SIP J. Rosenberg
Internet-Draft Cisco Systems
Expires: January 12, 2006 July 11, 2005
Clarifying Construction of the Route Header Field in the Session
Initiation Protocol (SIP)
draft-rosenberg-sip-route-construct-00
Status of this Memo
By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on January 12, 2006.
Copyright Notice
Copyright (C) The Internet Society (2005).
Abstract
The Route header field in the Session Initiation Protocol (SIP)
protocol is used to cause a request to visit a set of hops on its way
towards the final destination. The SIP specification defines
construction of the Route header field at user agents. However,
numerous other mechanisms have been described, such as Service-Route
and the 305 response, which cause the client to set its Route header
field for a request. As such, the specific behavior for a UA in
construction of its Route header field is unclear. This document
Rosenberg Expires January 12, 2006 [Page 1]
Internet-Draft Route Construct July 2005
attempts to define a consistent set of logic.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Existing Sources . . . . . . . . . . . . . . . . . . . . . . 3
2.1 Default Outbound Proxies . . . . . . . . . . . . . . . . . 3
2.2 Service Route . . . . . . . . . . . . . . . . . . . . . . 4
2.3 Record-Routes . . . . . . . . . . . . . . . . . . . . . . 4
2.4 305 Use Proxy . . . . . . . . . . . . . . . . . . . . . . 4
3. Problems with Current Specifications . . . . . . . . . . . . 5
4. Overview of Operation . . . . . . . . . . . . . . . . . . . 6
5. Detailed Processing Rules . . . . . . . . . . . . . . . . . 6
5.1 Registrar Behavior . . . . . . . . . . . . . . . . . . . . 6
5.2 UAC Behavior . . . . . . . . . . . . . . . . . . . . . . . 7
5.3 Client Behavior . . . . . . . . . . . . . . . . . . . . . 7
5.4 Server Behavior . . . . . . . . . . . . . . . . . . . . . 8
6. Backwards Compatibility . . . . . . . . . . . . . . . . . . 9
7. Security Considerations . . . . . . . . . . . . . . . . . . 10
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . 10
9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 10
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 11
10.1 Normative References . . . . . . . . . . . . . . . . . . 11
10.2 Informative References . . . . . . . . . . . . . . . . . 11
Author's Address . . . . . . . . . . . . . . . . . . . . . . 11
Intellectual Property and Copyright Statements . . . . . . . 12
Rosenberg Expires January 12, 2006 [Page 2]
Internet-Draft Route Construct July 2005
1. Introduction
The Route header field in the Session Initiation Protocol (SIP)
protocol is used to cause a request to visit a set of hops on its way
towards the final destination. RFC 3261 [2] discusses how a client
constructs the Route header field for requests. However, this logic
is restricted to mid-dialog requests, where the route set was learned
as a result of record-routing.
However, additional sources of routes can exist for a UA. These
include default outbound proxies, a service route learned from the
Service-Route header field [3], and a redirection coming from a 305
response. In total, there are four sources of potential route
headers. The way in which these various sources are reconciled is
unclear. Furthermore, the various specifications are unclear about
which requests these Route headers are applicable to. Do they apply
to REGISTER? Do they apply to mid-dialog requests?
Section 2 reviews the existing sources of route sources. Section 3
discusses problems with the existing specifications. Section 4
overviews the proposed changes in behavior. Section 5 provides a
detailed description of element behavior, and Section 6 discusses
backwards compatibility issues.
2. Existing Sources
This section examines the current set of route header field sources.
2.1 Default Outbound Proxies
RFC 3261 discusses default outbound proxies. In Section 8.1.1.1, it
makes reference to its interaction with Route header fields:
In some special circumstances, the presence of a pre-existing
route set can affect the Request-URI of the message. A pre-
existing route set is an ordered set of URIs that identify a chain
of servers, to which a UAC will send outgoing requests that are
outside of a dialog. Commonly, they are configured on the UA by a
user or service provider manually, or through some other non-SIP
mechanism. When a provider wishes to configure a UA with an
outbound proxy, it is RECOMMENDED that this be done by providing
it with a pre-existing route set with a single URI, that of the
outbound proxy.
