GEOPRIV M. Thomson
Internet-Draft J. Winterbottom
Intended status: Standards Track Andrew
Expires: January 10, 2008 July 9, 2007
Discovering the Local Location Information Server (LIS)
draft-thomson-geopriv-lis-discovery-02.txt
Status of this Memo
By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on January 10, 2008.
Copyright Notice
Copyright (C) The IETF Trust (2007).
Thomson & Winterbottom Expires January 10, 2008 [Page 1]
Internet-Draft LIS Discovery July 2007
Abstract
A method is described for the discovery of a Location Information
Server. The method consists of attempting to use a Dynamic Host
Configuration Protocol (DHCP) option, followed by a URI-enabled NAPTR
(U-NAPTR). DHCP options are defined for both IPv4 and IPv6 DHCP.
This document also defines a U-NAPTR Application Service for a LIS,
with a specific Application Protocol for the HTTP Enabled Location
Delivery (HELD) protocol.
Table of Contents
1. Introduction and Overview . . . . . . . . . . . . . . . . . . 3
1.1. DHCP Discovery . . . . . . . . . . . . . . . . . . . . . . 3
1.2. U-NAPTR Discovery . . . . . . . . . . . . . . . . . . . . 3
1.3. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4
2. LIS Discovery Using DHCP . . . . . . . . . . . . . . . . . . . 5
2.1. DHCPv4 Option for a LIS Address . . . . . . . . . . . . . 5
2.2. DHCPv6 Option for a LIS Address . . . . . . . . . . . . . 5
3. U-NAPTR for LIS Discovery . . . . . . . . . . . . . . . . . . 7
4. Determining the Access Network Domain Name . . . . . . . . . . 8
4.1. DHCP Domain Name Option . . . . . . . . . . . . . . . . . 8
4.2. Reverse DNS . . . . . . . . . . . . . . . . . . . . . . . 8
4.2.1. Determining an External IP Address . . . . . . . . . . 9
5. Recommended Discovery Order . . . . . . . . . . . . . . . . . 11
6. Security Considerations . . . . . . . . . . . . . . . . . . . 12
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13
7.1. Registration of DHCPv4 and DHCPv6 Option Codes . . . . . . 13
7.2. Registration of a Location Server Application Service
Tag . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
7.3. Registration of a Location Server Application Protocol
Tag for HELD . . . . . . . . . . . . . . . . . . . . . . . 13
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 15
9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 16
9.1. Normative References . . . . . . . . . . . . . . . . . . . 16
9.2. Informative References . . . . . . . . . . . . . . . . . . 16
Appendix A. Residential Broadband LCS Discovery Example . . . . . 18
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 21
Intellectual Property and Copyright Statements . . . . . . . . . . 22
Thomson & Winterbottom Expires January 10, 2008 [Page 2]
Internet-Draft LIS Discovery July 2007
1. Introduction and Overview
Discovering a Location Information Server (LIS) is an important part
of the location acquisition process. The LIS is an access network
service that needs to be discovered before it can be used. This
document describes a method that a host can use to discover a URI for
a LIS.
The product of a discovery process, such as the one described in this
document, is the address of the service. In this document, the
result is a URI, which identifies a LIS. A URI permits
identification of a LIS that includes information about protocols and
other supplementary information.
The discovery process requires that the host first attempt LIS
discovery using Dynamic Host Configuration protocol (DHCP). If DHCP
is not available, or the option is not supported by the network, the
host attempts to discover the LIS using the DNS and URI-enabled
Naming Authority Pointer (U-NAPTR). Finally, the host can rely on
proprietary methods for determining the address of the LIS, including
static configuration.
1.1. DHCP Discovery
DHCP ([RFC2131], [RFC3315]) is a commonly used mechanism for
providing bootstrap configuration information allowing a host to
operate in a specific network environment. The bulk of DHCP
information is largely static; consisting of configuration
information that does not change over the period that the host is
attached to the network. Physical location information might change
over this time, however the address of the LIS does not. Thus, DHCP
is suitable for configuring a host with the address of a LIS.
