Behavior Engineering for Hindrance R. Denis-Courmont Avoidance (if taken) VideoLAN project Internet-Draft November 12, 2007 Intended status: Standards Track Expires: May 15, 2008 Network Address Translation (NAT) Behavioral Requirements for DCCP draft-denis-behave-nat-dccp-00.txt Status of This Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on May 15, 2008. Copyright Notice Copyright (C) The IETF Trust (2007). Abstract This document would define a set of requirements for NATs that handle DCCP. Denis-Courmont Expires May 15, 2008 [Page 1]
Internet-Draft NAT DCCP Requirements November 2007 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Applicability . . . . . . . . . . . . . . . . . . . . . . . . . 3 4. Requirements for NATs . . . . . . . . . . . . . . . . . . . . . 3 5. Tunnelling . . . . . . . . . . . . . . . . . . . . . . . . . . 4 6. DCCP simultaneous open . . . . . . . . . . . . . . . . . . . . 4 7. Security Considerations . . . . . . . . . . . . . . . . . . . . 4 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 4 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . 4 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 5 10.1. Normative References . . . . . . . . . . . . . . . . . . . 5 10.2. Informative References . . . . . . . . . . . . . . . . . . 5 Denis-Courmont Expires May 15, 2008 [Page 2]
Internet-Draft NAT DCCP Requirements November 2007 1. Introduction For historical reasons, NAT devices are not typically capable of handling datagrams and flows for application using the Datagram Congestion Control Protocol (DCCP)[RFC4340]. This draft discusses the technical issues involved, and proposes different potential solutions. It is however expected that not all of them (if any) will be carried on. 2. Definitions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 3. Applicability This document applies to NAT devices that want to handle DCCP datagrams. It is not the intent of this document to deprecate the overwhelming majority of deployed NAT devices. These NATs are simply not expected to handle DCCP, so this memo is not applicable to them. TBD: This draft does not currently specify any clear requirement anyway. 4. Requirements for NATs The first approach to using DCCP through NAT devices involves changing the NAT devices to handle DCCP explicitly. Processing of DCCP packets by a NAT device would then be very similar to processing of TCP packets, as already specified in [I-D.ietf-behave-tcp]. In addition to the usual changes to the IP header, NAT devices would need to mangle: o DCCP source port, for outgoing packets, depending on the NAT mapping o DCCP destination port, for incoming packets, depending on the NAT mapping o DCCP checksum, to compensate for IP address and port number modifications. Because changing the the source or destination IP address of a DCCP packet will normally invalidate the DCCP checksum, it is not possible to use DCCP through a NAT without dedicated support. Some NAT devices are known to provide a "generic" transport protocol support, whereby only the IP header is mangled. That scheme will not work with DCCP at all. Denis-Courmont Expires May 15, 2008 [Page 3]
Internet-Draft NAT DCCP Requirements November 2007 TBD: write down actual mapping and timing requirements, etc. See behave-nat-tcp as a start. 5. Tunnelling Tunnelling is another approach: DCCP datagram would be encapsulated into an additionnal UDP transport header. This relies on the fact that many NATs are capable of handling UDP datagrams. This solution has tha major advantage of not needing any changes to the existing deployed NAT devices. Issues with this solution include: o Both sides of the DCCP session need to be updated to use tunnelling, even though only one side might be hindered with a NAT. This implies a non-backward compatible extension to [RFC4340]. o A method MUST be defined to negociate when to use tunnelling. o The per-packet overhead is increased. Various actual tunnelling solutions are already defined, such as ESP- in-UDP[RFC3948] (especially with the NULL cipher suite) or Teredo[RFC4380]. 6. DCCP simultaneous open When both parties to an intended DCCP session are located behind either a NAT device or a stateful firewall, neither can act as the paassive endpoint in the connection establishment. Unfortunately, at the time of writing, the DCCP connection state machine does not allow both peers to behave as active endpoint, as is the case in TCP simultaneous open. It is expected that this issue will be tackled in the DCCP working group shortly (TODO: reference relevant I-D). 7. Security Considerations TBD. 8. IANA Considerations This document raises no IANA considerations. 9. Acknowledgments The authors would like to thank ... for their comments on this document. Denis-Courmont Expires May 15, 2008 [Page 4]
Internet-Draft NAT DCCP Requirements November 2007 10. References 10.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC4340] Kohler, E., Handley, M., and S. Floyd, "Datagram Congestion Control Protocol (DCCP)", RFC 4340, March 2006. 10.2. Informative References [I-D.ietf-behave-tcp] Guha, S., "NAT Behavioral Requirements for TCP", draft-ietf-behave-tcp-07 (work in progress), April 2007. [RFC3948] Huttunen, A., Swander, B., Volpe, V., DiBurro, L., and M. Stenberg, "UDP Encapsulation of IPsec ESP Packets", RFC 3948, January 2005. [RFC4380] Huitema, C., "Teredo: Tunneling IPv6 over UDP through Network Address Translations (NATs)", RFC 4380, February 2006. Author's Address Remi Denis-Courmont VideoLAN project EMail: rem@videolan.org URI: http://www.videolan.org/ Denis-Courmont Expires May 15, 2008 [Page 5]
Internet-Draft NAT DCCP Requirements November 2007 Full Copyright Statement Copyright (C) The IETF Trust (2007). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Intellectual Property The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Acknowledgement Funding for the RFC Editor function is provided by the IETF Administrative Support Activity (IASA). Denis-Courmont Expires May 15, 2008 [Page 6]