Datagram Congestion Control T. Phelan Protocol Sonus Internet-Draft February 11, 2010 Intended status: Experimental Expires: August 15, 2010 Datagram Congestion Control Protocol (DCCP) Encapsulation for NAT Traversal (DCCP-NAT) draft-ietf-dccp-udpencap-00 Abstract This document specifies an alternative encapsulation of the Datagram Congestion Control Protocol (DCCP), referred to as DCCP-NAT. This encapsulation will allow DCCP to be carried through the current generation of Network Address Translation (NAT) middleboxes without modification of those middleboxes. Status of this Memo This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on August 15, 2010. Copyright Notice Copyright (c) 2010 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Phelan Expires August 15, 2010 [Page 1]
Internet-Draft DCCP-NAT Encapsulation February 2010 Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. DCCP-NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 3.1. UDP Header . . . . . . . . . . . . . . . . . . . . . . . . 4 3.2. DCCP-NAT Generic Header . . . . . . . . . . . . . . . . . 5 3.3. DCCP-NAT Checksum Procedures . . . . . . . . . . . . . . . 5 3.3.1. Minimum Checksum Coverage Feature . . . . . . . . . . 5 3.4. Explicit Congestion Notification . . . . . . . . . . . . . 6 3.5. Path Maximum Transmission Unit Discovery . . . . . . . . . 6 3.6. Other DCCP Headers and Options . . . . . . . . . . . . . . 7 3.7. Service Codes and the DCCP Port Registry . . . . . . . . . 7 4. DCCP-NAT and Higher-Layer Protocols . . . . . . . . . . . . . 7 5. Signaling the Use of DCCP-NAT . . . . . . . . . . . . . . . . 8 5.1. SDP for RTP over DCCP . . . . . . . . . . . . . . . . . . 8 6. Security Considerations . . . . . . . . . . . . . . . . . . . 9 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 11 Phelan Expires August 15, 2010 [Page 2]
Internet-Draft DCCP-NAT Encapsulation February 2010 1. Introduction The Datagram Congestion Control Protocol (DCCP), specified in [RFC4340], is a transport-layer protocol that provides upper layers with the capability of using unreliable but congestion controlled flows. According to [RFC4340], DCCP packets are directly encapsulated in IPv4 or IPv6 packets. In order for the [RFC4340] encapsulation to pass through Network Address Translation (NAT) devices, these devices must be updated to recognize and properly modify DCCP. This is the long-term objective for DCCP, and work is underway to specify the necessary operations. However, in the short term it would be useful to have an encapsulation for DCCP that would be compatible with NAT devices conforming to [RFC4787]. This document specifies that encapsulation, which is referred to as DCCP-NAT. For convenience, the [RFC4340] encapsulation is referred to as DCCP-STD. The DCCP-NAT encapsulation specified here supports all of the features contained in DCCP-STD. However, support of partial checksums and ECN might be impractical for some implementations. Those implementations MAY choose to not support one or both of these features. 2. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 3. DCCP-NAT The basic approach here is to insert a UDP ([RFC0768]) "shim" layer between the IP header and a DCCP packet with a modified generic header (modified to eliminate redundancies between UDP and DCCP). Note that this is not strictly a tunneling approach. The IP addresses of the communicating end systems are carried in the IP header (which could be modified by NAT devices) and there are no other IP addresses embedded. Devices offering or using DCCP services via DCCP-NAT encapsulation listen on a UDP port (default port awaiting IANA action) for incoming packets and pass received packets along to the DCCP protocol. DCCP implementations MAY allow services to be simultaneously offered over any or all combinations of DCCP-STD and DCCP-NAT encapsulations with Phelan Expires August 15, 2010 [Page 3]
