NSIS C. Werner
Internet-Draft N. Steinleitner, Ed.
Expires: May 12, 2008 X. Fu
Univ. Goettingen
H. Tschofenig
Nokia Siemens Networks
C. Aoun
November 9, 2007
NAT/FW NSLP State Machine
draft-werner-nsis-natfw-nslp-statemachine-06.txt
Status of this Memo
By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on May 12, 2008.
Copyright Notice
Copyright (C) The IETF Trust (2007).
Abstract
This document describes the state machines for the NSIS Signaling
Layer Protocol for Network Address Translation/Firewall signaling
(NAT/FW NSLP). A set of state machines for NAT/FW NSLP entities at
different locations of a signaling path are presented in order to
Werner, et al. Expires May 12, 2008 [Page 1]
Internet-Draft NAT/FW State Machine November 2007
illustrate how NAT/FW NSLP may be implemented.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Notational conventions used in state diagrams . . . . . . . . 3
4. State Machine Symbols . . . . . . . . . . . . . . . . . . . . 6
5. Common Rules . . . . . . . . . . . . . . . . . . . . . . . . . 7
5.1. Common Procedures . . . . . . . . . . . . . . . . . . . . 7
5.2. Common Variables . . . . . . . . . . . . . . . . . . . . . 9
5.3. Constants . . . . . . . . . . . . . . . . . . . . . . . . 9
6. State machine for the NAT/FW NI/NR+ . . . . . . . . . . . . . 9
7. State machine for the NAT/FW NF . . . . . . . . . . . . . . . 11
8. State machine for the NAT/FW NR/NI+ . . . . . . . . . . . . . 15
9. Security Considerations . . . . . . . . . . . . . . . . . . . 18
10. Open Issues . . . . . . . . . . . . . . . . . . . . . . . . . 18
11. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 18
12. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 18
13. References . . . . . . . . . . . . . . . . . . . . . . . . . . 18
13.1. Normative References . . . . . . . . . . . . . . . . . . . 18
13.2. Informative References . . . . . . . . . . . . . . . . . . 18
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 19
Intellectual Property and Copyright Statements . . . . . . . . . . 21
Werner, et al. Expires May 12, 2008 [Page 2]
Internet-Draft NAT/FW State Machine November 2007
1. Introduction
This document describes the state machines for NAT/FW NSLP [1],
trying to show how NAT/FW NSLP can be implemented to support its
deployment. The state machines described in this document are
illustrative of how the NAT/FW NSLP protocol defined in [1] may be
implemented for the first NAT/FW NSLP node in the signaling path,
intermediate NAT/FW NSLP nodes with Firewall and/or NAT
functionality, and the last NAT/FW NSLP node in the signaling path.
Where there are differences [1] are authoritative. The state
machines are informative only. Implementations may achieve the same
results using different methods.
The messages used in the NAT/FW NSLP protocol can be summarized as
follows:
Requesting message Responding message
------------------------+---------------------------
CREATE |RESPONSE
EXT |RESPONSE
RESPONSE |NONE
NOTIFY |NONE
------------------------+---------------------------
We describe a set of state machines for different roles of entities
running NAT/FW NSLP to illustrate how NAT/FW NSLP may be implemented.
2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [2].
3. Notational conventions used in state diagrams
The following state transition tables are completed mostly based on
the conventions specified in [3]. The complete text is described
below.
State transition tables are used to represent the operation of the
protocol by a number of cooperating state machines each comprising a
group of connected, mutually exclusive states. Only one state of
each machine can be active at any given time.
All permissible transitions from a given state to other states and
associated actions performed when the transitions occur are
Werner, et al. Expires May 12, 2008 [Page 3]
Internet-Draft NAT/FW State Machine November 2007
represented by using triplets of (exit condition, exit action, exit
state). All conditions are expressions that evaluate to TRUE or
FALSE; if a condition evaluates to TRUE, then the condition is met.
