| draft-ietf-hip-bone-01.txt | draft-ietf-hip-bone-02.txt | |||
|---|---|---|---|---|
| HIP Working Group G. Camarillo | HIP Working Group G. Camarillo | |||
| Internet-Draft P. Nikander | Internet-Draft P. Nikander | |||
| Expires: September 10, 2009 J. Hautakorpi | Intended status: Experimental J. Hautakorpi | |||
| Ericsson | Expires: January 7, 2010 Ericsson | |||
| A. Johnston | A. Johnston | |||
| Avaya | Avaya | |||
| March 9, 2009 | July 6, 2009 | |||
| HIP BONE: Host Identity Protocol (HIP) Based Overlay Networking | HIP BONE: Host Identity Protocol (HIP) Based Overlay Networking | |||
| Environment | Environment | |||
| draft-ietf-hip-bone-01.txt | draft-ietf-hip-bone-02.txt | |||
| Status of this Memo | Status of this Memo | |||
| This Internet-Draft is submitted to IETF in full conformance with the | This Internet-Draft is submitted to IETF in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF), its areas, and its working groups. Note that | |||
| other groups may also distribute working documents as Internet- | other groups may also distribute working documents as Internet- | |||
| Drafts. | Drafts. | |||
| skipping to change at page 1, line 36 | skipping to change at page 1, line 36 | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| The list of current Internet-Drafts can be accessed at | The list of current Internet-Drafts can be accessed at | |||
| http://www.ietf.org/ietf/1id-abstracts.txt. | http://www.ietf.org/ietf/1id-abstracts.txt. | |||
| The list of Internet-Draft Shadow Directories can be accessed at | The list of Internet-Draft Shadow Directories can be accessed at | |||
| http://www.ietf.org/shadow.html. | http://www.ietf.org/shadow.html. | |||
| This Internet-Draft will expire on September 10, 2009. | This Internet-Draft will expire on January 7, 2010. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2009 IETF Trust and the persons identified as the | Copyright (c) 2009 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents in effect on the date of | Provisions Relating to IETF Documents in effect on the date of | |||
| publication of this document (http://trustee.ietf.org/license-info). | publication of this document (http://trustee.ietf.org/license-info). | |||
| Please review these documents carefully, as they describe your rights | Please review these documents carefully, as they describe your rights | |||
| skipping to change at page 2, line 27 | skipping to change at page 2, line 27 | |||
| 2. Background on HIP . . . . . . . . . . . . . . . . . . . . . . 3 | 2. Background on HIP . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 2.1. ID/locator Split . . . . . . . . . . . . . . . . . . . . . 3 | 2.1. ID/locator Split . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 2.1.1. Identifier Format . . . . . . . . . . . . . . . . . . 4 | 2.1.1. Identifier Format . . . . . . . . . . . . . . . . . . 4 | |||
| 2.1.2. HIP Base Exchange . . . . . . . . . . . . . . . . . . 4 | 2.1.2. HIP Base Exchange . . . . . . . . . . . . . . . . . . 4 | |||
| 2.1.3. Locator Management . . . . . . . . . . . . . . . . . . 5 | 2.1.3. Locator Management . . . . . . . . . . . . . . . . . . 5 | |||
| 2.2. NAT Traversal . . . . . . . . . . . . . . . . . . . . . . 5 | 2.2. NAT Traversal . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 2.3. Security . . . . . . . . . . . . . . . . . . . . . . . . . 6 | 2.3. Security . . . . . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 2.3.1. DoS Protection . . . . . . . . . . . . . . . . . . . . 6 | 2.3.1. DoS Protection . . . . . . . . . . . . . . . . . . . . 6 | |||
| 2.3.2. Identifier Assignment and Authentication . . . . . . . 6 | 2.3.2. Identifier Assignment and Authentication . . . . . . . 6 | |||
| 2.3.3. Connection Security . . . . . . . . . . . . . . . . . 7 | 2.3.3. Connection Security . . . . . . . . . . . . . . . . . 7 | |||
| 2.4. HIP Deployability and Legacy Applications . . . . . . . . 8 | 2.4. HIP Deployability and Legacy Applications . . . . . . . . 7 | |||
| 3. The HIP BONE Framework . . . . . . . . . . . . . . . . . . . . 8 | 3. The HIP BONE Framework . . . . . . . . . . . . . . . . . . . . 8 | |||
| 3.1. Peer ID Assignment and Bootstrap . . . . . . . . . . . . . 9 | 3.1. Peer ID Assignment and Bootstrap . . . . . . . . . . . . . 9 | |||
| 3.2. Connection Establishment . . . . . . . . . . . . . . . . . 10 | 3.2. Connection Establishment . . . . . . . . . . . . . . . . . 10 | |||
| 3.3. Lightweight Message Exchanges . . . . . . . . . . . . . . 11 | 3.3. Lightweight Message Exchanges . . . . . . . . . . . . . . 11 | |||
| 3.4. HIP BONE Instantiation . . . . . . . . . . . . . . . . . . 11 | 3.4. HIP BONE Instantiation . . . . . . . . . . . . . . . . . . 11 | |||
| 4. Advantages of Using HIP BONE . . . . . . . . . . . . . . . . . 12 | 4. Advantages of Using HIP BONE . . . . . . . . . . . . . . . . . 12 | |||
| 5. RELOAD-based HIP BONE Instance Specification . . . . . . . . . 12 | 5. Architectural Considerations . . . . . . . . . . . . . . . . . 12 | |||
| 5.1. Peer Protocol . . . . . . . . . . . . . . . . . . . . . . 12 | 6. Security Considerations . . . . . . . . . . . . . . . . . . . 14 | |||
| 5.2. Peer ID to ORCHID Transformation . . . . . . . . . . . . . 13 | 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 15 | |||
| 5.3. Mapping between Protocol Primitives and HIP Messages . . . 13 | 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15 | |||
| 6. Architectural Considerations . . . . . . . . . . . . . . . . . 13 | 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 15 | |||
| 7. Security Considerations . . . . . . . . . . . . . . . . . . . 15 | 9.1. Normative References . . . . . . . . . . . . . . . . . . . 15 | |||
| 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 16 | 9.2. Informative References . . . . . . . . . . . . . . . . . . 16 | |||
| 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 16 | ||||
| 10. Normative References . . . . . . . . . . . . . . . . . . . . . 16 | ||||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 17 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 17 | |||
| 1. Introduction | 1. Introduction | |||
| The Host Identity Protocol (HIP) [RFC5201] defines a new name space | The Host Identity Protocol (HIP) [RFC5201] defines a new name space | |||
