Diameter Network Address and Port Translation Control Application
draft-ietf-dime-nat-control-16
The information below is for an old version of the document.
| Document | Type |
This is an older version of an Internet-Draft that was ultimately published as RFC 6736.
|
|
|---|---|---|---|
| Authors | Frank Brockners , Shwetha Bhandari , Vaneeta Singh , Victor Fajardo | ||
| Last updated | 2012-04-22 | ||
| Replaces | draft-brockners-diameter-nat-control | ||
| RFC stream | Internet Engineering Task Force (IETF) | ||
| Formats | |||
| Reviews | |||
| Additional resources | Mailing list discussion | ||
| Stream | WG state | WG Document | |
| Document shepherd | Jouni Korhonen | ||
| IESG | IESG state | Became RFC 6736 (Proposed Standard) | |
| Consensus boilerplate | Unknown | ||
| Telechat date |
(None)
Needs a YES. Needs 10 more YES or NO OBJECTION positions to pass. |
||
| Responsible AD | Benoît Claise | ||
| IESG note | ** No value found for 'doc.notedoc.note' ** | ||
| Send notices to | dime-chairs@tools.ietf.org, draft-ietf-dime-nat-control@tools.ietf.org |
draft-ietf-dime-nat-control-16
quot;
Port = 5057
}
Session-Id = "natC.example.com:33041;23432;"
}
13.4. DNCA Session Termination Example
In this example the NAT-controller decides to terminate the
previously established DNCA session. This could for example be the
Brockners, et al. Expires October 22, 2012 [Page 53]
Internet-Draft Diameter NAT Control Application April 2012
case as a result of an access session (e.g. a PPP session) associated
with an endpoint been torn down.
NAT-Controller NAT-device
| |
| |
+--------------+ |
| 1. Trigger | |
+--------------+ |
| |
| |
| 2. STR |
|-------------------------------------->|
| |
| 3. DNCA session
| lookup
| 4. ACR |
|<--------------------------------------|
| |
| 5. ACA |
|-------------------------------------->|
| |
| |
| 6. DNCA bindings
| and session cleanup
| |
| 7. STA |
|<--------------------------------------|
| |
Figure 20: NAT control session termination example
The following steps describe the sequence of events for tearing down
the DNCA session in the example above:
1. The NAT-controller receives a trigger that a DNCA session
associated with a specific endpoint should be terminated. An
example event could be the termination of the PPP [RFC1661]
access session to an endpoint in a NAS. The NAS correspondingly
triggers the NAT-controller request tear-down of the associated
DNCA session.
2. The NAT-controller creates the required NCR message and sends it
to the NAT-device:
Brockners, et al. Expires October 22, 2012 [Page 54]
Internet-Draft Diameter NAT Control Application April 2012
< STR > ::= < Diameter Header: 275, REQ, PXY>
Session-Id = "natC.example.com:33041;23432;"
Auth-Application-Id = <DNCA Application ID>
Origin-Host = "natC.example.com"
Origin-Realm = "example.com"
Destination-Realm = "example.com"
Destination-Host = "nat-device.example.com"
Termination-Cause = DIAMETER_LOGOUT
3. The NAT-device looks up the DNCA session based on the Session-Id
AVP and finds a previously established active session.
4. The NAT-device reports all NAT-bindings established for that
subscriber using an ACR:
< ACR > ::= < Diameter Header: 271, REQ, PXY>
Session-Id = "natC.example.com:33041;23432;"
Auth-Application-Id = <DNCA Application ID>
Origin-Host = "nat-device.example.com"
Origin-Realm = "example.com"
Destination-Realm = "example.com"
Destination-Host = "natC.example.com"
Accounting-Record-Type = STOP_RECORD
Accounting-Record-Number = 1
NAT-Control-Record = {
NAT-Control-Definition = {
Protocol = TCP
Direction = OUT
NAT-Internal-Address = {
Framed-IP-Address = "192.0.2.1"
Port = 5001
}
NAT-External-Address = {
Framed-IP-Address = "198.51.100.1"
Port = 7777
}
}
NAT-Control-Binding-Status = Removed
}
5. The NAT-controller receives and processes the ACR as per its
configuration. It responds with an ACA to the NAT-device.
Brockners, et al. Expires October 22, 2012 [Page 55]
Internet-Draft Diameter NAT Control Application April 2012
<ACA> ::= < Diameter Header: 271, PXY >
Session-Id = "natC.example.com:33041;23432;"
Origin-Host = "natC.example.com"
Origin-Realm = "example.com"
Result-Code = DIAMETER_SUCCESS
Accounting-Record-Type = STOP_RECORD
Accounting-Record-Number = 1
6. On receipt of the ACA the NAT-device cleans up all NAT-bindings
and associated session state for the endpoint.