A state "ANY" is a wildcard state that matches the current state in
each state machine. The exit conditions of a wildcard state are
evaluated after all other exit conditions of specific to the current
state are met.
On exit from a state, the procedures defined for the state and the
exit condition are executed exactly once, in the order that they
appear on the page. (Note that the procedures defined in [4] are
executed on entry to a state, which is one major difference from this
document.) Each procedure is deemed to be atomic; i.e., execution of
a procedure completes before the next sequential procedure starts to
execute. No procedures execute outside of a state block. The
procedures in only one state block execute at a time, even if the
conditions for execution of state blocks in different state machines
are satisfied, and all procedures in an executing state block
complete execution before the transition to and execution of any
other state block occurs, i.e., the execution of any state block
appears to be atomic with respect to the execution of any other state
block and the transition condition to that state from the previous
state is TRUE when execution commences. The order of execution of
state blocks in different state machines is undefined except as
constrained by their transition conditions. A variable that is set
to a particular value in a state block retains this value until a
subsequent state block executes a procedure that modifies the value.
On completion of the transition from the previous state to the
current state, all exit conditions for the current state (including
exit conditions defined for the wildcard state) are evaluated
continuously until one of the conditions is met.
Any event variable is set to TRUE when the corresponding event occurs
and set to FALSE immediately after completion of the action
associated with the current state and the event.
The interpretation of the special symbols and operators is reused
from [4] and the state diagrams are based on the conventions
specified in [5], Section 8.2.1.
The complete text is reproduced here:
State diagrams are used to represent the operation of the protocol
by a number of cooperating state machines each comprising a group
of connected, mutually exclusive states. Only one state of each
machine can be active at any given time.
Werner, et al. Expires May 12, 2008 [Page 4]
Internet-Draft NAT/FW State Machine November 2007
All permissible transitions between states are represented by
arrows, the arrowhead denoting the direction of the possible
transition. Labels attached to arrows denote the condition(s)
that must be met in order for the transition to take place. All
conditions are expressions that evaluate to TRUE or FALSE; if a
condition evaluates to TRUE, then the condition is met. The label
UCT denotes an unconditional transition (i.e., UCT always
evaluates to TRUE). A transition that is global in nature (i.e.,
a transition that occurs from any of the possible states if the
condition attached to the arrow is met) is denoted by an open
arrow; i.e., no specific state is identified as the origin of the
transition. When the condition associated with a global
transition is met, it supersedes all other exit conditions
including UCT. The special global condition BEGIN supersedes all
other global conditions, and once asserted remains asserted until
all state blocks have executed to the point that variable
assignments and other consequences of their execution remain
unchanged.
On entry to a state, the procedures defined for the state (if any)
are executed exactly once, in the order that they appear on the
page. Each action is deemed to be atomic; i.e., execution of a
procedure completes before the next sequential procedure starts to
execute. No procedures execute outside of a state block. The
procedures in only one state block execute at a time, even if the
conditions for execution of state blocks in different state
machines are satisfied, and all procedures in an executing state
block complete execution before the transition to and execution of
any other state block occurs, i.e., the execution of any state
block appears to be atomic with respect to the execution of any
other state block and the transition condition to that state from
the previous state is TRUE when execution commences. The order of
execution of state blocks in different state machines is undefined
except as constrained by their transition conditions. A variable
that is set to a particular value in a state block retains this
value until a subsequent state block executes a procedure that
modifies the value.
On completion of all of the procedures within a state, all exit
conditions for the state (including all conditions associated with
global transitions) are evaluated continuously until one of the
conditions is met. The label ELSE denotes a transition that
occurs if none of the other conditions for transitions from the
state are met (i.e., ELSE evaluates to TRUE if all other possible
exit conditions from the state evaluate to FALSE). Where two or
more exit conditions with the same level of precedence become TRUE
simultaneously, the choice as to which exit condition causes the
state transition to take place is arbitrary.
