| draft-ietf-mboned-driad-amt-discovery-01.txt | draft-ietf-mboned-driad-amt-discovery-02.txt | |||
|---|---|---|---|---|
| Mboned J. Holland | Mboned J. Holland | |||
| Internet-Draft Akamai Technologies, Inc. | Internet-Draft Akamai Technologies, Inc. | |||
| Updates: 7450 (if approved) February 14, 2019 | Updates: 7450 (if approved) March 08, 2019 | |||
| Intended status: Standards Track | Intended status: Standards Track | |||
| Expires: August 18, 2019 | Expires: September 9, 2019 | |||
| DNS Reverse IP AMT Discovery | DNS Reverse IP AMT Discovery | |||
| draft-ietf-mboned-driad-amt-discovery-01 | draft-ietf-mboned-driad-amt-discovery-02 | |||
| Abstract | Abstract | |||
| This document updates RFC 7450 (Automatic Multicast Tunneling, or | This document updates RFC 7450 (Automatic Multicast Tunneling, or | |||
| AMT) by extending the relay discovery process to use a new DNS | AMT) by extending the relay discovery process to use a new DNS | |||
| resource record named AMTRELAY when discovering AMT relays for | resource record named AMTRELAY when discovering AMT relays for | |||
| source-specific multicast channels. The reverse IP DNS zone for a | source-specific multicast channels. The reverse IP DNS zone for a | |||
| multicast sender's IP address is configured to use AMTRELAY resource | multicast sender's IP address is configured to use AMTRELAY resource | |||
| records to advertise a set of AMT relays that can receive and forward | records to advertise a set of AMT relays that can receive and forward | |||
| multicast traffic from that sender over an AMT tunnel. | multicast traffic from that sender over an AMT tunnel. | |||
| skipping to change at page 1, line 37 ¶ | skipping to change at page 1, line 37 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on August 18, 2019. | This Internet-Draft will expire on September 9, 2019. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2019 IETF Trust and the persons identified as the | Copyright (c) 2019 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 3, line 7 ¶ | skipping to change at page 3, line 7 ¶ | |||
| 4.2.1. RData Format - Precedence . . . . . . . . . . . . . . 24 | 4.2.1. RData Format - Precedence . . . . . . . . . . . . . . 24 | |||
| 4.2.2. RData Format - Discovery Optional (D-bit) . . . . . . 24 | 4.2.2. RData Format - Discovery Optional (D-bit) . . . . . . 24 | |||
| 4.2.3. RData Format - Type . . . . . . . . . . . . . . . . . 24 | 4.2.3. RData Format - Type . . . . . . . . . . . . . . . . . 24 | |||
| 4.2.4. RData Format - Relay . . . . . . . . . . . . . . . . 25 | 4.2.4. RData Format - Relay . . . . . . . . . . . . . . . . 25 | |||
| 4.3. AMTRELAY Record Presentation Format . . . . . . . . . . . 25 | 4.3. AMTRELAY Record Presentation Format . . . . . . . . . . . 25 | |||
| 4.3.1. Representation of AMTRELAY RRs . . . . . . . . . . . 25 | 4.3.1. Representation of AMTRELAY RRs . . . . . . . . . . . 25 | |||
| 4.3.2. Examples . . . . . . . . . . . . . . . . . . . . . . 26 | 4.3.2. Examples . . . . . . . . . . . . . . . . . . . . . . 26 | |||
| 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 26 | 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 26 | |||
| 6. Security Considerations . . . . . . . . . . . . . . . . . . . 27 | 6. Security Considerations . . . . . . . . . . . . . . . . . . . 27 | |||
| 6.1. Record-spoofing . . . . . . . . . . . . . . . . . . . . . 27 | 6.1. Use of AMT . . . . . . . . . . . . . . . . . . . . . . . 27 | |||
