Universal Plug and Play (UPnP) Internet Gateway Device (IGD)-Port Control Protocol (PCP) Interworking Function
draft-bpw-pcp-upnp-igd-interworking-01

Abstract

This document specifies the behavior of the UPnP IGD (Internet Gateway Device)/PCP Interworking Function. An UPnP IGD-PCP Interworking Function (IGD-PCP IWF) is required to be embedded in CP routers to allow for transparent NAT control in environments where UPnP is used in the LAN side and PCP in the external side of the CP router.

Requirements Language

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 (Bradner, S., “Key words for use in RFCs to Indicate Requirement Levels,” March 1997.) [RFC2119].

Status of this Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as “work in progress.”

This Internet-Draft will expire on June 26, 2011.

Copyright Notice

Copyright (c) 2010 IETF Trust and the persons identified as the document authors. All rights reserved.

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.

Table of Contents

1.  Introduction

2.  Acronyms

3.  Architecture Model

4.  UPnP IGD-PCP Interworking Function: Overview
    4.1.  UPnP IGD-PCP: Variables
    4.2.  IGD-PCP: Methods
    4.3.  UPnP IGD-PCP: Errors

5.  Specification of the IGD-PCP Interworking Function
    5.1.  PCP Server Discovery
    5.2.  Control of the Firewall
    5.3.  NAT Control in LAN Side
    5.4.  Port Mapping Tables
    5.5.  Interworking Function Without NAT in the CP Router
    5.6.  NAT Embedded in the CP Router
    5.7.  Creating a Mapping
        5.7.1.  AddAnyPortMapping()
        5.7.2.  AddPortMapping()
    5.8.  Listing One or a Set of Mappings
    5.9.  Delete One or a Set of Mappings: DeletePortMapping() or DeletePortMappingRange()
    5.10.  Mapping Synchronisation

6.  IANA Considerations

7.  Security Considerations

8.  Acknowledgments

9.  References
    9.1.  Normative References
    9.2.  Informative References

§  Authors' Addresses

1.  Introduction

PCP [I‑D.ietf‑pcp‑base] (Wing, D., “Port Control Protocol (PCP),” December 2010.) discusses the implementation of NAT control features that rely upon Carrier Grade NAT devices such as DS-Lite AFTR [I‑D.ietf‑softwire‑dual‑stack‑lite] (Durand, A., Droms, R., Woodyatt, J., and Y. Lee, “Dual-Stack Lite Broadband Deployments Following IPv4 Exhaustion,” August 2010.) or NAT64 [I‑D.ietf‑behave‑v6v4‑xlate‑stateful] (Bagnulo, M., Matthews, P., and I. Beijnum, “Stateful NAT64: Network Address and Protocol Translation from IPv6 Clients to IPv4 Servers,” July 2010.). Nevertheless, in environments where UPnP is used in the local network, an interworking function between UPnP IGD and PCP is required to be embedded in the CP router (an example is illustrated in Figure 1 (Flow Example)).

Two configurations are considered:

• No NAT function is embedded in the CP router. This is required for instance in DS-Lite or NAT64 deployments;
• The CP router embeds a NAT function.

                         UPnP-PCP
UPnP Control           Interworking
   Point                 Function                  PCP Server
     |                      |                           |
     | (1) AddPortMapping   |                           |
     |--------------------->|                           |
     |                      |   (2) PCP PINxy Request   |
     |                      |-------------------------->|
     |                      |                           |

The UPnP IGD-PCP Interworking Function (IGD-PCP IWF) maintains a local mapping table which stores all active mappings instructed by internal UPnP Control Points. This design choice restricts the amount of PCP messages to be exchanged with the PCP Server.

Triggers for deactivating the UPnP IGD-PCP Interworking Function from the CP router and relying on a PCP-only mode are out of scope of this document.

In the remaining, PINxy refers to one of the PIN44, PIN46, PING64 and PIN66 PCP OpCodes defined in [I‑D.ietf‑pcp‑base] (Wing, D., “Port Control Protocol (PCP),” December 2010.).

