)|
| |<----------------------------|
|(4) AddAnyPortMapping | |
| ReservedPort=6598 | |
|<---------------------| |
Figure 5: Flow example when AddAnyPortMapping() is used
5.7.2. AddPortMapping()
A dedicated option called HONOR_EXTERNAL_PORT is defined in
[I-D.ietf-pcp-base] to toggle the behavior in a PCP Request message.
This options is inserted by the IGD-PCP IWF when issuing its requests
to the PCP Server only if a specific external port is requested by
the UPnP Control Point. When a wildcard is used (i.e., 0),
HONOR_EXTERNAL_PORT Option is not required to be inserted in the PCP
request to the PCP Server (see Figure 6). In the remaining, we
assume that a specific external port is requested by the UPnP Control
Point.
Boucadair, et al. Expires June 26, 2011 [Page 16]
Internet-Draft UPnP IGD-PCP Interworking Function December 2010
UPnP-PCP
UPnP Control Interworking
Point Function PCP Server
| | |
| (1) AddPortMapping | |
| ExternalPort=0 | |
|--------------------->| |
| | (2) PCP PINxy Request |
| |(requested external port=0) |
| |---------------------------->|
| | |
| | (3) PCP PINxy Response |
| |(assigned external port=1365)|
| |<----------------------------|
| (4) AddPortMapping | |
| ExternalPort=1356 | |
|<---------------------| |
Figure 6: Example of AddPortMapping() with wildcard external port
Upon receipt of AddPortMapping() from an UPnP Control Point, the IGD-
PCP Interworking Function first checks if the requested external port
number is not used by another Internal UPnP Control Point. In case a
mapping bound to the requested external port number is found in the
local mapping table, the IGD-PCP IWF MUST send back a
ConflictInMappingEntry error to the requesting UPnP Control Point
(see Figure 7).
Boucadair, et al. Expires June 26, 2011 [Page 17]
Internet-Draft UPnP IGD-PCP Interworking Function December 2010
UPnP-PCP
UPnP Control Interworking
Point Function PCP Server
| | |
| (1) AddPortMapping | |
| ExternalPort=2356 | |
|--------------------->| |
| | |
| (2) Error: | |
|ConflictInMappingEntry| |
|<---------------------| |
| | |
| (3) AddPortMapping | |
| ExternalPort=4586 | |
|--------------------->| |
| | |
| (4) Error: | |
|ConflictInMappingEntry| |
|<---------------------| |
| | |
Figure 7: IWF Local Behaviour
This exchange (Figure 7) is re-iterated until an external port number
that is not in use is requested by the UPnP Control Point. Then, the
IGD-PCP IWF generates a PCP PINxy Request with all requested mapping
information as indicated by the UPnP Control Point if no NAT is
embedded in the CP router or updated as specified in Section 5.6. In
addition, the IGD-PCP IWF inserts a HONOR_EXTERNAL_PORT Option to the
generated PCP request.
If the requested external port is in use, a PCP Error message MUST be
sent by the PCP Server to the IGD-PCP IWF indicating
CANNOT_HONOR_EXTERNAL_PORT as the error cause. The IGD-PCP IWF
relays a negative message to the UPnP Control Point indicating
ConflictInMappingEntry as error code. The UPnP Control Point re-
issues a new request with a new requested external port number. This
process is repeated until a positive answer is received or maximum
retry is reached.
If the PCP Server is able to honor the requested external port, a
positive response is sent to the requesting IGD-PCP IWF. Upon
receipt of the response from the PCP Server, the returned mapping
MUST be stored by the IGD-PCP Interworking Function in its local
mapping table and a positive answer MUST be sent to the requesting
UPnP Control Point. This answer terminates this exchange.
Boucadair, et al. Expires June 26, 2011 [Page 18]
Internet-Draft UPnP IGD-PCP Interworking Function December 2010
Figure 8 shows an example of the flow exchange that occurs when the
PCP Server satisfies the request from the IGD-PCP IWF. Figure 9
shows the messages exchange when the requested external port is in
use.