Werner, et al. Expires May 12, 2008 [Page 5]
Internet-Draft NAT/FW State Machine November 2007
In addition to the above notation, there are a couple of
clarifications specific to this document. First, all boolean
variables are initialized to FALSE before the state machine execution
begins. Second, the following notational shorthand is specific to
this document:
<variable> = <expression1> | <expression2> | ...
Execution of a statement of this form will result in <variable>
having a value of exactly one of the expressions. The logic for
which of those expressions gets executed is outside of the state
machine and could be environmental, configurable, or based on
another state machine such as that of the method.
4. State Machine Symbols
( ) Used to force the precedence of operators in Boolean expressions
and to delimit the argument(s) of actions within state boxes.
; Used as a terminating delimiter for actions within state boxes.
Where a state box contains multiple actions, the order of
execution follows the normal language conventions for reading
text.
= Assignment action. The value of the expression to the right of
the operator is assigned to the variable to the left of the
operator. Where this operator is used to define multiple
assignments, e.g., a = b = X the action causes the value of the
expression following the right-most assignment operator to be
assigned to all of the variables that appear to the left of the
right-most assignment operator.
! Logical NOT operator.
&& Logical AND operator.
|| Logical OR operator.
if...then... Conditional action. If the Boolean expression
following the if evaluates to TRUE, then the action following the
then is executed.
{ statement 1, ... statement N } Compound statement. Braces are
used to group statements that are executed together as if they
were a single statement.
!= Inequality. Evaluates to TRUE if the expression to the left of
the operator is not equal in value to the expression to the right.
== Equality. Evaluates to TRUE if the expression to the left of the
operator is equal in value to the expression to the right.
> Greater than. Evaluates to TRUE if the value of the expression to
the left of the operator is greater than the value of the
expression to the right.
Werner, et al. Expires May 12, 2008 [Page 6]
Internet-Draft NAT/FW State Machine November 2007
<= Less than or equal to. Evaluates to TRUE if the value of the
expression to the left of the operator is either less than or
equal to the value of the expression to the right.
++ Increment the preceding integer operator by 1.
5. Common Rules
Throughout the document we use terms defined in the [1], such as NI,
NF, NR, CREATE, EXT or RESPONSE.
5.1. Common Procedures
tx_CREATE(): Transmit a CREATE message
tx_CREATE(LIFETIME>0): Transmit CREATE message with lifetime object
greater than 0 for session creation.
tx_CREATE(LIFETIME=0): Transmit CREATE message with lifetime object
explicitly set to 0 for session deletion.
tx_RESPONSE(code,type): Transmit RESPONSE message with specified
code (SUCCESS or ERROR) and result type (related to a specific
request type message: CREATE or EXT). A code or result type may
be omitted, typically when forwarding received RESPONSE messages.
tx_EXT(): Transmit a EXT message
rx_RESPONSE(code, type): Evaluates to TRUE if a RESPONSE message has
been received with the specified code (SUCCESS or ERROR) and
result type (related to a specific request type message: CREATE or
EXT). If the code or type is omitted, any received RESPONSE
message which is only matching the given code or type will
evaluate this procedure to TRUE.
rx_CREATE(): Evaluates to TRUE if a CREATE message has been
received.
rx_CREATE(Lifetime > 0): Evaluates to TRUE if a CREATE message with
lifetime object greater than 0 has been received.
rx_CREATE(Lifetime == 0): Evaluates to TRUE if a CREATE message with
lifetime object explicitly set to 0 has been received.
rx_EXT(): Evaluates to TRUE if a EXT message has been received.
rx_EXT(Lifetime > 0): Evaluates to TRUE if a EXT message with
lifetime object greater than 0 has been received.
rx_EXT(Lifetime == 0): Evaluates to TRUE if a EXT message with
lifetime object explicitly set to 0 has been received.
CHECK_AA(): Checks Authorization and Authentication of the received
message. Evaluates to TRUE if the check is successful, otherwise
it evaluates to FALSE. This check is performed on all received
messages hence it will only be shown within the state machine when
the check has failed. This CHECK_AA also MAY include a local
policy check for the received message.