7. NAT-device sends an STA. On receipt of the STA the NAT-
controller will clean up the corresponding session state.
<STA> ::= < Diameter Header: 275, PXY >
Session-Id = "natC.example.com:33041;23432;"
Origin-Host = "nat-device.example.com"
Origin-Realm = "example.com"
Result-Code = DIAMETER_SUCCESS
14. Acknowledgements
The authors would like to thank Jari Arkko, Wesley Eddy, Stephen
Farrell, Miguel A. Garcia, David Harrington, Jouni Korhonen, Matt
Lepinski, Avi Lior, Chris Metz, Pallavi Mishra, Lionel Morand, Robert
Sparks, Martin Stiemerling, Dave Thaler, Hannes Tschofenig, Sean
Turner, Shashank Vikram, Greg Weber, and Glen Zorn for their input on
this document.
15. Change History (to be removed prior to publication as an RFC)
Changes from -00 to -01
a. new values for Result-Code AVP used - instead of Experimental-
Result AVP
b. added support for transport specific binding (UDP/TCP)
c. added support for twice-NAT
d. clarified the use of the two different types of query-requests
Changes from -01 to -02
Brockners, et al. Expires October 22, 2012 [Page 56]
Internet-Draft Diameter NAT Control Application April 2012
a. Reference to pull mode removed, session initiation event
clarified in section 4.1
b. added Redirect-* AVPs in NCA command
c. Removed reference to Called-Station-Id AVP in NCR command
d. Editorial changes
e. added support for bindings providing AFT (NAT64)
Changes from -02 to -03
a. Editorial changes
Changes from -03 to -04
a. Editorial changes suggested in WG last call review
b. Removed NCR Request type terminate and replaced with STR
c. All references to Auth-Session-State are removed and a new
section to describe FSM for Manager and Agent has been added
d. Clarified reuse of External address and address pools among
multiple subscribers
Changes from -04 to -05
a. Removed references to Large Scale NAT as per review comments
Changes from -05 to -06
a. Editorial changes
Changes from -06 to -07
a. Added a note in section 4.3 stating the state of pre-existing
bindings on update failure
b. Security considerations are made consistent between sections 5.1
and 12
c. Editorial changes
Changes from -07 to -08
Brockners, et al. Expires October 22, 2012 [Page 57]
Internet-Draft Diameter NAT Control Application April 2012
a. Added section 4.6 to describe session abort
b. Editorial changes
c. Nomenclature change: From DNCA Agent/Manager to DNCA Diameter
peers identifying the location where they reside (NAT-controller
or NAT-device)
d. IANA consideration Section format changes
e. Updated security section (included considerations directly,
rather than referring to Diameter QoS similarities).
Changes from -08 to -09
a. expanded on the need for an SP controlling the maximum number of
bindings of an endpoint (see introduction section)
b. added a paragraph in the security section outlining general mis-
uses of NAT-control (non specific to DNCA), with DNCA being an
example of such a NAT-control protocol
c. editorial changes
Changes from -09 to -10
a. Section 4 and security considerations updated with RFC 2119
language
b. NAT-External-Port-Style AVP added to aid external port oddity
requirement as per MIDCOM framework
c. NAT related RFCs added in normative reference
d. Section 13 added to provide example DNCA message exchange flows
e. Added a description to provide DNCA comparison with MIDCOM
f. n:1 deployment model for NAT-controllers and NAT-devices
explicitly specified
g. editorial changes as per IESG DISCUSS comments
Changes from -10 to -11
a. clarified DNCA session query to be done after Diameter session is
established
Brockners, et al. Expires October 22, 2012 [Page 58]
Internet-Draft Diameter NAT Control Application April 2012
b. Section 4.4 Session Termination updated to specify resource
cleanup at NAT-Device upon session termination
c. Removed Framed-IP-Netmask AVP from NAT-External-Address as
external address is fully defined by Framed-IP-Address AVP
d. Updated Section 12 to highlight Session-Id to be chosen such that
it is hard to guess
e. editorial changes as per IESG DISCUSS
Changes from -11 to -12
a. endpoint replaces references to end point and user and defines
what Endpoint means in this draft
b. editorial changes as per IESG DISCUSS
Changes from -12 to -13
a. Section 4.3 session query updated to use NAT-External-Address for
external IP-address based query
Changes from -13 to -14
a. Added NAT-External-Address in NC-request for session query by
external IP-address
b. Reordered all mandatory AVPs in NCR and NCA to appear before
optional AVPs
Changes from -14 to -15
a. As part of IESG discuss - clarified that multiple methods if used
along with DNCA for NAT control should be configured to prevent
conflict.
b. Clarified misuse of NAT-device by a Diameter authorized NAT-
controller using DNCA is beyond the scope of this protocol
specification.
c. Editorial updates.
