draft-ietf-hip-native-nat-traversal-04.txt   draft-ietf-hip-native-nat-traversal-05.txt 
HIP Working Group A. Keranen HIP Working Group A. Keranen
Internet-Draft J. Melen Internet-Draft J. Melen
Intended status: Standards Track Ericsson Intended status: Standards Track Ericsson
Expires: June 17, 2013 December 14, 2012 Expires: December 16, 2013 June 14, 2013
Native NAT Traversal Mode for the Host Identity Protocol Native NAT Traversal Mode for the Host Identity Protocol
draft-ietf-hip-native-nat-traversal-04 draft-ietf-hip-native-nat-traversal-05
Abstract Abstract
This document specifies a new Network Address Translator (NAT) This document specifies a new Network Address Translator (NAT)
traversal mode for the Host Identity Protocol (HIP). The new mode is traversal mode for the Host Identity Protocol (HIP). The new mode is
based on the Interactive Connectivity Establishment (ICE) methodology based on the Interactive Connectivity Establishment (ICE) methodology
and UDP encapsulation of data and signaling traffic. The main and UDP encapsulation of data and signaling traffic. The main
difference from the previously specified modes is the use of HIP difference from the previously specified modes is the use of HIP
messages for all NAT traversal procedures. messages for all NAT traversal procedures.
Status of this Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on June 17, 2013. This Internet-Draft will expire on December 16, 2013.
Copyright Notice Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Protocol Description . . . . . . . . . . . . . . . . . . . . . 4 3. Protocol Description . . . . . . . . . . . . . . . . . . . . 4
3.1. Relay Registration . . . . . . . . . . . . . . . . . . . . 4 3.1. Relay Registration . . . . . . . . . . . . . . . . . . . 4
3.2. Registration Authentication . . . . . . . . . . . . . . . 5 3.2. Registration Authentication . . . . . . . . . . . . . . . 4
3.3. Forwarding Rules and Permissions . . . . . . . . . . . . . 5 3.3. Forwarding Rules and Permissions . . . . . . . . . . . . 5
3.4. Relaying UDP Encapsulated Data and Control Packets . . . . 6 3.4. Relaying UDP Encapsulated Data and Control Packets . . . 6
3.5. Candidate Gathering . . . . . . . . . . . . . . . . . . . 7 3.5. Candidate Gathering . . . . . . . . . . . . . . . . . . . 6
3.6. Base Exchange via HIP Relay Server . . . . . . . . . . . . 7 3.6. Base Exchange via HIP Relay Server . . . . . . . . . . . 7
3.7. Native NAT Traversal Mode Negotiation . . . . . . . . . . 7 3.7. Native NAT Traversal Mode Negotiation . . . . . . . . . . 7
3.8. Connectivity Check Pacing Negotiation . . . . . . . . . . 8 3.8. Connectivity Check Pacing Negotiation . . . . . . . . . . 7
3.9. Connectivity Checks . . . . . . . . . . . . . . . . . . . 8 3.9. Connectivity Checks . . . . . . . . . . . . . . . . . . . 8
3.10. NAT Keepalives . . . . . . . . . . . . . . . . . . . . . . 9 3.10. NAT Keepalives . . . . . . . . . . . . . . . . . . . . . 8
3.11. Handling Conflicting SPI Values . . . . . . . . . . . . . 9 3.11. Handling Conflicting SPI Values . . . . . . . . . . . . . 9
4. Packet Formats . . . . . . . . . . . . . . . . . . . . . . . . 9 4. Packet Formats . . . . . . . . . . . . . . . . . . . . . . . 9
4.1. RELAYED_ADDRESS and MAPPED_ADDRESS Parameters . . . . . . 9 4.1. RELAYED_ADDRESS and MAPPED_ADDRESS Parameters . . . . . . 9
4.2. PEER_PERMISSION Parameter . . . . . . . . . . . . . . . . 10 4.2. PEER_PERMISSION Parameter . . . . . . . . . . . . . . . . 10
4.3. HIP Connectivity Check Packets . . . . . . . . . . . . . . 11 4.3. HIP Connectivity Check Packets . . . . . . . . . . . . . 11
5. Security Considerations . . . . . . . . . . . . . . . . . . . 12 5. Security Considerations . . . . . . . . . . . . . . . . . . . 11
6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 12 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 12
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12
8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 13 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 12
8.1. Normative References . . . . . . . . . . . . . . . . . . . 13 8.1. Normative References . . . . . . . . . . . . . . . . . . 12
8.2. Informative References . . . . . . . . . . . . . . . . . . 14 8.2. Informative References . . . . . . . . . . . . . . . . . 13
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 14 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 13
1. Introduction 1. Introduction
The Host Identity Protocol (HIP) [I-D.ietf-hip-rfc5201-bis] is The Host Identity Protocol (HIP) [I-D.ietf-hip-rfc5201-bis] is
specified to run directly on top of IPv4 or IPv6. However, many specified to run directly on top of IPv4 or IPv6. However, many
middleboxes found in the Internet, such as NATs and firewalls, often middleboxes found in the Internet, such as NATs and firewalls, often
allow only UDP or TCP traffic to pass [RFC5207]. Also, especially allow only UDP or TCP traffic to pass [RFC5207]. Also, especially
NATs usually require the host behind a NAT to create a forwarding NATs usually require the host behind a NAT to create a forwarding
state in the NAT before other hosts outside of the NAT can contact state in the NAT before other hosts outside of the NAT can contact
the host behind the NAT. To overcome this problem, different the host behind the NAT. To overcome this problem, different
methods, commonly referred to as NAT traversal techniques, have been methods, commonly referred to as NAT traversal techniques, have been
developed. developed.
