SIPPING Working Group G. Camarillo
Internet-Draft Ericsson
Expires: April 20, 2006 K. El Malki
Athonet
V. Gurbani
Lucent Technologies, Inc./Bell
Laboratories
October 17, 2005
IPv6 Transition in the Session Initiation Protocol (SIP)
draft-ietf-sipping-v6-transition-01.txt
Status of this Memo
By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on April 20, 2006.
Copyright Notice
Copyright (C) The Internet Society (2005).
Abstract
This document describes how IPv4 Session Initiation Protocol (SIP)
nodes can communicate with IPv6 SIP nodes. Additionally, this
document also describes how a SIP user agent that supports IPv4 can
exchange media with one that supports IPv6. Both single- and dual-
Camarillo, et al. Expires April 20, 2006 [Page 1]
Internet-Draft IPv6 Transition in SIP October 2005
stack user agents are considered in the discussions.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. The SIP Layer . . . . . . . . . . . . . . . . . . . . . . . . 3
3.1 Outbound Proxy . . . . . . . . . . . . . . . . . . . . . . 3
3.2 Inbound Proxy . . . . . . . . . . . . . . . . . . . . . . 4
3.3 Incoming Requests to a Domain . . . . . . . . . . . . . . 4
3.4 Sending a Request over a New Network: Re-computing
Identifiers . . . . . . . . . . . . . . . . . . . . . . . 5
4. The Media Layer . . . . . . . . . . . . . . . . . . . . . . . 6
4.1 Initial Offer . . . . . . . . . . . . . . . . . . . . . . 7
4.2 Connectivity Checks . . . . . . . . . . . . . . . . . . . 7
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8
6. Security Considerations . . . . . . . . . . . . . . . . . . . 8
7. Acknowledgment . . . . . . . . . . . . . . . . . . . . . . . . 8
8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 8
8.1 Normative References . . . . . . . . . . . . . . . . . . . 8
8.2 Informational References . . . . . . . . . . . . . . . . . 9
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 10
Intellectual Property and Copyright Statements . . . . . . . . 11
Camarillo, et al. Expires April 20, 2006 [Page 2]
Internet-Draft IPv6 Transition in SIP October 2005
1. Introduction
SIP [3] is a protocol to establish and manage multimedia sessions.
After exchanging SIP traffic, SIP endpoints generally exchange
session traffic, which is not transported using SIP, but using a
different protocol. For example, audio streams are typically carried
using Real-Time Transport Protocol (RTP [15]).
Consequently, a complete solution for IPv6 transition needs to handle
both the SIP layer and the media layer. While unextended SIP can
handle heterogeneous IPv6/v4 networks at the SIP layer as long as
proxy servers and their Domain Name Service (DNS) entries are
properly configured, user agents using different address spaces need
to implement extensions in order to exchange media between them.
This document addresses the systems-level issues to make SIP work
successfully between IPv4 and IPv6. Section 3 and Section 4 provide
discussions on the topics that are pertinent to the signaling layer
and media layer, respectively, to establish a successful session
between heterogeneous IPv4/IPv6 networks.
2. Terminology
In this document, the key words "MUST", "MUST NOT", "REQUIRED",
"SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT
RECOMMENDED", "MAY", and "OPTIONAL" are to be interpreted as
described in BCP 14, RFC 2119 [1] and indicate requirement levels for
compliant implementations.
3. The SIP Layer
An autonomous SIP domain sends and receives SIP traffic to and from
its user agents as well as to and from other autonomous domains.
This section describes the issues related to such traffic exchanges.
We assume that the network administrators appropriately configure
their networks such that the SIP servers within an autonomous domain
can communicate between themselves. While this section contains
systems-level issues, it does not address implementation-specific
issues (i.e., parser torture tests, application programming
interfaces to use in programs, etc). Such topics are outlined in
detail in a separate document [19].
3.1 Outbound Proxy
User agents typically send SIP traffic to an outbound proxy, which
takes care of routing it forward. In order to support both IPv4-only
and IPv6-only user agents, it is RECOMMENDED that domains deploy
dual-stack outbound proxy servers or, alternatively, deploy both
Camarillo, et al. Expires April 20, 2006 [Page 3]
Internet-Draft IPv6 Transition in SIP October 2005
IPv4-only and IPv6-only outbound proxies.
Some domains provide automatic means for user agents to discover
their proxy servers. It is RECOMMENDED that domains implement
appropriate discovery mechanisms to provide user agents with the IPv4
and IPv6 addresses of their outbound proxy servers. For example, a
domain may support both the DHCPv4 [14] and the DHCPv6 [13] options
for SIP servers.