Internet-Draft DCCP-NAT Encapsulation February 2010 IPv4 and IPv6. The basic format of a DCCP-NAT packet is: +-----------------------------------+ | IP Header (IPv4 or IPv6) | Variable length +-----------------------------------+ | UDP Header | 8 bytes +-----------------------------------+ | DCCP-NAT Generic Header | 12 bytes +-----------------------------------+ | Additional (type-specific) Fields | Variable length (could be 0) +--------------------------------------+ | DCCP Options | Variable length (could be 0) +-----------------------------------+ | Application Data Area | Variable length (could be 0) +-----------------------------------+ 3.1. UDP Header The format of the UDP header is taken from [RFC0768]: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source Port | Dest Port | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Length | Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ For DCCP-NAT, the fields are interpreted as follows: Source and Dest(ination) Ports: 16 bits each These fields identify the UDP ports on which the source and destination (respectively) of the packet are listening for incoming DCCP-NAT packets (normally both are the default port to be assigned by IANA). Note that they do not identify the DCCP source and destination ports. Length: 16 bits This field is the length of the portion of the UDP datagram, including the UDP header and the payload (which for DCCP-NAT is the DCCP-NAT datagram) that is covered by the UDP Checksum. Checksum: 16 bits Phelan Expires August 15, 2010 [Page 4]
Internet-Draft DCCP-NAT Encapsulation February 2010 This field is the Internet checksum of a network-layer pseudoheader and Length bytes of the UDP packet. 3.2. DCCP-NAT Generic Header Unlike the DCCP-STD generic header, the DCCP-NAT generic header takes only one form; it does not support short sequence numbers. Its format is as follows: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source Port | Dest Port | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Data Offset | CCVal | Type | Sequence Number (high bits) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ . Sequence Number (low bits) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ All DCCP-NAT generic header fields function as specified in [RFC4340]. 3.3. DCCP-NAT Checksum Procedures For DCCP-NAT, the functions of the DCCP-STD generic header fields Checksum and CsCov are performed by the UDP Checksum and Length fields. If the UDP Length field is less than 20 (UDP Header length and minimum DCCP-NAT header length), the packet MUST be dropped. If the UDP Checksum field, computed using standard UDP methods except including only UDP Length bytes of the UDP packet, is invalid, the packet MUST be dropped. If the UDP Length field in a received packet is less than the length of the UDP header plus the entire DCCP-NAT header (including the generic header and type-specific fields and options, if present), or the UDP Length field is greater than the length of the packet from the beginning of the UDP header to the end of the packet, that packet MUST be dropped. 3.3.1. Minimum Checksum Coverage Feature The Minimum Checksum Coverage Feature lets a DCCP endpoint determine whether its peer is willing to accept packets with partial checksum coverage. It takes values from 0 to 15. For DCCP-NAT the feature values are interpreted as follows: Phelan Expires August 15, 2010 [Page 5]
Internet-Draft DCCP-NAT Encapsulation February 2010 o Minimum Checksum Coverage = 0, the peer will not accept packets with partial checksum. If the UDP Length field is less than the length of the entire UDP packet, then the packet has unacceptable Checksum Coverage, as defined in DCCP-STD section 9.2.1. o Minimum Checksum Coverage > 0, the peer will accept packets with partial checksum. If the UDP Length field is less than the size of the UDP Header (8 bytes) plus the size of the DCCP-NAT header (including type-specific fields and options) plus (Minimum Checksum Coverage - 1)*4, then the packet has unacceptable Checksum Coverage. As defined in DCCP-STD section 9.2.1, peers MAY refuse to process packets with unacceptable Checksum Coverage. It might be impractical for an implementation to set the UDP Length field to less than the full length in outgoing packets or to receive incoming packets with UDP Length less than the full length (e.g., user-space implementations using the socket interface). These implementations MAY choose to not support Minimum Checksum Coverage values other than 0. Implementations that make this choice MUST always answer a "Change R(Minimum Checksum Coverage, any value)" with a "Confirm L(Minimum Checksum Coverage, 0)". These implementations MAY choose to drop packets with UDP Length less than the full packet length, rather invoke the procedures of DCCP-STD section 9.2.1. 