| between the network and transport layers. HIP provides upper layers | between the network and transport layers. HIP provides upper layers | |||
| with mobility, multihoming, NAT (Network Address Translation) | with mobility, multihoming, NAT (Network Address Translation) | |||
| traversal, and security functionality. HIP implements the so called | traversal, and security functionality. HIP implements the so called | |||
| identifier/locator (ID/locator) split, which implies that IP | identifier/locator (ID/locator) split, which implies that IP | |||
| addresses are only used as locators, not as host identifiers. This | addresses are only used as locators, not as host identifiers. This | |||
| split makes HIP a suitable protocol to build overlay networks that | split makes HIP a suitable protocol to build overlay networks that | |||
| implement identifier-based overlay routing over IP networks, which in | implement identifier-based overlay routing over IP networks, which in | |||
| turn implement locator-based routing. | turn implement locator-based routing. | |||
| The remainder of this document is organized as follows. Section 2 | The remainder of this document is organized as follows. Section 2 | |||
| provides background information on HIP. Section 3 describes the HIP | provides background information on HIP. Section 3 describes the HIP | |||
| BONE (HIP-Based Overlay Networking Environment) framework. Section 4 | BONE (HIP-Based Overlay Networking Environment) framework. Section 4 | |||
| discusses some of the advantages derived from using the HIP BONE | discusses some of the advantages derived from using the HIP BONE | |||
| framework. Section 5 contains the RELOAD-based HIP BONE instance | framework. Finally, before the customary sections, Section 5 | |||
| specification. Finally, before the customary sections, Section 6 | ||||
| attempts to put the presented proposal into a larger architectural | attempts to put the presented proposal into a larger architectural | |||
| context. | context. | |||
| 2. Background on HIP | 2. Background on HIP | |||
| This section provides background on HIP. Given the tutorial nature | This section provides background on HIP. Given the tutorial nature | |||
| of this section, readers that are familiar with what HIP provides and | of this section, readers that are familiar with what HIP provides and | |||
| how HIP works may want to skip it. All descriptions contain | how HIP works may want to skip it. All descriptions contain | |||
| references to the relevant HIP specifications where readers can find | references to the relevant HIP specifications where readers can find | |||
| detailed explanations on the different topics discussed in this | detailed explanations on the different topics discussed in this | |||
| skipping to change at page 4, line 20 | skipping to change at page 4, line 19 | |||
| TCP connection is able to survive locator changes because the remote | TCP connection is able to survive locator changes because the remote | |||
| host's identifier does not change. | host's identifier does not change. | |||
| 2.1.1. Identifier Format | 2.1.1. Identifier Format | |||
| HIP uses 128-bit ORCHIDs (Overlay Routable Cryptographic Hash | HIP uses 128-bit ORCHIDs (Overlay Routable Cryptographic Hash | |||
| Identifiers) [RFC4843] as identifiers. ORCHIDs look like IPv6 | Identifiers) [RFC4843] as identifiers. ORCHIDs look like IPv6 | |||
| addresses but cannot collide with regular IPv6 addresses because | addresses but cannot collide with regular IPv6 addresses because | |||
| ORCHID spaces are registered with the IANA. That is, a portion of | ORCHID spaces are registered with the IANA. That is, a portion of | |||
| the IPv6 address space is reserved for ORCHIDs. The ORCHID | the IPv6 address space is reserved for ORCHIDs. The ORCHID | |||
| specification allows the creation of multiple disjoint identifier | specification allows creating multiple disjoint identifier spaces. | |||
| spaces. Each such space is identified by a separate Context | Each such space is identified by a separate Context Identifier. The | |||
| Identifier. The Context Identifier can be either drawn implicitly | Context Identifier can be either drawn implicitly from the context | |||
| from the context the ORCHID is used in or carried explicitly in a | the ORCHID is used in or carried explicitly in a protocol. | |||
| protocol. | ||||
| HIP defines a native socket API [I-D.ietf-hip-native-api] that | HIP defines a native socket API [I-D.ietf-hip-native-api] that | |||
| applications can use to establish and manage connections. | applications can use to establish and manage connections. | |||
| Additionally, HIP can also be used through the traditional IPv4 and | Additionally, HIP can also be used through the traditional IPv4 and | |||
| IPv6 TCP/IP socket APIs. Section 2.4 describes how an application | IPv6 TCP/IP socket APIs. Section 2.4 describes how an application | |||
| using these traditional APIs can make use of HIP. Figure 1 shows all | using these traditional APIs can make use of HIP. Figure 1 shows all | |||
| these APIs between the application and the transport layers. | these APIs between the application and the transport layers. | |||
| +-----------------------------------------+ | +-----------------------------------------+ | |||
| | Application | | | Application | | |||
| skipping to change at page 5, line 44 | skipping to change at page 5, line 43 | |||
| traffic. If any of the hosts changes its set of locators, it runs an | traffic. If any of the hosts changes its set of locators, it runs an | |||
| update exchange [RFC5206], which consists of three messages. If a | update exchange [RFC5206], which consists of three messages. If a | |||
| host is multihomed, it simply provides more than one locator in its | host is multihomed, it simply provides more than one locator in its | |||
| exchanges. However, if both of the end points move at the same time, | exchanges. However, if both of the end points move at the same time, | |||
| or through some other reason both lose track of the peers' currently | or through some other reason both lose track of the peers' currently | |||
| active locators, they need to resort to using a rendezvous server or | active locators, they need to resort to using a rendezvous server or | |||
