Internet Engineering Task Force T. Phelan
Internet-Draft Sonus
Intended status: Standards Track G. Fairhurst
Expires: August 6, 2011 University of Aberdeen
February 2, 2011
Datagram Congestion Control Protocol (DCCP) Encapsulation for NAT
Traversal (DCCP-UDP)
draft-ietf-dccp-udpencap-04
Abstract
This document specifies an alternative encapsulation of the Datagram
Congestion Control Protocol (DCCP), referred to as DCCP-UDP. This
encapsulation allows DCCP to be carried through the current
generation of Network Address Translation (NAT) middleboxes without
modification of those middleboxes. This document also updates the
SDP information for DCCP defined in RFC 5762.
Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on August 6, 2011.
Copyright Notice
Copyright (c) 2011 IETF Trust and the persons identified as the
document authors. All rights reserved.
Phelan & Fairhurst Expires August 6, 2011 [Page 1]
Internet-Draft DCCP-UDP Encapsulation February 2011
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. DCCP-UDP . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
3.1. The UDP Header . . . . . . . . . . . . . . . . . . . . . . 4
3.2. The DCCP Generic Header . . . . . . . . . . . . . . . . . 5
3.3. DCCP-UDP Checksum Procedures . . . . . . . . . . . . . . . 6
3.3.1. Partial Checksums and the Minimum Checksum
Coverage Feature . . . . . . . . . . . . . . . . . . . 7
3.4. Network Layer Options . . . . . . . . . . . . . . . . . . 7
3.5. Explicit Congestion Notification . . . . . . . . . . . . . 7
3.6. ICMP handling for messages relating to DCCP-UDP . . . . . 7
3.7. Path Maximum Transmission Unit Discovery . . . . . . . . . 8
3.8. Usage of the UDP port by DCCP-UDP . . . . . . . . . . . . 8
3.9. Service Codes and the DCCP Port Registry . . . . . . . . . 9
4. DCCP-UDP and Higher-Layer Protocols . . . . . . . . . . . . . 9
5. Signaling the Use of DCCP-UDP . . . . . . . . . . . . . . . . 9
5.1. SDP support for DCCP-UDP . . . . . . . . . . . . . . . . . 10
6. Security Considerations . . . . . . . . . . . . . . . . . . . 10
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11
8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 11
9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 12
9.1. Normative References . . . . . . . . . . . . . . . . . . . 12
9.2. Informative References . . . . . . . . . . . . . . . . . . 12
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 12
Phelan & Fairhurst Expires August 6, 2011 [Page 2]
Internet-Draft DCCP-UDP Encapsulation February 2011
1. Introduction
The Datagram Congestion Control Protocol (DCCP), specified in
[RFC4340], is a transport-layer protocol that provides upper layers
with the ability to use non-reliable congestion-controlled flows.
The current specification for DCCP [RFC4340] specifies a direct
encapsulation in IPv4 or IPv6 packets.
[RFC5597] specifies how DCCP should be handled by devices that use
Network Address Translation (NAT) or Network Address and Port
Translation (NAPT). However, there is a significant installed base
of NAT/NAPT devices that do not support [RFC5597]. In the short
term, it would be useful to have an encapsulation for DCCP that is
compatible with this installed base of NAT/NAPT devices that support
[RFC4787], but do not support [RFC5597]. This document specifies
that encapsulation, which is referred to as DCCP-UDP. For
convenience, the standard encapsulation for DCCP [RFC4340] (including
[RFC5596] as required) is referred to as DCCP-STD.
The document also provides an updated SDP specification for DCCP, to
convey the encapsulation type and, in this respect only, it updates
the method in [RFC5762].
The DCCP-UDP encapsulation specified in this document supports all of
the features contained in DCCP-STD, but with limited functionality
for partial checksums.
2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
3. DCCP-UDP
The basic approach is to insert a UDP [RFC0768] header between the IP
header and the DCCP packet. Note that this is not a tunneling
approach. The IP addresses of the communicating end systems are
carried in the IP header. The method does not embed additional IP
addresses.
The method is designed to support use when these addresses are
modified by a device that implements NAT/NAPT. A NAT translates the
IP addresses, which impacts the transport-layer checksum. A NAPT
device may also translate the port values (usually the source port).