1.2. U-NAPTR Discovery
Where DHCP is not available, the DNS might be able to provide a URI.
For DNS methods, alternative discovery techniques SRV records
[RFC2782] or Straightforward NAPTR (S-NAPTR) [RFC3958] cannot be
used; these methods only permit the return of a hostname and port,
not a URI. URI-enabled NAPTR (U-NAPTR) [RFC4848], which is based on
S-NAPTR, describes a method of applying the Dynamic Delegation
Discovery Service (DDDS) for URI results.
For the LIS discovery DDDS application, an Application Service tag
"LIS" and an Application Protocol tag "HELD" are created and
registered with the IANA. Taking a domain name, this U-NAPTR
application uses the two tags to determine the LIS URI.
Thomson & Winterbottom Expires January 10, 2008 [Page 3]
Internet-Draft LIS Discovery July 2007
Determining the domain name to be used is a critical part of the
resolution process. The second part of this document describes how a
domain name can be derived. Several methods are described that
address different scenarios.
1.3. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
This document also uses the term "host" to refer to an end host, or
Target (in RFC3693 [RFC3693] parlance). The terms "access network"
refers to the network that a host connects to for Internet access.
The "access network provider" is the entity that operates the access
network. The access network provider is responsible for allocating
the host an IP address and for directly or indirectly providing a LIS
service.
Thomson & Winterbottom Expires January 10, 2008 [Page 4]
Internet-Draft LIS Discovery July 2007
2. LIS Discovery Using DHCP
Where DHCP is available, a host SHOULD attempt to use DHCP to
discover the LIS. If the DHCP method fails, the host SHOULD attempt
the DNS/U-NAPTR method described in Section 3 or it MAY resort to a
configured address.
TBD: If multiple protocols can be indicated by these options, how
does the host know which protocol is in use? Is there any sense in
providing multiple responses for multiple protocols? Possible
solution is to reuse the application protocol tag from the U-NAPTR
section.
2.1. DHCPv4 Option for a LIS Address
This section defines a DHCP for IPv4 (DHCPv4) option for the address
of a LIS.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| LIS_URI | Length | URI ... .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| URI ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
LIS_URI: The IANA assigned option number (TBD).
Length: The length of the URI in octets.
URI: The address of the LIS. This URI SHOULD NOT be more than 253
bytes in length, but MAY be extended by concatenating multiple
option values, as described in [RFC3396]. The URI MUST NOT be
NULL terminated.
2.2. DHCPv6 Option for a LIS Address
This section defines a DHCP for IPv6 (DHCPv6) option for the address
of a LIS. The DHCPv6 option for this parameter is similarly
formatted to the DHCPv4 option.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_LIS_URI | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| URI ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Thomson & Winterbottom Expires January 10, 2008 [Page 5]
Internet-Draft LIS Discovery July 2007
OPTION_LIS_URI: The IANA assigned option number (TBD).
Length: The length of the URI in octets.
URI: The address of the LIS. The URI MUST NOT be NULL terminated.
Thomson & Winterbottom Expires January 10, 2008 [Page 6]
Internet-Draft LIS Discovery July 2007
3. U-NAPTR for LIS Discovery
U-NAPTR resolution for a LIS takes a domain name as input and
produces a URI that identifies the LIS. This process also requires
an Application Service tag and an Application Protocol tag, which
differentiate LIS-related NAPTR records from other records for that
domain.
Section 7.2 defines an Application Service tag of "LIS", which is
used to identify the location service for a particular domain. The
Application Protocol tag "HELD", defined in Section 7.3, is used to
identify a LIS that understands the HELD protocol
[I-D.ietf-geopriv-http-location-delivery].
The NAPTR records in the following example demonstrate the use of the
Application Service and Protocol tags. Iterative NAPTR resolution is
used to delegate responsibility for the LIS service from
"zonea.example.com" and "zoneb.example.com" to "example.com".
zonea.example.com.
;; order pref flags
IN NAPTR 100 10 "" "LIS:HELD" ( ; service
"" ; regex
example.com. ; replacement
)
zoneb.example.com.