3.4. Explicit Congestion Notification DCCP-NAT implementations SHOULD follow the procedures of DCCP-STD section 12 by setting the ECN fields in the IP Headers of outgoing packets and examining the values received in the ECN fields of incoming packets. However, some implementations might find it impractical to set or receive the ECN fields (e.g., user-space implementations using the socket interface). These implementations MUST follow the procedures in DCCP-STD section 12.1 for implementations that are not ECN capable. 3.5. Path Maximum Transmission Unit Discovery DCCP-NAT implementations should follow DCCP-STD section 14 with regard to maximum packet size and Path Maximum Transmission Unit Discovery (PMTUD). Phelan Expires August 15, 2010 [Page 6]
Internet-Draft DCCP-NAT Encapsulation February 2010 3.6. Other DCCP Headers and Options All type-specific DCCP headers are as in DCCP-STD, except that the short sequence number version of the acknowledgement header is not supported. All option and feature encodings are as in DCCP-STD. 3.7. Service Codes and the DCCP Port Registry There is one Service Code registry and one DCCP port registry and they apply to all combinations of encapsulation and IP version. A DCCP Service Code specifies an application using DCCP regardless of the combination of DCCP encapsulation and IP version. An application MAY choose not to support some combinations of encapsulation and IP version, but its Service Code will remain registered for those combinations and MUST NOT be used by other applications. An application SHOULD NOT register different Service Codes for different combinations of encapsulation and IP version. Similarly, a port registration is applicable to all combinations of encapsulation and IP version. Again, an application MAY choose not to support some combinations of encapsulation and IP version on its registered port, although the port will remain registered for those combinations. Applications SHOULD NOT register different ports just for the purpose of using different encapsulation combinations. Since the port registry supports multiple applications registering the same port (as long as the Service Codes are different), other applications MAY register on the same port, but those registrations are also applicable to all combinations of encapsulation and IP version. 4. DCCP-NAT and Higher-Layer Protocols In general, the encapsulation of a higher-layer protocol within DCCP SHOULD be the same in both DCCP-STD and DCCP-NAT. At this time, encapsulations of DTLS over DCCP, defined in [RFC5238] and RTP over DCCP, defined in [I-D.ietf-dccp-rtp], have been already defined. The encapsulations of those protocols in DCCP-NAT SHALL be the same as specified in those documents. Higher-layer protocols that require different encapsulations for different DCCP modes MUST justify the reasons for the difference and MUST specify the encapsulations for both DCCP-STD and DCCP-NAT. If a document does not specify different encapsulations for DCCP-STD and DCCP-NAT, the specified encapsulation SHALL apply to both DCCP-STD and DCCP-NAT. Phelan Expires August 15, 2010 [Page 7]
Internet-Draft DCCP-NAT Encapsulation February 2010 5. Signaling the Use of DCCP-NAT Applications often signal transport connection parameters through outside means, such as the Session Description Protocol (SDP). Applications that define such methods for DCCP MUST define how the DCCP encapsulation is chosen, and MUST allow either type of encapsulation to be signaled. 