If user agents are configured with the Fully-Qualified Domain Name
(FQDN) of their outbound proxy servers (instead of with their IP
addresses) there SHOULD be both IPv6 and IPv4 DNS entries for
outbound proxy servers. This way, user agents can use DNS to obtain
both their IPv6 and IPv4 addresses.
3.2 Inbound Proxy
User agents receive SIP traffic from their domains through an inbound
proxy (which is sometimes co-located with the registrar of the
domain). It is RECOMMENDED that domains deploy dual-stack inbound
proxies or, alternatively, deploy both IPv4-only and IPv6-only
inbound proxy servers.
As an example, a portion of a sample DNS zone file entry is
reproduced below that has both IPv4 and IPv6 addresses. This entry
corresponds to a proxy server for the domain "example.com". The
proxy server supports the Transmission Control Protocol (TCP) and
User Datagram Protocol (UDP) transport for both IPv4 and IPv6
networks.
...
_sip._tcp SRV 20 0 5060 sip1.example.com
SRV 0 0 5060 sip2.example.com
_sip._udp SRV 20 0 5060 sip1.example.com
SRV 0 0 5060 sip2.example.com
sip1 IN A 192.0.2.1
sip1 IN AAAA 2001:db8::1
sip2 IN A 192.0.2.2
sip2 IN AAAA 2001:db8::2
...
3.3 Incoming Requests to a Domain
A SIP user agent is typically reachable through the SIP server that
handles its domain. If the publicly available SIP URI for a
Camarillo, et al. Expires April 20, 2006 [Page 4]
Internet-Draft IPv6 Transition in SIP October 2005
particular user, referred to as the user's AoR (Address of Record),
is 'sip:user@example.com', requests sent to that user will be routed
to the SIP server at 'example.com'. The proxy or user agent sending
the request will perform a DNS lookup for 'example.com' in order to
obtain the IP address of the SIP server.
Therefore, it is RECOMMENDED that domains have both IPv4 and IPv6 DNS
entries for SIP servers. This way, the domain will be able to
receive requests from IPv4-only and from IPv6-only hosts. Of course,
the domain SHOULD have dual-stack proxy servers or both IPv4-only and
IPv6-only proxy servers to handle the incoming SIP traffic.
A SIP proxy server that receives a request using IPv6 and relays it
to the user agent using IPv4, or vice versa, needs to remain in the
path traversed by subsequent requests between both user agents.
Therefore, such a SIP proxy server MUST be configured to Record-Route
in that situation.
Note that while this is the recommended practice, some problems
may still arise if a RFC2543 [16] endpoint is involved in
signaling. Since the ABNF in RFC2543 did not include production
rules to parse IPv6 network identifiers, there is a good chance
that a RFC2543-only compliant endpoint is not able to parse or
regenerate IPv6 network identifiers in headers. Thus, despite a
dual-stack proxy inserting itself into the session establishment,
the endpoint itself may not succeed in the signaling establishment
phase.
This is generally not a problem with RFC3261 endpoints; even if
such an endpoint runs on an IPv4-only host, it still is able to
parse and regenerate IPv6 network identifiers.
3.4 Sending a Request over a New Network: Re-computing Identifiers
SIP uses DNS procedures to allow a client to resolve a SIP URI into
the equivalent IP address, port, and transport protocol of the next
hop to contact lookups [8]. When a SIP client queries the DNS, it
gets an ordered set of IP addresses, ports, and transports to use.
If the server it is seeking is dual-stacked and has a DNS A and AAAA
RR, then the client will need to be prepared to contact the server on
all the transports over both of the networks (i.e., IPv4 and IPv6).
More specifically, when a dual-stack client is prepared to send a
request to a dual-stack next hop server, it must determine whether to
first send it to the IPv4 address of the server, or to the IPv6
address. If SRV RRs have been used to derive the addresses of the
server, the "Priority" field of the SRV RR can aid in such a
decision. Another technique to aid in this decision is outlined in
RFC 3484 [17]. Regardless of which network is tried first, each
search corresponds to a different branch, and as such, mandates that
Camarillo, et al. Expires April 20, 2006 [Page 5]
Internet-Draft IPv6 Transition in SIP October 2005
the normative behavior in RFC3261 to handle requests sent on a branch
be followed.
When a request is to be sent on a branch, certain identifiers are
computed. Specifically, a branch ID is computed and inserted in the
topmost Via header, and certain headers are used to generate
signatures for Identity [20] and Authenticated Identity Body (AIB
[18]). The headers that are used to generate signatures can contain
either raw IP addresses or FQDNs; consequently, an implementation may
choose to insert a raw IP address in such headers. This choice has
ramifications, as discussed next.