| 6.2. Local Override . . . . . . . . . . . . . . . . . . . . . 27 | 6.2. Record-spoofing . . . . . . . . . . . . . . . . . . . . . 27 | |||
| 6.3. Congestion . . . . . . . . . . . . . . . . . . . . . . . 27 | 6.3. Congestion . . . . . . . . . . . . . . . . . . . . . . . 28 | |||
| 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 28 | 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 28 | |||
| 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 28 | 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 28 | |||
| 8.1. Normative References . . . . . . . . . . . . . . . . . . 28 | 8.1. Normative References . . . . . . . . . . . . . . . . . . 28 | |||
| 8.2. Informative References . . . . . . . . . . . . . . . . . 29 | 8.2. Informative References . . . . . . . . . . . . . . . . . 30 | |||
| Appendix A. Unknown RRType construction . . . . . . . . . . . . 30 | Appendix A. Unknown RRType construction . . . . . . . . . . . . 31 | |||
| Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 31 | Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 32 | |||
| 1. Introduction | 1. Introduction | |||
| This document defines DNS Reverse IP AMT Discovery (DRIAD), a | This document defines DNS Reverse IP AMT Discovery (DRIAD), a | |||
| mechanism for AMT gateways to discover AMT relays that are capable of | mechanism for AMT gateways to discover AMT relays that are capable of | |||
| forwarding multicast traffic from a known source IP address. | forwarding multicast traffic from a known source IP address. | |||
| AMT (Automatic Multicast Tunneling) is defined in [RFC7450], and | AMT (Automatic Multicast Tunneling) is defined in [RFC7450], and | |||
| provides a method to transport multicast traffic over a unicast | provides a method to transport multicast traffic over a unicast | |||
| tunnel, in order to traverse non-multicast-capable network segments. | tunnel, in order to traverse non-multicast-capable network segments. | |||
| skipping to change at page 27, line 21 ¶ | skipping to change at page 27, line 21 ¶ | |||
| | 3 | A wire-encoded domain name is present | | | 3 | A wire-encoded domain name is present | | |||
| | 4-255 | Unassigned | | | 4-255 | Unassigned | | |||
| +-------+---------------------------------------+ | +-------+---------------------------------------+ | |||
| Values 0, 1, 2, and 3 are further explained in Section 4.2.3 and | Values 0, 1, 2, and 3 are further explained in Section 4.2.3 and | |||
| Section 4.2.4. Relay type numbers 4 through 255 can be assigned with | Section 4.2.4. Relay type numbers 4 through 255 can be assigned with | |||
| a policy of Specification Required (as described in [RFC8126]). | a policy of Specification Required (as described in [RFC8126]). | |||
| 6. Security Considerations | 6. Security Considerations | |||
| [ TBD: these 3 are just the first few most obvious issues, with just | 6.1. Use of AMT | |||
| sketches of the problem. Explain better, and look for trickier | ||||
| issues. ] | ||||
| 6.1. Record-spoofing | This document defines a mechanism that enables a more widespread and | |||
| automated use of AMT, even without access to a multicast backbone. | ||||
| Operators of networks and applications that include a DRIAD-capable | ||||
| AMT gateway are advised to carefully consider the security | ||||
| considerations in Section 6 of [RFC7450]. | ||||
| If AMT is used to ingest multicast traffic, providing a false | AMT gateway operators also are encouraged to implement the | |||