;; order pref flags
IN NAPTR 100 10 "" "LIS:HELD" ( ; service
"" ; regex
example.com. ; replacement
)
example.com.
;; order pref flags
IN NAPTR 100 10 "u" "LIS:HELD" ( ; service
"!*.!https://lis.example.com/!" ; regex
. ; replacement
)
Details for the "LIS" Application Service tag and the "HELD"
Application Protocol tag are included in Section 7.
Thomson & Winterbottom Expires January 10, 2008 [Page 7]
Internet-Draft LIS Discovery July 2007
4. Determining the Access Network Domain Name
The U-NAPTR discovery method described in Section 3 requires that the
domain name applicable to the access network is known. An
unconfigured host might not have this information, therefore it must
determine this value before the U-NAPTR method can be attempted.
This section describes several methods for discovering a domain name
for the local access network. Each method should be attempted where
applicable until a domain name is derived. If a domain name is
successfully derived but that domain name does not produce any
U-NAPTR records, alternative methods can be attempted. Reattempting
with different methods is particularly applicable when NAT is used,
as is shown in Section 4.2.1.
4.1. DHCP Domain Name Option
For IP version 4, Dynamic Host Configuration Protocol (DHCP) option
15 [RFC2131] includes the domain name suffix for the host. If DHCP
and option 15 are available, this value should be used as input the
U-NAPTR procedure.
DHCP for IPv6 provides a single domain name suffix that can be used
in the same manner, as a described in
[I-D.ietf-dhc-dhcpv6-opt-dnsdomain].
Alternatively, a fully qualified domain name (FQDN) for the host
might be provided by the server ([RFC4702] for DHCPv4, [RFC4704] for
DHCPv6). This domain name is used as input to the U-NAPTR resolution
and is obtained from the FQDN by removing the first label. If the
host has provided a fully qualified domain name using this option, it
SHOULD NOT be used - the domain known to the host might not be the
same as that of the access network.
Either DHCP method SHOULD be attempted first if DHCP is available.
Note that this method is only attempted if the LIS address option is
not available.
4.2. Reverse DNS
DNS "PTR" records in the "in-addr.arpa." domain can be used to
determine the domain name of a host, and therefore, the name of the
domain for that host. The use of the "in-addr.arpa." domain is
described in [RFC1034] and results in the domain name of the host.
Likewise, IPv6 hosts use the "ip6.arpa." domain. In the majority of
cases, the domain part of this name (everything excluding the first
label) is also the domain name for the access network. Assuming that
this is true, this domain name can be used as input to the U-NAPTR
Thomson & Winterbottom Expires January 10, 2008 [Page 8]
Internet-Draft LIS Discovery July 2007
process.
For example, if the for "10.1.2.3" address, if the "PTR" record at
"3.2.1.10.in-addr.arpa." refers to "host.example.com", this results
in a U-NAPTR search for "example.com".
The DNS hierarchy does not necessarily directly map onto a network
topology (see [RFC4367]; therefore, this method MUST only be used for
the domain name determined by removing the first label only. This
method assumes that the access network provider also provides the
reverse DNS record and they control the domain that is indicated in
the "PTR" record.
Furthermore, this method might not apply where a host is given a
domain name that is different from the domain name of the access
network. This might occur in some hosting configurations, such as
where a number of web server hosts, with widely varying domain names,
are co-located. From the above example, the access network provider
allocated "10.1.2.3" to the host; therefore, they also need to
control the DNS domain "example.com" and the associated NAPTR
records. DNS Security Extensions (DNSSEC) [RFC4033] provides a
cryptographic means of validating this association, through data
origin authentication.
4.2.1. Determining an External IP Address
Reverse DNS relies on knowing the IP address of a host within the
access domain. Initially, this SHOULD be attempted using the IP
address that is assigned to a local interface on the host. However,
when a NAT device is used, the IP address of the NAT device is
substituted for the source IP address. If a NAT device exists
between the host and the access network, the host does not have any
direct way to determine the IP address that it is effectively using
within the access network. The IP address of the NAT device and the
corresponding domain name can be used to discover the LIS.