| getting new peer locators by some other means. | getting new peer locators by some other means. | |||
| 2.2. NAT Traversal | 2.2. NAT Traversal | |||
| HIP's NAT traversal mechanism is based on ICE (Interactive | HIP's NAT traversal mechanism [I-D.ietf-hip-nat-traversal] is based | |||
| Connectivity Establishment) [I-D.ietf-mmusic-ice]. Hosts gather | on ICE (Interactive Connectivity Establishment) | |||
| address candidates and, as part of the HIP base exchange, hosts | [I-D.ietf-mmusic-ice]. Hosts gather address candidates and, as part | |||
| perform an ICE offer/answer exchange where they exchange their | of the HIP base exchange, hosts perform an ICE offer/answer exchange | |||
| respective address candidates. Hosts perform end-to-end STUN | where they exchange their respective address candidates. Hosts | |||
| [RFC5389] based connectivity checks in order to discover which | perform end-to-end STUN [RFC5389] based connectivity checks in order | |||
| address candidate pairs yield connectivity. | to discover which address candidate pairs yield connectivity. | |||
| Even though, architecturally, HIP lies below the transport layer | Even though, architecturally, HIP lies below the transport layer | |||
| (i.e., HIP packets are carried directly in IP packets), in presence | (i.e., HIP packets are carried directly in IP packets), in presence | |||
| of NATs, HIP sometimes needs to be tunneled in a transport protocol | of NATs, HIP sometimes needs to be tunneled in a transport protocol | |||
| (i.e., HIP packets are carried by a transport protocol such as UDP). | (i.e., HIP packets are carried by a transport protocol such as UDP). | |||
| 2.3. Security | 2.3. Security | |||
| Security is an essential part of HIP. The following sections | Security is an essential part of HIP. The following sections | |||
| describe the security-related functionality provided by HIP. | describe the security-related functionality provided by HIP. | |||
| skipping to change at page 6, line 45 | skipping to change at page 6, line 41 | |||
| pre-generated R1 packets within the overlay and let the overlay | pre-generated R1 packets within the overlay and let the overlay | |||
| directly respond with R1s to I1s. In that way the responder is not | directly respond with R1s to I1s. In that way the responder is not | |||
| bothered at all until the initiator sends an I2 packet, with the | bothered at all until the initiator sends an I2 packet, with the | |||
| puzzle solution. Furthermore, a more sophisticated overlay could | puzzle solution. Furthermore, a more sophisticated overlay could | |||
| verify that an I2 packet has a correctly solved puzzle before | verify that an I2 packet has a correctly solved puzzle before | |||
| forwarding the packet to the responder. | forwarding the packet to the responder. | |||
| 2.3.2. Identifier Assignment and Authentication | 2.3.2. Identifier Assignment and Authentication | |||
| As discussed earlier, HIP uses ORCHIDs [RFC4843] as the main | As discussed earlier, HIP uses ORCHIDs [RFC4843] as the main | |||
| representation identifiers. Potentially, HIP can use different types | representation for identifiers. Potentially, HIP can use different | |||
| of ORCHIDs as long as the probability of finding collisions (i.e., | types of ORCHIDs as long as the probability of finding collisions | |||
| two nodes with the same ORCHID) is low enough. One way to completely | (i.e., two nodes with the same ORCHID) is low enough. One way to | |||
| avoid this type of collision is to have a central authority generate | completely avoid this type of collision is to have a central | |||
| and assign ORCHIDs to nodes. To secure the binding between ORCHIDs | authority generate and assign ORCHIDs to nodes. To secure the | |||
| and any higher-layer identifiers, every time the central authority | binding between ORCHIDs and any higher-layer identifiers, every time | |||
| assigns an ORCHID to a node, it also generates and signs a | the central authority assigns an ORCHID to a node, it also generates | |||
| certificate stating who is the owner of the ORCHID. The owner of the | and signs a certificate stating who is the owner of the ORCHID. The | |||
| ORCHID then includes the corresponding certificate in its R1 (when | owner of the ORCHID then includes the corresponding certificate in | |||
| acting as responder) and I2 packets (when acting initiator) to prove | its R1 (when acting as responder) and I2 packets (when acting | |||
| that it is actually allowed to use the ORCHID and, implicitly, the | initiator) to prove that it is actually allowed to use the ORCHID | |||
| associated public key. | and, implicitly, the associated public key. | |||
| Having a central authority works well to completely avoid collisions. | Having a central authority works well to completely avoid collisions. | |||
| However, having a central authority is impractical in some scenarios. | However, having a central authority is impractical in some scenarios. | |||
| As defined today, HIP systems generally use a self-certifying ORCHID | As defined today, HIP systems generally use a self-certifying ORCHID | |||
| type called HIT (Host Identity Tag) that does not require a central | type called HIT (Host Identity Tag) that does not require a central | |||
| authority (but still allows one to be used). | authority (but still allows one to be used). | |||
| A HIT is the hash of a node's public key. A node proves that it has | A HIT is the hash of a node's public key. A node proves that it has | |||
| the right to use a HIT by showing its ability to sign data with its | the right to use a HIT by showing its ability to sign data with its | |||
| associated private key. This scheme is secure due to the so called | associated private key. This scheme is secure due to the so called | |||
| skipping to change at page 8, line 18 | skipping to change at page 8, line 11 | |||
| [I-D.ietf-hip-native-api] that applications can use to establish and | [I-D.ietf-hip-native-api] that applications can use to establish and | |||
| manage connections. New applications can implement this API to get | manage connections. New applications can implement this API to get | |||
| full advantage of HIP. However, in most cases, legacy (i.e., non-HIP | full advantage of HIP. However, in most cases, legacy (i.e., non-HIP | |||