In both cases, the outer transport header that includes these values
Phelan & Fairhurst Expires August 6, 2011 [Page 3]
Internet-Draft DCCP-UDP Encapsulation February 2011
would need to be updated by the NAT/NAPT.
A devoce offering or using DCCP services via DCCP-UDP encapsulation
listens on a UDP port (default port, XXX IANA PORT XXX), or may bind
to a specified port utilising out-of-band signalling, such as the
Session Description Protocol (SDP). The DCCP-UDP server accepts
incoming packets over the UDP transport and passes the received
packets to the DCCP protocol module, after removing the UDP
encapsulation.
A DCCP implementation MAY allow services to be simultaneously offered
over any or all combinations of DCCP-STD and DCCP-UDP encapsulations
with IPv4 and IPv6.
The basic format of a DCCP-UDP packet is:
+-----------------------------------+
| IP Header (IPv4 or IPv6) | Variable length
+-----------------------------------+
| UDP Header | 8 bytes
+-----------------------------------+
| DCCP Generic Header | 12 or 16 bytes
+-----------------------------------+
| Additional (type-specific) Fields | Variable length (could be 0)
+-----------------------------------+
| DCCP Options | Variable length (could be 0)
+-----------------------------------+
| Application Data Area | Variable length (could be 0)
+-----------------------------------+
3.1. The UDP Header
The format of the UDP header is specified in [RFC0768]:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source Port | Dest Port |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Length | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
For DCCP-UDP, the fields are interpreted as follows:
Source and Dest(ination) Ports: 16 bits each
Phelan & Fairhurst Expires August 6, 2011 [Page 4]
Internet-Draft DCCP-UDP Encapsulation February 2011
These fields identify the UDP ports on which the source and
destination (respectively) of the packet are listening for
incoming DCCP-UDP packets (both may be the default port assigned
by IANA). The UDP port values do not identify the DCCP source and
destination ports.
Length: 16 bits
This field is the length of the UDP datagram, including the UDP
header and the payload (for DCCP-UDP, the payload is a DCCP-UDP
datagram).
Checksum: 16 bits
This field is the Internet checksum of a network-layer
pseudoheader and Length bytes of the UDP packet [RFC0768]. The
UDP checksum must not be zero for a UDP packet that carries DCCP-
UDP.
3.2. The DCCP Generic Header
The DCCP Generic Header [RFC4340] takes two forms, one with long
sequence numbers (48 bits) and the other with short sequence numbers
(24 bits).
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source Port | Dest Port |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data Offset | CCVal | CsCov | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | |X| | .
| Res | Type |=| Reserved | Sequence Number (high bits) .
| | |1| | .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number (low bits) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The Generic DCCP Header with long sequence numbers [RFC4340]
Phelan & Fairhurst Expires August 6, 2011 [Page 5]
Internet-Draft DCCP-UDP Encapsulation February 2011
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source Port | Dest Port |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data Offset | CCVal | CsCov | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | |X| |
| Res | Type |=| Sequence Number (low bits) |
| | |0| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The Generic DCCP Header with short sequence numbers [RFC4340]
All generic header fields, except for Checksum field, have the
meaning specified in [RFC4340] updated by [RFC5596].
3.3. DCCP-UDP Checksum Procedures
DCCP-UDP employs a checksum at the UDP level and eliminates the use
of the DCCP checksum. This approach was chosen to enable use of
current NAT/NATP traversal methods developed for UDP. Such methods
will generally be unaware whether DCCP is being encapsulated and
hence do not update the inner checksum in the DCCP header. Although
it was known to increase processing for lightweight systems use of a
UDP checksum was mandated, since standard DCCP processing requires
protection of the DCCP header fields. In addition, UDP NAT traversal
does not support partial checksums, and hence although this is still
permitted end-to-end in the encapsulated DCCP datagram, links along
the path will treat these as UDP packets and can not enable special
partial checksum processing.
For DCCP-UDP, the function of the DCCP Checksum field is performed by
the UDP checksum field. On transmit, the DCCP Checksum field SHOULD
be set to zero. On receive, the DCCP Checksum field MUST be ignored.
