Diameter Network Address and Port Translation Control Application
draft-ietf-dime-nat-control-16
The information below is for an old version of the document.
Document | Type |
This is an older version of an Internet-Draft that was ultimately published as RFC 6736.
|
|
---|---|---|---|
Authors | Frank Brockners , Shwetha Bhandari , Vaneeta Singh , Victor Fajardo | ||
Last updated | 2012-04-22 | ||
Replaces | draft-brockners-diameter-nat-control | ||
RFC stream | Internet Engineering Task Force (IETF) | ||
Formats | |||
Reviews | |||
Additional resources | Mailing list discussion | ||
Stream | WG state | WG Document | |
Document shepherd | Jouni Korhonen | ||
IESG | IESG state | Became RFC 6736 (Proposed Standard) | |
Consensus boilerplate | Unknown | ||
Telechat date |
(None)
Needs a YES. Needs 10 more YES or NO OBJECTION positions to pass. |
||
Responsible AD | Benoît Claise | ||
IESG note | ** No value found for 'doc.notedoc.note' ** | ||
Send notices to | dime-chairs@tools.ietf.org, draft-ietf-dime-nat-control@tools.ietf.org |
draft-ietf-dime-nat-control-16
quot; Port = 5057 } Session-Id = "natC.example.com:33041;23432;" } 13.4. DNCA Session Termination Example In this example the NAT-controller decides to terminate the previously established DNCA session. This could for example be the Brockners, et al. Expires October 22, 2012 [Page 53] Internet-Draft Diameter NAT Control Application April 2012 case as a result of an access session (e.g. a PPP session) associated with an endpoint been torn down. NAT-Controller NAT-device | | | | +--------------+ | | 1. Trigger | | +--------------+ | | | | | | 2. STR | |-------------------------------------->| | | | 3. DNCA session | lookup | 4. ACR | |<--------------------------------------| | | | 5. ACA | |-------------------------------------->| | | | | | 6. DNCA bindings | and session cleanup | | | 7. STA | |<--------------------------------------| | | Figure 20: NAT control session termination example The following steps describe the sequence of events for tearing down the DNCA session in the example above: 1. The NAT-controller receives a trigger that a DNCA session associated with a specific endpoint should be terminated. An example event could be the termination of the PPP [RFC1661] access session to an endpoint in a NAS. The NAS correspondingly triggers the NAT-controller request tear-down of the associated DNCA session. 2. The NAT-controller creates the required NCR message and sends it to the NAT-device: Brockners, et al. Expires October 22, 2012 [Page 54] Internet-Draft Diameter NAT Control Application April 2012 < STR > ::= < Diameter Header: 275, REQ, PXY> Session-Id = "natC.example.com:33041;23432;" Auth-Application-Id = <DNCA Application ID> Origin-Host = "natC.example.com" Origin-Realm = "example.com" Destination-Realm = "example.com" Destination-Host = "nat-device.example.com" Termination-Cause = DIAMETER_LOGOUT 3. The NAT-device looks up the DNCA session based on the Session-Id AVP and finds a previously established active session. 4. The NAT-device reports all NAT-bindings established for that subscriber using an ACR: < ACR > ::= < Diameter Header: 271, REQ, PXY> Session-Id = "natC.example.com:33041;23432;" Auth-Application-Id = <DNCA Application ID> Origin-Host = "nat-device.example.com" Origin-Realm = "example.com" Destination-Realm = "example.com" Destination-Host = "natC.example.com" Accounting-Record-Type = STOP_RECORD Accounting-Record-Number = 1 NAT-Control-Record = { NAT-Control-Definition = { Protocol = TCP Direction = OUT NAT-Internal-Address = { Framed-IP-Address = "192.0.2.1" Port = 5001 } NAT-External-Address = { Framed-IP-Address = "198.51.100.1" Port = 7777 } } NAT-Control-Binding-Status = Removed } 5. The NAT-controller receives and processes the ACR as per its configuration. It responds with an ACA to the NAT-device. Brockners, et al. Expires October 22, 2012 [Page 55] Internet-Draft Diameter NAT Control Application April 2012 <ACA> ::= < Diameter Header: 271, PXY > Session-Id = "natC.example.com:33041;23432;" Origin-Host = "natC.example.com" Origin-Realm = "example.com" Result-Code = DIAMETER_SUCCESS Accounting-Record-Type = STOP_RECORD Accounting-Record-Number = 1 6. On receipt of the ACA the NAT-device cleans up all NAT-bindings and associated session state for the endpoint. 