When a pre-existing route set is present, the procedures for
populating the Request-URI and Route header field detailed in
Section 12.2.1.1 MUST be followed (even though there is no
dialog), using the desired Request-URI as the remote target URI.
Rosenberg Expires January 12, 2006 [Page 3]
Internet-Draft Route Construct July 2005
The default outbound proxy can be learned either through DHCP [4],
through configuration (such as the SIP configuration framework [6]),
or through other means. In the IMS, the default outbound proxy is
the P-CSCF and is learned through GPRS specific techniques.
RFC 3261 does not explicitly say the set of messages to which this
route set applies. However, the text above implies that it is for
all requests outside of a dialog.
2.2 Service Route
RFC 3608 specifies the Service-Route header field. This header field
is provided to the UA in a 2xx response to a REGISTER request. The
client uses this to populate its Route header fields for outgoing
requests. However, RFC 3608 explicitly says that the decision a UA
makes about how it combines the service route with other outbound
routes is a matter of local policy. Furthermore, RFC 3608 does not
clearly define to which requests the service route applies, and in
particular, whether or not it applies to a REGISTER request or a mid-
dialog request.
2.3 Record-Routes
RFC 3261 provides a detailed description of the record-routing
mechanism, and how the user agents in a dialog construct route sets
from the Record-Route header field values. RFC 3261 is also clear
that the resulting route set applies to mid-dialog requests. It
implies (though does not explicitly say) that the resulting route set
overrides any default outbound proxies (which represent a pre-loaded
route set).
2.4 305 Use Proxy
RFC 3261 defines the 305 "Use Proxy" response code, but says
extremely little about exactly how it is used. It has this to say:
The requested resource MUST be accessed through the proxy given by
the Contact field. The Contact field gives the URI of the proxy.
The recipient is expected to repeat this single request via the
proxy. 305 (Use Proxy) responses MUST only be generated by UASs.
It is unclear how the Contact in the redirect is used. Does it
populate the request URI of the resulting request? Or, does it get
used to populate the Route header field? The restriction to UASs is
also not explained.
Historically, the reason for the restriction to UAs was to avoid
routing loops. Consider an outbound proxy that generates a 305,
Rosenberg Expires January 12, 2006 [Page 4]
Internet-Draft Route Construct July 2005
instead of proxying the request. The concern was that the client
would then recurse on the response, populate the Contact into a new
request URI, and send the request to its default outbound proxy,
which redirects once more. To avoid this, the RFC says that only a
UAS can redirect with a 305, not a proxy.
However, this design decision on 305 handling was made prior to the
conception of loose routing, although both ended up in RFC 3261. The
design of the 305 mechanism, unfortunately, was not revisited after
loose routing was specified. As such, the draft is not clear about
whether or not the contact gets utilized as a Route header field
value or whether it replaces the Request URI.
3. Problems with Current Specifications
Because the interactions between these various sources of routes are
unspecified, certain features have proven impossible to provide,
and/or interoperability problems have resulted.
One problem is that, depending on the way a client constructs its
route set, it may be impossible to change a users outbound proxy
without updating its configuration. Such changes are extremely
useful for many operational reasons. One example is movement of
subscribers between geographically distributed sites in cases where a
site must be gracefully taken out of service, and the subscribers
using it need to be moved. If the client uses the service route to
augment the route from corresponding to its default outbound proxy, a
network provider cannot move a subscriber.
Another problem is the client bootstrapping problem. Consider the
same SIP network that utilizes geographically distributed sites.
Each site contains a subset of the user database - the subset for the
users in that site. When a SIP UA first boots up, it needs to obtain
its configuration. As such, it has a hard-coded default proxy it
uses for an initial SUBSCRIBE to enroll in its configuration [6].