Werner, et al. Expires May 12, 2008 [Page 7]
Internet-Draft NAT/FW State Machine November 2007
CreateSession(): Installs all session related states, variables,
bindings, policies.
DeleteSession(): Removes all session related states, variables,
bindings, policies.
CreatePinhole(): Installs a pinhole for the new session.
DeletePinhole(): Removes a previously installed pinhole.
CreateReservations(): Creates a matching based on the MRI and open
pinholes for the signaling traffic.
DeleteReservations(): Deletes previously installed matchings and
pinholes for the signaling traffic.
CreateBinding(): Creates a public/private network translation
binding on a NAT device for the requesting entity.
DeleteBinding(): Deletes a previously created a public/private
network translation binding on a NAT device for the requesting
entity.
StartTimer(identifier): This procedure starts a timer with a certain
timespan, which is up to the specific implementation. The
parameter 'identifier' identifies this timer uniquely. Any
subsequent StartTimer(identifier), StopTimer(identifier),
(identifier)_TIMEOUT refer to the same timer labeled x. This
timer is required to time the lifetime of state, which means that
when it times out, it indicates the current machine state should
be left or its validation has expired. This procedure starts the
timer 'identifier'. If a timer with the same 'identifier' has
already been started and not yet stopped, the timer is now stopped
and restarted. After the timer has timed out, the procedure
(identifier)_TIMEOUT evaluates to TRUE. The timer does not
restart automatically, but must be started again with a
StartTimer(identifier). Used identifier are STATE, REFRESH,
CREATE, EXT or RESPONSE.
StopTimer(identifier): This procedure stops the timer labeled
'identifier'. If it has already been stopped, this procedure has
no effect. If the timer has already timed out, this procedure
removes the timeout-state from the timer 'identifier', so
subsequent calls to (identifier)_TIMEOUT evaluate to FALSE. A
timeout cannot occur until the timer 'identifier' has been
(re-)started.
(identifier)_TIMEOUT: This procedure evaluates to TRUE if the
(identifier)-timer has timed out and indicates a state lifetime
expiration. This procedure cannot evaluate to TRUE if the timer
has been stopped. Used timers are STATE_TIMEOUT, REFRESH_TIMEOUT,
CREATE_TIMEOUT, EXT_TIMEOUT or RESPONSE_TIMEOUT.
tg_CREATE: External trigger to send a CREATE message (typically
triggered by the application).
Werner, et al. Expires May 12, 2008 [Page 8]
Internet-Draft NAT/FW State Machine November 2007
tg_TEARDOWN: External trigger to delete a previously created session
(typically triggered by the application)
tg_EXT: External trigger to send a EXT message towards an
opportunistic address (typically triggered by the application)
tg_CREATE_PROXY: Internal trigger to send a CREATE message (used in
proxy mode, triggered by corresponding NAT/FW NSLP session).
tg_TEARDOWN_PROXY: Internal trigger to delete a previously created
session (used in proxy mode, triggered by corresponding NAT/FW
NSLP session).
5.2. Common Variables
IS_EDGE: Boolean flag which evaluates to TRUE if the node is on the
network edge, otherwise it evaluates to FALSE.
IS_PUBLICSIDE: Boolean flag which evaluates to TRUE if the (CREATE-
or EXT-) message has been received on the public side of the
network.
CREATE(LIFETIME): Gets the value of the LIFETIME object in the
CREATE message.
counter(CREATE): Denotes the current number of retries of CREATE
message which has been re-transmitted due to previous
RESPONSE_ERROR message. If the number of counter(CREATE) equals
the value of counterLimit(CREATE), the current session creation
attempt is aborted and the application is being notified.
counter(EXT): Denotes the current number of retries of EXT message
which has been re-transmitted due to previous RESPONSE_ERROR
message. If the number of counter(EXT) equals the value of
counterLimit(EXT), the current session creation attempt is aborted
and the application is being notified.