| aware) applications [RFC5338] can use HIP through the traditional | aware) applications [RFC5338] can use HIP through the traditional | |||
| IPv4 and IPv6 socket APIs. | IPv4 and IPv6 socket APIs. | |||
| The idea is that when a legacy IPv6 application tries and obtains a | The idea is that when a legacy IPv6 application tries and obtains a | |||
| remote host's IP address (e.g., by querying the DNS) the DNS resolver | remote host's IP address (e.g., by querying the DNS) the DNS resolver | |||
| passes the remote host's ORCHID (which was also stored in the DNS) to | passes the remote host's ORCHID (which was also stored in the DNS) to | |||
| the legacy application. At the same time, the DNS resolver stores | the legacy application. At the same time, the DNS resolver stores | |||
| stores the remote host's IP address internally at the HIP module. | the remote host's IP address internally at the HIP module. Since the | |||
| Since the ORCHID looks like an IPv6 address, the legacy application | ORCHID looks like an IPv6 address, the legacy application treats it | |||
| treats it as such. It opens a connection (e.g., TCP) using the | as such. It opens a connection (e.g., TCP) using the traditional | |||
| traditional IPv6 socket API. The HIP module running in the same host | IPv6 socket API. The HIP module running in the same host as the | |||
| as the legacy application intercepts this call somehow (e.g., using | legacy application intercepts this call somehow (e.g., using an | |||
| an interception library or setting up the host's routing tables so | interception library or setting up the host's routing tables so that | |||
| that the HIP module receives the traffic) and runs HIP (on behalf of | the HIP module receives the traffic) and runs HIP (on behalf of the | |||
| the legacy application) towards the IP address corresponding to the | legacy application) towards the IP address corresponding to the | |||
| ORCHID. This mechanism works well in almost all cases. However, | ORCHID. This mechanism works well in almost all cases. However, | |||
| applications involving referrals (i.e., passing of IPv6 addresses | applications involving referrals (i.e., passing of IPv6 addresses | |||
| between applications) present issues, to be discussed in Section 3 | between applications) present issues, to be discussed in Section 3 | |||
| below. Additionally, management applications that care about the | below. Additionally, management applications that care about the | |||
| exact IP address format may not work well with such straigthforward | exact IP address format may not work well with such straigthforward | |||
| approach. | approach. | |||
| In order to make HIP work through the traditional IPv4 socket API, | In order to make HIP work through the traditional IPv4 socket API, | |||
| the HIP module passes an LSI (Local Scope Identifier), instead of a | the HIP module passes an LSI (Local Scope Identifier), instead of a | |||
| regular IPv4 address, to the legacy IPv4 application. The LSI looks | regular IPv4 address, to the legacy IPv4 application. The LSI looks | |||
| skipping to change at page 9, line 27 | skipping to change at page 9, line 19 | |||
| The HIP BONE framework uses HIP to perform connection management. | The HIP BONE framework uses HIP to perform connection management. | |||
| Data storage and retrieval and overlay maintenance are to be | Data storage and retrieval and overlay maintenance are to be | |||
| implemented using protocols other than HIP. For lack of a better | implemented using protocols other than HIP. For lack of a better | |||
| name, these protocols are referred to as peer protocols. | name, these protocols are referred to as peer protocols. | |||
| HIP BONE is a generic framework that allows the use of different peer | HIP BONE is a generic framework that allows the use of different peer | |||
| protocols. A particular HIP BONE instance uses a particular peer | protocols. A particular HIP BONE instance uses a particular peer | |||
| protocol. The details on how to implement a HIP BONE using a given | protocol. The details on how to implement a HIP BONE using a given | |||
| peer protocol need to be specified in a, so called, HIP BONE instance | peer protocol need to be specified in a, so called, HIP BONE instance | |||
| specification. Section 3.4 discusses what details need to be | specification. Section 3.4 discusses what details need to be | |||
| specified by HIP BONE instance specifications. Section 5 contains | specified by HIP BONE instance specifications. For example, the HIP | |||
| the RELOAD-based HIP BONE instance specification. | BONE instance specification for RELOAD [I-D.ietf-p2psip-base] is | |||
| specified in [I-D.keranen-hip-reload-instance]. | ||||
| 3.1. Peer ID Assignment and Bootstrap | 3.1. Peer ID Assignment and Bootstrap | |||
| Nodes in an overlay are primarily identified by their Peer IDs. | Nodes in an overlay are primarily identified by their Peer IDs. | |||
| (Note that the Peer ID concept here is a peer-layer protocol concept, | (Note that the Peer ID concept here is a peer-layer protocol concept, | |||
| distinct from the HIP-layer node identifiers. Peer IDs may be long, | distinct from the HIP-layer node identifiers. Peer IDs may be long, | |||
| may have some structure, and may consist of multiple parts.) | may have some structure, and may consist of multiple parts.) | |||
| Overlays typically have an enrollment server that can generate Peer | Overlays typically have an enrollment server that can generate Peer | |||
| IDs, or at least some part of the Peer ID, and sign certificates. A | IDs, or at least some part of the Peer ID, and sign certificates. A | |||
| certificate generated by an enrollment server authorizes a particular | certificate generated by an enrollment server authorizes a particular | |||
| skipping to change at page 10, line 50 | skipping to change at page 10, line 44 | |||
| overlay itself provides the rendezvous service. | overlay itself provides the rendezvous service. | |||
| Therefore, in HIP BONE, a node uses an I1 packet (as usual) to | Therefore, in HIP BONE, a node uses an I1 packet (as usual) to | |||
| establish a connection with another node in the overlay. Nodes in | establish a connection with another node in the overlay. Nodes in | |||