When a request is re-targeted to a new branch because the old one did
not elicit a response, and the request is now destined to a new
network (i.e., old request went to an IPv4 downstream server while
the new one is destined towards an IPv6 downstream server) care must
be taken in re-computing the identifiers. More specifically,
implementations MUST ensure that, at the very least, the branch id is
recomputed. Additionally, if raw IP addresses were used to generate
the signatures for the Identity header and AIB, these signatures MUST
be recomputed.
To avoid recomputing the signatures used in the Identity header or
the AIB, it is RECOMMENDED that SIP entities use FQDNs in those
headers that are used as the basis for the Identity header and the
AIB.
4. The Media Layer
SIP establishes media sessions using the offer/answer model [4]. One
endpoint, the offerer, sends a session description (the offer) to the
other endpoint, the answerer. The offer contains all the media
parameters needed to exchange media with the offerer: codecs,
transport addresses, protocols to transfer media, etc.
When the answerer receives an offer, it elaborates an answer and
sends it back to the offerer. The answer contains the media
parameters that the answerer is willing to use for that particular
session. Offer and answer are written using a session description
protocol. The most widespread protocol to describe sessions at
present is called, aptly enough, the Session Description Protocol
(SDP[2]).
A direct offer/answer exchange between an IPv4-only user agent and an
IPv6-only user agent does not result in the establishment of a
session. The IPv6-only user agent wishes to receive media on one or
more IPv6 addresses, but the IPv4-only user agent cannot send media
to these addresses and generally does not even understand their
Camarillo, et al. Expires April 20, 2006 [Page 6]
Internet-Draft IPv6 Transition in SIP October 2005
format.
This IP version incompatibility problem would not exist if hosts
implementing IPv6 also implemented IPv4. However there will be
deployments where the IPv6-only host solution is applicable, such as:
1. Networks where public IPv4 addresses are scarce and it is
preferable to make large deployments only on IPv6.
2. Networks utilizing Layer-2s that do not support contemporary IPv4
and IPv6 usage on the same link (e.g., the 3rd Generation
Partnership Project, 3GPP).
Consequently, user agents need a means to obtain both IPv4 and IPv6
addresses (either locally or using relays) to receive media and to
place them in offers and answers. The following sections describe
how user agents can gather addresses following the ICE (Interactive
Connectivity Establishment) [12] procedures and how they can encode
them in an SDP session description using the ANAT semantics [7] for
the SDP grouping framework [5].
4.1 Initial Offer
It is RECOMMENDED that user agents gather IPv4 and IPv6 addresses
using the ICE procedures to generate all their offers. This way,
both IPv4-only and IPv6-only answerers will be able to generate an
answer that establishes a session. Note that, in case of forking,
the same offer carried in an INVITE request can arrive to an IPv4-
only user agent and to an IPv6-only user agent at roughly the same
time. Having placed both IPv4 and IPv6 addresses in the offer
reduces the session establishment time because both all types of
answerers find the offer valid.
When following the ICE procedures, in addition to local addresses,
user agents need to obtain addresses from relays. For example, and
IPv4 user agent would obtain an IPv6 address from a relay. The relay
would forward the traffic received on this IPv6 address to the user
agent using IPv4. Such user agents MAY use any mechanism to obtain
addresses in relays, but, following the recommendations in ICE, it is
RECOMMENDED that user agents support TURN [10] [11] for this purpose.
User agents that use SDP SHOULD support the ANAT semantics for the
SDP grouping framework. ANAT allows user agents to include both IPv4
and IPv6 addresses in their SDP session descriptions. The SIP usage
of the ANAT semantics is discussed in [9].
4.2 Connectivity Checks
Once the answerer has generated an answer following the ICE
Camarillo, et al. Expires April 20, 2006 [Page 7]
Internet-Draft IPv6 Transition in SIP October 2005
procedures, both user agents SHOULD perform the STUN-based [6]
connectivity checks specified by ICE. This checks help prevent some
types of flooding attacks and allow user agents to discover new
addresses that can be useful in the presence of NATs (Network Address
Translators).
5. IANA Considerations
This document does not contain any actions for the IANA.
6. Security Considerations
TBD.
7. Acknowledgment
TBD.
8. References
8.1 Normative References
[1] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", RFC 2119, March 1997.
[2] Handley, M. and V. Jacobson, "SDP: Session Description
Protocol", RFC 2327, April 1998.