7. NAT-device sends an STA. On receipt of the STA the NAT- controller will clean up the corresponding session state. <STA> ::= < Diameter Header: 275, PXY > Session-Id = "natC.example.com:33041;23432;" Origin-Host = "nat-device.example.com" Origin-Realm = "example.com" Result-Code = DIAMETER_SUCCESS 14. Acknowledgements The authors would like to thank Jari Arkko, Wesley Eddy, Stephen Farrell, Miguel A. Garcia, David Harrington, Jouni Korhonen, Matt Lepinski, Avi Lior, Chris Metz, Pallavi Mishra, Lionel Morand, Robert Sparks, Martin Stiemerling, Dave Thaler, Hannes Tschofenig, Sean Turner, Shashank Vikram, Greg Weber, and Glen Zorn for their input on this document. 15. Change History (to be removed prior to publication as an RFC) Changes from -00 to -01 a. new values for Result-Code AVP used - instead of Experimental- Result AVP b. added support for transport specific binding (UDP/TCP) c. added support for twice-NAT d. clarified the use of the two different types of query-requests Changes from -01 to -02 Brockners, et al. Expires October 22, 2012 [Page 56] Internet-Draft Diameter NAT Control Application April 2012 a. Reference to pull mode removed, session initiation event clarified in section 4.1 b. added Redirect-* AVPs in NCA command c. Removed reference to Called-Station-Id AVP in NCR command d. Editorial changes e. added support for bindings providing AFT (NAT64) Changes from -02 to -03 a. Editorial changes Changes from -03 to -04 a. Editorial changes suggested in WG last call review b. Removed NCR Request type terminate and replaced with STR c. All references to Auth-Session-State are removed and a new section to describe FSM for Manager and Agent has been added d. Clarified reuse of External address and address pools among multiple subscribers Changes from -04 to -05 a. Removed references to Large Scale NAT as per review comments Changes from -05 to -06 a. Editorial changes Changes from -06 to -07 a. Added a note in section 4.3 stating the state of pre-existing bindings on update failure b. Security considerations are made consistent between sections 5.1 and 12 c. Editorial changes Changes from -07 to -08 Brockners, et al. Expires October 22, 2012 [Page 57] Internet-Draft Diameter NAT Control Application April 2012 a. Added section 4.6 to describe session abort b. Editorial changes c. Nomenclature change: From DNCA Agent/Manager to DNCA Diameter peers identifying the location where they reside (NAT-controller or NAT-device) d. IANA consideration Section format changes e. Updated security section (included considerations directly, rather than referring to Diameter QoS similarities). Changes from -08 to -09 a. expanded on the need for an SP controlling the maximum number of bindings of an endpoint (see introduction section) b. added a paragraph in the security section outlining general mis- uses of NAT-control (non specific to DNCA), with DNCA being an example of such a NAT-control protocol c. editorial changes Changes from -09 to -10 a. Section 4 and security considerations updated with RFC 2119 language b. NAT-External-Port-Style AVP added to aid external port oddity requirement as per MIDCOM framework c. NAT related RFCs added in normative reference d. Section 13 added to provide example DNCA message exchange flows e. Added a description to provide DNCA comparison with MIDCOM f. n:1 deployment model for NAT-controllers and NAT-devices explicitly specified g. editorial changes as per IESG DISCUSS comments Changes from -10 to -11 a. clarified DNCA session query to be done after Diameter session is established Brockners, et al. Expires October 22, 2012 [Page 58] Internet-Draft Diameter NAT Control Application April 2012 b. Section 4.4 Session Termination updated to specify resource cleanup at NAT-Device upon session termination c. Removed Framed-IP-Netmask AVP from NAT-External-Address as external address is fully defined by Framed-IP-Address AVP d. Updated Section 12 to highlight Session-Id to be chosen such that it is hard to guess e. editorial changes as per IESG DISCUSS Changes from -11 to -12 a. endpoint replaces references to end point and user and defines what Endpoint means in this draft b. editorial changes as per IESG DISCUSS Changes from -12 to -13 a. Section 4.3 session query updated to use NAT-External-Address for external IP-address based query Changes from -13 to -14 a. Added NAT-External-Address in NC-request for session query by external IP-address b. Reordered all mandatory AVPs in NCR and NCA to appear before optional