skipping to change at page 10, line 5 skipping to change at page 9, line 37
parameters is specified in Section 5 of [RFC5770]. parameters is specified in Section 5 of [RFC5770].
4.1. RELAYED_ADDRESS and MAPPED_ADDRESS Parameters 4.1. RELAYED_ADDRESS and MAPPED_ADDRESS Parameters
The format of the RELAYED_ADDRESS and MAPPED_ADDRESS parameters The format of the RELAYED_ADDRESS and MAPPED_ADDRESS parameters
(Figure 1) is identical to REG_FROM, RELAY_FROM and RELAY_TO (Figure 1) is identical to REG_FROM, RELAY_FROM and RELAY_TO
parameters. This document specifies only use of UDP relaying and parameters. This document specifies only use of UDP relaying and
thus only protocol 17 is allowed. However, future documents may thus only protocol 17 is allowed. However, future documents may
specify support for other protocols. specify support for other protocols.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | | Type | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Port | Protocol | Reserved | | Port | Protocol | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
| Address | | Address |
| | | |
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type [TBD by IANA; Type [TBD by IANA;
RELAYED_ADDRESS: 4650 RELAYED_ADDRESS: 4650
MAPPED_ADDRESS: 4660] MAPPED_ADDRESS: 4660]
Length 20
Port the UDP port number Length 20
Protocol IANA assigned, Internet Protocol number (17 for UDP) Port the UDP port number
Reserved reserved for future use; zero when sent, ignored Protocol IANA assigned, Internet Protocol number (17 for UDP)
when received Reserved reserved for future use; zero when sent, ignored
Address an IPv6 address or an IPv4 address in "IPv4-Mapped when received
IPv6 address" format Address an IPv6 address or an IPv4 address in "IPv4-Mapped
IPv6 address" format
Figure 1: Format of the RELAYED_ADDRESS and MAPPED_ADDRESS Parameters Figure 1: Format of the RELAYED_ADDRESS and MAPPED_ADDRESS Parameters
4.2. PEER_PERMISSION Parameter 4.2. PEER_PERMISSION Parameter
The format of the PEER_PERMISSION parameter is shown in Figure 2. The format of the PEER_PERMISSION parameter is shown in Figure 2.
The parameter is used for setting up and refreshing forwarding rules The parameter is used for setting up and refreshing forwarding rules
and permissions at the data relay for data packets. The parameter and permissions at the data relay for data packets. The parameter
contains one or more sets of Port, Protocol, Address, Outbound SPI contains one or more sets of Port, Protocol, Address, Outbound SPI
(OSPI), and Inbound SPI (ISPI) values. One set defines a rule for (OSPI), and Inbound SPI (ISPI) values. One set defines a rule for
one peer address. one peer address.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | | Type | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Port | Protocol | Reserved | | Port | Protocol | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
| Address | | Address |
| | | |
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OSPI | | OSPI |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ISPI | | ISPI |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
| ... | | ... |
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type [TBD by IANA; 4680] Type [TBD by IANA; 4680]
Length length in octets, excluding Type and Length Length length in octets, excluding Type and Length
Port the transport layer (UDP) port number Port the transport layer (UDP) port number
Protocol IANA assigned, Internet Protocol number (17 for UDP) Protocol IANA assigned, Internet Protocol number (17 for UDP)
Reserved reserved for future use; zero when sent, ignored Reserved reserved for future use; zero when sent, ignored
when received when received
Address an IPv6 address, or an IPv4 address in "IPv4-Mapped Address an IPv6 address, or an IPv4 address in "IPv4-Mapped
IPv6 address" format, of the peer IPv6 address" format, of the peer
OSPI the outbound SPI value the registered host is using for
the peer with the Address and Port OSPI the outbound SPI value the registered host is using for
ISPI the inbound SPI value the registered host is using for the peer with the Address and Port
the peer with the Address and Port ISPI the inbound SPI value the registered host is using for
the peer with the Address and Port
Figure 2: Format of the PEER_PERMISSION Parameter Figure 2: Format of the PEER_PERMISSION Parameter
4.3. HIP Connectivity Check Packets 4.3. HIP Connectivity Check Packets
The connectivity request messages are HIP UPDATE packets with a The connectivity request messages are HIP UPDATE packets with a
CANDIDATE_PRIORITY parameter (Figure 3). Response UPDATE packets CANDIDATE_PRIORITY parameter (Figure 3). Response UPDATE packets
contain a MAPPED_ADDRESS parameter (Figure 1). contain a MAPPED_ADDRESS parameter (Figure 1).
