MIDCOM WG R. Mahy
Internet-Draft Airespace
Expires: August 2, 2005 Feb 2005
Pre-Midcom Requirements for Traversal of NATs for traffic not
supported by STUN
draft-mahy-midcom-premidcom-relay-reqs-02.txt
Status of this Memo
This document is an Internet-Draft and is subject to all provisions
of section 3 of RFC 3667. By submitting this Internet-Draft, each
author represents that any applicable patent or other IPR claims of
which he or she is aware have been or will be disclosed, and any of
which he or she become aware will be disclosed, in accordance with
RFC 3668.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as
Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on August 2, 2005.
Copyright Notice
Copyright (C) The Internet Society (2005).
Abstract
STUN (Simple Traversal of UDP for NATS) specifies a mechanism which
enables nodes in a private network to determine if they are behind a
NAT, to discover their remapped address and port, and for many types
of NATs to send UDP traffic through them. In addition TCP
connections initiated from the private side of NATs already works.
This document specifies requirements for a mechanism that enables
traversal of expected TCP traffic through all NATs, and traversal of
Mahy Expires August 2, 2005 [Page 1]
�
Internet-Draft Premidcom NAT Traversal Feb 2005
UDP traffic through symmetric NATs.
Table of Contents
1. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Requirements . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Security Considerations . . . . . . . . . . . . . . . . . . . 4
4. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 4
5. References . . . . . . . . . . . . . . . . . . . . . . . . . . 4
5.1 Normative References . . . . . . . . . . . . . . . . . . . . 4
5.2 Informative References . . . . . . . . . . . . . . . . . . . 4
Author's Address . . . . . . . . . . . . . . . . . . . . . . . 5
Intellectual Property and Copyright Statements . . . . . . . . 6
Mahy Expires August 2, 2005 [Page 2]
�
Internet-Draft Premidcom NAT Traversal Feb 2005
1. Overview
STUN [1] (Simple Traversal of UDP for NATS) specifies a mechanism
which enables nodes in a private network to determine if they are
behind a NAT. It also allows STUN Clients to discover their address
as viewed from a STUN Server. For full cone, address-restricted
cone, and port-restricted cone NATs, this knowledge allows the STUN
client to receive UDP traffic. (Nodes behind a NAT can initiate TCP
connections and send UDP traffic without the need for any additional
protocol). In order to allow nodes on the private side of a NAT to
receive incoming TCP connections and to receive UDP traffic through a
symmetric NAT, some type of simple relay-based solution is necessary.
This document describes the requirements such a solution need to
provide a useful service which does not prolong the life of IPv4. A
proposal for a solution meeting these requirements is described in
[3]
2. Requirements
1. Passes bidirectional UDP through one or two NATs, at least one of
which may be symmetric or port-restricted
2. Allows "expected" TCP connection from a single source to be
received by a user behind a NAT.
3. The implementation of the previous requirement (relay of TCP
traffic) must not interfere with TLS
4. Prevents the node on the private network from running a server
(can't receive multiple connections on the same well known
port).
5. The implementation allows nodes to reference the relay
session/stream/connection by an identifier which is unique to
the stream and which is valid in the public Internet (i.e.
globally unique)
6. Works where the endpoints and relay server are all IPv4 endpoints
7. Works where the private endpoint is IPv4 and another is IPv6,
when the relay supports both IPv4 and IPv6.
8. The originator of the relay session can terminate the relay
session
9. The originator of the relay session can determine the relay
timeout interval
10. The relay should be able to open a port number such that the
actual address and port of one end of the relay is not fixed
until the first packet arrives from that end.
11. The relay can "passthrough" UDP traffic (in the case of a
symmetric NAT) to a known IP address and UDP port number
12. The relay does not forward TCP connections originating from
inside a NAT. Presumably, a node on the inside of the NAT can
already originate outgoing connections.
Mahy Expires August 2, 2005 [Page 3]
�
Internet-Draft Premidcom NAT Traversal Feb 2005
13. Supports strong authentication and message integrity of control
traffic
14. Does not attempt to protect data traffic
15. Does not require data traffic to be modified or escaped in any
way
16. Existing end-to-end integrity and encryption of data traffic is
encouraged and must still work through the solution
17. Needs the ability to reserve a port on the relay for future use
18. Needs the ability to promote a reserved port to a full mapping.
When two nodes are behind different NATs, this allows one to
obtain a port before use. It also enables nodes an opportunity
to attempt allocation of contiguous ports for applications which
require this behavior (for example RTP and RTCP).
19. Need ability to release a reserved port.
20. Supports a keepalive, so that the client does not have to send
traffic to keep the mapping active
21. Does not increase packet sizes for data traffic.
22. Allows for the client to indicate how much bandwidth they expect
to use, so that the server can do policing if needed.
23. Allows for the server to redirect the client to a different
server.
3. Security Considerations
Security-related requirements are discussed in the body of the
document.
4. Acknowledgments
Thanks to Jonathan Rosenberg for his comments.
5. References
5.1 Normative References
[1] Rosenberg, J., Weinberger, J., Huitema, C. and R. Mahy, "STUN -
Simple Traversal of User Datagram Protocol (UDP) Through Network
Address Translators (NATs)", RFC 3489, March 2003.
[2] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, March 1997.
5.2 Informative References
[3] Rosenberg, J., "Traversal Using Relay NAT (TURN)",
draft-rosenberg-midcom-turn-06 (work in progress), October 2004.
Mahy Expires August 2, 2005 [Page 4]
�
Internet-Draft Premidcom NAT Traversal Feb 2005
Author's Address
Rohan Mahy
Airespace
110 Nortech Pkwy
San Jose, CA 95134
USA
EMail: rohan@ekabal.com
Mahy Expires August 2, 2005 [Page 5]
�
Internet-Draft Premidcom NAT Traversal Feb 2005
Intellectual Property Statement
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
Disclaimer of Validity
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Copyright Statement
Copyright (C) The Internet Society (2005). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights.
Acknowledgment
Funding for the RFC Editor function is currently provided by the
Internet Society.
Mahy Expires August 2, 2005 [Page 6]