2.  Acronyms

This document make use of the following abbreviations:

3.  Architecture Model

As a reminder, Figure 2 (UPnP IGD Model) illustrates the architecture model adopted by UPnP IGD [IGD2] (UPnP Forum, “WANIPConnection:2 Service (http://upnp.org/specs/gw/UPnP-gw-WANIPConnection-v2-Service.pdf),” September 2010.). In Figure 2 (UPnP IGD Model), the following UPnP terminology is used:

• Client refers to a host located in the local network.
• IGD Control Point is a UPnP control point using UPnP to control an IGD (Internet Gateway Device).
• Host represents a remote peer reachable in the Internet.

+-------------+
| IGD Control |
|   Point     |-----+
+-------------+     |   +-----+       +------+
                    +---|     |       |      |
                        | IGD |-------| Host |
                    +---|     |       |      |
+-------------+     |   +-----+       +------+
|   Client    |-----+
+-------------+

This model is not valid when PCP is used to control for instance a Carrier Grade NAT (a.k.a., Provider NAT) while internal hosts continue to use UPnP. In such scenarios, Figure 3 (UPnP IGD-PCP Interworking Model) shows the updated model.

+-------------+
| IGD Control |
|   Point     |-----+
+-------------+     |   +-----+       +--------+               +------+
                    +---| IGD-|       |Provider|               |      |
                        | PCP |-------|  NAT   |--<Internet>---| Peer |
                    +---| IWF |       |        |               |      |
+-------------+     |   +-----+       +--------+               +------+
| Local Host  |-----+
+-------------+
                      LAN Side  External Side
<======UPnP IGD===============><======PCP=====>

In the updated model depicted in Figure 3 (UPnP IGD-PCP Interworking Model), one or two levels of NAT can be encountered in the data path. Indeed, in addition to the Carrier Grade NAT, the CP router may embed a NAT function (Figure 4 (Cascaded NAT scenario)).

+-------------+
| IGD Control |
|   Point     |-----+
+-------------+     |   +-----+       +----+               +------+
                    +---| IGD-|       |    |               |Remote|
                        | PCP |-------|NAT2|--<Internet>---| Host |
                    +---| IWF |       |    |               |      |
+-------------+     |   +-----+       +----+               +------+
| Local Host  |-----+     NAT1
+-------------+

To ensure a successful interworking between UPnP IGD and PCP, an interworking function is embedded in the CP router. In the model defined in Figure 3 (UPnP IGD-PCP Interworking Model), all UPnP IGD server-oriented functions, a PCP Client [I‑D.ietf‑pcp‑base] (Wing, D., “Port Control Protocol (PCP),” December 2010.) and a UPnP IGD-PCP Interworking Function are embedded in the CP router (i.e., IGD). In the rest of the document, IGD-PCP Interworking Function refers to PCP Client and UPnP IGD-PCP Interworking Function.

UPnP IGD-PCP Interworking Function is responsible for generating a well-formed PCP (resp., UPnP IGD) message from a received UPnP IGD (resp., PCP) message.

4.  UPnP IGD-PCP Interworking Function: Overview

Three tables are provided to specify the mapping between UPnP IGD and PCP:

1. Table 1 (UPnP IGD-PCP: Variables) provides the mapping between WANIPConnection parameters and PCP parameters;
2. Table 2 (IGD-PCP: Methods) focuses on the correspondence between supported methods;
3. Table 3 (UPnP IGD-PCP: Errors) lists the IGD error messages and their corresponding PCP ones.

Note that some enhancements have been integrated in WANIPConnection as documented in [IGD2] (UPnP Forum, “WANIPConnection:2 Service (http://upnp.org/specs/gw/UPnP-gw-WANIPConnection-v2-Service.pdf),” September 2010.).

4.1.  UPnP IGD-PCP: Variables

4.2.  IGD-PCP: Methods

Both IGD:1 and IGD:2 methods are listed in Table 2 (IGD-PCP: Methods).

4.3.  UPnP IGD-PCP: Errors

Table 3 (UPnP IGD-PCP: Errors) lists UPnP IGD errors codes and the corresponding PCP ones. Error codes specific to IGD:2 are tagged accordingly.

5.  Specification of the IGD-PCP Interworking Function

This section covers the scenarios with or without NAT in the CP router.