| AMTRELAY record to a gateway using it for discovery can result in | opportunistic use of IPSec [RFC4301] when IPSECKEY records [RFC4025] | |||
| Denial of Service, or artificial multicast traffic from a source | are available to secure traffic from AMT relays, or when a trust | |||
| under an attacker's control. | relationship with the AMT relays can be otherwise secured. | |||
| Therefore, it is important to ensure that the AMTRELAY record is | 6.2. Record-spoofing | |||
| authentic, with DNSSEC [RFC4033] or other operational safeguards that | ||||
| can provide assurance of the authenticity of the record contents. | ||||
| 6.2. Local Override | The AMTRELAY resource record contains information that SHOULD be | |||
| communicated to the DNS client without being modified. The method | ||||
| used to ensure the result was unmodified is up to the client. | ||||
| The local relays, while important for overall network performance, | There must be a trust relationship between the end consumer of this | |||
| can't be secured by DNSSEC. | resource record and the DNS server. This relationship may be end-to- | |||
| end DNSSEC validation, a TSIG [RFC2845] or SIG(0) [RFC2931] channel | ||||
| to another secure source, a secure local channel on the host, DNS | ||||
| over TLS [RFC7858] or HTTPS [RFC8484], or some other secure | ||||
| mechanism. | ||||
| If an AMT gateway accepts a maliciously crafted AMTRELAY record, the | ||||
| result could be a Denial of Service, or receivers processing | ||||
| multicast traffic from a source under the attacker's control. | ||||
| 6.3. Congestion | 6.3. Congestion | |||
| Multicast traffic, particularly interdomain multicast traffic, | Multicast traffic, particularly interdomain multicast traffic, | |||
| carries some congestion risks, as described in Section 4 of | carries some congestion risks, as described in Section 4 of | |||
| [RFC8085]. Network operators are advised to take precautions | [RFC8085]. | |||
| including monitoring of application traffic behavior, traffic | ||||
| authentication, and rate-limiting of multicast traffic, in order to | Application implementors and network operators that use DRIAD-capable | |||
| ensure network health. | AMT gateways are advised to take precautions including monitoring of | |||
| application traffic behavior, traffic authentication at ingest, rate- | ||||
| limiting of multicast traffic, and the use of circuit-breaker | ||||
| techniques such as those described in Section 3.1.10 of [RFC8085] and | ||||
| similar protections at the network level, in order to ensure network | ||||
| health in the event of misconfiguration, poorly written applications | ||||
| that don't follow UDP congestion control principles, or deliberate | ||||
| attack. | ||||
| 7. Acknowledgements | 7. Acknowledgements | |||
| This specification was inspired by the previous work of Doug Nortz, | This specification was inspired by the previous work of Doug Nortz, | |||
| Robert Sayko, David Segelstein, and Percy Tarapore, presented in the | Robert Sayko, David Segelstein, and Percy Tarapore, presented in the | |||
| MBONED working group at IETF 93. | MBONED working group at IETF 93. | |||
| Thanks to Jeff Goldsmith, Toerless Eckert, Mikael Abrahamsson, Lenny | Thanks to Jeff Goldsmith, Toerless Eckert, Mikael Abrahamsson, Lenny | |||
| Giuliano, and Mark Andrews for their very helpful comments. | Giuliano, Mark Andrews, Sandy Zheng, Kyle Rose, and Ben Kaduk for | |||
| their very helpful comments. | ||||
| 8. References | 8. References | |||