AVPs Changes from -14 to -15 a. As part of IESG discuss - clarified that multiple methods if used along with DNCA for NAT control should be configured to prevent conflict. b. Clarified misuse of NAT-device by a Diameter authorized NAT- controller using DNCA is beyond the scope of this protocol specification. c. Editorial updates. Changes from -15 to -16 a. Extended section covering case of a single NAT-device controlled by multiple NAT-ontrollers which use different protocols for configuring the NAT-device. Brockners, et al. Expires October 22, 2012 [Page 59] Internet-Draft Diameter NAT Control Application April 2012 b. Added NAT-device state cleanup in case of unexpected/unplanned termination of Diameter session or application either on NAT- controller or NAT-device. c. Added MAX_BINDINGS_SET_FAILURE failure case (for those scenarios where the maximum number of bindings cannot be set by the controller) 16. References 16.1. Normative References [ETSIES283034] ETSI, "Telecommunications and Internet Converged Services and Protocols for Advanced Networks (TISPAN),Network Attachment Sub-System (NASS),e4 interface based on the Diameter protocol.", September 2008. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC3588] Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J. Arkko, "Diameter Base Protocol", RFC 3588, September 2003. [RFC4005] Calhoun, P., Zorn, G., Spence, D., and D. Mitton, "Diameter Network Access Server Application", RFC 4005, August 2005. [RFC4675] Congdon, P., Sanchez, M., and B. Aboba, "RADIUS Attributes for Virtual LAN and Priority Support", RFC 4675, September 2006. [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 5226, May 2008. [RFC5777] Korhonen, J., Tschofenig, H., Arumaithurai, M., Jones, M., and A. Lior, "Traffic Classification and Quality of Service (QoS) Attributes for Diameter", RFC 5777, February 2010. 16.2. Informative References [I-D.ietf-behave-lsn-requirements] Perreault, S., Yamagata, I., Miyakawa, S., Nakagawa, A., and H. Ashida, "Common requirements for Carrier Grade NATs (CGNs)", draft-ietf-behave-lsn-requirements-05 (work in Brockners, et al. Expires October 22, 2012 [Page 60] Internet-Draft Diameter NAT Control Application April 2012 progress), November 2011. [RFC1661] Simpson, W., "The Point-to-Point Protocol (PPP)", STD 51, RFC 1661, July 1994. [RFC2663] Srisuresh, P. and M. Holdrege, "IP Network Address Translator (NAT) Terminology and Considerations", RFC 2663, August 1999. [RFC3022] Srisuresh, P. and K. Egevang, "Traditional IP Network Address Translator (Traditional NAT)", RFC 3022, January 2001. [RFC3303] Srisuresh, P., Kuthan, J., Rosenberg, J., Molitor, A., and A. Rayhan, "Middlebox communication architecture and framework", RFC 3303, August 2002. [RFC3304] Swale, R., Mart, P., Sijben, P., Brim, S., and M. Shore, "Middlebox Communications (midcom) Protocol Requirements", RFC 3304, August 2002. [RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks", STD 62, RFC 3411, December 2002. [RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V. Jacobson, "RTP: A Transport Protocol for Real-Time Applications", STD 64, RFC 3550, July 2003. [RFC4097] Barnes, M., "Middlebox Communications (MIDCOM) Protocol Evaluation", RFC 4097, June 2005. [RFC5189] Stiemerling, M., Quittek, J., and T. Taylor, "Middlebox Communication (MIDCOM) Protocol Semantics", RFC 5189, March 2008. [RFC6145] Li, X., Bao, C., and F. Baker, "IP/ICMP Translation Algorithm", RFC 6145, April 2011. [RFC6146] Bagnulo, M., Matthews, P., and I. van Beijnum, "Stateful NAT64: Network Address and Protocol Translation from IPv6 Clients to IPv4 Servers", RFC 6146, April 2011. [RFC6241] Enns, R., Bjorklund, M., Schoenwaelder, J., and A. Bierman, "Network Configuration Protocol (NETCONF)", RFC 6241, June 2011. Brockners, et al. Expires October 22, 2012 [Page 61] Internet-Draft Diameter NAT Control Application April 2012 Authors' Addresses Frank Brockners Cisco Hansaallee 249, 3rd Floor DUESSELDORF, NORDRHEIN-WESTFALEN 40549 Germany Email: fbrockne@cisco.com Shwetha Bhandari Cisco Cessna Business Park, Sarjapura Marathalli Outer Ring Road Bangalore, KARNATAKA 560 087 India Email: shwethab@cisco.com Vaneeta Singh 18, Cambridge Road Bangalore 560008 India Email: vaneeta.singh@gmail.com Victor Fajardo Telcordia Technologies 1 Telcordia Drive #1S-222 Piscataway, NJ 08854 USA Email: vf0213@gmail.com Brockners, et al. Expires October 22, 2012 [Page 62]