5.1.  PCP Server Discovery

The IGD-PCP Interworking Function implements one of the discovery methods identified in [I‑D.ietf‑pcp‑base] (Wing, D., “Port Control Protocol (PCP),” December 2010.) (e.g., DHCP [I‑D.bpw‑pcp‑dhcp] (Boucadair, M., Penno, R., and D. Wing, “DHCP and DHCPv6 Options for Port Control Protocol (PCP),” October 2010.)). The IGD-PCP Interworking Function behaves as a PCP Client when communicating with the provisioned PCP Server.

In order to not impact the delivery of local services requiring the control of the local IGD during any failure event to reach the PCP Server (e.g., no IP address/prefix is assigned to the CP router), IGD-PCP Interworking Function MUST NOT be invoked. Indeed, UPnP machinery is used to control that device and therefore lead to successful operations of internal services.

Once the PCP Sever is reachable, the IGD-PCP Interworking Function MUST synchronize its states as specified in Section 5.10 (Mapping Synchronisation).

5.2.  Control of the Firewall

In order to configure security policies to be applied to inbound and outbound traffic, UPnP IGD can be used to control a local firewall engine.

No IGD-PCP Interworking Function is therefore required for that purpose.

5.3.  NAT Control in LAN Side

Internal UPnP Control Points are not aware of the presence of the IGD-PCP Interworking Function in the CP router (IGD). Especially, UPnP Control Points MUST NOT be aware of the deactivation of the NAT in the CP router.

No modification is required in the UPnP Control Point.

5.4.  Port Mapping Tables

IGD-PCP Interworking Function MUST store locally all the mappings instantiated by internal UPnP Control Points in the PCP Server. Port Forwarding mappings SHOULD be stored in a permanent storage. If not, upon reset or reboot, the IGD-PCP Interworking Function MUST synchronise its states as specified in Section 5.10 (Mapping Synchronisation).

Upon receipt of a PCP PINxy Response from the PCP Server, the IGD-PCP Interworking Function MUST retrieve the enclosed mapping(s) and MUST store it in the local mapping table. The local mapping table is an image of the mapping table as maintained by the PCP Server for a given subscriber.

5.5.  Interworking Function Without NAT in the CP Router

When no NAT is embedded in the CP router, the content of received WANIPConnection and PCP messages is not altered by the IGD-PCP Interworking Function (i.e., the content of WANIPConnection messages are copied to the PCP messages (and vice versa) according to Table 1 (UPnP IGD-PCP: Variables)).

5.6.  NAT Embedded in the CP Router

Unlike the scenario with one level of NAT (Section 5.5 (Interworking Function Without NAT in the CP Router)), the IGD-PCP Interworking Function MUST update their content of received mapping messages with the IP address and/or port number belonging to the external interface of the CP router (i.e., after the NAT1 operation in Figure 4 (Cascaded NAT scenario)) and not as initially positioned by the UPnP Control Point.

All WANIPConnection messages issued by the UPnP Control Point (resp., PCP Server) are intercepted by the IGD-PCP Interworking Function. Then, the corresponding messages (see Table 1 (UPnP IGD-PCP: Variables), Table 2 (IGD-PCP: Methods) and Table 3 (UPnP IGD-PCP: Errors)) are generated by the IGD-PCP Interworking Function and sent to the provisioned PCP Server (resp., corresponding UPnP Control Point). The content of PCP messages received by the PCP Server reflects the mapping information as enforced in the first NAT. In particular, the internal IP address and/or port number of the requests are replaced with the IP address and port number as assigned by the NAT of the CP router. For the reverse path, PCP response messages are intercepted by the IGD-PCP Interworking Function. The content of the corresponding WANIPConnection messages are updated:

• The internal IP address and/or port number as initially positioned by the UPnP Control Point and stored in the CP router NAT are used to update the corresponding fields in received PCP responses.
• The external IP and port number are not altered by the IGD-PCP Interworking Function.
• The NAT mapping entry in the first NAT is updated with the result of PCP request.

The lifetime of the mappings instantiated in all involved NATs SHOULD be the one assigned by the terminating PCP Server. In any case, the lifetime MUST be lower or equal to the one assigned by the terminating PCP Server.

5.7.  Creating a Mapping

Two methods can be used to create a mapping: AddPortMapping() or AddAnyPortMapping().