In order to use reverse DNS in this configuration, the hosts need to
know the IP address that the NAT device uses. The following sections
describe some possible methods.
These methods are particularly useful in residential broadband
configurations. A large proportion of residential broadband services
employ a NAT device so that several hosts can share the same Internet
access. Since the network behind the NAT device are generally very
small, both in numbers and geographical area, it isn't necessary for
a LIS to operate within that network; the hosts are able to access a
LIS in the access network outside of the NAT device.
Thomson & Winterbottom Expires January 10, 2008 [Page 9]
Internet-Draft LIS Discovery July 2007
4.2.1.1. UPnP
If a NAT device complies with the Universal Plug and Play (UPnP)
specification [UPnP-IGD-WANIPConnection1], the WANIPConnection part
can be used to query the device for its public IP address. The
"GetExternalIPAddress" function provides the external address for a
particular network connection.
UPnP defines a method for discovering UPnP-enabled hosts in a
network; the host does not need any prior configuration to employ
this method.
4.2.1.2. STUN
A host can use the Simple Traversal of UDP NATs (STUN)
[I-D.ietf-behave-rfc3489bis] to determine a public IP address. The
host uses the "Binding Request" message and the resulting
"MAPPED-ADDRESS" parameter that is returned in the response.
Using STUN requires cooperation from a publicly accessible STUN
server. A domain name needs to be configured at the host for STUN
server discovery.
4.2.1.3. Other Options
The source IP address in any IP packet can be used to determine the
public IP address of a host. While the STUN method uses a small part
of a more sophisticated protocol, this principle can be applied using
any other protocol. Like STUN, this method requires prior knowledge
of the publicly accessible server and the method that it supports.
For instance, a publicly accessible host could be configured to
respond to a UDP packet on a predefined port; the data of the
response could contain the source IP address that was in the request.
Alternatively, a HTTP server at a particular URL could be configured
to respond to a GET request with a "text/plain" body containing the
IP address of the requester. HTTP proxies render this method
unusable; in particular, transparent HTTP proxies might affect the
results of this method without the knowledge of the host.
Thomson & Winterbottom Expires January 10, 2008 [Page 10]
Internet-Draft LIS Discovery July 2007
5. Recommended Discovery Order
The previous sections described a set of procedures that allow a
device to determine the LIS associated with the local access network.
Some networks maintain a topology analogous to an onion and are
comprised of layers separating hosts from the Internet through
intermediate networks. It is best therefore for a host to discover
the LIS logically closest to it, and this can be done by apply an
order of precedence to the discovery techniques described earlier.
A Device MUST always try to determine the address of the local LIS
through DHCP first. In the event that the Device is unable to
determine the address of the LIS through a suitable DHCP option, then
it MUST proceed to DNS LIS discovery. In the event that DNS LIS
discovery techniques fail, a Device SHOULD use a configured LIS
address, OR prompt the user of the device to enter the address of the
LIS manually.
LIS discovery through DNS requires the Device to determine the domain
name of the local access network. The Device MUST try to determine
this through the DHCP domain name option (15) first. If this option
is unavailable, or fails to yield a valid local LIS address then
reverse DNS MUST be used.
The inner-most LIS in any chain of networks is the LIS being sought.
This LIS is associated with an access domain and similarly the IP
address used to identify the end-device in the access domain is the
IP address that needs to be determined; that is the inner-most IP
address MUST be tested first, then the next and so forth. The device
MUST therefore try using the IP addressed directly assigned to it, in
the event that that fails, it SHOULD try the other alternatives
provided in Section 4.2.1. This document does not provide an order
of precedence for these remaining options. It is RECOMMENDED,
however, that all devices support the limited set of STUN required to
determine an IP chain suitable for the purpose of LIS discovery.
LIS discovery over a VPN network interface SHOULD NOT be performed
since such a LIS does not have the physical presence generally
necessary to determine location. As a corollary, a LIS evaluating a
request for a source address from a VPN pool SHOULD NOT determine
location unless it has specific mechanisms to do so independently of
the physical access network.