5.3. Constants
counterLimit(CREATE): Contains the maximum number of retransmission
attempts of a CREATE message after it is aborted and the
application is being notified.
counterLimit(EXT): Contains the maximum number of retransmission
attempts of a EXT message after it is aborted and the application
is being notified.
6. State machine for the NAT/FW NI/NR+
This section presents the state machine for the NSIS initator which
is capable of NAT/FW NSLP signaling.
Werner, et al. Expires May 12, 2008 [Page 9]
Internet-Draft NAT/FW State Machine November 2007
-----------
State: INITIALIZE
-----------
Condition Action State
----------------------------+-----------------------------+----------
UCT |Initialize variables | IDLE
----------------------------+-----------------------------+----------
-----------
State: IDLE
Entry: DeleteSession();
Exit : CreateSession();
-----------
Condition Action State
----------------------------+-----------------------------+----------
tg_CREATE |tx_CREATE(); | WAITRESP
| |
tg_CREATE_PROXY |tx_CREATE(); | WAITRESP
----------------------------+-----------------------------+----------
-----------
State: WAITRESP
Entry: ResetCounter(CREATE);
StartTimer(RESPONSE);
Exit : StopTimer(RESPONSE);
-----------
Condition Action State
----------------------------+-----------------------------+----------
RESPONSE_TIMEOUT && |counter(CREATE)++; | WAITRESP
(counter(CREATE)< |StartTimer(RESPONSE); |
counterLimit(CREATE)) |tx_CREATE(); |
| |
rx_RESPONSE(SUCCESS,CREATE) |ReportAsyncEvent(); | SESSION
| |
tg_TEARDOWN |tx_CREATE(Lifetime=0); | IDLE
| |
tg_TEARDOWN_PROXY |tx_CREATE(Lifetime=0); | IDLE
| |
RESPONSE_TIMEOUT && |ReportAsyncEvent(); | IDLE
(counter(CREATE)== | |
counterLimit(CREATE)) | |
| |
rx_RESPONSE(ERROR,CREATE) |ReportAsyncEvent(); | IDLE
Werner, et al. Expires May 12, 2008 [Page 10]
Internet-Draft NAT/FW State Machine November 2007
----------------------------+-----------------------------+----------
-----------
State: SESSION
Entry: ResetCounter(CREATE);
StartTimer(REFRESH);
Exit : StopTimer(REFRESH);
StopTimer(RESPONSE);
-----------
Condition Action State
----------------------------+-----------------------------+----------
REFRESH_TIMEOUT |StartTimer(RESPONSE); | SESSION
|tx_CREATE(); |
| |
RESPONSE_TIMEOUT && |counter(CREATE)++; | SESSION
(counter(CREATE) < |StartTimer(RESPONSE); |
counterLimit(CREATE)) |tx_CREATE(); |
| |
rx_RESPONSE(SUCCESS,CREATE) |StopTimer(RESPONSE); | SESSION
|StartTimer(REFRESH); |
|ResetCounter(CREATE); |
| |
tg_TEARDOWN |tx_CREATE(LIFETIME=0); | IDLE
| |
tg_TEARDOWN_PROXY |tx_CREATE(LIFETIME=0); | IDLE
| |
RESPONSE_TIMEOUT && |ReportAsyncEvent(); | IDLE
(counter(CREATE) == | |
counterLimit(CREATE)) | |
| |
rx_RESPONSE(ERROR,CREATE) |ReportAsyncEvent(); | IDLE
----------------------------+-----------------------------+----------
7. State machine for the NAT/FW NF
This section describes the state machine for intermediate nodes
within the signaling path capable of processing NAT/FW NSLP messages.
These nodes typically implement firewall and/or network address
translation (NAT) functionality.