AddAnyPortMapping() is the RECOMMENDED method.

5.7.1.  AddAnyPortMapping()

When an UPnP Control Point issues a AddAnyPortMapping(), this request is received by the UPnP Server. The request is then relayed to the IGD-PCP Interworking Function which generates a PCP PINxy Request (see Table 1 (UPnP IGD-PCP: Variables) for mapping between WANIPConnection and PCP parameters). Upon receipt of PCP PINxy Response from the PCP Server, an XML mapping is returned to the requesting UPnP Control Point (the content of the messages follows the recommendations listed in Section 5.6 (NAT Embedded in the CP Router) or Section 5.5 (Interworking Function Without NAT in the CP Router) according to the deployed scenario). A flow example is depicted in Figure 5 (Flow example when AddAnyPortMapping() is used).

If a PCP Error is received from the PCP Server, a corresponding WANIPConnection error code Table 3 (UPnP IGD-PCP: Errors) is generated by the IGD-PCP Interworking Function and sent to the requesting UPnP Control Point.

                         UPnP-PCP
UPnP Control           Interworking
   Point                 Function                    PCP Server
     |                      |                             |
     |(1) AddAnyPortMapping |                             |
     |--------------------->|                             |
     |                      |   (2) PCP PINxy Request     |
     |                      |(requested external port=0)  |
     |                      |---------------------------->|
     |                      |                             |
     |                      |   (3) PCP PINxy Response    |
     |                      |(assigned external port=6598)|
     |                      |<----------------------------|
     |(4) AddAnyPortMapping |                             |
     |   ReservedPort=6598  |                             |
     |<---------------------|                             |

5.7.2.  AddPortMapping()

A dedicated option called HONOR_EXTERNAL_PORT is defined in [I‑D.ietf‑pcp‑base] (Wing, D., “Port Control Protocol (PCP),” December 2010.) to toggle the behavior in a PCP Request message. This options is inserted by the IGD-PCP IWF when issuing its requests to the PCP Server only if a specific external port is requested by the UPnP Control Point. When a wildcard is used (i.e., 0), HONOR_EXTERNAL_PORT Option is not required to be inserted in the PCP request to the PCP Server (see Figure 6 (Example of AddPortMapping() with wildcard external port)). In the remaining, we assume that a specific external port is requested by the UPnP Control Point.

                         UPnP-PCP
UPnP Control           Interworking
   Point                 Function                   PCP Server
     |                      |                             |
     | (1) AddPortMapping   |                             |
     |   ExternalPort=0     |                             |
     |--------------------->|                             |
     |                      |   (2) PCP PINxy Request     |
     |                      |(requested external port=0)  |
     |                      |---------------------------->|
     |                      |                             |
     |                      |   (3) PCP PINxy Response    |
     |                      |(assigned external port=1365)|
     |                      |<----------------------------|
     |  (4) AddPortMapping  |                             |
     |   ExternalPort=1356  |                             |
     |<---------------------|                             |

Upon receipt of AddPortMapping() from an UPnP Control Point, the IGD-PCP Interworking Function first checks if the requested external port number is not used by another Internal UPnP Control Point. In case a mapping bound to the requested external port number is found in the local mapping table, the IGD-PCP IWF MUST send back a ConflictInMappingEntry error to the requesting UPnP Control Point (see Figure 7 (IWF Local Behaviour)).

                         UPnP-PCP
UPnP Control           Interworking
   Point                 Function                  PCP Server
     |                      |                           |
     | (1) AddPortMapping   |                           |
     |   ExternalPort=2356  |                           |
     |--------------------->|                           |
     |                      |                           |
     |     (2) Error:       |                           |
     |ConflictInMappingEntry|                           |
     |<---------------------|                           |
     |                      |                           |
     | (3) AddPortMapping   |                           |
     |   ExternalPort=4586  |                           |
     |--------------------->|                           |
     |                      |                           |
     |     (4) Error:       |                           |
     |ConflictInMappingEntry|                           |
     |<---------------------|                           |
     |                      |                           |

This exchange (Figure 7 (IWF Local Behaviour)) is re-iterated until an external port number that is not in use is requested by the UPnP Control Point. Then, the IGD-PCP IWF generates a PCP PINxy Request with all requested mapping information as indicated by the UPnP Control Point if no NAT is embedded in the CP router or updated as specified in Section 5.6 (NAT Embedded in the CP Router). In addition, the IGD-PCP IWF inserts a HONOR_EXTERNAL_PORT Option to the generated PCP request.