| the overlay forward I1 packets in a hop-by-hop fashion according to | the overlay forward I1 packets in a hop-by-hop fashion according to | |||
| the overlay's routing table towards its destination. This way, the | the overlay's routing table towards its destination. This way, the | |||
| overlay provides a rendezvous service between the nodes establishing | overlay provides a rendezvous service between the nodes establishing | |||
| the connection. If the overlay nodes have active connections with | the connection. If the overlay nodes have active connections with | |||
| other nodes in their forwarding tables and if those connections are | other nodes in their forwarding tables and if those connections are | |||
| protected (typically with IPsec ESP), I1 packets may be sent over | protected (typically with IPsec ESP), I1 packets may be sent over | |||
| protected connections between nodes. Alternatively, if there no such | protected connections between nodes. Alternatively, if there is no | |||
| an active connection but the node forwarding the I1 packet has a | such an active connection but the node forwarding the I1 packet has a | |||
| valid locator for the next hop, the I1 packets may be forwarded | valid locator for the next hop, the I1 packets may be forwarded | |||
| directly, in a similar fashion to how I1 packets are today forwarded | directly, in a similar fashion to how I1 packets are today forwarded | |||
| by a HIP rendezvous server. | by a HIP rendezvous server. | |||
| Since HIP supports NAT traversal, a HIP base exchange over the | Since HIP supports NAT traversal, a HIP base exchange over the | |||
| overlay will perform an ICE offer/answer exchange between the nodes | overlay will perform an ICE [I-D.ietf-mmusic-ice] offer/answer | |||
| that are establishing the connection. In order to perform this | exchange between the nodes that are establishing the connection. In | |||
| exchange, the nodes need to first gather candidate addresses. Which | order to perform this exchange, the nodes need to first gather | |||
| nodes can be used to obtain reflexive address candidates and which | candidate addresses. Which nodes can be used to obtain reflexive | |||
| ones can be used to obtain relayed candidates is defined by the peer | address candidates and which ones can be used to obtain relayed | |||
| protocol. | candidates is defined by the peer protocol. | |||
| 3.3. Lightweight Message Exchanges | 3.3. Lightweight Message Exchanges | |||
| In some cases, nodes need to perform a lightweight query to another | In some cases, nodes need to perform a lightweight query to another | |||
| node (e.g., a request followed by a single response). In this | node (e.g., a request followed by a single response). In this | |||
| situation, establishing a connection using the mechanisms in | situation, establishing a connection using the mechanisms in | |||
| Section 3.2 for a simple query would be an overkill. A better | Section 3.2 for a simple query would be an overkill. A better | |||
| solution is to forward a HIP message through the overlay with the | solution is to forward a HIP message through the overlay with the | |||
| query and another one with the response to the query. The payload of | query and another one with the response to the query. The payload of | |||
| such HIP packets is integrity protected [I-D.nikander-hip-hiccups]. | such HIP packets is integrity protected [I-D.nikander-hip-hiccups]. | |||
| Nodes in the overlay forward this HIP packet in a hop-by-hop fashion | Nodes in the overlay forward this HIP packet in a hop-by-hop fashion | |||
| according to the overlay's routing table towards its destination, | according to the overlay's routing table towards its destination, | |||
| typically through the protected connections established between them. | typically through the protected connections established between them. | |||
| Again, the overlay acts as a rendezvous server between the nodes | Again, the overlay acts as a rendezvous server between the nodes | |||
| exchanging the messages. | exchanging the messages. | |||
| 3.4. HIP BONE Instantiation | 3.4. HIP BONE Instantiation | |||
| As discussed in Section 3, HIP BONE is a generic framework that | As discussed in Section 3, HIP BONE is a generic framework that | |||
| allows the use of different peer protocols. A particular HIP BONE | allows using different peer protocols. A particular HIP BONE | |||
| instance uses a particular peer protocol. The details on how to | instance uses a particular peer protocol. The details on how to | |||
| implement a HIP BONE using a given peer protocol need to be specified | implement a HIP BONE using a given peer protocol need to be specified | |||
| in a, so called, HIP BONE instance specification. A HIP BONE | in a, so called, HIP BONE instance specification. A HIP BONE | |||
| instance specification needs to define: | instance specification needs to define, minimally: | |||
| o the peer protocol to be used. | o the peer protocol to be used. | |||
| o how to transform the peer IDs used by the peer protocol into the | o how to transform the peer IDs used by the peer protocol into the | |||
| ORCHIDs that will be used in HIP. | ORCHIDs that will be used in HIP. | |||
| o which peer protocol primitives trigger HIP messages. | o which peer protocol primitives trigger HIP messages. | |||
| Section 5 contains the RELOAD-based HIP BONE instance specification. | Additionally, a HIP BONE instance specification may need to specify | |||
| other details that are specific to the peer protocol used. | ||||
| As an example, the HIP BONE instance specification for RELOAD | ||||
| [I-D.ietf-p2psip-base] is specified in | ||||
| [I-D.keranen-hip-reload-instance]. | ||||
| It is assumed that areas not covered by a particular HIP BONE | It is assumed that areas not covered by a particular HIP BONE | |||
| instance specification are specified by the peer protocol or | instance specification are specified by the peer protocol or | |||
| elsewhere. These areas include: | elsewhere. These areas include: | |||
| o the algorithm to create the overlay (e.g., a DHT). | o the algorithm to create the overlay (e.g., a DHT). | |||
| o Overlay maintenance functions. | o overlay maintenance functions. | |||