The UDP checksum MUST NOT be zero for a UDP packet that is sent using
DCCP-UDP. If the received UDP Checksum field is zero, the packet
MUST be dropped.
If the UDP Length field is less than 20 (the UDP Header length and
minimum DCCP-UDP header length), the packet MUST be dropped.
If the UDP Checksum field, computed using standard UDP methods, is
invalid, the packet MUST be dropped.
If the UDP Length field in a received packet is less than the length
of the UDP header plus the entire DCCP-UDP header (including the
Phelan & Fairhurst Expires August 6, 2011 [Page 6]
Internet-Draft DCCP-UDP Encapsulation February 2011
generic header and type-specific fields and options, if present), or
the UDP Length field is greater than the length of the packet from
the beginning of the UDP header to the end of the packet, the packet
MUST be dropped.
3.3.1. Partial Checksums and the Minimum Checksum Coverage Feature
DCCP-UDP supports the syntax of partial checksums. It also supports
negotiation of the Minimum Checksum Coverage feature and settings of
the CsCov field. However, since the UDP checksum field in DCCP-UDP
always covers the entire DCCP datagram, an application that enables
this feature will experience a service that is functionally identical
to using full checksum coverage.
3.4. Network Layer Options
A DCCP-UDP implementations MAY transfer network-layer options
intended for DCCP to the network-layer header of the encapsulating
UDP packet.
A DCCP-UDP endpoint that receives IP-options for the encapsulating
UDP packet MAY forward these to the DCCP protocol module. If the
endpoint forwards a specific network layer option to the DCCP module,
it MUST also forward all subsequent packets with this option.
Consistent forwarding is essential for correct operation of many end-
to-end options.
3.5. Explicit Congestion Notification
A DCCP-UDP endpoint SHOULD follow the procedures of DCCP-STD section
12 by setting the ECN fields in the IP Headers of outgoing packets
and examining the values received in the ECN fields of incoming IP
packets, relaying any packet markings to the DCCP module.
Implementations that do not support ECN MUST follow the procedures in
DCCP-STD section 12.1 with regard to implementations that are not ECN
capable.
3.6. ICMP handling for messages relating to DCCP-UDP
To allow ICMP messages to be demultiplexed by the receiving endpoint,
part of the original packet that resulted in the message is included
in the payload of the ICMP error message. The receiving endpoint can
therefore use this information to associate the ICMP error with the
transport protocol instance that resulted in the ICMP message. When
DCCP-UDP is used, the error message and the payload of the ICMP error
message relate to the UDP transport.
Phelan & Fairhurst Expires August 6, 2011 [Page 7]
Internet-Draft DCCP-UDP Encapsulation February 2011
DCCP-UDP endpoints SHOULD forward ICMP messages relating to a UDP
packet that carries a DCCP-UDP to the DCCP module. This may imply
translation of the payload of the ICMP message into a form that is
recognised by the DCCP stack. [ICMP] describes precautions that are
desirable before TCP acts on the receipt of an ICMP message. Similar
precautions are desirable prior to forwarding by DCCP-UDP to the DCCP
module.
3.7. Path Maximum Transmission Unit Discovery
DCCP-UDP implementations SHOULD follow DCCP-STD section 14 with
regard to determining the maximum packet size and the use of Path
Maximum Transmission Unit Discovery (PMTUD).
3.8. Usage of the UDP port by DCCP-UDP
A DCCP-UDP endpoint MAY use any UDP port number, providing the active
endpoint knows a valid UDP Destination Port on the passive endpoint.
By default, the DCCP-UDP client sets the source and destination ports
to the default port number. UDP port number XXX IANA PORT XXX has
been registered with IANA for this purpose.
A DCCP-UDP server (that is, an initially passive endpoint that wishes
to receive DCCP-Request packets [RFC4340] over DCCP-UDP) binds a UDP
port number for all encapsulated DCCP connections. If the DCCP-UDP
server binds to this default port reserved for the DCCP-UDP service,
it SHOULD accept datagrams from any UDP source port. For example,
this would be needed if a NAPT along the path had translated the
original UDP source port.