If the requested external port is in use, a PCP Error message MUST be sent by the PCP Server to the IGD-PCP IWF indicating CANNOT_HONOR_EXTERNAL_PORT as the error cause. The IGD-PCP IWF relays a negative message to the UPnP Control Point indicating ConflictInMappingEntry as error code. The UPnP Control Point re-issues a new request with a new requested external port number. This process is repeated until a positive answer is received or maximum retry is reached.

If the PCP Server is able to honor the requested external port, a positive response is sent to the requesting IGD-PCP IWF. Upon receipt of the response from the PCP Server, the returned mapping MUST be stored by the IGD-PCP Interworking Function in its local mapping table and a positive answer MUST be sent to the requesting UPnP Control Point. This answer terminates this exchange.

Figure 8 (Flow Example (Positive Answer)) shows an example of the flow exchange that occurs when the PCP Server satisfies the request from the IGD-PCP IWF. Figure 9 (Flow Example (Negative Answer)) shows the messages exchange when the requested external port is in use.

                         UPnP-PCP
UPnP Control           Interworking
   Point                 Function                  PCP Server
     |                      |                             |
     | (1) AddPortMapping   |                             |
     |   ExternalPort=8080  |                             |
     |--------------------->|                             |
     |                      |   (2) PCP PINxy Request     |
     |                      |requested external port=8080 |
     |                      |     HONOR_EXTERNAL_PORT     |
     |                      |---------------------------->|
     |                      |                             |
     |                      |   (3) PCP PINxy Response    |
     |                      | assigned external port=8080 |
     |                      |<----------------------------|
     | (4) AddPortMapping   |                             |
     |   ExternalPort=8080  |                             |
     |<---------------------|                             |

                         UPnP-PCP
UPnP Control           Interworking
   Point                 Function                    PCP Server
     |                      |                             |
     | (1) AddPortMapping   |                             |
     |   ExternalPort=8080  |                             |
     |--------------------->|                             |
     |                      |   (2) PCP PINxy Request     |
     |                      |requested external port=8080 |
     |                      |     HONOR_EXTERNAL_PORT     |
     |                      |---------------------------->|
     |                      |   (3) PCP PINxy Response    |
     |                      | CANNOT_HONOR_EXTERNAL_PORT  |
     |                      |<----------------------------|
     |     (4) Error:       |                             |
     |ConflictInMappingEntry|                             |
     |<---------------------|                             |
     | (5) AddPortMapping   |                             |
     |   ExternalPort=5485  |                             |
     |--------------------->|                             |
     |                      |   (6) PCP PINxy Request     |
     |                      |requested external port=5485 |
     |                      |     HONOR_EXTERNAL_PORT     |
     |                      |---------------------------->|
     |                      |   (7) PCP PINxy Response    |
     |                      | CANNOT_HONOR_EXTERNAL_PORT  |
     |                      |<----------------------------|
     |     (8) Error:       |                             |
     |ConflictInMappingEntry|                             |
     |<---------------------|                             |
                            ....
     | (a) AddPortMapping   |                             |
     |   ExternalPort=6591  |                             |
     |--------------------->|                             |
     |                      |   (b) PCP PINxy Request     |
     |                      |requested external port=6591 |
     |                      |     HONOR_EXTERNAL_PORT     |
     |                      |---------------------------->|
     |                      |   (c) PCP PINxy Response    |
     |                      | CANNOT_HONOR_EXTERNAL_PORT  |
     |                      |<----------------------------|
     |     (d) Error:       |                             |
     |ConflictInMappingEntry|                             |
     |<---------------------|                             |

5.8.  Listing One or a Set of Mappings

In order to list active mappings, an UPnP Control Point may issue GetGenericPortMappingEntry(), GetSpecificPortMappingEntry() or GetListOfPortMappings().

These methods MUST NOT be proxied to the PCP Server since a local mapping is maintained by the IGD-PCP Interworking Function.