5.1. SDP for RTP over DCCP [I-D.ietf-dccp-rtp] defines SDP extensions for signaling RTP over DCCP connections. Since it predates this document, it does not define a method for determining the DCCP encapsulation type. This document updates [I-D.ietf-dccp-rtp] to add a method for determining the DCCP encapsulation type. A new SDP attribute "dccp-encap" is defined for signaling the DCCP encapsulation according to the following ABNF [RFC5234]: dccp-encap-attr = %x61 "=dccp-in-udp" [":" udp-port-num] udp-port-num = *DIGIT where *DIGIT is as defined in [RFC5234]. The presence of "a=dccp-in-udp" in an SDP offer indicates that the offerer is listening for DCCP-NAT connections on the indicated UDP port (if udp-port-num is included) or on the IANA allocated port for the DCCP-NAT service if no port is included. The absence of "a=dccp-in-udp" in an SDP offer indicates that the offerer is listening for DCCP-STD connections. The presence of "a=dccp-in-udp" conveys no information about whether or not the offerer is listening for DCCP-STD connections. For example (adapted from examples in [I-D.ietf-dccp-rtp]): An offerer at 192.0.2.47 signals its availability for an H.261 video session, using RTP/AVP over DCCP with service code "RTPV" (using the hexadecimal encoding of the service code in the SDP). RTP and RTCP packets are multiplexed onto a single DCCP connection and DCCP-NAT encapsulation is supported: Phelan Expires August 15, 2010 [Page 8]
Internet-Draft DCCP-NAT Encapsulation February 2010 v=0 o=alice 1129377363 1 IN IP4 192.0.2.47 s=- c=IN IP4 192.0.2.47 t=0 0 m=video 5004 DCCP/RTP/AVP 99 a=rtcp-mux a=rtpmap:99 h261/90000 a=dccp-service-code:SC=x52545056 a=setup:passive a=connection:new a=dccp-in-udp An answerer at 192.0.2.128 receives this offer and responds with the following answer: v=0 o=bob 1129377364 1 IN IP4 192.0.2.128 s=- c=IN IP4 192.0.2.128 t=0 0 m=video 9 DCCP/RTP/AVP 99 a=rtcp-mux a=rtpmap:99 h261/90000 a=dccp-service-code:SC:RTPV a=setup:active a=connection:new a=dccp-in-udp The end point at 192.0.2.128 then initiates a DCCP-NAT connection to UDP port to-be-allocated and DCCP port 5004 at 192.0.2.47. DCCP port 5004 is used for both the RTP and RTCP data, and port 5005 is unused. The textual encoding of the service code is used in the answer, and represents the same service code as in the offer. 6. Security Considerations DCCP-NAT provides all of the security risk-mitigation measures present in DCCP-STD, and also all of the security risks, except those associated with short sequence numbers (since DCCP-NAT does not support that feature). The purpose of DCCP-NAT is to allow DCCP to pass through NAT devices, and therefore it exposes DCCP to the risks associated with passing through NAT devices. It does not create any new risks with regard to NAT devices. Phelan Expires August 15, 2010 [Page 9]
Internet-Draft DCCP-NAT Encapsulation February 2010 DCCP-NAT may also allow DCCP applications to pass through existing firewall devices, if the administrators of the devices so choose. The option is a binary one however; either allow all DCCP applications or allow none. Proper control of DCCP application-by- application will require enhancements to firewalls. 7. IANA Considerations A port allocation request will be placed with IANA for the dccp-nat service port in UDP. The following new SDP attribute ("att-field") is to be registered: Contact name: Tom Phelan <tphelan@sonusnet.com> Attribute name: dccp-in-udp Long-form attribute name in English: DCCP in UDP Encapsulation Type of attribute: Media level Subject to charset attribute? No Purpose of the attribute: See this document section Section 5.1 Allowed attribute values: See this document section Section 5.1 8. References [I-D.ietf-dccp-rtp] Perkins, C., "RTP and the Datagram Congestion Control Protocol (DCCP)", draft-ietf-dccp-rtp-07 (work in progress), June 2007. [RFC0768] Postel, J., "User Datagram Protocol", STD 6, RFC 768, August 1980. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC4340] Kohler, E., Handley, M., and S. Floyd, "Datagram Congestion Control Protocol (DCCP)", RFC 4340, March 2006. [RFC4787] Audet, F. and C. Jennings, "Network Address Translation (NAT) Behavioral Requirements for Unicast UDP", BCP 127, RFC 4787, January 2007. Phelan Expires August 15, 2010 [Page 10]
Internet-Draft DCCP-NAT Encapsulation February 2010 [RFC5234] Crocker, D. and P. Overell, "Augmented BNF for Syntax Specifications: ABNF", STD 68, RFC 5234, January 2008. [RFC5238] Phelan, T., "Datagram Transport Layer Security (DTLS) over the Datagram Congestion Control Protocol (DCCP)", RFC 5238, May 2008. Author's Address Tom Phelan Sonus Networks 7 Technology Dr. Westford, MA 01886 US Phone: +1 978 614 8456 Email: tphelan@sonusnet.com Phelan Expires August 15, 2010 [Page 11]