There is a risk that the same DCCP source port number will be used by
two endpoints each behind a NAPT. A DCCP-UDP endpoint SHOULD
therefore demultiplex a DCCP-UDP flow using both the UDP source and
destination port numbers in addition to processing of the DCCP ports
by the DCCP module.
XXX The next part on how to handle port conflicts is currently being
considered by the DCCP WG XXX
Hence, the endpoint identifier for a DCCP-UDP connection should be
the 6-tuple <source address, UDP Source Port, DCCP Source Port,
destination address, UDP Destination Port, DCCP Destination Port>,
rather than a 4-tuple <source address, source port, destination
address, destination port> defined by DCCP-STD.
Phelan & Fairhurst Expires August 6, 2011 [Page 8]
Internet-Draft DCCP-UDP Encapsulation February 2011
3.9. Service Codes and the DCCP Port Registry
This section clarifies the usage of DCCP Service Codes and the
registration of server ports by DCCP-UDP. The section is not
intended to update the procedures for allocating Service Codes or
server ports.
There is one Service Code registry and one DCCP port registration
that apply to all combinations of encapsulation and IP version. A
DCCP Service Code specifies an application using DCCP regardless of
the combination of DCCP encapsulation and IP version. An application
may choose not to support some combinations of encapsulation and IP
version, but its Service Code will remain registered for those
combinations and the Service Code must not be used by other
applications. An application should not register different Service
Codes for different combinations of encapsulation and IP version.
[RFC5595] provides additional information about DCCP Service Codes.
Similarly, a port registration is applicable to all combinations of
encapsulation and IP version. Again, an application may choose not
to support some combinations of encapsulation and IP version on its
registered port, although the port will remain registered for those
combinations. Applications should not register different ports just
for the purpose of using different combinations of encapsulation.
4. DCCP-UDP and Higher-Layer Protocols
The encapsulation of a higher-layer protocol within DCCP MUST be the
same for both DCCP-STD and DCCP-UDP. Encapsulations of DTLS over
DCCP is defined in [RFC5238] and RTP over DCCP is defined in
[RFC5762]. This document therefore does not update these
encapsulations when using DCCP-UDP.
5. Signaling the Use of DCCP-UDP
Applications often signal transport connection parameters through
outside means, such as SDP. Applications that define such methods
for DCCP MUST define how the DCCP encapsulation is chosen, and MUST
allow either encapsulation to be signaled.
Procedures for handling DCCP-STD and/or DCCP-NAT with Interactive
Connectivity Establishment (ICE) may need to be developed, but are
left for further work.
Phelan & Fairhurst Expires August 6, 2011 [Page 9]
Internet-Draft DCCP-UDP Encapsulation February 2011
5.1. SDP support for DCCP-UDP
[RFC5762] defines SDP extensions for signaling RTP over DCCP
connections. Since it predates this document, it does not define a
method for determining the DCCP encapsulation type. This document
updates [RFC5762] to add a method for determining the DCCP
encapsulation type.
A new SDP attribute "dccp-encap" is defined for signaling the DCCP
encapsulation according to the following ABNF [RFC5234]:
dccp-encap-attr = %x61 "=dccp-in-udp" [":" udp-port-num]
udp-port-num = *DIGIT
where *DIGIT is as defined in [RFC5234].
The presence of "a=dccp-in-udp" in an SDP offer indicates that the
offerer is listening for DCCP-UDP connections on the indicated UDP
port (if udp-port-num is included) or on the default port for the
DCCP-UDP service if no port is included. This attribute MAY also be
used in a declarative SDP file.
The absence of "a=dccp-in-udp" in an SDP offer indicates that the
offerer is listening for DCCP-STD connections. The presence of
"a=dccp-in-udp" conveys no information about whether or not the
offerer is listening for DCCP-STD connections.
The new SDP attribute specified in this section is expected to be
useful when the offering party is on the public Internet, or in the
same private addressing realm as the answering party. Some other
NAT/NAPT toplogies may result in the advertised port being
unreachable via the NAT/NAPT.
6. Security Considerations
DCCP-UDP provides all of the security risk-mitigation measures
present in DCCP-STD, and also all of the security risks.
The purpose of DCCP-UDP is to allow DCCP to pass through NAT/NAPT
devices, and therefore it exposes DCCP to the risks associated with
passing through NAT devices. It does not create any new risks with
regard to NAT/NAPT devices.