5.9.  Delete One or a Set of Mappings: DeletePortMapping() or DeletePortMappingRange()

An UPnP Control Point proceeds to the deletion of one or a list of mappings by issuing DeletePortMapping() or DeletePortMappingRange(). When one of these messages is received by the IGD-PCP Interworking Function, it first checks if the requested mapping to be removed is present in the local mapping table. If no mapping matching the request is found in the local table, an error is sent back to the UPnP Control Point (see Figure 10 (Local Delete (IGD-PCP IWF))).

                         UPnP-PCP
UPnP Control           Interworking
   Point                 Function                  PCP Server
     |                      |                           |
     |(1) DeletePortMapping |                           |
     |--------------------->|                           |
     |                      |                           |
     |     (2) Error:       |                           |
     |  NoSuchEntryInArray  |                           |
     |<---------------------|                           |
     |                      |                           |

if a mapping matches in the local table, PCP PINxy delete request(s) is generated taking into account the input arguments:

• as included in DeletePortMapping() if no NAT is enabled in the CP router; In case DeletePortMappingRange() is used, the IGD-PCP IWF generates individual requests to cover all the range;

  [[Note: Add a figure to illustrate the behaviour to handle DeletePortMappingRange()]]

• or the corresponding local IP address and port number as assigned by the local NAT if a NAT is enabled in the CP router.

Once received by the PCP Server, it proceeds to removing the corresponding entry(ies). A PCP PINxy delete response is sent back if the removal of the corresponding entry(ies) was successful; if not, a PCP Error is sent back to the IGD-PCP Interworking Function including the corresponding error cause (e.g., Not Authorised).

When a positive answer is received from the PCP Server, the IGD-PCP Interworking Function updates its local mapping table (i.e., remove the corresponding entry(ies)) and notifies the UPnP Control Point about the result of the removal operation.

5.10.  Mapping Synchronisation

[[Note: This section needs further discussion among authors]]

Under normal conditions, since a valid copy of the mapping table is stored locally in the CP router, the IGD-PCP Interworking Function SHOULD NOT issue any subsequent PCP request to handle a request received from an UPnP Control Point to list active mappings. Nevertheless, in case of loss of synchronisation (e.g., reboot, system crashes, power outage, etc.), the IGD-PCP Interworking Function SHOULD generate a get method to retrieve all active mappings in the PCP Server and update its local mapping table without waiting for an explicit request from a UPnP Control Point. Doing so, the IGD-PCP Interworking Function maintains an updated mapping table.

In case of massive reboot of CP routers (e.g., avalanche restart phenomenon), PCP request bursts SHOULD be avoided. For this aim, we recommend the use of a given timer denoted as PCP_SERVICE_WAIT. This timer can be pre-configured in the CP router or to be provisioned using a dedicated means such as DHCP. Upon reboot of the CP router, PCP messages SHOULD NOT be sent immediately. A random value is selected between 0 and PCP_SERVICE_WAIT. This value is referred to as RAND(PCP_SERVICE_WAIT). Upon the expiration of RAND(PCP_SERVICE_WAIT), the CP router SHOULD proceed to its synchronisation operations (i.e., retrieve all active mappings which have been instructed by internal UPnP Control Point(s)).

[[Note: per-subscriber quota may be exhausted due to unlimited lifetime and stale mappings in IGD due to reboots, etc.]]

6.  IANA Considerations

This document makes no request of IANA.

Note to RFC Editor: this section may be removed on publication as an RFC.

7.  Security Considerations

This document defines a procedure to instruct PCP mappings for third party devices belonging to the same subscriber. Identification means to avoid a malicious user to instruct mappings on behalf of a third party must be enabled. Such means are already discussed in Section 7.4.4 of [I‑D.ietf‑pcp‑base] (Wing, D., “Port Control Protocol (PCP),” December 2010.).

Security considerations elaborated in [I‑D.ietf‑pcp‑base] (Wing, D., “Port Control Protocol (PCP),” December 2010.) and [Sec_DCP] (UPnP Forum, “Device Protection:1,” November 2009.) should be taken into account.

8.  Acknowledgments

Authors would like to thank F. Fontaine and C. Jacquenet for their review and comments.

9.  References

9.1. Normative References

9.2. Informative References

Authors' Addresses