| 8.1. Normative References | 8.1. Normative References | |||
| [RFC1034] Mockapetris, P., "Domain names - concepts and facilities", | [RFC1034] Mockapetris, P., "Domain names - concepts and facilities", | |||
| STD 13, RFC 1034, DOI 10.17487/RFC1034, November 1987, | STD 13, RFC 1034, DOI 10.17487/RFC1034, November 1987, | |||
| <https://www.rfc-editor.org/info/rfc1034>. | <https://www.rfc-editor.org/info/rfc1034>. | |||
| [RFC1035] Mockapetris, P., "Domain names - implementation and | [RFC1035] Mockapetris, P., "Domain names - implementation and | |||
| skipping to change at page 29, line 48 ¶ | skipping to change at page 30, line 21 ¶ | |||
| DOI 10.17487/RFC8305, December 2017, | DOI 10.17487/RFC8305, December 2017, | |||
| <https://www.rfc-editor.org/info/rfc8305>. | <https://www.rfc-editor.org/info/rfc8305>. | |||
| 8.2. Informative References | 8.2. Informative References | |||
| [RFC2317] Eidnes, H., de Groot, G., and P. Vixie, "Classless IN- | [RFC2317] Eidnes, H., de Groot, G., and P. Vixie, "Classless IN- | |||
| ADDR.ARPA delegation", BCP 20, RFC 2317, | ADDR.ARPA delegation", BCP 20, RFC 2317, | |||
| DOI 10.17487/RFC2317, March 1998, | DOI 10.17487/RFC2317, March 1998, | |||
| <https://www.rfc-editor.org/info/rfc2317>. | <https://www.rfc-editor.org/info/rfc2317>. | |||
| [RFC2845] Vixie, P., Gudmundsson, O., Eastlake 3rd, D., and B. | ||||
| Wellington, "Secret Key Transaction Authentication for DNS | ||||
| (TSIG)", RFC 2845, DOI 10.17487/RFC2845, May 2000, | ||||
| <https://www.rfc-editor.org/info/rfc2845>. | ||||
| [RFC2931] Eastlake 3rd, D., "DNS Request and Transaction Signatures | ||||
| ( SIG(0)s )", RFC 2931, DOI 10.17487/RFC2931, September | ||||
| 2000, <https://www.rfc-editor.org/info/rfc2931>. | ||||
| [RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V. | [RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V. | |||
| Jacobson, "RTP: A Transport Protocol for Real-Time | Jacobson, "RTP: A Transport Protocol for Real-Time | |||
| Applications", STD 64, RFC 3550, DOI 10.17487/RFC3550, | Applications", STD 64, RFC 3550, DOI 10.17487/RFC3550, | |||
| July 2003, <https://www.rfc-editor.org/info/rfc3550>. | July 2003, <https://www.rfc-editor.org/info/rfc3550>. | |||
| [RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and S. | [RFC4025] Richardson, M., "A Method for Storing IPsec Keying | |||
| Rose, "DNS Security Introduction and Requirements", | Material in DNS", RFC 4025, DOI 10.17487/RFC4025, March | |||
| RFC 4033, DOI 10.17487/RFC4033, March 2005, | 2005, <https://www.rfc-editor.org/info/rfc4025>. | |||
| <https://www.rfc-editor.org/info/rfc4033>. | ||||
| [RFC4301] Kent, S. and K. Seo, "Security Architecture for the | ||||
| Internet Protocol", RFC 4301, DOI 10.17487/RFC4301, | ||||
| December 2005, <https://www.rfc-editor.org/info/rfc4301>. | ||||
| [RFC5110] Savola, P., "Overview of the Internet Multicast Routing | [RFC5110] Savola, P., "Overview of the Internet Multicast Routing | |||
| Architecture", RFC 5110, DOI 10.17487/RFC5110, January | Architecture", RFC 5110, DOI 10.17487/RFC5110, January | |||
| 2008, <https://www.rfc-editor.org/info/rfc5110>. | 2008, <https://www.rfc-editor.org/info/rfc5110>. | |||
| [RFC6726] Paila, T., Walsh, R., Luby, M., Roca, V., and R. Lehtonen, | [RFC6726] Paila, T., Walsh, R., Luby, M., Roca, V., and R. Lehtonen, | |||
| "FLUTE - File Delivery over Unidirectional Transport", | "FLUTE - File Delivery over Unidirectional Transport", | |||
| RFC 6726, DOI 10.17487/RFC6726, November 2012, | RFC 6726, DOI 10.17487/RFC6726, November 2012, | |||