The tunnel encapsulation recommends processing of ICMP messages
received for packets sent using DCCP-UDP and translation to allow use
by DCCP. [ICMP] describes precautions that are desirable before TCP
Phelan & Fairhurst Expires August 6, 2011 [Page 10]
Internet-Draft DCCP-UDP Encapsulation February 2011
acts on receipt of ICMP messages. Similar precautions are desirable
for endpoints processing ICMP for DCCP-UDP.
DCCP-UDP may also allow DCCP applications to pass through existing
firewall devices, if the administrators of the devices so choose. A
simple use may either allow all DCCP applications or allow none.
A firewall than interprets this specification could inspect the
encapsualted DCCP header to filter based on DCCP information. Full
control of DCCP conenctions by application will require enhancements
to firewalls, as discussed in [RFC4340] and related RFCs (e.g.
[RFC5595]).
7. IANA Considerations
This document requests IANA to allocate a UDP port for the dccp-udp
service.
XXX Note: IANA is requested to replace all occurrences of "XXX IANA
PORT XXX" by the allocated port value prior to publication. XXX
IANA is also requested to allocate the following new SDP attribute
("att-field"):
Contact name: Tom Phelan <tphelan@sonusnet.com>
Attribute name: dccp-in-udp
Long-form attribute name in English: DCCP in UDP Encapsulation
Type of attribute: Media level
Subject to charset attribute? No
Purpose of the attribute: See this document section Section 5.1
Allowed attribute values: See this document section Section 5.1
8. Acknowledgments
This document was produced by the DCCP WG. The following contributed
during the working group last call:
Andrew Lentvorski, Lloyd Wood, Pasi Sarolahti, Gerrit Renker, Eddie
Kohler, Colin Perkins, Gorry Fairhurst and Tom Phelan.
Phelan & Fairhurst Expires August 6, 2011 [Page 11]
Internet-Draft DCCP-UDP Encapsulation February 2011
9. References
9.1. Normative References
[RFC0768] Postel, J., "User Datagram Protocol", STD 6, RFC 768,
August 1980.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC4340] Kohler, E., Handley, M., and S. Floyd, "Datagram
Congestion Control Protocol (DCCP)", RFC 4340, March 2006.
[RFC5234] Crocker, D. and P. Overell, "Augmented BNF for Syntax
Specifications: ABNF", STD 68, RFC 5234, January 2008.
[RFC5762] Perkins, C., "RTP and the Datagram Congestion Control
Protocol (DCCP)", RFC 5762, April 2011.
9.2. Informative References
[ICMP] Gont, ""ICMP attacks against TCP", IETF Work-in-
Progress.".
[RFC4787] Audet, F. and C. Jennings, "Network Address Translation
(NAT) Behavioral Requirements for Unicast UDP", BCP 127,
RFC 4787, January 2007.
[RFC5238] Phelan, T., "Datagram Transport Layer Security (DTLS) over
the Datagram Congestion Control Protocol (DCCP)",
RFC 5238, May 2008.
[RFC5595] Fairhurst, G., "The Datagram Congestion Control Protocol
(DCCP) Service Codes", RFC 5595, September 2009.
[RFC5596] Fairhurst, G., "Datagram Congestion Control Protocol
(DCCP) Simultaneous-Open Technique to Facilitate NAT/
Middlebox Traversal", RFC 5596, September 2009.
[RFC5597] Denis-Courmont, R., "Network Address Translation (NAT)
Behavioral Requirements for the Datagram Congestion
Control Protocol", BCP 150, RFC 5597, September 2009.
Phelan & Fairhurst Expires August 6, 2011 [Page 12]
Internet-Draft DCCP-UDP Encapsulation February 2011
Authors' Addresses
Tom Phelan
Sonus Networks
7 Technology Dr.
Westford, MA 01886
US
Phone: +1 978 614 8456
Email: tphelan@sonusnet.com
Godred Fairhurst
University of Aberdeen
School of Engineering
Aberdeen, Scotland AB24 3UE
UK
Phone:
Email: gorry@erg.abdn.ac.uk
Phelan & Fairhurst Expires August 6, 2011 [Page 13]