This proxy, however, may not be the one in site to which the user of
that SIP UA is associated. Ideally, the initial SUBSCRIBE could be
routed to a server that redirects the client to the right proxy in
the user's actual site. This redirection needs to override the
default outbound proxy for the phone. However, there is not
currently a way to do that.
An interoperability problem that has arisen is keeping an outbound
proxy on the path for outbound requests. Consider a proxy in a hotel
which a client discovers via DHCP and uses as its outbound proxy.
This proxy wishes to be used for incoming and outgoing requests, both
in and out of a dialog. So, it includes itself on the Path header
field of the REGISTER. However, it has no idea if the registrar will
Rosenberg Expires January 12, 2006 [Page 5]
Internet-Draft Route Construct July 2005
reflect the Path header field into the Service-Route, and cannot
determine whether putting itself on the Path is effective for getting
on the service route. Per RFC 3608 it cannot modify the Service-
Route in the response to REGISTER. As such, if the registrar does
not include the proxy in the Service-Route, and the endpoint
overrides its outbound proxy setting with the Service-Route, the
local proxy falls off the outbound path despite its best efforts.
4. Overview of Operation
Firstly, new behavior for generation and processing of the 305 Use
Proxy is specified. Any element in the network, proxy or UAS, can
generate a 305, not just a UAS as specified in RFC3261. This
redirect can be recursed by any upstream element, but it is ideally
recursed by the element directly upstream from the one that genreated
the redirect. To recurse on the redirect, the proxy or UAC takes the
Contact header field value from the 305, and uses it to replace the
top value of the Route header field used previously. If no Route
header field was used previously, one is added. However, in neither
case is the Request-URI modified.
When a UAC goes to send a request, whether it is a mid-dialog request
or a new request with any method (except CANCEL or ACK to a non-2xx
response), the client first uses any route set learned from a record-
route (which covers mid-dialog requests). If the request is not a
mid-dialog reuqest, the client sees if it has any service routes
learned through RFC 3608. If there are none, the client next uses
any configured default outbound proxies. These three sources -
record-routes, service routes and default outbound proxies - are
never mixed, and one and only one of them applies to each request.
After it is applied however, if the request results in a 305 Use
Proxy response, the topmost Route header field is updated as
described above.
A registrar, upon receipt of a REGISTER, uses the Path header field
values to construct the Service-Route in the response. The values
from the Path are copied into the Service-Route, and the registrar
can then add some additional ones if they are within the domain of
the provider.
5. Detailed Processing Rules
5.1 Registrar Behavior
The registrar MUST construct the Service-Route in the registration
response by taking each URI from the Path header field in the
REGISTER request, and inverting the order. After inversion, the
registrar MAY add additional URIs at the end of the list (that is,
Rosenberg Expires January 12, 2006 [Page 6]
Internet-Draft Route Construct July 2005
the right hand side of the list, corresponding to proxy elements that
will be the farthest away from the UA).
Furthermore, the registrar MAY replace or remove any URIs that are
within a domain under the control of the registrar. When replacing a
URI, one or more new ones can take its place. If the registrar is in
example.com, this would include any URIs whose domain part is
example.com. It would also include any URIs whose domain is a
subdomain of example.com, as long as that subdomain is under the
control of example.com. It could also include URIs whose domain part
is unrelated to example.com, as long as those are within the control
of example.com. It is difficult to provide a concise definition of
"under the control", but generally it means that the administrative
policies for the subservient domain are completely defined by the
controlling domain.
This behavior ensures that proxies outside of the domain of the
registrar have a way to appear on the service route, but provides a
way, within a domain, to provide service routes that are not coupled
to the Path.
5.2 UAC Behavior
A UAC compliant to this specification MUST include the "lr305" option
tag in the Supported header field of requests that it generates.