| <https://www.rfc-editor.org/info/rfc6726>. | <https://www.rfc-editor.org/info/rfc6726>. | |||
| skipping to change at page 30, line 30 ¶ | skipping to change at page 31, line 16 ¶ | |||
| Traffic Leakages in Dual-Stack Hosts/Networks", RFC 7359, | Traffic Leakages in Dual-Stack Hosts/Networks", RFC 7359, | |||
| DOI 10.17487/RFC7359, August 2014, | DOI 10.17487/RFC7359, August 2014, | |||
| <https://www.rfc-editor.org/info/rfc7359>. | <https://www.rfc-editor.org/info/rfc7359>. | |||
| [RFC7761] Fenner, B., Handley, M., Holbrook, H., Kouvelas, I., | [RFC7761] Fenner, B., Handley, M., Holbrook, H., Kouvelas, I., | |||
| Parekh, R., Zhang, Z., and L. Zheng, "Protocol Independent | Parekh, R., Zhang, Z., and L. Zheng, "Protocol Independent | |||
| Multicast - Sparse Mode (PIM-SM): Protocol Specification | Multicast - Sparse Mode (PIM-SM): Protocol Specification | |||
| (Revised)", STD 83, RFC 7761, DOI 10.17487/RFC7761, March | (Revised)", STD 83, RFC 7761, DOI 10.17487/RFC7761, March | |||
| 2016, <https://www.rfc-editor.org/info/rfc7761>. | 2016, <https://www.rfc-editor.org/info/rfc7761>. | |||
| [RFC7858] Hu, Z., Zhu, L., Heidemann, J., Mankin, A., Wessels, D., | ||||
| and P. Hoffman, "Specification for DNS over Transport | ||||
| Layer Security (TLS)", RFC 7858, DOI 10.17487/RFC7858, May | ||||
| 2016, <https://www.rfc-editor.org/info/rfc7858>. | ||||
| [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for | [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for | |||
| Writing an IANA Considerations Section in RFCs", BCP 26, | Writing an IANA Considerations Section in RFCs", BCP 26, | |||
| RFC 8126, DOI 10.17487/RFC8126, June 2017, | RFC 8126, DOI 10.17487/RFC8126, June 2017, | |||
| <https://www.rfc-editor.org/info/rfc8126>. | <https://www.rfc-editor.org/info/rfc8126>. | |||
| [RFC8313] Tarapore, P., Ed., Sayko, R., Shepherd, G., Eckert, T., | [RFC8313] Tarapore, P., Ed., Sayko, R., Shepherd, G., Eckert, T., | |||
| Ed., and R. Krishnan, "Use of Multicast across Inter- | Ed., and R. Krishnan, "Use of Multicast across Inter- | |||
| domain Peering Points", BCP 213, RFC 8313, | domain Peering Points", BCP 213, RFC 8313, | |||
| DOI 10.17487/RFC8313, January 2018, | DOI 10.17487/RFC8313, January 2018, | |||
| <https://www.rfc-editor.org/info/rfc8313>. | <https://www.rfc-editor.org/info/rfc8313>. | |||
| [RFC8484] Hoffman, P. and P. McManus, "DNS Queries over HTTPS | ||||
| (DoH)", RFC 8484, DOI 10.17487/RFC8484, October 2018, | ||||
| <https://www.rfc-editor.org/info/rfc8484>. | ||||
| [RFC8499] Hoffman, P., Sullivan, A., and K. Fujiwara, "DNS | [RFC8499] Hoffman, P., Sullivan, A., and K. Fujiwara, "DNS | |||
| Terminology", BCP 219, RFC 8499, DOI 10.17487/RFC8499, | Terminology", BCP 219, RFC 8499, DOI 10.17487/RFC8499, | |||
| January 2019, <https://www.rfc-editor.org/info/rfc8499>. | January 2019, <https://www.rfc-editor.org/info/rfc8499>. | |||
| Appendix A. Unknown RRType construction | Appendix A. Unknown RRType construction | |||
| In a DNS resolver that understands the AMTRELAY type, the zone file | In a DNS resolver that understands the AMTRELAY type, the zone file | |||
| might contain this line: | might contain this line: | |||
| IN AMTRELAY 128 0 3 amtrelays.example.com. | IN AMTRELAY 128 0 3 amtrelays.example.com. | |||
| End of changes. 18 change blocks. | ||||
| 33 lines changed or deleted | 72 lines changed or added | |||
This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||