| o data storage and retrieval functions. | o data storage and retrieval functions. | |||
| o format and structure of peer IDs. | o format and structure of peer IDs. | |||
| o the process for obtaining a peer ID. | o the process for obtaining a peer ID. | |||
| o overlay identification. | o overlay identification. | |||
| o bootstrap function | o bootstrap function | |||
| o how to select STUN and TURN servers for the candidate address | o how to select STUN and TURN servers for the candidate address | |||
| collection process in NAT traversal scenarios. | collection process in NAT traversal scenarios. | |||
| o for what type of traffic or messages it is appropriate to use | o for what type of traffic or messages it is appropriate to use | |||
| lightweight message exchanges. | lightweight message exchanges. | |||
| Note that the border between HIP BONE instance specification and a | Note that the border between HIP BONE instance specification and a | |||
| peer protocol specifications is blurry. Depending on how generic the | peer protocol specifications is blurry. Depending on how generic the | |||
| specification of a given peer protocol is, its associated HIP BONE | specification of a given peer protocol is, its associated HIP BONE | |||
| instance specification may need to specify more or less details. | instance specification may need to specify more or less details. | |||
| Also, a particular HIP BONE instance specification left certain areas | Also, a particular HIP BONE instance specification left certain areas | |||
| unspecified in order to leave their configuration up to each | unspecified in order to leave their configuration up to each | |||
| particular overlays. | particular overlay. | |||
| 4. Advantages of Using HIP BONE | 4. Advantages of Using HIP BONE | |||
| Using HIP BONE, as opposed to a peer protocol, to perform connection | Using HIP BONE, as opposed to a peer protocol, to perform connection | |||
| management in an overlay has a set of advantages. HIP BONE can be | management in an overlay has a set of advantages. HIP BONE can be | |||
| used by any peer protocol. This keeps each peer protocol from | used by any peer protocol. This keeps each peer protocol from | |||
| defining primitives needed for connection management (e.g., | defining primitives needed for connection management (e.g., | |||
| primitives to establish connections and to tunnel messages through | primitives to establish connections and to tunnel messages through | |||
| the overlay) and NAT traversal. Having this functionality at a lower | the overlay) and NAT traversal. Having this functionality at a lower | |||
| layer allows multiple upper-layer protocols to take advantage of it. | layer allows multiple upper-layer protocols to take advantage of it. | |||
| Additionally, having a solution that integrates mobility and | Additionally, having a solution that integrates mobility and | |||
| multihoming is useful in many scenarios. Peer protocols do not | multihoming is useful in many scenarios. Peer protocols do not | |||
| typically specify mobility and multihoming solutions. Combining a | typically specify mobility and multihoming solutions. Combining a | |||
| peer protocol including NAT traversal with a separate mobility | peer protocol including NAT traversal with a separate mobility | |||
| mechanism and a separate multihoming mechanism can easily lead to | mechanism and a separate multihoming mechanism can easily lead to | |||
| unexpected (and unpleasant) interactions. | unexpected (and unpleasant) interactions. | |||
| 5. RELOAD-based HIP BONE Instance Specification | 5. Architectural Considerations | |||
| This section specifies the RELOAD-based HIP BONE instance | ||||
| specification. | ||||
| 5.1. Peer Protocol | ||||
| The peer protocol to be used is RELOAD, which is specified in | ||||
| [I-D.ietf-p2psip-base]. | ||||
| 5.2. Peer ID to ORCHID Transformation | ||||
| RELOAD uses 128 bit peer IDs called Node-IDs. Since HIP uses 128 bit | ||||
| ORCHIDs, a peer's RELOAD Node-ID is used as the peer's ORCHID. | ||||
| 5.3. Mapping between Protocol Primitives and HIP Messages | ||||
| The Attach procedure in RELOAD establishes a connection between two | ||||
| peers. This procedure is performed using the AttachReq and AttachAns | ||||
| messages. When HIP is used, the Attach procedure is performed by | ||||
| using a HIP base exchange. That is, peers send HIP I1 messages | ||||
| instead of RELOAD AttachReq messages. | ||||
| The RELOAD AttachLite procedure is used for the same purpose as the | ||||
| Attach procedure in scenarios with no NATs. When HIP is used, the | ||||
| AttachLite procedure is also performed by using a HIP base exchange. | ||||
| That is, peers send HIP I1 messages instead of RELOAD AttachLiteReq | ||||
| messages. | ||||
| OPEN ISSUE: The RELOAD forwarding header carries Via and Destination | ||||
| lists. We should have the same functionality in HIP so that I1s can | ||||
| be source routed and R1s can use symmetric routing. The destination | ||||
| HIT for the I1 packet would be the destination peer. The header | ||||
| fields defined in RFC 5204 (RVS) and in the NAT traversal draft can | ||||
| be used to implement that functionality or as templates to specify | ||||
| new header fields that implement that functionality. | ||||
| OPEN ISSUE: RELOAD mandates TLS. That is, it does not support plain | ||||
| TCP or UDP. If HIP is used like this, there will be double | ||||
| encryption (avoidable using a null encryption algorithm at one of the | ||||
| levels) and double authentication. | ||||
| 6. Architectural Considerations | ||||
| Architecturally, HIP can be considered to create a new thin "waist" | Architecturally, HIP can be considered to create a new thin "waist" | |||
| layer on the top of the IPv4 and IPv6 networks; see Figure 3. The | layer on the top of the IPv4 and IPv6 networks; see Figure 3. The | |||
| HIP layer itself consist of the HIP signalling protocol and one or | HIP layer itself consists of the HIP signalling protocol and one or | |||
| more data transport protocols; see Figure 4. The HIP signalling | more data transport protocols; see Figure 4. The HIP signalling | |||
| packets and the data transport packets can take different routes. In | packets and the data transport packets can take different routes. In | |||