Changes from -15 to -16
a. Extended section covering case of a single NAT-device controlled
by multiple NAT-ontrollers which use different protocols for
configuring the NAT-device.
Brockners, et al. Expires October 22, 2012 [Page 59]
Internet-Draft Diameter NAT Control Application April 2012
b. Added NAT-device state cleanup in case of unexpected/unplanned
termination of Diameter session or application either on NAT-
controller or NAT-device.
c. Added MAX_BINDINGS_SET_FAILURE failure case (for those scenarios
where the maximum number of bindings cannot be set by the
controller)
16. References
16.1. Normative References
[ETSIES283034]
ETSI, "Telecommunications and Internet Converged Services
and Protocols for Advanced Networks (TISPAN),Network
Attachment Sub-System (NASS),e4 interface based on the
Diameter protocol.", September 2008.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3588] Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J.
Arkko, "Diameter Base Protocol", RFC 3588, September 2003.
[RFC4005] Calhoun, P., Zorn, G., Spence, D., and D. Mitton,
"Diameter Network Access Server Application", RFC 4005,
August 2005.
[RFC4675] Congdon, P., Sanchez, M., and B. Aboba, "RADIUS Attributes
for Virtual LAN and Priority Support", RFC 4675,
September 2006.
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", BCP 26, RFC 5226,
May 2008.
[RFC5777] Korhonen, J., Tschofenig, H., Arumaithurai, M., Jones, M.,
and A. Lior, "Traffic Classification and Quality of
Service (QoS) Attributes for Diameter", RFC 5777,
February 2010.
16.2. Informative References
[I-D.ietf-behave-lsn-requirements]
Perreault, S., Yamagata, I., Miyakawa, S., Nakagawa, A.,
and H. Ashida, "Common requirements for Carrier Grade NATs
(CGNs)", draft-ietf-behave-lsn-requirements-05 (work in
Brockners, et al. Expires October 22, 2012 [Page 60]
Internet-Draft Diameter NAT Control Application April 2012
progress), November 2011.
[RFC1661] Simpson, W., "The Point-to-Point Protocol (PPP)", STD 51,
RFC 1661, July 1994.
[RFC2663] Srisuresh, P. and M. Holdrege, "IP Network Address
Translator (NAT) Terminology and Considerations",
RFC 2663, August 1999.
[RFC3022] Srisuresh, P. and K. Egevang, "Traditional IP Network
Address Translator (Traditional NAT)", RFC 3022,
January 2001.
[RFC3303] Srisuresh, P., Kuthan, J., Rosenberg, J., Molitor, A., and
A. Rayhan, "Middlebox communication architecture and
framework", RFC 3303, August 2002.
[RFC3304] Swale, R., Mart, P., Sijben, P., Brim, S., and M. Shore,
"Middlebox Communications (midcom) Protocol Requirements",
RFC 3304, August 2002.
[RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An
Architecture for Describing Simple Network Management
Protocol (SNMP) Management Frameworks", STD 62, RFC 3411,
December 2002.
[RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V.
Jacobson, "RTP: A Transport Protocol for Real-Time
Applications", STD 64, RFC 3550, July 2003.
[RFC4097] Barnes, M., "Middlebox Communications (MIDCOM) Protocol
Evaluation", RFC 4097, June 2005.
[RFC5189] Stiemerling, M., Quittek, J., and T. Taylor, "Middlebox
Communication (MIDCOM) Protocol Semantics", RFC 5189,
March 2008.
[RFC6145] Li, X., Bao, C., and F. Baker, "IP/ICMP Translation
Algorithm", RFC 6145, April 2011.
[RFC6146] Bagnulo, M., Matthews, P., and I. van Beijnum, "Stateful
NAT64: Network Address and Protocol Translation from IPv6
Clients to IPv4 Servers", RFC 6146, April 2011.
[RFC6241] Enns, R., Bjorklund, M., Schoenwaelder, J., and A.
Bierman, "Network Configuration Protocol (NETCONF)",
RFC 6241, June 2011.
Brockners, et al. Expires October 22, 2012 [Page 61]
Internet-Draft Diameter NAT Control Application April 2012
Authors' Addresses
Frank Brockners
Cisco
Hansaallee 249, 3rd Floor
DUESSELDORF, NORDRHEIN-WESTFALEN 40549
Germany
Email: fbrockne@cisco.com
Shwetha Bhandari
Cisco
Cessna Business Park, Sarjapura Marathalli Outer Ring Road
Bangalore, KARNATAKA 560 087
India
Email: shwethab@cisco.com
Vaneeta Singh
18, Cambridge Road
Bangalore 560008
India
Email: vaneeta.singh@gmail.com
Victor Fajardo
Telcordia Technologies
1 Telcordia Drive #1S-222
Piscataway, NJ 08854
USA
Email: vf0213@gmail.com
Brockners, et al. Expires October 22, 2012 [Page 62]