Condition Action State
----------------------------+-----------------------------+----------
UCT |Initialize variables | IDLE
Werner, et al. Expires May 12, 2008 [Page 11]
Internet-Draft NAT/FW State Machine November 2007
----------------------------+-----------------------------+----------
-----------
State: IDLE
Entry: DeleteSession();
Exit : CreateSession();
-----------
Condition Action State
----------------------------+-----------------------------+----------
(rx_EXT) && (IS_PUBLICSIDE) |tx_RESPONSE(ERROR, EXT); | IDLE
| |
(rx_CREATE(Lifetime > 0)) |tx_CREATE(); | CREATE_
| | WAITRESP
| |
((rx_EXT) && (!IS_EDGE) |tx_EXT(); | NONEDGE_
&& (!IS_PUBLICSIDE)) | | EXT
| |
((rx_EXT) && (IS_EDGE) |tx_RESPONSE(SUCCESS,EXT); | EDGE_EXT
&& (!IS_PUBLICSIDE)) |tx_CREATE; |
|if(proxy_object) then |
| (tg_CREATE_PROXY);|
----------------------------+-----------------------------+----------
-----------
State: CREATE_WAITRESP
Entry: StartTimer(STATE);
Exit : StopTimer(STATE);
-----------
Condition Action State
----------------------------+-----------------------------+----------
rx_RESPONSE(ERROR,CREATE) |tx_RESPONSE(ERROR,CREATE); | IDLE
|ReportAsyncEvent(); |
| |
STATE_TIMEOUT |tx_RESPONSE(ERROR,CREATE); | IDLE
|ReportAsyncEvent(); |
| |
(rx_CREATE(Lifetime == 0)) |tx_CREATE(Lifetime=0); | IDLE
| |
rx_RESPONSE(SUCCESS,CREATE) |tx_RESPONSE(SUCCESS,CREATE); | SESSION
----------------------------+-----------------------------+----------
Werner, et al. Expires May 12, 2008 [Page 12]
Internet-Draft NAT/FW State Machine November 2007
-----------
State: NONEDGE_EXT
Entry: StartTimer(EXT);
CreateReservations();
Exit : StopTimer(EXT);
DeleteReservations();
-----------
Condition Action State
----------------------------+-----------------------------+----------
(rx_EXT(Lifetime > 0)) |StopTimer(EXT); | NONEDGE_
|StartTimer(EXT); | EXT
|tx_EXT(); |
| |
rx_RESPONSE(SUCCESS, EXT) |tx_RESPONSE(SUCCESS,EXT); | NONEDGE_
| | EXT
| |
rx_RESPONSE(ERROR, EXT) |tx_RESPONSE(ERROR,EXT); | IDLE
|ReportAsyncEvent(); |
| |
(rx_EXT(Lifetime == 0)) |tx_EXT(Lifetime=0); | IDLE
|ReportAsyncEvent(); |
| |
EXT_TIMEOUT |ReportAsyncEvent(); | IDLE
----------------------------+-----------------------------+----------
Werner, et al. Expires May 12, 2008 [Page 13]
Internet-Draft NAT/FW State Machine November 2007
-----------
State: EDGE_EXT
Entry: StartTimer(EXT);
CreateReservations();
Exit : StopTimer(EXT);
DeleteReservations();
-----------
Condition Action State
----------------------------+-----------------------------+----------
(rx_EXT(Lifetime > 0)) |StopTimer(EXT); | EDGE_EXT
|StartTimer(EXT); |
|tx_RESPONSE(SUCCESS, EXT); |
| |
(rx_EXT(Lifetime == 0)) |tx_EXT(Lifetime=0); | IDLE
|ReportAsyncEvent(); |
|if(proxy_mode) then |
| (tg_TEARDOWN_PROXY);|
| |
EXT_TIMEOUT |ReportAsyncEvent(); | IDLE
|if(proxy_mode) then |
| (tg_TEARDOWN_PROXY);|
----------------------------+-----------------------------+----------
Werner, et al. Expires May 12, 2008 [Page 14]
Internet-Draft NAT/FW State Machine November 2007
-----------
State: SESSION
Entry: StartTimer(CREATE)
CreatePinhole();
CreateBinding();
Exit : StopTimer(RESPONSE);
StopTimer(CREATE);
DeletePinhole();
DeleteBinding();
-----------
Condition Action State
----------------------------+-----------------------------+----------
RESPONSE_TIMEOUT |StopTimer(RESPONSE); | SESSION
|tx_RESPONSE(ERROR,CREATE); |
| |
(rx_EXT(Lifetime > 0)) |StopTimer(CREATE); | SESSION
|StartTimer(RESPONSE); |
|tx_CREATE(); |
| |
rx_RESPONSE(SUCCESS,CREATE) |StopTimer(RESPONSE); | SESSION
|StartTimer(CREATE); |
|tx_RESPONSE(SUCCESS,CREATE); |
| |
CREATE_TIMEOUT |ReportAsyncEvent(); | IDLE
| |
(rx_EXT(Lifetime == 0)) |tx_CREATE(Lifetime=0); | IDLE
----------------------------+-----------------------------+----------
8. State machine for the NAT/FW NR/NI+
This section presents the state machines for the NSIS responder which
is capable of NSLP NAT/FW signaling.