| the HIP BONE, the HIP signalling packets are typically first routed | the HIP BONE, the HIP signalling packets are typically first routed | |||
| through the overlay and then directly (if possible), while the data | through the overlay and then directly (if possible), while the data | |||
| transport packets are typically routed only directly between the end | transport packets are typically routed only directly between the end | |||
| points. | points. | |||
| +--------------------------------------+ | +--------------------------------------+ | |||
| | Transport (using HITs or LSIs) | | | Transport (using HITs or LSIs) | | |||
| +--------------------------------------+ | +--------------------------------------+ | |||
| skipping to change at page 14, line 22 | skipping to change at page 13, line 24 | |||
| Figure 3: HIP as a thin waist | Figure 3: HIP as a thin waist | |||
| +------------------+-------------------+ | +------------------+-------------------+ | |||
| | HIP signalling | data transports | | | HIP signalling | data transports | | |||
| +------------------+-------------------+ | +------------------+-------------------+ | |||
| Figure 4: HIP layer structure | Figure 4: HIP layer structure | |||
| In HIP BONE, the peer protocol creates a new signalling layer on the | In HIP BONE, the peer protocol creates a new signalling layer on the | |||
| top of HIP signalling. It is used to set up forwarding paths for HIP | top of HIP. It is used to set up forwarding paths for HIP signalling | |||
| signalling messages. This is a similar relationship that an IP | messages. This is a similar relationship that an IP routing | |||
| routing protocol, such as OSPF, has to the IP protocol itself. In | protocol, such as OSPF, has to the IP protocol itself. In the HIP | |||
| the HIP BONE case, the peer protocol plays a role similar to OSPF, | BONE case, the peer protocol plays a role similar to OSPF, and HIP | |||
| and HIP plays a role similar to IP. The ORCHIDs are used for | plays a role similar to IP. The ORCHIDs are used for forwarding HIP | |||
| forwarding HIP packets according to the information in the routing | packets according to the information in the routing tables. The peer | |||
| tables. The peer protocols are used to exchange routing information | protocols are used to exchange routing information based on Peer IDs | |||
| based on Peer IDs and public keys, and to construct the routing | and public keys, and to construct the routing tables. | |||
| tables. | ||||
| Architecturally, routing tables are located between the peer protocol | Architecturally, routing tables are located between the peer protocol | |||
| and HIP, as shown in Figure 5. The peer protocol constructs the | and HIP, as shown in Figure 5. The peer protocol constructs the | |||
| routing table and keeps it updated. The HIP layer accesses the | routing table and keeps it updated. The HIP layer accesses the | |||
| routing table in order to make routing decisions. The bootstrap of a | routing table in order to make routing decisions. The bootstrap of a | |||
| HIP BONE overlay does not create circular dependencies between the | HIP BONE overlay does not create circular dependencies between the | |||
| peer protocol (which needs to use HIP to establish connections with | peer protocol (which needs to use HIP to establish connections with | |||
| other nodes) and HIP (which needs the peer protocol to know how to | other nodes) and HIP (which needs the peer protocol to know how to | |||
| route messages to other nodes) for the same reasons as the bootstrap | route messages to other nodes) for the same reasons as the bootstrap | |||
| of an IP network does not create circular dependencies between OSPF | of an IP network does not create circular dependencies between OSPF | |||
| skipping to change at page 15, line 28 | skipping to change at page 14, line 28 | |||
| very different. In order to make routing decisions, the HIP layer | very different. In order to make routing decisions, the HIP layer | |||
| needs to convert the routing table generated by the peer protocol | needs to convert the routing table generated by the peer protocol | |||
| into a forwarding table that allows the HIP layer select a next-hop | into a forwarding table that allows the HIP layer select a next-hop | |||
| for any packet being routed. | for any packet being routed. | |||
| In HIP BONE, the HIP usage of public keys and deriving ORCHIDs | In HIP BONE, the HIP usage of public keys and deriving ORCHIDs | |||
| through a hash function can be utilised at the peer protocol side to | through a hash function can be utilised at the peer protocol side to | |||
| better secure routing table maintenance and to protect against | better secure routing table maintenance and to protect against | |||
| chosen-peer-ID attacks. | chosen-peer-ID attacks. | |||
| The HIP BONE allows quite a lot of flexibility how to arrange the | The HIP BONE provides quite a lot of flexibility with regards to how | |||
| different protocols in detail. Figure 6 shows one potential stack | to arrange the different protocols in detail. Figure 6 shows one | |||
| structure. | potential stack structure. | |||
| +-----------------------+--------------+ | +-----------------------+--------------+ | |||
| | peer protocols | media | | | peer protocols | media | | |||
| +------------------+----+--------------+ | +------------------+----+--------------+ | |||
| | HIP signalling | data transport | | | HIP signalling | data transport | | |||
| | | | | | | |||
| +------------------+-------------------+ | +------------------+-------------------+ | |||
| | NAT | non-NAT | | | | NAT | non-NAT | | | |||
| | | | | | | | | |||
| | IPv4 | IPv6 | | | IPv4 | IPv6 | | |||
| +------------------+-------------------+ | +------------------+-------------------+ | |||
| Figure 6: Example HIP BONE stack structure | Figure 6: Example HIP BONE stack structure | |||
| 7. Security Considerations | 6. Security Considerations | |||
| TBD. | This document provides a high-level framework to build HIP-based | |||
| overlays. The security properties of HIP and its extensions used in | ||||
| this framework are discussed in their respective specifications. | ||||
| Those security properties can be affected by the way HIP is used in a | ||||