Where a host has multiple network interface cards the host MAY
independently discover the LIS corresponding to the access networks
reached by each NIC. Resolving which LIS to contact for location
information is a host application issue.
Thomson & Winterbottom Expires January 10, 2008 [Page 11]
Internet-Draft LIS Discovery July 2007
6. Security Considerations
The primary attack against the methods described in this document is
one that would lead to impersonation of a LIS. The LIS is
responsible for providing location information and this information
is critical to a number of network services; furthermore, a host does
not necessarily have a prior relationship with a LIS. Several
methods are described here that can limit the probablity of, or
provide some protection against, such an attack.
The address of a LIS is usually well-known within an access network;
therefore, interception of messages does not introduce any specific
concerns.
If DHCP is used, the integrity of DHCP options is limited by the
security of the channel over which they are provided. Physical
security and separation of DHCP messages from other packets are
commonplace methods that can reduce the possibility of attack within
an access network; alternatively, DHCP authentication [RFC3118] can
provide a degree of protection against modification.
An attacker could attempt to compromise the U-NAPTR resolution. A
description of the security considerations for U-NAPTR applications
is included in [RFC4848].
In addition to considerations related to U-NAPTR, it is important to
recognize that the output of this is entirely dependent on its input.
An attacker who can control the domain name can also control the
final URI. Because a number of methods are provided for determining
the domain name, a host implementation needs to consider attacks
against each of the methods that are used.
Reverse DNS is subject to the maintenance of the "in-addr.arpa." or
"ip6.arpa." domain and the integrity of the results that it provides.
DNSSEC [RFC4033] provides some measures that can improve the
reliability of DNS results. In particular, DNSSEC SHOULD be applied
to ensure that the reverse DNS record and the resulting domain are
provided by the same entity before this method is used. Without this
assurance, the host cannot be certain that the access network
provider has provided the NAPTR record for the domain name that is
provided.
Hosts behind NAT devices are also subject to attacks when retrieving
their public IP address. [I-D.ietf-behave-rfc3489bis] describes some
means of mitigating this attack for STUN.
Thomson & Winterbottom Expires January 10, 2008 [Page 12]
Internet-Draft LIS Discovery July 2007
7. IANA Considerations
7.1. Registration of DHCPv4 and DHCPv6 Option Codes
The IANA is requested to assign an option code for the DHCPv4 option
for a LIS address, as described in Section 2.1 of this document.
The IANA is requested to assign an option code for the DHCPv6 option
for a LIS address, as described in Section 2.2 of this document.
7.2. Registration of a Location Server Application Service Tag
This section registers a new S-NAPTR/U-NAPTR Application Service tag
for a LIS, as mandated by [RFC3958].
Application Service Tag: LIS
Intended usage: Identifies a service that provides a host with its
location information.
Defining publication: RFCXXXX
Related publications: HELD [I-D.ietf-geopriv-http-location-delivery]
Contact information: The authors of this document
Author/Change controller: The IESG
7.3. Registration of a Location Server Application Protocol Tag for
HELD
This section registers a new S-NAPTR/U-NAPTR Application Protocol tag
for the HELD [I-D.ietf-geopriv-http-location-delivery] protocol, as
mandated by [RFC3958].
Application Service Tag: HELD
Intended Usage: Identifies the HELD protocol.
Applicable Service Tag(s): LIS
Terminal NAPTR Record Type(s): U
Defining Publication: RFCXXXX
Thomson & Winterbottom Expires January 10, 2008 [Page 13]
Internet-Draft LIS Discovery July 2007
Related Publications: HELD [I-D.ietf-geopriv-http-location-delivery]
Contact Information: The authors of this document
Author/Change Controller: The IESG
Thomson & Winterbottom Expires January 10, 2008 [Page 14]
Internet-Draft LIS Discovery July 2007
8. Acknowledgements
The authors would like to thank Leslie Daigle for her work on
U-NAPTR; Peter Koch for his feedback on the DNS aspects of this
document; Andy Newton for constructive suggestions with regards to
document direction.