-----------
State: INITIALIZE
-----------
Condition Action State
----------------------------+-----------------------------+----------
UCT |Initialize variables | IDLE
----------------------------+-----------------------------+----------
Werner, et al. Expires May 12, 2008 [Page 15]
Internet-Draft NAT/FW State Machine November 2007
-----------
State: IDLE
Entry: DeleteSession();
Exit : CreateSession();
-----------
Condition Action State
----------------------------+-----------------------------+----------
(rx_CREATE) && !(CHECK_AA())|tx_RESPONSE(ERROR,CREATE); | IDLE
| |
tg_EXT |tx_EXT(); | EXT_
| | WAITRESP
| |
(rx_EXT(Lifetime > 0)) |tx_RESPONSE(SUCCESS,CREATE); | SESSION
----------------------------+-----------------------------+----------
-----------
State: EXT_WAITRESP
Entry: ResetCounter(EXT);
StartTimer(RESPONSE);
Exit : StopTimer(RESPONSE);
-----------
Condition Action State
----------------------------+-----------------------------+----------
RESPONSE_TIMEOUT && |counter(EXT)++; | EXT_
(counter(EXT) < |StartTimer(RESPONSE); | WAITRESP
counterLimit(EXT)) |tx_EXT(); |
| |
rx_RESPONSE(SUCCESS,EXT) |ReportAsyncEvent(); | EXT
| |
RESPONSE_TIMEOUT && |ReportAsyncEvent(); | IDLE
(counter(EXT) == | |
counterLimit(EXT)) | |
| |
rx_RESPONSE(ERROR,EXT) |ReportAsyncEvent(); | IDLE
| |
tg_TEARDOWN |tx_EXT(Lifetime=0); | IDLE
----------------------------+-----------------------------+----------
Werner, et al. Expires May 12, 2008 [Page 16]
Internet-Draft NAT/FW State Machine November 2007
-----------
State: EXT
Entry: ResetCounter(EXT);
StartTimer(REFRESH);
Exit : StopTimer(RESPONSE);
StopTimer(REFRESH);
-----------
Condition Action State
----------------------------+-----------------------------+----------
RESPONSE_TIMEOUT && |counter(EXT)++; | EXT
(counter(EXT) < |StartTimer(RESPONSE); |
counterLimit(EXT)) |tx_EXT(); |
| |
rx_RESPONSE(SUCCESS,EXT) |StartTimer(REFRESH); | EXT
|StopTimer(RESPONSE); |
|ResetCounter(EXT); |
| |
REFRESH_TIMEOUT |tx_EXT(); | EXT
|StartTimer(RESPONSE); |
| |
RESPONSE_TIMEOUT && |ReportAsyncEvent(); | IDLE
(counter(EXT) == | |
counterLimit(EXT)) | |
| |
rx_RESPONSE(ERROR,EXT) |ReportAsyncEvent(); | IDLE
| |
tg_TEARDOWN |tx_EXT(Lifetime=0); | IDLE
----------------------------+-----------------------------+----------
-----------
State: SESSION
Entry: StartTimer(STATE);
Exit : StopTimer(STATE);
-----------
Condition Action State
----------------------------+-----------------------------+----------
(rx_CREATE(LIFETIME > 0)) |tx_RESPONSE(SUCCESS,CREATE); | SESSION
|StopTimer(STATE); |
|StartTimer(STATE); |
| |
(rx_CREATE(LIFETIME == 0)) |ReportAsyncEvent(); | IDLE
| |
STATE_TIMEOUT |ReportAsyncEvent(); | IDLE
----------------------------+-----------------------------+----------
Werner, et al. Expires May 12, 2008 [Page 17]
Internet-Draft NAT/FW State Machine November 2007
9. Security Considerations
This document does not raise new security considerations. Any
security concerns with the NAT/FW NSLP are likely reflected in
security related NSIS work already (such as [1] or [6]).