| particular overlay (e.g., by how ORCHIDs are derived from Peer IDs). | ||||
| However, those properties are mostly affected by the design decisions | ||||
| made to build a particular overlay; not so much by how this high- | ||||
| level framework is specified in this document. Such design decisions | ||||
| are typically documented in a HIP BONE instance specification, which | ||||
| will describe the security properties of the resulting overlay. | ||||
| 8. Acknowledgements | 7. Acknowledgements | |||
| HIP BONE is based on ideas coming from conversations and discussions | HIP BONE is based on ideas coming from conversations and discussions | |||
| with a number of people in the HIP and P2PSIP communities. In | with a number of people in the HIP and P2PSIP communities. In | |||
| particular, Philip Matthews, Eric Cooper, Joakim Koskela, Thomas | particular, Philip Matthews, Eric Cooper, Joakim Koskela, Thomas | |||
| Henderson, Bruce Lowekamp, and Miika Komu provided useful input on | Henderson, Bruce Lowekamp, and Miika Komu provided useful input on | |||
| HIP BONE. | HIP BONE. | |||
| 9. IANA Considerations | 8. IANA Considerations | |||
| This document does not contain any IANA actions. | This document does not contain any IANA actions. | |||
| 10. Normative References | 9. References | |||
| 9.1. Normative References | ||||
| [RFC4843] Nikander, P., Laganier, J., and F. Dupont, "An IPv6 Prefix | [RFC4843] Nikander, P., Laganier, J., and F. Dupont, "An IPv6 Prefix | |||
| for Overlay Routable Cryptographic Hash Identifiers | for Overlay Routable Cryptographic Hash Identifiers | |||
| (ORCHID)", RFC 4843, April 2007. | (ORCHID)", RFC 4843, April 2007. | |||
| [RFC5201] Moskowitz, R., Nikander, P., Jokela, P., and T. Henderson, | [RFC5201] Moskowitz, R., Nikander, P., Jokela, P., and T. Henderson, | |||
| "Host Identity Protocol", RFC 5201, April 2008. | "Host Identity Protocol", RFC 5201, April 2008. | |||
| [RFC5202] Jokela, P., Moskowitz, R., and P. Nikander, "Using the | [RFC5202] Jokela, P., Moskowitz, R., and P. Nikander, "Using the | |||
| Encapsulating Security Payload (ESP) Transport Format with | Encapsulating Security Payload (ESP) Transport Format with | |||
| skipping to change at page 16, line 45 | skipping to change at page 16, line 9 | |||
| April 2008. | April 2008. | |||
| [RFC5206] Nikander, P., Henderson, T., Vogt, C., and J. Arkko, "End- | [RFC5206] Nikander, P., Henderson, T., Vogt, C., and J. Arkko, "End- | |||
| Host Mobility and Multihoming with the Host Identity | Host Mobility and Multihoming with the Host Identity | |||
| Protocol", RFC 5206, April 2008. | Protocol", RFC 5206, April 2008. | |||
| [RFC5338] Henderson, T., Nikander, P., and M. Komu, "Using the Host | [RFC5338] Henderson, T., Nikander, P., and M. Komu, "Using the Host | |||
| Identity Protocol with Legacy Applications", RFC 5338, | Identity Protocol with Legacy Applications", RFC 5338, | |||
| September 2008. | September 2008. | |||
| [RFC5389] Rosenberg, J., Mahy, R., Matthews, P., and D. Wing, | ||||
| "Session Traversal Utilities for NAT (STUN)", RFC 5389, | ||||
| October 2008. | ||||
| [I-D.ietf-hip-native-api] | [I-D.ietf-hip-native-api] | |||
| Komu, M. and T. Henderson, "Basic Socket Interface | Komu, M. and T. Henderson, "Basic Socket Interface | |||
| Extensions for Host Identity Protocol (HIP)", | Extensions for Host Identity Protocol (HIP)", | |||
| draft-ietf-hip-native-api-05 (work in progress), | draft-ietf-hip-native-api-06 (work in progress), May 2009. | |||
| July 2008. | ||||
| [I-D.ietf-hip-nat-traversal] | ||||
| Komu, M., Henderson, T., Tschofenig, H., Melen, J., and A. | ||||
| Keraenen, "Basic HIP Extensions for Traversal of Network | ||||
| Address Translators", draft-ietf-hip-nat-traversal-08 | ||||
| (work in progress), June 2009. | ||||
| [I-D.nikander-hip-hiccups] | [I-D.nikander-hip-hiccups] | |||
| Nikander, P., Camarillo, G., and J. Melen, "HIP (Host | Nikander, P., Camarillo, G., and J. Melen, "HIP (Host | |||
| Identity Protocol) Immediate Carriage and Conveyance of | Identity Protocol) Immediate Carriage and Conveyance of | |||
| Upper- layer Protocol Signaling (HICCUPS)", | Upper- layer Protocol Signaling (HICCUPS)", | |||
| draft-nikander-hip-hiccups-01 (work in progress), | draft-nikander-hip-hiccups-01 (work in progress), | |||
| November 2008. | November 2008. | |||
| 9.2. Informative References | ||||
| [RFC5389] Rosenberg, J., Mahy, R., Matthews, P., and D. Wing, | ||||
| "Session Traversal Utilities for NAT (STUN)", RFC 5389, | ||||
| October 2008. | ||||
| [I-D.ietf-mmusic-ice] | [I-D.ietf-mmusic-ice] | |||
| Rosenberg, J., "Interactive Connectivity Establishment | Rosenberg, J., "Interactive Connectivity Establishment | |||
| (ICE): A Protocol for Network Address Translator (NAT) | (ICE): A Protocol for Network Address Translator (NAT) | |||
| Traversal for Offer/Answer Protocols", | Traversal for Offer/Answer Protocols", | |||
| draft-ietf-mmusic-ice-19 (work in progress), October 2007. | draft-ietf-mmusic-ice-19 (work in progress), October 2007. | |||
| [I-D.ietf-p2psip-base] | [I-D.ietf-p2psip-base] | |||
| Jennings, C., Lowekamp, B., Rescorla, E., Baset, S., and | Jennings, C., Lowekamp, B., Rescorla, E., Baset, S., and | |||
| H. Schulzrinne, "REsource LOcation And Discovery (RELOAD) | H. Schulzrinne, "REsource LOcation And Discovery (RELOAD) | |||
| Base Protocol", draft-ietf-p2psip-base-02 (work in | Base Protocol", draft-ietf-p2psip-base-02 (work in | |||
| progress), March 2009. | progress), March 2009. | |||
| [I-D.keranen-hip-reload-instance] | ||||
| Keranen, A. and G. Camarillo, "HIP BONE Instance | ||||
| Specification for RELOAD", | ||||
| draft-keranen-hip-reload-instance-00 (work in progress), | ||||
| July 2009. | ||||
| Authors' Addresses | Authors' Addresses | |||
| Gonzalo Camarillo | Gonzalo Camarillo | |||
| Ericsson | Ericsson | |||
| Hirsalantie 11 | Hirsalantie 11 | |||
| Jorvas 02420 | Jorvas 02420 | |||
| Finland | Finland | |||
| Email: Gonzalo.Camarillo@ericsson.com | Email: Gonzalo.Camarillo@ericsson.com | |||
| End of changes. 32 change blocks. | ||||
| 131 lines changed or deleted | 114 lines changed or added | |||
This html diff was produced by rfcdiff 1.35. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||