Thomson & Winterbottom Expires January 10, 2008 [Page 15]
Internet-Draft LIS Discovery July 2007
9. References
9.1. Normative References
[RFC1034] Mockapetris, P., "Domain names - concepts and facilities",
STD 13, RFC 1034, November 1987.
[RFC2131] Droms, R., "Dynamic Host Configuration Protocol",
RFC 2131, March 1997.
[RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C.,
and M. Carney, "Dynamic Host Configuration Protocol for
IPv6 (DHCPv6)", RFC 3315, July 2003.
[RFC3396] Lemon, T. and S. Cheshire, "Encoding Long Options in the
Dynamic Host Configuration Protocol (DHCPv4)", RFC 3396,
November 2002.
[RFC4702] Stapp, M., Volz, B., and Y. Rekhter, "The Dynamic Host
Configuration Protocol (DHCP) Client Fully Qualified
Domain Name (FQDN) Option", RFC 4702, October 2006.
[RFC4704] Volz, B., "The Dynamic Host Configuration Protocol for
IPv6 (DHCPv6) Client Fully Qualified Domain Name (FQDN)
Option", RFC 4704, October 2006.
[RFC4848] Daigle, L., "Domain-Based Application Service Location
Using URIs and the Dynamic Delegation Discovery Service
(DDDS)", RFC 4848, April 2007.
[I-D.ietf-dhc-dhcpv6-opt-dnsdomain]
Yan, R., "Domain Suffix Option for DHCPv6",
draft-ietf-dhc-dhcpv6-opt-dnsdomain-04 (work in progress),
June 2007.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
9.2. Informative References
[RFC2782] Gulbrandsen, A., Vixie, P., and L. Esibov, "A DNS RR for
specifying the location of services (DNS SRV)", RFC 2782,
February 2000.
[RFC3118] Droms, R. and W. Arbaugh, "Authentication for DHCP
Messages", RFC 3118, June 2001.
[RFC3693] Cuellar, J., Morris, J., Mulligan, D., Peterson, J., and
Thomson & Winterbottom Expires January 10, 2008 [Page 16]
Internet-Draft LIS Discovery July 2007
J. Polk, "Geopriv Requirements", RFC 3693, February 2004.
[RFC3958] Daigle, L. and A. Newton, "Domain-Based Application
Service Location Using SRV RRs and the Dynamic Delegation
Discovery Service (DDDS)", RFC 3958, January 2005.
[RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and S.
Rose, "DNS Security Introduction and Requirements",
RFC 4033, March 2005.
[RFC4367] Rosenberg, J. and IAB, "What's in a Name: False
Assumptions about DNS Names", RFC 4367, February 2006.
[I-D.ietf-behave-rfc3489bis]
Rosenberg, J., Huitema, C., Mahy, R., Matthews, P., and D.
Wing, "Session Traversal Utilities for (NAT) (STUN)",
draft-ietf-behave-rfc3489bis-07 (work in progress),
July 2007.
[I-D.ietf-geopriv-http-location-delivery]
Barnes, M., "HTTP Enabled Location Delivery (HELD)",
draft-ietf-geopriv-http-location-delivery-00 (work in
progress), June 2007.
[UPnP-IGD-WANIPConnection1]
UPnP Forum, "Internet Gateway Device (IGD) Standardized
Device Control Protocol V 1.0: WANIPConnection:1 Service
Template Version 1.01 For UPnP Version 1.0", DCP 05-001,
Nov 2001.
Thomson & Winterbottom Expires January 10, 2008 [Page 17]
Internet-Draft LIS Discovery July 2007
Appendix A. Residential Broadband LCS Discovery Example
This example shows how LCS discovery using U-NAPTR and DNS might be
performed in a residential broadband scenario. The assumed network
topology for this network is shown in Figure 4.