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | | Type | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Priority | | Priority |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type [TBD by IANA; 4700] Type [TBD by IANA; 4700]
Length 4 Length 4
Priority the priority of a (potential) peer reflexive candidate Priority the priority of a (potential) peer reflexive candidate
Figure 3: Format of the CANDIDATE_PRIORITY Parameter Figure 3: Format of the CANDIDATE_PRIORITY Parameter
5. Security Considerations 5. Security Considerations
Same security considerations as with [RFC5770] apply also to this NAT Same security considerations as with [RFC5770] apply also to this NAT
traversal mode. traversal mode.
If the data relay uses the same relayed address and port for multiple If the data relay uses the same relayed address and port for multiple
registered hosts, it appears to all the peers, and their firewalls, registered hosts, it appears to all the peers, and their firewalls,
skipping to change at page 13, line 30 skipping to change at page 12, line 46
8. References 8. References
8.1. Normative References 8.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[I-D.ietf-hip-rfc5201-bis] [I-D.ietf-hip-rfc5201-bis]
Moskowitz, R., Heer, T., Jokela, P., and T. Henderson, Moskowitz, R., Heer, T., Jokela, P., and T. Henderson,
"Host Identity Protocol Version 2 (HIPv2)", "Host Identity Protocol Version 2 (HIPv2)", draft-ietf-
draft-ietf-hip-rfc5201-bis-10 (work in progress), hip-rfc5201-bis-11 (work in progress), February 2013.
November 2012.
[I-D.ietf-hip-rfc5202-bis] [I-D.ietf-hip-rfc5202-bis]
Jokela, P., Moskowitz, R., and J. Melen, "Using the Jokela, P., Moskowitz, R., and J. Melen, "Using the
Encapsulating Security Payload (ESP) Transport Format with Encapsulating Security Payload (ESP) Transport Format with
the Host Identity Protocol (HIP)", the Host Identity Protocol (HIP)", draft-ietf-hip-
draft-ietf-hip-rfc5202-bis-01 (work in progress), rfc5202-bis-02 (work in progress), June 2013.
September 2012.
[I-D.ietf-hip-rfc5203-bis] [I-D.ietf-hip-rfc5203-bis]
Laganier, J. and L. Eggert, "Host Identity Protocol (HIP) Laganier, J. and L. Eggert, "Host Identity Protocol (HIP)
Registration Extension", draft-ietf-hip-rfc5203-bis-02 Registration Extension", draft-ietf-hip-rfc5203-bis-02
(work in progress), September 2012. (work in progress), September 2012.
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", BCP 26, RFC 5226, IANA Considerations Section in RFCs", BCP 26, RFC 5226,
May 2008. May 2008.
[RFC5245] Rosenberg, J., "Interactive Connectivity Establishment [RFC5245] Rosenberg, J., "Interactive Connectivity Establishment
(ICE): A Protocol for Network Address Translator (NAT) (ICE): A Protocol for Network Address Translator (NAT)
Traversal for Offer/Answer Protocols", RFC 5245, Traversal for Offer/Answer Protocols", RFC 5245, April
April 2010. 2010.
[RFC5770] Komu, M., Henderson, T., Tschofenig, H., Melen, J., and A. [RFC5770] Komu, M., Henderson, T., Tschofenig, H., Melen, J., and A.
Keranen, "Basic Host Identity Protocol (HIP) Extensions Keranen, "Basic Host Identity Protocol (HIP) Extensions
for Traversal of Network Address Translators", RFC 5770, for Traversal of Network Address Translators", RFC 5770,
April 2010. April 2010.
[RFC6253] Heer, T. and S. Varjonen, "Host Identity Protocol [RFC6253] Heer, T. and S. Varjonen, "Host Identity Protocol
Certificates", RFC 6253, May 2011. Certificates", RFC 6253, May 2011.
8.2. Informative References 8.2. Informative References
 End of changes. 16 change blocks. 
103 lines changed or deleted 102 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/