For a request sent by a UAC that is not the result of recursion on a
305, the following logic MUST be used to compute the route set used
to populate the Route header field of the request. If the request is
a mid-dialog request, the route set is computed per the procedures in
Section 12.2.1.1 of RFC 3261. This route set overrides routes
learned from configuration, DHCP, Service-Route or any other
mechanism. If the request is not a mid-dialog request, the client
checks to see if it has learned a service route as a result of
registering the AOR it has populated in the From header field of the
request. If it has learned a service route, the URIs from the
Service-Route header field is used as the route set for the request.
This route set overrides routes learned from configuration, DHCP, or
any other mechanism. This route set is used in all requests outside
of a dialog, including REGISTER. If the UA has not learned a service
route, it uses the route set learned through configuration. [[OPEN
ISSUE: Do we need to specify how to reconcile route sources learned
across disparate configuration sources? For example DHCP and a
config file?]]
5.3 Client Behavior
The following logic defined here applies to all clients, both UAC and
Rosenberg Expires January 12, 2006 [Page 7]
Internet-Draft Route Construct July 2005
proxies, and applies to the processing of a 305 response.
It is RECOMMENDED that a client in receipt of a 305 recurse on that
redirection, rather than forwarding it upstream. To compute the
request that is sent as a result of the recursion, the client MUST
take the route set used for the request that generated the 305
response. If that request had a Route header field, the first value
MUST be replaced with the value of the Contact header field in the
305 with the highest q-value. If there are multiple such Contacts
with the same q-value, one is chosen at random. The result is used
as the route set for the new request. If the original request did
not have a Route header field, the new request MUST contain a single
Route header field value, equal to the URI provided in the Contact
header field of the 305 with the highest q-value. This processing
applies to requests both inside and outside of a dialog, and applies
to all request methods, including REGISTER, with the exception of ACK
and CANCEL.
If a 305 response had multiple Contact header field values, and the
recursed request generated a 503 response, and the client had
exhausted all alternative servers learned from DNS [5] for the
previous Contact header field value, the client SHOULD choose the
Contact from the 305 with the next highest q-value, and construct
another recursed request using the procedures defined above. In the
event the 305 had multiple Contact header field values with
equivalent q-values, the next highest one might have a q-value equal
to the one that was just tried.
If the policy of the client is such that it a request must visit a
particular set of hops subsequent to being processed, and the route
set constructed as a result of the recursion does not meet those
policy constraints, the client MAY push additional route header field
values in order for the request to meet those policy requirements.
Proxies that do this SHOULD verify that the URI placed into the
topmost Route header field value is an acceptable next hop, and not
just blindly push route header field values.
5.4 Server Behavior
Any server, either a UAS or a proxy, MAY generate a 305 in response
to a request. Such a response can be generated either for initial or
mid-dialog requests. The 305 SHOULD NOT be generated unless one of
the following conditions is met:
o The server generating the 305 has an administrative relationship
with the previous hop element, and knows that it is capable of
supporting this specification and will recurse on a 305 that it
sends.
Rosenberg Expires January 12, 2006 [Page 8]
Internet-Draft Route Construct July 2005
o The server generating the 305 believes that its previous hop is a
UAC, and the request being redirected included a Supported header
field with the option tag "lr305".
These requirements provide a limited form of backwards compatibility.
See Section 6 for a thorough discussion.
6. Backwards Compatibility
This specification defines a different behavior for the processing of
305 than is implied in RFC 3261 (although the behavior is not
entirely clear). Because of this, there are two backwards
compatibility scenarios that need to be considered:
1. The element that recurses on the redirection does not support
this specification. As a result, it replaces its Request-URI in
the recursed request with the value from the Contact header field
of the 305.
2. The element that recurses supports this specification, and
correctly populates the Contact header field value into the Route
header field of the recursed request. However, the element that
performed the recursion was not the element immediately upstream
from the one that generated the 305. As a result, an
intermediate element is bypassed even though the desire was for
it to remain on the route set.
The first of these two cases causes the Request URI to be clobbered.