[3] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A.,
Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP:
Session Initiation Protocol", RFC 3261, June 2002.
[4] Rosenberg, J. and H. Schulzrinne, "An Offer/Answer Model with
the Session Description Protocol (SDP)", RFC 3264, June 2002.
[5] Camarillo, G., Holler, J., and H. Schulzrinne, "Grouping of
Media Lines in the Session Description Protocol (SDP)",
RFC 3388, December 2002.
[6] Rosenberg, J., Weinberger, J., Huitema, C., and R. Mahy, "STUN
- Simple Traversal of User Datagram Protocol (UDP) Through
Network Address Translators (NATs)", RFC 3489, March 2003.
[7] Camarillo, G. and J. Rosenberg, "The Alternative Network
Address Types (ANAT) Semantics for the Session Description
Protocol (SDP) Grouping Framework", RFC 4091, June 2005.
[8] Rosenberg, J. and H. Schulzrinne, "Session Initiation Protocol
Camarillo, et al. Expires April 20, 2006 [Page 8]
Internet-Draft IPv6 Transition in SIP October 2005
(SIP): Locating SIP Servers", RFC 3263, June 2002.
[9] Camarillo, G. and J. Rosenberg, "Usage of the Session
Description Protocol (SDP) Alternative Network Address Types
(ANAT) Semantics in the Session Initiation Protocol (SIP)",
RFC 4092, June 2005.
[10] Rosenberg, J., Huitema, C., and R. Mahy, "Traversal Using Relay
NAT (TURN)", draft-rosenberg-midcom-turn-08 (work in progress),
September 2005.
[11] Camarillo, G. and O. Novo, "Traversal Using Relay NAT (TURN)
Extension for IPv4/IPv6 Transition",
draft-camarillo-midcom-turn-ipv6-00 (work in progress),
October 2005.
[12] Rosenberg, J., "Interactive Connectivity Establishment (ICE): A
Methodology for Network Address Translator (NAT) Traversal for
Offer/Answer Protocols", draft-ietf-mmusic-ice-05 (work in
progress), July 2005.
8.2 Informational References
[13] Schulzrinne, H., "Dynamic Host Configuration Protocol (DHCPv6)
Options for Session Initiation Protocol (SIP) Servers",
RFC 3319, July 2003.
[14] Schulzrinne, H., "Dynamic Host Configuration Protocol (DHCP-
for-IPv4) Option for Session Initiation Protocol (SIP)
Servers", RFC 3361, August 2002.
[15] Schulzrinne, H., Casner, S., Frederick, R., and V. Jacobson,
"RTP: A Transport Protocol for Real-Time Applications",
RFC 3550, July 2003.
[16] Handley, M., Schulzrinne, H., Schooler, E., and J. Rosenberg,
"SIP: Session Initiation Protocol", RFC 2543, March 1999.
[17] Draves, R., "Default Address Selection for Internet Protocol
Version 6 (IPv6)", RFC 3484, Feb 2003.
[18] Peterson, J., "Session Initiation Protocol (SIP) Authenticated
Identity Body (AIB) Format", RFC 3893, September 2004.
[19] Gurbani, V. and C. Boulton, "Recommendations on the use of IPv6
in the Session Initiation Protocol (SIP)",
draft-gurbani-sipping-ipv6-sip-01 (work in progress),
October 2005.
Camarillo, et al. Expires April 20, 2006 [Page 9]
Internet-Draft IPv6 Transition in SIP October 2005
[20] Peterson, J. and C. Jennings, "Enhancements for Authenticated
Identity Management in the Session Initiation Protocol (SIP)",
draft-ietf-sip-identity-05 (work in progress), MArch 2005.
Authors' Addresses
Gonzalo Camarillo
Ericsson
Hirsalantie 11
Jorvas 02420
Finland
Email: Gonzalo.Camarillo@ericsson.com
Karim El Malki
Athonet
Email: karim@athonet.com
Vijay K. Gurbani
Lucent Technologies, Inc./Bell Laboratories
2000 Lucent Lane
Rm 6G-440
Naperville, IL 60566
USA
Phone: +1 630 224 0216
Email: vkg@lucent.com
Camarillo, et al. Expires April 20, 2006 [Page 10]
Internet-Draft IPv6 Transition in SIP October 2005
Intellectual Property Statement
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
Disclaimer of Validity
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Copyright Statement
Copyright (C) The Internet Society (2005). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights.
Acknowledgment
Funding for the RFC Editor function is currently provided by the
Internet Society.
Camarillo, et al. Expires April 20, 2006 [Page 11]