+-------------+ __________
| | ( )
| NAT | ( ACCESS )
+-------+ Home +-- 203.192.188.75 ---( )
| | Router | ( NETWORK )
| | | ( )
| +-------------+ -----+----
| |
| __________ +-------+----------+
+----+---------+ ( ) | |
| | ( ) | ISP Domaine Name |
| DEVICE | ( INTERNET )--------+ my.isp.net |
| Internal IP | ( ) | |
| 192.168.0.55 | ( ) +------------------+
| | -----+----
+--------------+ |
|
+------+-------+
| VOICE |
| PROVIDER |
+--------------+
Figure 4: Example Network Topology
In this example, the Device sits behind a home router that also
provides a NATing function. The internal address allocation is from
the private 192.168.x.x address range, with 192.168.0.55 being
allocated to the Device requiring location information. The outbound
IP address provided to the home router is public and and belongs to
the my.isp.net domain; in this example the IP assigned to the home
router is 203.192.188.75. The Device is subscribed to a general
Internet voice service that is decoupled from the access provider.
The example further assumes that home router's DHCP server was not
capable of providing the address of the LCS directly to the Device,
and nor was it able to provide a domain name that resulted in an LCS
being found. The VSP to which the Device subscribes provides a STUN
server, and the address of this STUN server is configured to be used
by the Device. The message flows required in order to discover and
Thomson & Winterbottom Expires January 10, 2008 [Page 18]
Internet-Draft LIS Discovery July 2007
contact the LCS are shown in Figure 5.
+--------+ +--------+ +-----+ +-----+ +--------+
| | | HOME | | ISP | | ISP | | VSP |
| DEVICE | | ROUTER | | DNS | | LCS | | STUN |
| | | | | | | | | SERVER |
+---+----+ +----+---+ +--+--+ +--+--+ +---+----+
| | | | |
1 +------------------- STUN Binding Request----------------->|
| | | | |
|<---------------STUN MAPPED-ADDRESS = 203.192.188.75------+ 2
| | | | |
3 +------RDNS 75.188.192.203----->| | |
| .in-addr.arpa | | |
| | | | |
|<--203-192-188-205.my.isp.net--+ 4 | |
| | | | |
5 +----_LIS:HELD._my.isp.net----->| | |
| | | | |
|<----https://lcs.my.isp.net/---+ 6 | |
| | | | |
7 +--------------locationRequest-------------->| |
| | | | |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
. . . . .
. . . . .
Figure 5: LCS Discovery Message Flow
1: The Device makes a STUN binding request to the VSP's STUN server.
the address of the STUN server is preconfigured in the Device
2: The STUN server responds with the MAPPED-ADDRESS of the Device,
which is the public address of the home router, 203.192.188.75.
3: The Device issues a reverse DNS lookup to the ISP's DNS server.
4: The ISP's DNS responds with the FQDN of the home router, which
includes the domain name of the local access network provider;
my.isp.net
5: The Device issues a U-NAPTR request to the ISP's DNS server for
LCS that can process a HELD request.
Thomson & Winterbottom Expires January 10, 2008 [Page 19]
Internet-Draft LIS Discovery July 2007
6: The ISP's DNS server responds with the URL of the local LCS
7: Device issues a HELD locationRequest to the LCS...
Thomson & Winterbottom Expires January 10, 2008 [Page 20]
Internet-Draft LIS Discovery July 2007
Authors' Addresses
Martin Thomson
Andrew
PO Box U40
Wollongong University Campus, NSW 2500
AU
Phone: +61 2 4221 2915
Email: martin.thomson@andrew.com
URI: http://www.andrew.com/
James Winterbottom
Andrew
PO Box U40
Wollongong University Campus, NSW 2500
AU
Phone: +61 2 4221 2938
Email: james.winterbottom@andrew.com
URI: http://www.andrew.com/
Thomson & Winterbottom Expires January 10, 2008 [Page 21]
Internet-Draft LIS Discovery July 2007
Full Copyright Statement
Copyright (C) The IETF Trust (2007).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
Acknowledgment
Funding for the RFC Editor function is provided by the IETF
Administrative Support Activity (IASA).
Thomson & Winterbottom Expires January 10, 2008 [Page 22]