UPnP-PCP
UPnP Control Interworking
Point Function PCP Server
| | |
| (1) AddPortMapping | |
| ExternalPort=8080 | |
|--------------------->| |
| | (2) PCP PINxy Request |
| |requested external port=8080 |
| | HONOR_EXTERNAL_PORT |
| |---------------------------->|
| | |
| | (3) PCP PINxy Response |
| | assigned external port=8080 |
| |<----------------------------|
| (4) AddPortMapping | |
| ExternalPort=8080 | |
|<---------------------| |
Figure 8: Flow Example (Positive Answer)
Boucadair, et al. Expires June 26, 2011 [Page 19]
Internet-Draft UPnP IGD-PCP Interworking Function December 2010
UPnP-PCP
UPnP Control Interworking
Point Function PCP Server
| | |
| (1) AddPortMapping | |
| ExternalPort=8080 | |
|--------------------->| |
| | (2) PCP PINxy Request |
| |requested external port=8080 |
| | HONOR_EXTERNAL_PORT |
| |---------------------------->|
| | (3) PCP PINxy Response |
| | CANNOT_HONOR_EXTERNAL_PORT |
| |<----------------------------|
| (4) Error: | |
|ConflictInMappingEntry| |
|<---------------------| |
| (5) AddPortMapping | |
| ExternalPort=5485 | |
|--------------------->| |
| | (6) PCP PINxy Request |
| |requested external port=5485 |
| | HONOR_EXTERNAL_PORT |
| |---------------------------->|
| | (7) PCP PINxy Response |
| | CANNOT_HONOR_EXTERNAL_PORT |
| |<----------------------------|
| (8) Error: | |
|ConflictInMappingEntry| |
|<---------------------| |
....
| (a) AddPortMapping | |
| ExternalPort=6591 | |
|--------------------->| |
| | (b) PCP PINxy Request |
| |requested external port=6591 |
| | HONOR_EXTERNAL_PORT |
| |---------------------------->|
| | (c) PCP PINxy Response |
| | CANNOT_HONOR_EXTERNAL_PORT |
| |<----------------------------|
| (d) Error: | |
|ConflictInMappingEntry| |
|<---------------------| |
Figure 9: Flow Example (Negative Answer)
Boucadair, et al. Expires June 26, 2011 [Page 20]
Internet-Draft UPnP IGD-PCP Interworking Function December 2010
5.8. Listing One or a Set of Mappings
In order to list active mappings, an UPnP Control Point may issue
GetGenericPortMappingEntry(), GetSpecificPortMappingEntry() or
GetListOfPortMappings().
These methods MUST NOT be proxied to the PCP Server since a local
mapping is maintained by the IGD-PCP Interworking Function.
5.9. Delete One or a Set of Mappings: DeletePortMapping() or
DeletePortMappingRange()
An UPnP Control Point proceeds to the deletion of one or a list of
mappings by issuing DeletePortMapping() or DeletePortMappingRange().
When one of these messages is received by the IGD-PCP Interworking
Function, it first checks if the requested mapping to be removed is
present in the local mapping table. If no mapping matching the
request is found in the local table, an error is sent back to the
UPnP Control Point (see Figure 10).
UPnP-PCP
UPnP Control Interworking
Point Function PCP Server
| | |
|(1) DeletePortMapping | |
|--------------------->| |
| | |
| (2) Error: | |
| NoSuchEntryInArray | |
|<---------------------| |
| | |
Figure 10: Local Delete (IGD-PCP IWF)
if a mapping matches in the local table, PCP PINxy delete request(s)
is generated taking into account the input arguments:
o as included in DeletePortMapping() if no NAT is enabled in the CP
router; In case DeletePortMappingRange() is used, the IGD-PCP IWF
generates individual requests to cover all the range;
[[Note: Add a figure to illustrate the behaviour to handle
DeletePortMappingRange()]]
o or the corresponding local IP address and port number as assigned
by the local NAT if a NAT is enabled in the CP router.
Boucadair, et al. Expires June 26, 2011 [Page 21]
Internet-Draft UPnP IGD-PCP Interworking Function December 2010
Once received by the PCP Server, it proceeds to removing the
corresponding entry(ies). A PCP PINxy delete response is sent back
if the removal of the corresponding entry(ies) was successful; if
not, a PCP Error is sent back to the IGD-PCP Interworking Function
including the corresponding error cause (e.g., Not Authorised).
When a positive answer is received from the PCP Server, the IGD-PCP
Interworking Function updates its local mapping table (i.e., remove
the corresponding entry(ies)) and notifies the UPnP Control Point
about the result of the removal operation.