For the time being, the state machines described in this document do
not consider the security aspect of NAT/FW NSLP protocol itself. A
future version of this document will add security relevant states and
state transitions.
10. Open Issues
Route change and the open issues in [1] will be added in future
versions of this document.
11. Contributors
Tseno Tsenov contributed since the initial version and Henning Peters
collaborated to refining of the state machine since 01 version.
12. Acknowledgments
The authors would like to thank Martin Stiemerling for his valuable
comments and discussions.
13. References
13.1. Normative References
[1] Stiemerling, M., "NAT/Firewall NSIS Signaling Layer Protocol
(NSLP)", draft-ietf-nsis-nslp-natfw-15 (work in progress),
July 2007.
[2] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", RFC 2119, March 1997.
13.2. Informative References
[3] Fajardo, V., "State Machines for Protocol for Carrying
Authentication for Network Access (PANA)",
draft-ietf-pana-statemachine-06 (work in progress),
October 2007.
Werner, et al. Expires May 12, 2008 [Page 18]
Internet-Draft NAT/FW State Machine November 2007
[4] Vollbrecht, J., Eronen, P., Petroni, N., and Y. Ohba, "State
Machines for Extensible Authentication Protocol (EAP) Peer and
Authenticator", RFC 4137, August 2005.
[5] Institute of Electrical and Electronics Engineers, "DRAFT
Standard for Local and Metropolitan Area Networks: Port-Based
Network Access Control (Revision)", IEEE 802-1X-REV/D9,
January 2004.
[6] Tschofenig, H. and D. Kroeselberg, "Security Threats for Next
Steps in Signaling (NSIS)", RFC 4081, June 2005.
Authors' Addresses
Constantin Werner
University of Goettingen
Telematics Group
Lotzestr. 16-18
Goettingen 37083
Germany
Email: werner@cs.uni-goettingen.de
Niklas Steinleitner (editor)
University of Goettingen
Telematics Group
Lotzestr. 16-18
Goettingen 37083
Germany
Email: steinleitner@cs.uni-goettingen.de
Xiaoming Fu
University of Goettingen
Telematics Group
Lotzestr. 16-18
Goettingen 37083
Germany
Email: fu@cs.uni-goettingen.de
Werner, et al. Expires May 12, 2008 [Page 19]
Internet-Draft NAT/FW State Machine November 2007
Hannes Tschofenig
Nokia Siemens Networks
Otto-Hahn-Ring 6
Munich, Bavaria 81739
Germany
Email: Hannes.Tschofenig@nsn.com
Cedric Aoun
Paris
France
Email: cedric@caoun.net
Werner, et al. Expires May 12, 2008 [Page 20]
Internet-Draft NAT/FW State Machine November 2007
Full Copyright Statement
Copyright (C) The IETF Trust (2007).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
Acknowledgment
Funding for the RFC Editor function is provided by the IETF
Administrative Support Activity (IASA).
Werner, et al. Expires May 12, 2008 [Page 21]