The request will arrive at the server that was the target of the
redirection, but it probably won't be able to process the request
because the actual request URI is no longer present. Unfortunately,
avoiding this failure case entirely is quite difficult. It requires
the redirecting server to have an assurance that the element
immediately upstream, whether it is a proxy or UAC, supports this
specification. There is no mechanism in the suite of RFC 3261
compatibility tools that can provide such a function. The only way
to do this is to include another cookie in the Via branch ID, used as
a signal that this extension is supported. However, this results in
substantial pollution of the Via header field, and increases each
message substantially.
It is believed that a 305 redirection is in fairly limited usage at
the time of writing, and so this specification provides a weaker form
of backwards compatibility. The Supported header field is used to
verify that clients support the mechanism. Rather than explicit
signaling, it is assumed that proxies can know whether the previous
hop supports this mechanism based on an administrative relationship
with that proxy. This precludes 305 from being used inter-provider
Rosenberg Expires January 12, 2006 [Page 9]
Internet-Draft Route Construct July 2005
until it is ubiquitously deployed. However, this does not seem like
a major limitation, since most of the use cases are intra-provider.
The backwards compatibility mechanism also assumes that a proxy can
determine that its previous hop is a UAC as opposed to a proxy; this
is hard to know for certain.
The second backwards compatibility issue is interesting. What
happens if the 305 is properly handled, but is recursed by an element
that lies multiple hops upstream from the redirecting server? The
recursing element will replace its top Route header field with the
value from the Contact in the 305, and presumably send the request
there directly. That may or may not be a problem, it depends on
whether the previously-intervening proxies really need to be on the
request path or not. To deal with this case, the specification
allows a recursing element to push additional route headers in order
to make sure requests traverse paths that meet their policy
constraints.
7. Security Considerations
An attacker that injects a fake route set, whether it is in a 305
response, a Service-Route, a Record-Route or a configuration, can
launch a multitude of attacks, including denial-of-service and fraud.
For this reason, an element SHOULD NOT make use of a route set unless
it has obtained it through a signaling channel that has been secured
using the SIPS mechanism in RFC 3261 [2]
8. IANA Considerations
This specification registers a new option tag for SIP, according to
Section 27.1 of RFC 3261.
Name: lr305
Description: This option tag is for support of the loose routing
behavior for the 305 Use Proxy response. It is used in the
Supported header field of requests, and indicates that the UAC
will properly recurse when it receives a 305.
9. Acknowledgements
The author would like to thank Paul Kyzivat and Anders Kristensen for
their comments.
10. References
Rosenberg Expires January 12, 2006 [Page 10]
Internet-Draft Route Construct July 2005
10.1 Normative References
[1] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, March 1997.
[2] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A.,
Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP:
Session Initiation Protocol", RFC 3261, June 2002.
[3] Willis, D. and B. Hoeneisen, "Session Initiation Protocol (SIP)
Extension Header Field for Service Route Discovery During
Registration", RFC 3608, October 2003.
10.2 Informative References
[4] Schulzrinne, H., "Dynamic Host Configuration Protocol (DHCP-for-
IPv4) Option for Session Initiation Protocol (SIP) Servers",
RFC 3361, August 2002.
[5] Rosenberg, J. and H. Schulzrinne, "Session Initiation Protocol
(SIP): Locating SIP Servers", RFC 3263, June 2002.
[6] Petrie, D., "A Framework for Session Initiation Protocol User
Agent Profile Delivery", draft-ietf-sipping-config-framework-06
(work in progress), February 2005.
Author's Address
Jonathan Rosenberg
Cisco Systems
600 Lanidex Plaza
Parsippany, NJ 07054
US
Phone: +1 973 952-5000
Email: jdrosen@cisco.com
URI: http://www.jdrosen.net
Rosenberg Expires January 12, 2006 [Page 11]
Internet-Draft Route Construct July 2005
Intellectual Property Statement
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
Disclaimer of Validity
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Copyright Statement
Copyright (C) The Internet Society (2005). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights.
Acknowledgment
Funding for the RFC Editor function is currently provided by the
Internet Society.
Rosenberg Expires January 12, 2006 [Page 12]