5.10. Mapping Synchronisation
[[Note: This section needs further discussion among authors]]
Under normal conditions, since a valid copy of the mapping table is
stored locally in the CP router, the IGD-PCP Interworking Function
SHOULD NOT issue any subsequent PCP request to handle a request
received from an UPnP Control Point to list active mappings.
Nevertheless, in case of loss of synchronisation (e.g., reboot,
system crashes, power outage, etc.), the IGD-PCP Interworking
Function SHOULD generate a get method to retrieve all active mappings
in the PCP Server and update its local mapping table without waiting
for an explicit request from a UPnP Control Point. Doing so, the
IGD-PCP Interworking Function maintains an updated mapping table.
In case of massive reboot of CP routers (e.g., avalanche restart
phenomenon), PCP request bursts SHOULD be avoided. For this aim, we
recommend the use of a given timer denoted as PCP_SERVICE_WAIT. This
timer can be pre-configured in the CP router or to be provisioned
using a dedicated means such as DHCP. Upon reboot of the CP router,
PCP messages SHOULD NOT be sent immediately. A random value is
selected between 0 and PCP_SERVICE_WAIT. This value is referred to
as RAND(PCP_SERVICE_WAIT). Upon the expiration of
RAND(PCP_SERVICE_WAIT), the CP router SHOULD proceed to its
synchronisation operations (i.e., retrieve all active mappings which
have been instructed by internal UPnP Control Point(s)).
[[Note: per-subscriber quota may be exhausted due to unlimited
lifetime and stale mappings in IGD due to reboots, etc.]]
6. IANA Considerations
This document makes no request of IANA.
Note to RFC Editor: this section may be removed on publication as an
RFC.
Boucadair, et al. Expires June 26, 2011 [Page 22]
Internet-Draft UPnP IGD-PCP Interworking Function December 2010
7. Security Considerations
This document defines a procedure to instruct PCP mappings for third
party devices belonging to the same subscriber. Identification means
to avoid a malicious user to instruct mappings on behalf of a third
party must be enabled. Such means are already discussed in Section
7.4.4 of [I-D.ietf-pcp-base].
Security considerations elaborated in [I-D.ietf-pcp-base] and
[Sec_DCP] should be taken into account.
8. Acknowledgments
Authors would like to thank F. Fontaine and C. Jacquenet for their
review and comments.
9. References
9.1. Normative References
[I-D.ietf-pcp-base]
Wing, D., "Port Control Protocol (PCP)",
draft-ietf-pcp-base-01 (work in progress), December 2010.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
9.2. Informative References
[I-D.bpw-pcp-dhcp]
Boucadair, M., Penno, R., and D. Wing, "DHCP and DHCPv6
Options for Port Control Protocol (PCP)",
draft-bpw-pcp-dhcp-00 (work in progress), October 2010.
[I-D.ietf-behave-v6v4-xlate-stateful]
Bagnulo, M., Matthews, P., and I. Beijnum, "Stateful
NAT64: Network Address and Protocol Translation from IPv6
Clients to IPv4 Servers",
draft-ietf-behave-v6v4-xlate-stateful-12 (work in
progress), July 2010.
[I-D.ietf-softwire-dual-stack-lite]
Durand, A., Droms, R., Woodyatt, J., and Y. Lee, "Dual-
Stack Lite Broadband Deployments Following IPv4
Exhaustion", draft-ietf-softwire-dual-stack-lite-06 (work
in progress), August 2010.
Boucadair, et al. Expires June 26, 2011 [Page 23]
Internet-Draft UPnP IGD-PCP Interworking Function December 2010
[IGD2] UPnP Forum, "WANIPConnection:2 Service (http://upnp.org/
specs/gw/UPnP-gw-WANIPConnection-v2-Service.pdf)",
September 2010.
[Sec_DCP] UPnP Forum, "Device Protection:1", November 2009.
Authors' Addresses
Mohamed Boucadair
France Telecom
Rennes, 35000
France
Email: mohamed.boucadair@orange-ftgroup.com
Reinaldo Penno
Juniper Networks
1194 N Mathilda Avenue
Sunnyvale, California 94089
USA
Email: rpenno@juniper.net
Dan Wing
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134
USA
Email: dwing@cisco.com
Francis Dupont
ISC
Email: Francis.Dupont@fdupont.fr
Boucadair, et al. Expires June 26, 2011 [Page 24]